1 Introduction

In more than 4 years since 2010, issues related with the internet and global cyberspace rapidly rose in the agenda of governance, and gradually moved from the comparatively edge to the centered position of the international arena: in 2010, WikiLeaks official Website revealed the secret cables and war files of the Department of Defense and the State Department (Kessler 2010). Google is trying to challenge China’s jurisdiction of the internet based on sovereignty (Gross 2010). In 2011, the storm named “Arab Spring” deeply challenged the traditional geopolitical structure of the middle east, (Ajami 2012) in the same time, the US introduced a new version of “cyberspace international Strategy” in which was clearly announced intention of building a kind of hegemonic order in global cyberspace. From 2012 to 2013, there were a series of news stories about “Chinese cyber espionage attack” rendered as the new threat toward US national security (Krekel et al. 2014). In 2013 there was insider disclosure of “PRISM Gate” by former CIA contractor Snowden (Greenwald and MacAskill 2013). In 2014 the US Department of Commerce suddenly announced intent to transition key Internet domain name functions. In August 2015, it announced the extension of the contract with ICANN for 1 year, directly making relations of cyberspace with different actors the focus of public attention.

How to recognize and understand the meaning of the above-mentioned series of events, especially from the perspective of international relations, to understand the influence that the above changes bring to national security, inter-state relations as well as the governance system of global cyberspace closely related with various actors (including state and non-state actors), obviously has important theoretical value and practical significance. In this crucial moment of development and changes, it is obviously very important to understand the principle of sovereignty, and the meaning of “Cyber Sovereignty” mapping in cyberspace and as the starting point to build the framework to analyze and understand the problem.

2 Sovereignty and Governance of Cyberspace

With the formation of global cyberspace and more people starting to use the Internet [according to the data of International Telecommunication Union (ITA), internet users make up around 30–40 % of global population], some scholars point out Cyberspace’s specific properties which serve as a double-sided sword to governance: on one side, they have begun to show the characteristics of both, defined as promoting cyberspace tenure, governance, and providing convenient conditions. While on the other side, they also put forward new unprecedented challenges represented by the eroding of geographic borders of the states. And then the question of how to understand the role, function and new characteristic of sovereignty in cyberspace and how to establish sovereignty in cyberspace, is becoming a new field of argument among different actors worldwide (Barcomb et al. 2012).

Although some scholars have pointed out, the real “cyberspace” is the logical space which is actually difficult to be accurately perceived and managed, “cyberspace” is unable to exist without supporting from the physical world. One of the difficulties of cyberspace governance is how to highlight the presence of administration authority in cyberspace. This presence must be perceived and approved by as many different actors as possible. This perception could be about a provision system, it can also be about some kind of presence in cyberspace; this perception is necessarily combined by subjectivity and objectivity, and the result is made by actors based on objective framework and subjective judgments (Lyons 1995).

Whether sovereignty can adapt to the challenges of cyber security is one of the key questions during discussing of the issues since 2009 (Czosseck and Geers 2009). And it also becomes one of the most difficult issues in dealing with cyber conflict (Jensen 2012). The main challenge to abiding sovereignty in the broad issues of governance including cyber security is that rising of non-state actors produced tough conflict with the deploying of traditional international law based on rule of sovereignty in these new areas (Krasner 2001). But it is quite clear that the sovereignty must have a proper position in handling with cyber security issues when more and more multi-source attacks have appeared in cyberspace (Herzog 2011). In short, though at the very beginning the term governance referred to governing without the government, the government, or the sovereignty state must be brought back in (Drezner 2004).

In practical dimensions, taking the “Tallinn Manual” as an example, some European and American researchers make a systematic summary and review of the application of important principles in traditional international law representing by the principle of sovereignty, in cyberspace, whose main point is: the principle of sovereignty applies to network space, the claim expressed as “a state within its sovereign territory can implement control on the information infrastructures and activities,” where the definition of sovereignty, based on 1928 Island of Palmas international law ruling, stressed that a country’s internal affairs is independent without interference from other countries; and on this basis, the sovereignty related with cyberspace is expressed as referent with the information infrastructures in a state’s territory, airspace, territorial waters and territorial sea (including the seabed and subsoil); the direct consequence is that information infrastructures, regardless of their specific owners or users, are under the sovereignty of a country’s judicial and administrative jurisdiction, which is protected by sovereignty (Schmitt 2013). In June 2015, for the development of information and telecommunications from the perspective of international security, a group of governmental experts submitted a consensus report to the UN General Assembly, this report clearly pointed out the importance of “‘the United Nations Charter” and the principle of sovereignty, which is the basis to strengthen the use of ICT security, stating, “While recognizing the need for further study, the Group noted the inherent right of States to take measures consistent with international law and as recognized in the Charter” (Assembly UN General 2010).

To accurately know the use of the sovereignty principle in the governance of global cyberspace, first you need to deeply understand the basic characteristics of cyberspace, because this feature determines the specific mechanisms of the principle of sovereignty in cyberspace governance.

3 Asymmetry in Global Cyberspace

Since the 1990s, global cyberspace has achieved rapid development, which, however, causes asymmetry of resources and capabilities in global cyberspace: instead of achieving leaping forward due to progress of network technology, developing countries in the real world are further marginalized in cyberspace, and such marginalization may further weaken the countries’ status in the real world; on the contrary, developed countries in real space, especially those with remarkable advantages in industries and technologies, are also at the core of cyberspace, and as a result of their superiorities in technology, R&D, and innovation, the gap between developed and developing countries in the real world is further widened.

Specifically, the asymmetry of resources and capabilities is reflected in the following aspects:

The first aspect is the geographical distribution of Internet users. Though the total amount of Internet user groups rises dramatically, relative proportions of user groups within countries and the distribution among different classifications of countries differ significantly. Overall, user structure in global cyberspace has an expansion process from developed countries to developing countries. According to statistics of relative research institutes, including International Telecommunication Union (ITU), the total amount of global Internet users is more than 2.5 billion, which is nearly 40 % of global populations. Since 2006, the amount of Internet users from developing countries has gradually approached that in developed countries, and the former one finally accounts for more than 50 % of global Internet users. The advantage on user number, however, does not mean that the reality of low Internet penetration in developing countries can be ignored: while total amount of users increases, a huge disparity among different regions still exists. Statistics of ITU show that compared with America and Europe where Internet penetration has reached 60 %, African Internet users account for less than 10 % of total population.

Secondly, the gap in key data-related facilities between developed and developing countries is obvious. For instance, submarine cable system is a key infrastructure that supports global cyberspace. The world’s first transoceanic submarine cable (TAT-8) went into commercial service in December 1988. Since then, until 2008, companies from America and Europe monopolized the global optical fiber cable market. America and Europe served as starting points or central bridging points for all submarine cables that companies had constructed. Even though from 2008, some companies shifted their investment focus to districts with poor infrastructure like Africa, the reality of American and European companies’ monopoly in the field of submarine cable has not been changed. Statistics show that in the 5 years between 2008 and 2012, new submarine cable systems valuing $10 billion as a whole had went into service, with $2 billion or 53000 km per year, and 70 % of the systems were arranged in Sub-Saharan Africa. Regarding sources of investors, proportion of investments from large-sized operators and consortiums in America and Europe was further raised, reaching 80 % of the whole investments. By contrast, private investments from non-telecommunication organizations accounted for 14 %, and the proportion was only 5 % for investments from governments and development banks. Transnational companies of developed countries have an overwhelming advantage in the market of high-end servers. Statistics show that five companies from the US and Japan, including HP, IBM, Dale, Oracle and Fuji, occupied 84.7 % of market shares in 2012, reflecting their overwhelming superiority in the market.

Thirdly, the overwhelming advantage of developed countries can also be reflected in distribution and management mechanism of physical facilities of key infrastructures that ensure operation of global cyberspace. Domain name resolution system is an example: 13 top-level root name servers are governed by 3 companies, 3 government-related organizations, 3 universities and 1 non-profit private institution in the United States, 1 company and 1 private institution in Europe, and 1 Japanese organization respectively; and the “hidden distribution server” that sends root zone files to the 13 root name servers is owned and managed by VeriSign Inc. from the United States (SSAC ICANN 2014). Such distribution of key information infrastructure often have been taken as evidence to prove the existence of so called hegemonic orders in global cyberspace (Sonbuchner 2008).

In short, in today’s global cyberspace, developing countries mainly serve as users while developed countries mainly provide infrastructures and key applications. Such a new “center—periphery” structure has already emerged, and it is a structure with significant asymmetry, thus exacerbating the disparity of capabilities that has already existed between developed and developing countries as well as among developed countries. All the countries in the world, whether developed countries or developing countries, have gained corresponding awareness and comparatively systematic practices, consciously or unconsciously, on how to apply the principle of sovereignty in cyberspace. Through systematic practice on cyber security strategy, the United States shows how hegemony can extend sovereignty of a single country in global cyberspace in the name of weakening and eliminating sovereignty. Correspondingly, through “internationalization” and reinterpreting “multi-stakeholder model,” countries with power at a disadvantage try their best to weaken and hedge the expansion under the principle of sovereignty equality.

4 The American Cyber Security Strategy Highlights the Expanding of a Single Sovereignty into Global Cyberspace

Since June 2013, practices of expansion of US sovereignty in global cyberspace are mainly reflected in the following areas:

Firstly, proof on legality of network monitoring action on grounds of national security needs under the framework of sovereignty, which is greatly supported by the PRISM program. The disclosure of PRISM originated from information provided by former Central Intelligence Agency (CIA) employee Edward Snowden to European and American media. On June 6, 2013, The Washington Post published an article entitled “US, British intelligence mining data from nine US Internet companies in broad secret program”, revealing that the National Security Agency (NSA) has started to implement a signals intelligence collection activity called “PRISM”. The SIGINT Activity Designator (abbreviated to SIGAD) is US-984XN. Among the daily intelligence briefings read by the US president during 2012, 1447 of which appear with sources referred to as US-984XN. The media reports therefore regard “PRISM” as the most important intelligence source of the NSA. After “PRISM” was disclosed, the former Director of the NSA Michael Hayden created an argument that it is necessary to collect intelligence for the purpose of national security, including monitoring data within global cyberspace (Hayden et al. 2013).

Secondly, seeking to maximize the freedom of cyber operations in order to ensure national security, including the adoption of cyber deterrence as part of national defense strategy. The US also makes clear proclaims of its “right to self-defense” to be used freely in cyberspace, which implies that the US has the right to attack the source of threat when the US considers itself under threat. In April 2015, the US Department of Defense approved “The Department of Defense Cyber Strategy”, declaring explicitly the capability to block or control the escalation of all kinds of conflict through network methods as a strategic objective (The DOD Cyber Strategy 2015).

In terms of using the right of self-defense, the US makes it clear that other sovereign nations’ network facilities may become its legitimate targets. A typical case in 2015 shows that, by way of anonymous sources, the United States publicly declared to implement network attacks against threat sources identified by the US: on July 31, 2015, a US senior reporter David Sanger wrote in The Wall Street Journal and The New York Times, citing a White House source, that the US has decided to retaliate against the China network to punish the hacking that “steals 20 million US government employees’ information”. According to the article, it remains controversial as to how to implement the retaliation. The options vary from more mild diplomatic negotiation to “more important (and meaningful) actions that may lead to continuous upgrade of hacker attacks between the United States and China”. In addition, “such actions will be done in a partially public way in order to achieve a deterrent effect”. “Action plans to be chosen from that have been identified covering the most mild diplomatic protest to more complex operations” including “breaching China’s firewall” (Sanger 2015).

Thirdly, maintaining sovereignty control over the process of handover of IANA’s regulatory authority. On August 17, 2015, the director of National Telecommunications and Information Administration (NTIA) of US Department of Commerce announced plans to extend the contract with ICANN for 1 year on its official blog, and for the first time mentioned the most crucial part of the transition procedure in a relatively clear way. According to the announcement, the transition of management over the root zone file and root zone file server will be executed by NTIA and VeriSign in a relatively independent way under a separate process. As shown by the proposal that conceives the transition procedure, there is an experimental process for a period of 3 months, which can always be returned to zero and restarted, as long as the experiment operators including NTIA discovers that the “experimental data is in question” (NTIA Department of Commerce 2015).

For the characteristics described above, although little or almost nothing is mentioned in relation to sovereignty in US policy discourse and oath, and the United States has always refused to recognize the policy position, system design and strategy of other countries based on the principles of sovereignty, in fact, the United States’ preference is to extend the scope of its sovereignty.

5 Challenges in Process of Rebuilding Cyberspace Governance Based on Sovereign Equality

In 2005, report of the working group on internet governance produced by the United Nations, pointed out that DNS root zone files and systems, actually, are under “unilateral control by the United States Government” (de Bossey 2005). Since then, a reform of governance principals of global cyberspace has been pushed based on sovereign equality to transform governance modes of key resources represented by DNS root zone files and systems.

However, the reform mentioned above barely went forward from its very start. Only until March, 2014, when existence of the PRISM Program was leaked, the American government, obviously feeling great pressure, declared that it will give up regulatory permissions on IANA and transfer it to a private sector organized by “multi-stakeholder institutions” (Office of Public Affairs, NTIA, Department of Commerce 2014). Thanks to the authority transfer series of work on the reform stepped forward.

In progress of transfer the argument about governance principals was mainly reflected on the understanding of the mode of “multi-stakeholder institutions”.

Multi-stakeholder is an operation mode applied by the US in the 1990s in the process of Internet commercialization, which includes companies, individuals, NGO’s and sovereignties. Final decisions are made by a Board of Directors composed of a few professionals. Related companies, individuals and NGO’s practice their own work in subordinate regions or professional committees. Policies are adopted according to a top-down model, which means supporting committees submit suggestions or drafts to a Board of Directors and this Board of Directors approves them or not. The representatives of sovereignties are included in Government Advisory Committee and they only have the right to make suggestions on public policies and activities related to public policy and international law, while they don’t have policy-making power, nor do their suggestions have compulsory force (Kruger 2013).

The principal of sovereignty in the argument of multi-stakeholder is reflected on the status of Government Advisory Committee and the definition of the whole supervision mechanism.

American’s opinion, as mentioned above, is to establish a private governance mechanism, which was embodied in the file of DNS policy set by the DOC of the US, as well as in Internet communities at that time.

On January 28, 1998, before NTIA of the DOC published the new purely privatized DNS supervision program, American scholar Jon Postel, who made a great contribution to DNS, carried out the only test of transferring DNS root servers in the history of Internet development, which made the existence of “paralleled roots” (Gittlen 1998b) of global DNS (i.e. two parallel main root zones exist) possible, but under the greatest pressure of American government, the attempt was defined as a test, and 1 week later root zone was restored as before. Then NTIA of DOC determined rules of the game in Green Paper: the purely privatized resolution program will be replaced by a hybrid multi-stakeholder ICANN, and domain name registration, root file configuration and modification will be distinguished at the same time, which means ICANN is responsible for program approval and written assignments, a special agency is responsible for the configuration and modification of main root servers and the super root server later, while ICANN and the special agency obtain authorization through signing contracts with NTIA of DOC, and NTIA obtains the approval authority in nature. After all these jobs, professor Postel, who is well-known as “the godfather of DNS”, passed away aged 55 in Los Angeles due to heart problems (BBC 1998; Chandrasekaran 1998; Gittlen 1998a, b; Gerwig 1998; Damien 2002; Farber 2002).

The American government’s preference for the privatization plan of DNS governance comes from its administration and jurisdiction over American private sectors based on sovereign principal. It is funny that NTIA has flexibility in signing or varying supervision contracts with private companies. In the period of October, 1998–May 9, 2001, the DOC of the US signed 14 Amendments with NSI (Amendment No. 10–24) (NTIA Department of Commerce 2010); on May 25, 2001, NTIA of DOC and Verisign jointly declared in Amendment No. 24 that the “non-government party” in the agreement between NTIA of the DOC and NSI has been replaced by Verisign because Verisign purchased NSI and NSI has become a wholly owned subsidiary of Verisign (NTIA Department of Commerce 2001).

Additionally, based on their different interpretations of “sovereign equality”, parties seeking to carry out reforms of this surveillance mode put forward several representative approaches:

Among these approaches, a notable example is the NetMundial Initiative, a mildly evolutionary plan proposed by Brazil and some other countries under the framework of ICANN. This plan was launched at the NetMundail meeting held in Sao Paulo, in April 2014. Its core principles include three aspects: First, a mild adjustment to the framework of ICANN should be made and standpoints of the Governmental Advisory Committee, ICANN, should be accelerated gradually; The second aspect aims to separate ICANN’s policymaking of cyberspace governance from both its management and purview setting of root name servers; The last aspect clarifies that it should narrow ICANN’s oversights of root name servers down to the three ultimate root name servers managed by Verisign and ICANN, instead of involving in those root name servers under the jurisdiction of US government sectors and higher-education institutes. This plan truly reflects the preference of Brazil and other interest parties. However, these interest parties are not confident enough to restructure a brand-new cyberspace order. They would rather reach a very limited compromise with the US government through restricted improvements of the multi-stakeholder model. That is to say, they ensure ICANN’s independent surveillance over a limited number of root name servers. And as for this comprise itself; it is no more than a hope to require dominated countries to adopt better self-discipline.

In contract to the NetMundial Initiative, the Indian proposal at the ICANN conference held in Busan, in 2014, seems much more aggressive. It mainly proposes that International Telecommunication Union (ITU) should take over the governance of global cyberspace. To achieve this target, at the ITU Plenipotentiary Conference held in Busan, the same year, India first proposed that ICANN is supposed to transfer the relevant key technologies and its jurisdiction to the ITU; thereby putting the conclusion of the Busan Conference in peril. Besides, Indian suggestions on reconstructing key resources of global cyberspace are also aggressive. India suggests that it should refer to the management pattern and operational mechanism of international direct dialing. Specifically, each country could keep data resources under its own jurisdiction, and then when one accesses the relevant Internet resources, nationality codes will be used and thereby the Internet resources can be connected.

Since this proposal seems audacious and many procedural problems occur at the submission phase, the Indian plan met strong oppositions from the US government immediately and the US side clearly reflected that they refused to accept the Indian proposal at any price. After the Busan Conference, American scholars at different occasions mentioned that “Because of India’s actions in Pusan meeting, India has lost the prestige which is necessary to continually push forward the establishment of a new order of cyberspace.” Similarly, at the Berlin Conference, Indian officials from the ITU sought to argue that ITU is supposed to assume the main role in Internet management and governance; but their statements triggered flat refusals from the representatives of the US Department of Commerce. The US representatives argue that they will not transfer the jurisdiction of ICANN to any management institutions operated by any one or more sovereign states. Given the US side had given four relevant conditions for the transfer of jurisdiction, the US are in a good position to announce that they could suspend the transfer until a new proposal comes out once the Indian proposal is the final solution.

Regardless of Brazilian initiative and Indian proposal, as time goes, both of them might be end without a reason; therefore, it reflects the difficulty in imposing the principle of sovereign equality to cyberspace governance. Without thorough settlements and thereafter systemic reforms, it would be extremely hard to change and discipline the sole sovereign act imposed by the dominated country in virtue of morality and rules and regulations. Following the principle of sovereign equality under the governance of global cyberspace, one trying to construct a new set of rules of governance seems impossible to achieve its target in a foreseeable future. Thus, what people can do at this stage is that we should be more patient to see the balance of power and await a potential dominating body coming out, who is willing to follow the principle of sovereign equality in both belief and action and make effective self-discipline.

6 The Rising of China and the Enhanced Voice of Adapting Sovereignty in Global Cyberspace

Since 2013, cyber security has become one of the most important issues of the agenda of Grand National security strategy, especially after the founding of a new Working Group on Cyber Security and ICT which directly led President Xi Jinping to meet the challenges and threats rising within cyberspace (Shen 2014). President Xi and his decision making team set the significant goal of China in cyberspace as building China into a cyber power (wang luo qian guo) (Xinhua Net a 2014). The goal refers that the main strategy is to ensure that China develops from an important actor to a great power in cyberspace which means China should not only effectively defend possible threats from/by cyberspace, but also become more influential in the building of the rules that govern global cyberspace (Cyberspace Administration of China 2015). Cyber sovereignty occupies the central position of China’s cyber security strategy: protection of sovereignty in cyberspace is one of the tasks to ensuring national security listed by National Security Law of China (National Security Law of China 2015). It’s also the main goal of the Law of Cyber security of China ((National Security Law of China 2015) which states that to protect sovereignty in cyberspace and national security is the main reason to produce the law (National Security Law of China 2015).

Though there is still a single official document to explain what does cyber sovereignty means and how to ensure sovereignty in cyberspace from Beijing, President Xi Jinping already mentioned the term several times in which a few of the key components of the definition of cyber sovereignty can be understood: the first key parts of cyber sovereignty refers to the sovereignty of the state to manage the information flow inside the territory; the second is that every single state has the power to make cyber related policy independently; the third is that every state should have roughly equalized rights to participate in the decision making process of the rules, norms, or code of conduct that governs global cyberspace; and the respect of sovereignty should be one of the most important guiding principles to deal with cyber related issues internationally (Xinhua Net b 2014; Xi Jinping 2014).

One of the main reasons why Beijing prefers sovereignty in cyberspace is stimulation from the actions launched by the States in which the Internet served as the tools of US diplomacy, especially after 2009 when the term Internet Freedom has been produced to encourage NGO’s to launch peaceful regime change all around the world (Liebman 2010; Swett 1995). Just like the two sides of the same coin, when the US prefers to develop its cyber offensive capacity which includes the manipulation of the information flow in cyberspace, i.e., refers to “control or change the adversary’s information, information systems, and/or networks in a manner that supports the commander’s objectives” (Joint Chiefs of Staff 2013), or, to “build and maintain viable cyber options and plan to use those options to control conflict escalation and to shape the conflict environment at all states” (The DOD CYBER STRATEGY, The Department of Defense 2015). China will increasingly put special attention on ensuring sovereignty in cyberspace which is the main legal basement to ensure national security while China is the weaker side in the game of cyber security globally.

The same logic can also be applied to discussion on the production of new norms, or codes of conduct in the governance of global cyberspace. It also resulted that China prefers more on the “multilateral model” than the “multi-stake-holder model” during the negation on how to govern the key information infrastructure that supports global cyberspace represented by the Root DNS Sever, the root file and the root file system. Frankly speaking, Beijing doesn’t trust the multi-stake-holder approach which is specially favored by the States since China is concerned that the US will abuse its advantages in the ICT field to expend the sovereignty of the state into the global space while at the same time the model has become kind of an excuse to avoid other states like China protecting their interests in cyberspace. Such kind of suspect activity has been encouraged by the releasing of the Report of the Working Group on Internet Governance (WGIG) in 2005 which confirmed that the ‘administration of the root zone files and system’ of the Domain Name Server (DNS) was unilaterally controlled ‘by the United States Government’ (de Bossey 2005).

Since 2013, outside stimulation composed by the releasing of APT1 report, PRISM Project, and American’s suing of five PLA officials for commercial cyber espionage activities dramatically reminds Beijing that ensuring cyber security mainly by finding a proper way to protect its sovereignty in cyberspace should become the number one priority of the national security to do list.

In the future, the main challenge of China is to provide a more precisely defined cyber sovereignty and develop a sophisticated national strategy on cyber security so that it would be taken as a workable guiding principle when China becomes more and more actively participatory in a creating process of code of conduct in the global cyberspace. This may lead to a more constructive contribution to both of the theory and practice of International relations and International law in which the traditional principle of sovereignty will have its rebirth in a networked world.