Technologies appearing benign could possess dual-use capabilities, potentially enabling surveillance or even warfare against adopting nations in the future.

This report examines the evidence supporting and countering this perspective, analyzing the mechanisms of US surveillance, the dual-use nature of modern technology, and the impacts on non-US entities.

Navigating the Geopolitics of Technology: Surveillance Risks from US Platforms and Strategies for Non-US Territories

by Google Gemini, Deep Research with 2.5 Pro. Warning, LLMs may hallucinate!

Chapter 1: The US Surveillance Architecture and its Global Reach

1.1 Introduction: The Double-Edged Sword of US Technology

The global economy and society are increasingly reliant on technologies originating from the United States, particularly from Silicon Valley. These innovations offer substantial benefits in efficiency, connectivity, and economic growth.¹ However, this deep integration comes with inherent risks, particularly concerning surveillance capabilities embedded within the US legal and technological framework. Concerns have been raised that technologies appearing benign could possess dual-use capabilities, potentially enabling surveillance or even warfare against adopting nations in the future. This report examines the evidence supporting and countering this perspective, analyzing the mechanisms of US surveillance, the dual-use nature of modern technology, and the documented impacts on non-US entities. It concludes with strategic recommendations for non-US territories seeking to mitigate these risks and explores the potential consequences of inaction.

1.2 Key Legal Frameworks Enabling US Surveillance

The capacity of the US government to conduct surveillance, particularly involving data held by technology companies, rests on several key legal authorities. These frameworks grant intelligence and law enforcement agencies significant power to access communications and stored data, often with implications reaching far beyond US borders.

• Foreign Intelligence Surveillance Act (FISA) Section 702: Enacted as part of the FISA Amendments Act of 2008, Section 702 is a cornerstone of US foreign intelligence collection.³ It authorizes the targeting of non-US persons reasonably believed to be located outside the United States to acquire foreign intelligence information.⁴ This authority underpins major surveillance programs like PRISM, compelling US-based electronic communication service providers (CSPs) such as Google, Apple, Microsoft, Meta (Facebook), and others to turn over data matching court-approved selectors.³ Data collected can include emails, chats, photos, stored data, and voice-over-IP communications.³ Section 702 requests are approved in batches by the Foreign Intelligence Surveillance Court (FISC), a body that operates largely in secret, rather than requiring individual warrants based on probable cause for each target.⁶ While ostensibly targeting foreigners abroad, Section 702 inevitably captures communications involving US persons if they are communicating with a foreign target – the so-called "backdoor loophole" or "incidental collection".⁴ This collected data, including that of US persons, is stored in NSA databases searchable by agencies like the FBI, sometimes without a warrant specifically authorizing the search for that US person's information.⁶ Documents leaked by Edward Snowden indicated PRISM was the "number one source of raw intelligence used for NSA analytic reports," accounting for 91% of internet traffic acquired under Section 702.³ While companies named often deny providing "direct access" to their servers, they acknowledge complying with legally binding orders for specific accounts or identifiers.³ The FBI's Data Intercept Technology Unit (DITU) handles the actual data interception process, sending selectors to the service providers.³ Recent reauthorization of Section 702 has potentially expanded the definition of CSPs that can be compelled to assist, possibly including entities like landlords or businesses offering WiFi.⁷

• Executive Order 12333: Signed by President Reagan and subsequently modified, EO 12333 provides broad authority for the US intelligence community (IC) to collect foreign intelligence from communications conducted exclusively outside the United States.⁹ This includes signals intelligence (SIGINT) gathered from satellites or international communication links that do not terminate in the US.⁴ Because the targets are non-US persons located abroad, surveillance under EO 12333 generally does not require a warrant under the Fourth Amendment.⁹ Critically, if communications of US persons are incidentally collected as part of foreign intelligence gathering under EO 12333 (e.g., communications routed through servers outside the US without a US endpoint), this data, including content, can be retained.⁴ This collection occurs outside the specific oversight mechanisms mandated for Section 702 collection within the US.⁴

• The CLOUD Act (Clarifying Lawful Overseas Use of Data Act): Enacted in 2018, the CLOUD Act explicitly grants US law enforcement the authority to compel US-based technology providers to disclose data within their possession, custody, or control, regardless of where that data is stored globally.¹¹ This extraterritorial reach means a US warrant or other legal process served on a US company can require the production of data stored on servers in Europe, Asia, or elsewhere.¹¹ The Act aims to streamline access to electronic evidence for law enforcement, bypassing potentially slower Mutual Legal Assistance Treaty (MLAT) processes.¹² While it requires a warrant for communication content and allows companies to challenge requests that conflict with foreign law under certain conditions, its fundamental premise creates direct conflicts with data protection regimes like the EU's General Data Protection Regulation (GDPR), which seeks to limit third-country access to residents' data.¹¹ The CLOUD Act also allows for bilateral executive agreements where foreign governments meeting certain human rights and privacy standards can request data directly from US providers, and vice-versa.¹¹

These legal instruments operate in concert, leveraging the global footprint of US technology companies. The FISA court's secrecy and the frequent use of gag orders prevent companies from disclosing the nature and volume of requests, creating an opaque system where individuals, companies, and even foreign governments may be unaware their data is being accessed.⁷ This lack of transparency severely hinders accountability and the possibility of legal or diplomatic recourse. Furthermore, the US government also acquires vast amounts of data, including sensitive personal information, by purchasing it from commercial data brokers, bypassing warrant requirements altogether.¹⁰ The combination of these legal authorities and practices effectively transforms parts of the global digital infrastructure, dominated by US firms, into potential collection platforms for US intelligence and law enforcement, extending their reach far beyond US shores. The very structure of these laws appears designed to utilize the market dominance of US tech firms as a strategic asset for intelligence gathering.

1.3 The Enduring Impact of the Snowden Revelations

The global debate surrounding US surveillance practices was irrevocably altered in 2013 by the disclosures of former NSA contractor Edward Snowden.³ Leaking classified documents to journalists, Snowden exposed the existence and operational details of mass surveillance programs, most notably PRISM, and the vast scale of data collection undertaken by the NSA and its international partners, such as the UK's GCHQ.³ Snowden characterized some of these activities as "dangerous" and "criminal," warning that the extent of government surveillance capabilities far exceeded public knowledge.³

These revelations triggered international outrage and diplomatic friction, with allies like Germany describing the potential scope of interception as "nightmarish".³ The disclosures confirmed that major US technology companies were compelled to cooperate with NSA surveillance programs under FISA Section 702.³ They shattered assumptions about online privacy and significantly damaged trust between citizens, technology companies, and governments, particularly the US government.⁴ The Snowden leaks provided concrete evidence of the capabilities enabled by the legal frameworks discussed above, demonstrating how laws intended for foreign intelligence could result in the mass collection of communications, including those of ordinary citizens worldwide. The impact continues to resonate, fueling ongoing debates about privacy, security, government oversight, and the need for reform.⁴

The operational reality exposed by Snowden underscored the porous nature of the distinction between targeting "foreigners" and protecting "US persons." Given the global interconnectedness facilitated by US-based platforms, targeting foreign individuals under Section 702 inevitably sweeps up the communications of countless US persons and citizens of other nations who interact with them.⁴ The subsequent ability to query these vast datasets for information on US persons using the "backdoor search" loophole, often without a specific warrant, further blurred this line.⁷ This operational reality means that surveillance authorizations aimed at specific foreign threats effectively create a much broader surveillance capability impacting individuals globally.

---

Table 1: Comparison of Key US Surveillance Authorities

Chapter 2: The Dual-Use Conundrum: Innovation's Shadow

2.1 Understanding Dual-Use Technologies

The term "dual-use" refers to technologies possessing both civilian/commercial and military/intelligence applications.¹⁶ While traditionally applied to items like specific chemicals or nuclear materials, the concept is increasingly relevant to the digital realm. Many innovations emerging from Silicon Valley and the broader tech industry, such as artificial intelligence (AI), big data analytics, the Internet of Things (IoT), advanced semiconductor design, quantum computing, and even social media platforms, are inherently dual-use.¹⁶ Technologies developed for optimizing logistics, personalizing advertising, improving medical diagnostics, or connecting devices in smart homes can often be readily adapted for military reconnaissance, intelligence analysis, target identification, cyber warfare, or population surveillance.¹⁷ The rapid diffusion of these technologies, particularly software-based innovations like AI which are often open-source, makes controlling their spread and application exceptionally difficult.²¹ This dual-use nature means that advancements driven by commercial incentives can inadvertently, or sometimes intentionally, enhance state capabilities for surveillance and conflict.¹⁶

2.2 Evidence of Benign Technologies Repurposed for Surveillance and Conflict

The repurposing of commercially developed technologies for surveillance and military applications is not theoretical; it is an observable reality across several domains:

• Artificial Intelligence and Data Analytics: AI algorithms designed for tasks like image recognition in consumer applications (e.g., tagging photos) can be trained to identify military targets or monitor specific activities in surveillance footage.¹⁸ Pattern analysis developed for market forecasting or fraud detection can be used for predictive policing or identifying potential dissidents.¹⁷ Advanced AI, particularly foundation models trained on vast datasets, is being explored and, in some cases, deployed for intelligence analysis, target acquisition, and reconnaissance.¹⁹ This includes the development of Lethal Autonomous Weapons Systems (LAWS) that can independently identify and engage targets without real-time human control.¹⁷ However, the use of AI in these contexts carries significant risks. AI algorithms can inherit and amplify biases present in their training data, leading to disproportionate misidentification rates for certain demographic groups, such as racial minorities and women.²⁵ Furthermore, large foundation models, often trained on publicly available and potentially personal data scraped from the internet, pose unique threats. They can generate false positives, leading to the targeting of innocent civilians, as pattern-matching capabilities may extrapolate connections that lack real-world validity.¹⁹ The reliance on web-scale datasets also makes these models vulnerable to "data poisoning" attacks, where adversaries intentionally introduce malicious data to manipulate the AI's behavior.¹⁹

• Internet of Things (IoT) and Sensors: The proliferation of internet-connected devices in homes, cities (smart cities), and industrial settings creates an exponentially expanding network of sensors generating massive streams of data.²⁶ While intended for efficiency, convenience, or monitoring infrastructure, this data can be intercepted or accessed by intelligence agencies, providing detailed insights into movements, activities, and environmental conditions for surveillance purposes.²⁶ Even seemingly innocuous devices like connected thermostats or automobiles collect data that could be exploited.²⁷

• Communication Platforms: As established in Chapter 1, commercial communication platforms – including email services, video and voice chat applications (like Skype), and social media networks – are routinely leveraged by governments under legal compulsion (like FISA Section 702) to access user communications and data.³ Social media monitoring tools are also used by law enforcement, sometimes controversially, to track public posts and identify individuals, even those participating in protests.²⁸ These platforms, designed for connection and information sharing, become critical conduits for state surveillance.

The commercial imperative to innovate in areas like AI and big data analytics, primarily centered in hubs like Silicon Valley, thus produces increasingly sophisticated tools that align closely with the objectives of state surveillance and military modernization.¹⁷ This effectively blurs the distinction between civilian technological progress and the enhancement of state power projection and control capabilities.

2.3 Illustrative Case Studies

The convergence of commercial technology and state surveillance/military applications is exemplified by companies specifically operating in this dual-use space, as well as by the misuse of tools intended for legitimate purposes.

• Palantir Technologies: Founded with early backing from the CIA's venture capital arm, Palantir specializes in big data analytics platforms designed to integrate and analyze vast, disparate datasets for intelligence, defense, and law enforcement clients.²³ Its core platforms, like Palantir Gotham, are used by numerous US government agencies (CIA, DHS, NSA, FBI, CDC, various military branches) and foreign partners, including the Ukrainian military.²³ Palantir explicitly markets its technology for national security and military purposes, including predictive policing (which has drawn criticism for potential bias) and, more recently, its Artificial Intelligence Platform (AIP).²³ AIP is designed to integrate large language models (LLMs) and other AI tools into military operations, enabling operators to query intelligence data, generate potential courses of action, automate target analysis, and even control assets like drones or jamming systems.²⁹ While Palantir emphasizes ethical guardrails and human oversight within AIP ²⁹, critics raise concerns about the potential for automating warfare, the abstraction of killing, and whether the "human in the loop" provides meaningful control or merely rubber-stamps AI recommendations.³⁰ The company's business model inherently involves leveraging advanced data analysis techniques, often developed with commercial applications in mind, for state security purposes, embodying the dual-use challenge.

• NSO Group (Pegasus Spyware): NSO Group, an Israeli cyber-arms firm, developed Pegasus, one of the most sophisticated pieces of spyware known.³¹ Sold exclusively to government clients for ostensibly fighting crime and terrorism, Pegasus can be covertly installed on target mobile phones (iOS and Android), often using "zero-click" exploits that require no user interaction.³¹ Once installed, it grants the attacker complete access to the device's data, including encrypted messages, call logs, contacts, location history, passwords, and can activate the microphone and camera for real-time eavesdropping.³¹ Despite NSO's claims of legitimate use, investigations by organizations like Citizen Lab and Amnesty International have repeatedly documented Pegasus being used by governments worldwide to target journalists, human rights activists, political dissidents, lawyers, and even heads of state.³¹ The US government placed NSO Group on an export blacklist due to these activities.³² However, the operation of Pegasus highlights global technological entanglement; lawsuits revealed that NSO utilized US-based servers (including some in California) to deploy the spyware against targets via platforms like WhatsApp.³² NSO has argued in court that targeting high-ranking government or military officials is legitimate intelligence gathering, broadening the potential scope of acceptable use beyond just criminals and terrorists.³³ Pegasus demonstrates the existence of a global market for powerful, intrusive surveillance tools developed by private companies, lowering the barrier for states to acquire capabilities previously limited to major powers, and showing how even non-US actors can leverage US infrastructure for their operations.

These cases illustrate how technologies, whether data analytics platforms or targeted spyware, blur the lines between commercial innovation, national security, and potential human rights abuses. The inherent complexity and opacity of advanced AI models introduce further complications. The "black box" nature of neural networks, where decisions emerge from patterns in vast datasets rather than explicit human reasoning, makes their behavior difficult to fully predict or audit.¹⁹ Combined with vulnerabilities in training data – susceptibility to inherent biases or deliberate adversarial poisoning – deploying these AI systems in high-stakes surveillance or military contexts creates significant unpredictable risks.¹⁹ Errors could lead to catastrophic outcomes, such as the misidentification and targeting of civilians, or manipulation by adversaries in ways that are hard to detect or prevent.¹⁹ This moves beyond simple misuse into the realm of inherent unreliability and vulnerability embedded within the technology itself.

Chapter 3: Validating Concerns: Evidence Supporting Caution

The assertion that non-US territories should exercise caution when importing or utilizing US technology, particularly from Silicon Valley, finds support in several interconnected lines of evidence related to surveillance impacts, technological dependency, international legal conflicts, and documented abuses.

3.1 Impact of US Surveillance on Non-US Entities and Citizens

US surveillance laws like FISA Section 702 and Executive Order 12333 are explicitly designed or operationally function to collect intelligence from non-US persons located outside the United States.³ While Section 702 requires targeting non-US persons abroad, the nature of global communications means this "incidental" collection inevitably sweeps up vast quantities of data belonging to individuals worldwide who communicate with targets or simply use US-based platforms.⁴ EO 12333 allows for broad collection outside the US with even fewer constraints.⁴

This surveillance has tangible consequences. Beyond the direct collection of data, the knowledge or suspicion of being monitored can exert a chilling effect on freedom of expression and association, particularly for journalists, activists, researchers, and dissidents who may self-censor controversial or sensitive communications.⁵ Furthermore, the data collected, even if initially for foreign intelligence purposes, can potentially be used for other means, creating risks of discrimination, coercion, or selective enforcement against individuals or groups based on their communications, beliefs, or associations revealed through surveillance.³⁴ Documented abuses within the US system, such as the FBI's improper querying of Section 702 databases for information on US citizens, including protestors, political donors, and crime victims, demonstrate that the potential for misuse is real.⁶ Given that oversight and legal protections are generally weaker for non-US persons ¹⁵, it is highly plausible that similar or greater misuse occurs against foreign targets, though it is far harder to detect due to secrecy and the lack of legal standing for foreigners in US courts.³⁴

3.2 Technological Dependency as a Geopolitical Vulnerability

Heavy reliance on technology sourced predominantly from a single foreign power, such as the United States, creates significant geopolitical vulnerabilities.³⁵ This dependency extends beyond software to critical infrastructure, cloud services, semiconductor supply chains, and core digital platforms.²⁰ Such dependence can be exploited as leverage in international disputes. A foreign power could potentially threaten to restrict access to essential technologies, mandate software updates containing hidden vulnerabilities, disrupt services, or use its control over data flows for economic coercion or intelligence advantage.³⁷

Furthermore, dependency implies a lack of control over the security, integrity, and operational parameters of the technology stack.³⁵ Non-US countries may find it difficult or impossible to fully audit proprietary foreign systems for backdoors or vulnerabilities, leaving them exposed to risks they cannot adequately assess or mitigate.⁴⁰ This technological reliance can translate directly into reduced strategic autonomy, forcing nations to align their policies or tolerate actions (like surveillance) that contravene their own laws or interests, simply because the technological alternative is unviable or unavailable.³⁶ Adopting US technology, therefore, often means implicitly importing US legal and surveillance norms, potentially undermining domestic laws and sovereignty even without explicit agreement.¹³ The use of US cloud providers, for instance, subjects stored data to the reach of the US CLOUD Act, regardless of the server's physical location or local data protection laws.¹¹ This constitutes a de facto extension of US jurisdiction facilitated by technological integration.

3.3 International Law, Human Rights, and Criticisms of US Surveillance

US surveillance practices, particularly the large-scale collection programs revealed by Snowden, have faced significant criticism for potentially violating international human rights law, most notably the right to privacy enshrined in instruments like the International Covenant on Civil and Political Rights (ICCPR).⁵ The ICCPR states that "no one shall be subjected to arbitrary or unlawful interference with his privacy".¹⁵ Critics argue that bulk collection programs under Section 702 and EO 12333 lack the necessary proportionality, necessity, and adequate oversight required by international standards.⁵

A key point of contention is the disparity in protections afforded to US persons versus non-US persons under US law.¹⁵ While US citizens have Fourth Amendment protections (though often debated in the surveillance context), non-US persons outside the US have far fewer legal safeguards against surveillance by US agencies.⁹ Furthermore, effective redress mechanisms for non-US individuals whose rights may have been violated by US surveillance are often lacking.¹⁵ Civil liberties organizations like the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) have consistently challenged the legality and constitutionality of US surveillance laws, arguing they represent government overreach and violate fundamental rights, including those under the First and Fourth Amendments.⁸ These criticisms highlight a perceived gap between US surveillance practices and internationally recognized human rights norms.

3.4 The Data Sovereignty Challenge: GDPR, the US CLOUD Act, and the Schrems II Fallout

The tension between US surveillance laws and foreign data protection regimes crystallized in the Schrems II decision by the Court of Justice of the European Union (CJEU) in July 2020.⁴¹ The EU's General Data Protection Regulation (GDPR) imposes strict rules on the processing of personal data of EU residents and limits transfers of such data to countries outside the EU unless an "adequate" level of protection can be guaranteed.⁴⁷

In Schrems II, the CJEU invalidated the EU-US Privacy Shield framework, which had previously facilitated transatlantic data flows.⁴¹ The court ruled that US surveillance laws, specifically citing FISA Section 702 and EO 12333, allowed US public authorities access to transferred data in ways that did not meet the GDPR's standards of necessity and proportionality, and that EU data subjects lacked effective judicial redress in the US against such surveillance.⁴¹

While the CJEU upheld the validity of Standard Contractual Clauses (SCCs) as a potential mechanism for data transfers, it added a crucial caveat: organizations using SCCs must conduct a case-by-case assessment (a Transfer Impact Assessment or TIA) to verify whether the laws and practices of the recipient country ensure adequate protection in line with EU standards.⁴¹ If the assessment reveals that the recipient country's laws (like US surveillance laws) undermine the protections offered by the SCCs, the data exporter must implement supplementary measures (e.g., strong encryption where feasible) to ensure equivalent protection. If adequate protection cannot be ensured even with supplementary measures, the transfer must be suspended or prohibited.⁴²

This ruling created significant legal uncertainty and operational challenges for companies transferring data from the EU to the US, particularly those relying on major US cloud providers.¹⁴ It starkly highlighted the direct conflict between the GDPR's goal of protecting EU data from foreign government access and the US CLOUD Act's mandate allowing US authorities to compel access to data held by US providers, irrespective of its storage location.¹¹ This places companies utilizing US-based cloud infrastructure for processing EU data in a potential legal bind, caught between conflicting legal obligations.¹¹ The Schrems II decision is not merely a technical legal dispute; it reflects a fundamental divergence in values and legal approaches between the EU and the US regarding the balance between national security, law enforcement access, and fundamental rights to privacy and data protection, forcing other nations and global businesses to navigate this complex and contested landscape.⁴¹

Chapter 4: Counterarguments: The Case for Technological Engagement

Despite the significant risks associated with surveillance and dependency, a compelling case exists for continued engagement with US technology, particularly from Silicon Valley. The benefits offered are substantial, and the alternatives, including technological isolationism, present their own considerable challenges.

4.1 Acknowledged Benefits: US Technology as a Driver for Innovation, Efficiency, and Growth

US technology companies have been at the forefront of digital innovation, developing products and services that drive economic growth, enhance productivity, and address societal challenges globally.¹ Adopting these technologies offers numerous advantages to non-US territories:

• Increased Efficiency and Productivity: Technologies like cloud computing, AI-driven analytics, automation software, and advanced communication platforms enable businesses and public sector organizations to streamline operations, reduce costs, and improve service delivery.² Examples include optimizing manufacturing processes, improving research administration through automated workflows ⁴⁸, enhancing agricultural yields via precision agriculture tools ⁵⁰, and facilitating remote work.⁴⁹

• Access to Innovation and Competitiveness: The US possesses a vibrant innovation ecosystem fueled by significant R&D investment.¹ Engaging with this ecosystem provides access to cutting-edge technologies (AI, quantum computing, biotech) essential for maintaining global competitiveness.¹ US tech can empower local innovators by providing powerful platforms and tools, such as cloud computing capabilities that allow enterprises to scale anywhere.²

• Economic Growth and Development: US technology facilitates digital trade, connecting businesses to global markets and enabling the growth of service sectors like finance, education, and health.⁵² Digital tools can enhance financial inclusion, improve health outcomes through telehealth, and support sustainable development goals, such as using ICT solutions to reduce greenhouse gas emissions.² Investment in technology adoption is seen as a key driver for transforming economies.¹

• Global Integration and Standards: US technologies often underpin global communication and commerce networks.⁵³ Participation allows for integration into these networks, benefiting from established standards and interoperability, although this also contributes to dependency risks.

The benefits derived from US R&D investments and the resulting technological advancements reverberate through all sectors of the global economy, making these technologies highly attractive, if not essential, for many nations.²

4.2 Perspectives on Risk Mitigation and Oversight

While criticisms of US surveillance are valid, proponents of engagement point to existing, albeit imperfect, oversight mechanisms and legal distinctions within the US system. The Foreign Intelligence Surveillance Court (FISC) reviews applications for surveillance under FISA, including Section 702 certifications.⁴ Independent bodies like the Privacy and Civil Liberties Oversight Board (PCLOB) also review surveillance programs and make recommendations, sometimes agreeing that changes are needed.⁸ US law distinguishes between surveillance targeting non-US persons abroad (under authorities like Section 702 or EO 12333) and surveillance targeting individuals within the US or US persons abroad, which generally requires a warrant based on probable cause from the FISC or regular federal courts.⁶

Furthermore, major technology companies publicly state that they do not provide voluntary or "direct access" to government agencies but comply only with legally binding orders or subpoenas for specific accounts or identifiers.³ While gag orders often prevent disclosure of specific requests, some companies publish transparency reports indicating the volume of government demands they receive.⁷

Technical mitigation strategies, such as end-to-end encryption, are employed by many services to protect user data. However, the US government, particularly the Department of Justice and FBI, has persistently argued against strong encryption without "backdoors" or mandated access for law enforcement, creating tension with privacy advocates and security experts who argue such backdoors inevitably create vulnerabilities exploitable by criminals and foreign adversaries.⁴⁶

4.3 The Perils and Practicalities of Technological Isolationism

Attempting to completely decouple from the US technology ecosystem ("technological autarky") presents significant practical challenges and potential downsides for most nations.⁴⁰ Building competitive domestic alternatives across the entire technology stack, from semiconductors to cloud computing to AI, requires immense investment, a highly skilled workforce, and access to global markets and supply chains – resources few nations possess independently.¹

Isolation risks cutting a nation off from the forefront of global innovation, leading to a technological lag that could severely hamper economic competitiveness and even national security in the long run.¹ The interconnected nature of modern research, development, and supply chains makes true self-sufficiency extremely difficult to achieve.³⁸ Even proponents of "technological sovereignty" often distinguish it from autarky, acknowledging the need for international collaboration and strategic interdependence.³⁵

Moreover, seeking alternatives to US technology might lead nations towards other dominant players, such as China. However, relying on Chinese technology carries its own significant, and potentially greater, set of risks related to state surveillance, censorship, intellectual property theft, data security, and geopolitical leverage wielded by an authoritarian state.²⁶ Therefore, isolationism may not only be impractical but could lead to dependencies on actors posing even more direct threats to national interests and democratic values.

The inherent tension is that the very characteristics making US technology powerful and beneficial – its scale, integration, advanced capabilities, and network effects ¹ – are directly linked to the factors creating risk, namely the aggregation of data and centralized control by US companies subject to US surveillance laws.³ This creates a fundamental trade-off: maximizing the economic and efficiency gains from US technology may inherently increase exposure to US surveillance and geopolitical influence. Separating the benefits from the risks is extraordinarily difficult due to the integrated nature of the ecosystem. Consequently, a strategy of complete technological isolation appears largely unfeasible and potentially counterproductive for most nations. A more pragmatic approach likely involves managing the risks associated with dependency rather than attempting an impossible quest for complete self-sufficiency.⁴⁰

---

Table 2: Risk/Benefit Analysis of Adopting US/Silicon Valley Technology

Chapter 5: Charting a Course Towards Technological Sovereignty

Faced with the risks inherent in dependency on foreign technology ecosystems, particularly those of the US and China, many nations and regions are exploring strategies to achieve greater technological or digital sovereignty. This involves asserting more control over their digital infrastructure, data, and technological development pathways.

5.1 Defining and Pursuing Technological and Digital Sovereignty

Technological or digital sovereignty refers to the capacity of a state, nation, or region to have meaningful control over its own digital destiny – encompassing the data, hardware, software, standards, and infrastructure it relies upon.³⁵ The core aim is to reduce unilateral dependencies on foreign powers, especially in critical technologies like AI, semiconductors, and cloud computing, thereby enhancing national security, economic competitiveness, and resilience against crises or external pressure.³⁵

Crucially, technological sovereignty is generally not pursued as complete technological self-sufficiency or autarky, which is widely recognized as impractical in today's interconnected world.⁴⁰ Instead, the goal is typically to achieve autonomy or minimize dependency in strategically vital areas, ensuring the state retains the ability to act according to its own priorities and values.³⁵ This includes the ability to understand, apply, and potentially produce key technologies domestically; shape technological standards in line with democratic values; build a skilled workforce; and ensure that reliance on foreign expertise or imports does not compromise the state's ability to function or protect its citizens' rights.³⁵ Motivations are multifaceted, ranging from safeguarding national security secrets and critical infrastructure to fostering domestic innovation, protecting citizen privacy from foreign surveillance laws like the CLOUD Act, and resisting geopolitical influence.³⁵

5.2 Exploring Alternatives and Diversification Strategies

Several initiatives and national capabilities represent potential pathways or components for diversifying away from over-reliance on US (or Chinese) technology:

• EU Efforts (GAIA-X, EuroStack): The European Union has made digital sovereignty a strategic priority.⁶¹ GAIA-X was launched by France and Germany in 2019 as an initiative to build a federated, secure, and interoperable data infrastructure based on European values like privacy, transparency, and data control.⁶² It aims to connect existing European cloud providers through shared rules and open standards, creating an alternative ecosystem less dependent on US hyperscalers (Amazon Web Services, Microsoft Azure, Google Cloud) and less exposed to extraterritorial laws like the US CLOUD Act.⁶² However, GAIA-X has faced significant challenges: progress has been slow, hampered by internal divisions, a lack of consensus on the definition of sovereignty, and the sheer market dominance and investment power of US competitors.⁵⁶ Critics note that the market share of EU cloud providers has actually shrunk since its inception.⁵⁶ EuroStack represents a broader, more ambitious vision for a "full-stack" sovereign European tech sector, encompassing hardware, software, and data infrastructure, though its realization remains a long-term goal.³⁹ Despite setbacks, these initiatives signal a clear political intent to foster European alternatives.⁶³

• India Stack: India has developed a unique model of digital public infrastructure known as India Stack.⁶⁰ This consists of a set of open Application Programming Interfaces (APIs) and digital public goods built on foundational layers: Aadhaar (biometric digital identity for over 1.3 billion residents), Unified Payments Interface (UPI, enabling real-time mobile payments at massive scale with minimal cost), DigiLocker (secure digital document storage), and the Account Aggregator framework operating under the Data Empowerment and Protection Architecture (DEPA, allowing consent-based data sharing).⁵⁴ Built on principles of openness, interoperability, and scalability, India Stack was designed to address specific national needs like financial inclusion, reducing fraud in government benefit delivery, and digitizing services for a vast population.⁶⁰ Its success has spurred significant innovation in the fintech sector and demonstrated how digital infrastructure developed as a public good can drive economic activity and empower citizens.⁵⁴ The model, particularly its open-source identity component (MOSIP), is being explored or adopted by several other developing nations, offering a potential blueprint for building national digital ecosystems independent of dominant proprietary platforms.⁶⁰ The success of India Stack suggests that focusing on specific national priorities and leveraging open, modular public infrastructure can be a viable path for nations not aiming to compete directly with global hyperscalers across all domains.

• South Korea's Strengths: South Korea possesses significant technological capabilities as a world leader in advanced manufacturing, particularly in semiconductors (Samsung, SK Hynix), consumer electronics (LG), and automobiles (Hyundai).⁵¹ It has a highly developed digital infrastructure and strong domestic tech companies like Naver and Kakao that successfully compete with US giants in the local market, offering tailored services.⁶⁸ South Korea is also investing heavily in areas like AI and next-generation communications.⁵¹ While closely allied with the United States, which may limit its pursuit of full technological independence, its capabilities make it a potential key partner in building more resilient global supply chains and contributing to alternative technological solutions, perhaps as a "critical technology wingman".⁵¹ However, it also faces challenges navigating US-China tech competition and local regulatory hurdles for foreign firms.⁵¹

• Other National/Regional Initiatives: Other nations, such as Brazil and Estonia, are also developing their own digital public infrastructure initiatives, often inspired by models like India Stack or Estonia's own e-governance system, indicating a broader global trend towards seeking greater national control over digital systems.⁶⁵

5.3 Viability Assessment: Challenges and Considerations

While alternative models and national capabilities exist, achieving meaningful technological sovereignty faces substantial hurdles. Building globally competitive alternatives to entrenched US technology giants requires enormous, sustained investment in R&D, infrastructure, and talent development.¹ The network effects and economies of scale enjoyed by dominant players create high barriers to entry.² Political will within nations or regions can be fragmented, and industrial policies aimed at fostering domestic champions can be difficult to implement effectively, as seen with some of the struggles of GAIA-X.⁵⁶

Crucially, the choice of alternatives must be carefully considered. Turning away from US technology only to become dependent on platforms from other major powers, particularly China, may simply substitute one set of risks for another, potentially more severe, set.²⁶ China actively promotes its technology ecosystem globally through initiatives like the Digital Silk Road and advocates for its state-centric model of "Cyber Sovereignty".⁶¹ However, adopting Chinese technology brings well-documented risks of pervasive state surveillance for social control and espionage, censorship, intellectual property theft, potential backdoors for cyberattacks on critical infrastructure, and the export of tools supporting digital authoritarianism.²⁴ China's national security laws compel companies to cooperate with intelligence services, mirroring concerns about US laws but within a less transparent and more authoritarian system.²⁶

Therefore, true technological sovereignty likely requires more than simply switching suppliers. It points towards the need to build genuine domestic capacity or foster a diversified ecosystem of trusted international partners, perhaps leveraging open standards and interoperable systems (like the vision of India Stack or GAIA-X) to avoid lock-in to any single dominant foreign power.⁶⁰ Furthermore, a nation's geopolitical alignment significantly shapes its options. Close US allies may find pursuing complete independence from US tech difficult but might leverage the alliance for specific technological advantages or collaborative resilience efforts.⁵¹ Conversely, nations seeking greater strategic autonomy face stronger imperatives to develop independent capabilities or align with alternative technological blocs, navigating the pressures of US-China competition.³⁸

Chapter 6: Strategic Recommendations for Non-US Territories

Given the complex interplay of benefits and risks associated with foreign technology adoption, particularly from the US, non-US territories require a proactive and strategic approach to manage dependencies and enhance technological resilience. This involves a combination of risk assessment, policy and legal measures, investment in domestic capabilities, and international cooperation. The goal should be managed interdependence rather than unattainable autarky.⁴⁰

6.1 Framework for Foreign Technology Risk Assessment

Nations should establish formal, systematic processes for evaluating the risks associated with adopting foreign technologies, especially for critical infrastructure, government systems, and essential public services.⁷¹ This assessment should apply not only to US-origin technology but also to offerings from other major players like China. Key assessment criteria should include:

• Origin Country's Legal Framework: Analyze laws governing government access to data (e.g., US FISA Section 702, CLOUD Act; China's National Security Law, Cybersecurity Law) and their extraterritorial reach.³

• Provider's Track Record: Evaluate the company's history regarding security incidents, cooperation with intelligence agencies (voluntary or compelled), transparency, and respect for user privacy and local laws.³

• Dual-Use Potential: Assess whether the technology has inherent capabilities that could be easily repurposed for surveillance, intelligence gathering, or military applications.¹⁷

• Data Handling Practices: Determine data storage locations, data processing activities, encryption standards (including key management), and data residency options.¹¹

• Interoperability and Exit Strategy: Evaluate the ease of migrating data and services away from the provider, favoring solutions based on open standards to avoid vendor lock-in.³⁵

• Supply Chain Security: Assess the security of the hardware and software supply chain involved in the technology.²

6.2 Policy and Legal Levers

Governments can utilize several policy and legal instruments to assert greater control and mitigate risks:

• Strengthen Domestic Data Protection Laws: Enact or rigorously enforce comprehensive data protection legislation modeled on high standards like the GDPR. This creates a legal basis for regulating data handling, restricting cross-border transfers where adequate protection cannot be ensured, and imposing penalties for non-compliance.⁴⁷

• Promote Open Standards and Interoperability: Mandate or incentivize the use of open standards in public procurement and critical sectors. This fosters competition, prevents vendor lock-in, facilitates the integration of diverse solutions (including domestic ones), and enhances long-term flexibility.³⁵

• Scrutinize Contracts and Service Level Agreements (SLAs): Negotiate robust contracts with foreign technology providers that explicitly address data sovereignty concerns, mandate compliance with local laws, require transparency regarding government data access requests (to the extent legally possible), specify strong security measures, and allow for independent audits.¹¹

• Implement Robust Cybersecurity Mandates: Establish and enforce baseline cybersecurity standards for all technology providers operating within the country, particularly those serving critical infrastructure or handling sensitive data. This should include requirements for regular vulnerability assessments, penetration testing, secure software development practices, and timely incident reporting and response.²

• Consider Data Localization (Strategically): Evaluate targeted data localization requirements for specific categories of highly sensitive data (e.g., government secrets, critical infrastructure operational data, certain health data). However, recognize that localization alone does not prevent access under laws like the US CLOUD Act and weigh the potential negative impacts on trade, innovation, and the free flow of information.¹⁴

6.3 Fostering National Technological Resilience

Building long-term resilience requires nurturing domestic capabilities and diversifying dependencies:

• Invest in Domestic Innovation Ecosystems: Provide funding and policy support for national R&D programs, technology startups, universities, and research institutions focused on strategic areas like AI, cybersecurity, quantum computing, and secure cloud infrastructure.¹ Explore the applicability of models like India Stack for building digital public goods tailored to national needs.⁶⁰

• Promote Supplier Diversification: Actively encourage the use of technology providers from a wider range of trusted countries and support the growth of competitive domestic suppliers to avoid over-reliance on any single foreign source, particularly the US or China.³⁵

• Develop a Skilled Workforce: Invest significantly in STEM education, vocational training, and specialized cybersecurity and data science programs to build the human capital necessary to develop, manage, secure, and innovate using advanced technologies.¹

• Enhance Research Security: Implement clear guidelines and best practices within research institutions to protect sensitive R&D from foreign government-sponsored espionage, intellectual property theft, and conflicts of interest, while still encouraging principled international collaboration.⁷¹

6.4 International Cooperation

Addressing global technology challenges requires collaboration:

• Ally with Like-Minded Nations: Form partnerships with countries sharing similar concerns about technological dependency and surveillance risks. Collaborate on threat intelligence sharing, joint R&D projects, development of common technical standards and regulatory approaches, and potentially collective negotiation with dominant tech providers.³⁵

• Engage in Global Norm-Setting: Actively participate in international forums (e.g., UN, ITU, OECD, standards bodies) to shape global norms, ethical guidelines, and regulations concerning state surveillance, cross-border data flows, AI governance, and cybersecurity.¹⁵

Implementing these recommendations requires a multi-layered strategy. Legal frameworks like enhanced data protection laws provide a foundation, but can be undermined by the extraterritorial reach of foreign laws like the CLOUD Act.¹⁴ Technical measures like promoting open standards ³⁵ offer flexibility but don't eliminate underlying dependencies. Long-term investment in domestic innovation ³⁵ is crucial but takes time and significant resources.⁵⁶ International collaboration ⁵⁵ is necessary to address shared challenges and achieve scale. Therefore, an effective approach must integrate legal, technical, strategic investment, and diplomatic efforts, recognizing that no single measure is sufficient to fully mitigate the complex risks involved.

---

Table 3: Matrix of Recommendations and Associated Risk Mitigation Actions for Non-US Territories

Chapter 7: The Cost of Inaction: Foreseeable Consequences

Choosing not to proactively address the risks associated with technological dependency, particularly on platforms subject to powerful foreign surveillance regimes, is not a neutral stance. It represents a passive acceptance of escalating vulnerabilities with potentially severe and wide-ranging consequences for national security, economic prosperity, political autonomy, and individual rights.

7.1 Heightened Exposure to Foreign Espionage and Surveillance

Continued, unmitigated reliance on technologies governed by laws like the US FISA Section 702 and the CLOUD Act, or analogous laws in other states like China, will inevitably facilitate greater intelligence collection by those foreign powers.³ This includes surveillance targeting government communications, critical infrastructure operations, sensitive commercial activities, and private citizens. The consequence is an increased risk of losing valuable state secrets, military intelligence, proprietary corporate data, intellectual property, and economic strategies, thereby undermining national security, defense capabilities, and international competitiveness.²⁷

7.2 Risk of Economic Coercion and Strategic Disadvantage

Deep technological dependency creates vulnerabilities that can be weaponized in geopolitical disputes.³⁷ A dominant foreign power could threaten to restrict access to critical software updates, deny essential cloud services, manipulate data flows, or impose unfavorable licensing terms as a form of economic coercion or political leverage.³⁷ Nations heavily reliant on a single foreign tech ecosystem risk being locked into technological pathways and economic standards dictated by that power, limiting their ability to pursue independent economic strategies or benefit from a competitive global market.³⁸

7.3 Erosion of National Security, Autonomy, and Citizen Trust

Foreign control or influence over critical national infrastructure – such as telecommunications networks, energy grids, transportation systems, or financial services increasingly managed by or dependent on foreign technology – creates tangible national security risks.²⁷ These systems could become targets for sabotage, disruption, or espionage during periods of tension or conflict, potentially crippling essential services and emergency response capabilities.²⁷ Beyond physical infrastructure, dependence on foreign platforms for information dissemination can make nations more susceptible to foreign influence operations or censorship, eroding political autonomy.²⁷ If governments are perceived as unable or unwilling to protect citizens' data and digital infrastructure from foreign intrusion or domestic misuse enabled by foreign tech, public trust in both government institutions and technology itself may decline significantly.¹¹

7.4 Compromised Privacy and Human Rights

The most direct consequence for individuals is the continued erosion of privacy due to mass surveillance capabilities embedded within or accessible through foreign technologies.⁵ This chills free expression and association and potentially enables discrimination or other rights abuses.³⁴ Furthermore, there is a risk that surveillance technologies imported from countries with strong state surveillance apparatuses (like the US or China) could be misused by the adopting government against its own population, leveraging the capabilities built into the foreign product, potentially with fewer safeguards than domestically developed systems might have incorporated.²⁵

The failure to act strategically against these accumulating risks allows vulnerabilities to deepen over time.³⁹ As technology advances, surveillance capabilities become more potent, and geopolitical tensions rise, the potential for exploiting these dependencies increases.³⁸ Inaction, therefore, amounts to a gradual ceding of digital, economic, and potentially political sovereignty. The consequences are interconnected and systemic: a compromise in data privacy ³⁴ can enable economic espionage ²⁷; control over connected devices can create critical infrastructure vulnerabilities ²⁷; and the erosion of trust and autonomy can weaken democratic institutions.³⁴ Failing to manage technological dependencies proactively invites a future of diminished security, prosperity, and self-determination.

Conclusion

The global landscape is inextricably linked with technologies predominantly originating from the United States. These technologies offer profound benefits, driving innovation, efficiency, and economic growth worldwide. However, this reliance carries significant, non-trivial risks stemming from the US legal architecture that enables government surveillance and the inherent dual-use nature of many advanced digital tools. Authorities like FISA Section 702 and the CLOUD Act grant US agencies far-reaching access to data held by US companies, regardless of where that data resides, creating direct conflicts with the data sovereignty principles and laws of other nations, as exemplified by the EU's GDPR and the Schrems II ruling. Furthermore, the rapid advancement of technologies like AI, driven by commercial imperatives, simultaneously creates powerful tools that can be readily adapted for surveillance, intelligence gathering, and potentially autonomous conflict, often with unpredictable consequences due to algorithmic complexity and data vulnerabilities.

Evidence validates concerns about the impact of US surveillance on non-US entities, the geopolitical vulnerabilities created by technological dependency, and the clash with international privacy norms. While counterarguments highlight the immense benefits of US technology and the practical difficulties of isolationism, the risks remain substantial and appear to be growing in a climate of increasing geopolitical tension. Alternatives are emerging, such as the comprehensive digital public infrastructure model of India Stack or the ambitious, though challenged, sovereignty projects within the EU like GAIA-X, alongside the capabilities of technologically advanced nations like South Korea. However, building true resilience requires more than simply substituting one foreign dependency for another, particularly given the significant surveillance and security risks associated with alternative ecosystems like China's.

For non-US territories, the path forward necessitates a move away from passive technology adoption towards active, strategic management of technological dependencies. This requires a multi-layered approach encompassing robust national risk assessment frameworks; strengthened domestic data protection laws; the promotion of open standards to avoid vendor lock-in; significant investment in domestic innovation and workforce development; careful supplier diversification; and proactive international cooperation with like-minded nations. The goal should be managed interdependence, mitigating the most critical risks while selectively harnessing the benefits of global technological advancements.

Inaction is not a viable strategy. It implies a tacit acceptance of growing vulnerability to foreign surveillance, economic coercion, and strategic disadvantage. The consequences are systemic, potentially eroding national security, economic competitiveness, political autonomy, and fundamental citizen rights. Navigating the complex geopolitics of technology demands sustained political will, strategic foresight, and continuous adaptation. Proactive, informed decision-making is imperative for non-US territories to safeguard their national interests, economic prosperity, and democratic values in an increasingly digitized and contested world.

Works cited

1. Strategies to Accelerate and Expand Access to the U.S. Innovation Economy, accessed May 3, 2025, https://fas.org/publication/expanding-access-innovation-economy/

2. Advancing Innovation to Make the U.S. More Globally Competitive - Information Technology Industry Council (ITI), accessed May 3, 2025, https://www.itic.org/documents/general/ITI_CompetitivenessMemo_Final.pdf

3. PRISM - Wikipedia, accessed May 3, 2025, https://en.wikipedia.org/wiki/PRISM

4. Surveillance after Snowden | Henry Jackson Society, accessed May 3, 2025, https://henryjacksonsociety.org/wp-content/uploads/2015/05/Surveillance-after-Snowden.pdf

5. Q & A: US Warrantless Surveillance Under Section 702 of the Foreign Intelligence Surveillance Act | Human Rights Watch, accessed May 3, 2025, https://www.hrw.org/news/2017/09/14/q-us-warrantless-surveillance-under-section-702-foreign-intelligence-surveillance

6. Reforming Section 702 of the Foreign Intelligence Surveillance Act ..., accessed May 3, 2025, https://www.csis.org/analysis/reforming-section-702-foreign-intelligence-surveillance-act-digital-landscape

7. A closer look at US warrantless surveillance programs | Proton, accessed May 3, 2025, https://proton.me/blog/us-warrantless-surveillance

8. Upstream vs. PRISM - Electronic Frontier Foundation, accessed May 3, 2025, https://www.eff.org/pages/upstream-prism

9. Guide to Section 702 Reform - Third Way, accessed May 3, 2025, https://www.thirdway.org/report/guide-to-section-702-reform

10. Harris on Surveillance | American Civil Liberties Union, accessed May 3, 2025, https://www.aclu.org/harris-on-surveillance

11. US CLOUD Act: Definition, Purpose, Implications, Challenges & Compliance - Kiteworks, accessed May 3, 2025, https://www.kiteworks.com/risk-compliance-glossary/us-cloud-act/

12. The US CLOUD Act and risks for European, Asian and African companies, accessed May 3, 2025, https://mediascope.group/the-us-cloud-act-and-risks-for-european-asian-and-african-companies/

13. US Cloud Act and Implications for Local Data Protection Compliance, accessed May 3, 2025, https://jerseyoic.org/news-articles/news/us-cloud-act-and-implications-for-local-data-protection-compliance/

14. Cloud & Schrems II: What now? - inversegravity.net, accessed May 3, 2025, https://inversegravity.net/2022/cloud-post-schrems2/

15. Supervising Surveillance: International Law and the Surveillance State, accessed May 3, 2025, https://hir.harvard.edu/global-surveillance-state/

16. EMERGING TECHNOLOGIES AND NATIONAL SECURITY - Booz Allen, accessed May 3, 2025, https://www.boozallen.com/content/dam/home/docs/natsec/top-ten-emerging-technologies.pdf

17. AI as a dual-use technology – a cautionary tale - Research Features, accessed May 3, 2025, https://researchfeatures.com/ai-dual-use-technology-cautionary-tale/

18. Artificial Intelligence and National Security - CRS Products from the Library of Congress, accessed May 3, 2025, https://crsreports.congress.gov/product/details?prodcode=R45178

19. Researchers sound alarm on dual-use AI for defense - Defense One, accessed May 3, 2025, https://www.defenseone.com/technology/2024/10/researchers-sound-alarm-dual-use-ai-defense/400432/

20. Restricted: How export controls are reshaping markets - McKinsey & Company, accessed May 3, 2025, https://www.mckinsey.com/capabilities/geopolitics/our-insights/restricted-how-export-controls-are-reshaping-markets

21. Dual-Use Foundation Models with Widely Available Model Weights - National Telecommunications and Information Administration, accessed May 3, 2025, https://www.ntia.gov/sites/default/files/publications/ntia-ai-open-model-report.pdf

22. National Security Commission on Artificial Intelligence - Final Report, accessed May 3, 2025, https://www.dwt.com/-/media/files/blogs/artificial-intelligence-law-advisor/2021/03/nscai-final-report--2021.pdf

23. Palantir Technologies - Wikipedia, accessed May 3, 2025, https://en.wikipedia.org/wiki/Palantir_Technologies

24. Geopolitical implications of AI and digital surveillance adoption - Brookings Institution, accessed May 3, 2025, https://www.brookings.edu/articles/geopolitical-implications-of-ai-and-digital-surveillance-adoption/

25. The Pitfalls of Surveillance Technology: Policy Analysis and Solutions - YIP Institute, accessed May 3, 2025, https://yipinstitute.org/policy/the-pitfalls-of-surveillance-technology-policy-analysis-and-solutions

26. Data-Centric Authoritarianism: How China's Development of Frontier Technologies Could Globalize Repression - NATIONAL ENDOWMENT FOR DEMOCRACY, accessed May 3, 2025, https://www.ned.org/data-centric-authoritarianism-how-chinas-development-of-frontier-technologies-could-globalize-repression-2/

27. Managing the Risks of China's Access to U.S. Data and Control of Software and Connected Technology | Carnegie Endowment for International Peace, accessed May 3, 2025, https://carnegieendowment.org/research/2025/01/managing-the-risks-of-chinas-access-to-us-data-and-control-of-software-and-connected-technology?lang=en

28. SURVEILLANCE TECHNOLOGY CHALLENGES POLITICAL CULTURE OF DEMOCRATIC STATES - Daniel K. Inouye Asia-Pacific Center for Security Studies, accessed May 3, 2025, https://dkiapcss.edu/wp-content/uploads/2020/09/04-miyamoto-25thA.pdf

29. Palantir demos how AI can be used in the military - AI News, accessed May 3, 2025, https://www.artificialintelligence-news.com/news/palantir-demos-how-ai-can-used-military/

30. Palantir claims applying generative AI to warfare is "ethical" without addressing problems of LLMs - Business & Human Rights Resource Centre, accessed May 3, 2025, https://www.business-humanrights.org/en/latest-news/palantir-claims-applying-generative-ai-to-warfare-is-ethical-without-addressing-problems-of-llms/

31. Pegasus (spyware) - Wikipedia, accessed May 3, 2025, https://en.wikipedia.org/wiki/Pegasus_(spyware)

32. Spyware Company NSO Group Faces Setbacks in Attempts to Avoid U.S. Lawsuits, accessed May 3, 2025, https://knightcolumbia.org/blog/spyware-company-nso-group-faces-setbacks-in-attempts-to-avoid-us-lawsuits

33. Government and military officials fair targets of Pegasus spyware in all cases, NSO Group argues, accessed May 3, 2025, https://therecord.media/government-military-fair-targets-nso-group

34. The Dangers of Surveillance - Harvard Law Review, accessed May 3, 2025, https://harvardlawreview.org/print/vol-126/the-dangers-of-surveillance/

35. Technological Sovereignty - BMBF, accessed May 3, 2025, https://www.bmbf.de/EN/Research/EmergingTechnologies/TechnologicalSovereignty/technologicalsovereignty_node.html

36. Technological Sovereignty - (Intro to International Relations) - Vocab, Definition, Explanations | Fiveable, accessed May 3, 2025, https://fiveable.me/key-terms/introduction-international-relations/technological-sovereignty

37. Impact of geopolitical risk on green international technology spillovers: FDI and import channels - PubMed Central, accessed May 3, 2025, https://pmc.ncbi.nlm.nih.gov/articles/PMC11401173/

38. The geopolitics of technology: Charting the EU's path in a competitive world - European Parliament, accessed May 3, 2025, https://www.europarl.europa.eu/RegData/etudes/BRIE/2024/762384/EPRS_BRI(2024)762384_EN.pdf

39. Tech sovereignty and a new EU foreign economic policy - ECDPM, accessed May 3, 2025, https://ecdpm.org/work/tech-sovereignty-and-new-eu-foreign-economic-policy

40. Technological Sovereignty: - VDE, accessed May 3, 2025, https://www.vde.com/resource/blob/2013656/66f71138ba34b7b3ad0e2aa248b71abd/vde-position-paper-technological-sovereignty-data.pdf

41. How the Schrems II Decision Changed Privacy Law - TrustArc, accessed May 3, 2025, https://trustarc.com/resource/schrems-ii-decision-changed-privacy-law/

42. The Definitive Guide to Schrems II | Resource - DataGuidance, accessed May 3, 2025, https://www.dataguidance.com/resource/definitive-guide-schrems-ii

43. ACLU and EFF Call on Court to Hear Twitter's Challenge to Government Censorship of Company's Surveillance Transparency Reporting | American Civil Liberties Union, accessed May 3, 2025, https://www.aclu.org/press-releases/aclu-and-eff-call-on-court-to-hear-twitters-challenge-to-government-censorship-of-companys-surveillance-transparency-reporting

44. EFF, ACLU Seek to Protect the Public's Right to Access Judicial Records, accessed May 3, 2025, https://www.eff.org/press/releases/aclu-eff-seek-protect-publics-right-access-judicial-records

45. Fighting High-Tech Government Surveillance | ACLU of Northern CA, accessed May 3, 2025, https://www.aclunc.org/fighting-high-tech-government-surveillance

46. Should Companies Be Forced to Enable Surveillance and ... - ACLU, accessed May 3, 2025, https://www.aclu.org/news/privacy-technology/should-companies-be-forced-enable-surveillance-and

47. Schrems II Explained: Everything You Need To Know - ShardSecure, accessed May 3, 2025, https://shardsecure.com/blog/schrems-ii-explained

48. Top 4 Benefits of Adopting New Technology in Your Research Organization | Cayuse, accessed May 3, 2025, https://cayuse.com/blog/top-4-benefits-of-adopting-new-technology-in-your-research-organization/

49. Technology Adoption — Benefits, Challenges & How to Create It - Scribe, accessed May 3, 2025, https://scribehow.com/library/technology-adoption

50. Precision Agriculture: Benefits and Challenges for Technology Adoption and Use | U.S. GAO, accessed May 3, 2025, https://www.gao.gov/products/gao-24-105962

51. Building a New U.S.-Korea Technology Alliance: Strategies and Policies in an Entangled World, accessed May 3, 2025, https://carnegieendowment.org/research/2024/11/building-a-new-us-korea-technology-alliance-strategies-and-policies-in-an-entangled-world?center=middle-east

52. Tech Improvements and U.S. Services Trade | St. Louis Fed, accessed May 3, 2025, https://www.stlouisfed.org/publications/regional-economist/fourth-quarter-2020/tech

53. Transforming Global Trade and Development With Digital Technologies | ITIF, accessed May 3, 2025, https://itif.org/publications/2023/05/08/transforming-global-trade-and-development-with-digital-technologies/

54. India: the technology stack - Franklin Templeton, accessed May 3, 2025, https://www.franklintempleton.co.uk/campaigns/india-new-developments-to-drive-growth-and-earnings/india-the-technology-stack

55. Coopetitive Technological Sovereignty: A Strategy to Reconcile International Collaboration with Knowledge and Economic Security - Intereconomics, accessed May 3, 2025, https://www.intereconomics.eu/contents/year/2025/number/2/article/coopetitive-technological-sovereignty-a-strategy-to-reconcile-international-collaboration-with-knowledge-and-economic-security.html

56. XI. Why Europe's Cloud Ambitions Have Failed - AI Now Institute, accessed May 3, 2025, https://ainowinstitute.org/publications/xi-why-europes-cloud-ambitions-have-failed

57. Abusing Data in the Middle: Surveillance Risks in China's State-Owned Mobile Ecosystem, accessed May 3, 2025, https://iverify.io/blog/abusing-data-in-the-middle-surveillance-risks-in-china-s-state-owned-mobile-ecosystem

58. Tyranny of City Brain: How China Implements Artificial Intelligence to Upgrade its Repressive Surveillance Regime | illiberalism.org, accessed May 3, 2025, https://www.illiberalism.org/tyranny-of-city-brain-how-china-implements-artificial-intelligence-to-upgrade-its-repressive-surveillance-regime/

59. Growing Foreign Threats to National Security, Part 1: Challenges and Considerations, accessed May 3, 2025, https://domesticpreparedness.com/articles/growing-foreign-threats-to-national-security-part-1-challenges-and-considerations-for-the-emergency-management-community

60. India's digital revolution: Building tech tools that work for everyone, accessed May 3, 2025, https://sundayguardianlive.com/investigation/indias-digital-revolution-building-tech-tools-that-work-for-everyone

61. What is digital sovereignty and how are countries approaching it? | World Economic Forum, accessed May 3, 2025, https://www.weforum.org/stories/2025/01/europe-digital-sovereignty/

62. GAIA-X: Europe's values-based counter to U.S. cloud dominance - Leiden Law Blog, accessed May 3, 2025, https://www.leidenlawblog.nl/articles/gaia-x-europes-values-based-counter-to-u-s-cloud-dominance

63. Understanding European tech sovereignty: why Europe is taking back control - Hivenet, accessed May 3, 2025, https://www.hivenet.com/post/understanding-european-tech-sovereignty-why-europe-is-taking-back-control

64. Full article: European cloud computing policy: failing in Europe to succeed nationally?, accessed May 3, 2025, https://www.tandfonline.com/doi/full/10.1080/01402382.2025.2491962?src=

65. Navigating Digital Sovereignty in the Era of Great Power Rivalry - Bot Populi, accessed May 3, 2025, https://botpopuli.net/navigating-digital-sovereignty-in-the-era-of-great-power-rivalry/

66. India Stack, accessed May 3, 2025, https://indiastack.org/

67. How India Stack is enabling digital transformation for businesses - The Economic Times, accessed May 3, 2025, https://m.economictimes.com/small-biz/sme-sector/how-india-stack-is-enabling-digital-transformation-for-businesses/articleshow/114533772.cms

68. Exploring South Korea's Digital Trade Environment: Opportunities and Challenges for U.S. Companies - Korea Economic Institute of America, accessed May 3, 2025, https://keia.org/the-peninsula/exploring-south-koreas-digital-trade-environment-opportunities-and-challenges-for-u-s-companies/

69. How human-centred technology combines innovation and inclusion in Gyeonggi Province, South Korea - The World Economic Forum, accessed May 3, 2025, https://www.weforum.org/stories/2025/01/human-centred-technology-innovation-inclusion/

70. RECLAIMING DIGITAL SOVEREIGNTY - IE, accessed May 3, 2025, https://static.ie.edu/CGC/CGC_ReclaimingDigitalSovereignty_PolicyPaper.pdf

71. Research Security | NSF - National Science Foundation, accessed May 3, 2025, https://www.nsf.gov/research-security

72. Growing Foreign Threats to National Security, Part 2: Emergency Management Approaches and Choices - Domestic Preparedness, accessed May 3, 2025, https://domesticpreparedness.com/articles/growing-foreign-threats-to-national-security-part-2-emergency-management-approaches-and-choices

73. How are geopolitical risks affecting the world economy? - Economics Observatory, accessed May 3, 2025, https://www.economicsobservatory.com/how-are-geopolitical-risks-affecting-the-world-economy