A proposal for making the net safer by combining Norwegian legislation with a new use for its unused digital domains.
All Norwegians know that Norwegian domain names end with .no. But few of us know that Norway is assigned two other top level domain names: one for the islands of Svalbard and Jan Mayen (.sj) and one for Bouvet Island (.bv). Neither of these is currently in use. I have an idea for how we should use them.
As our dependence on the internet increases, so too do the threats to our personal privacy. Norwegian personal privacy laws are traditionally strong, but when data crosses international boarders, Norwegian laws no longer apply. Several Norwegian municipalities have sought—and been granted—approval to use cloud services from Google and Microsoft where data is stored outside of Norway. Given what Edward Snowden's leaks have told us, it seems likely that NSA has easy access to personal information from Moss and Narvik municipalities.
Another type of data leakage occurs when Norwegian network names are rented to foreign players. Those who register personal information about themselves and their dream partner with match.no might think their data is stored in Norway and that they are therefore protected by Norwegian privacy laws. However, that is not the case. The domain name "match.no" is registered to a Norwegian law firm but users are quickly sent on to "match.com" which is an American firm.
To regain control of our own data, I have a concrete suggestion: We use the domain names ".sj" and/or ".bv" to create privacy-friendly zones. Websites that uses these domain names must commit to following certain rules. They must, for example, be required to store all data in Norway, where it can be governed by Norwegian laws/rules. They must provide encrypted connections to prevent eavesdropping. There must be established procedures which enable individuals to ask for the deletion of personal data, and subletting of domain names is prohibited. Maybe we should require registrants to provide legible user agreements rather than today's confusing legal documents which we all claim to have read and understood without having done so. I do not know exactly how the rules should be written, but we have smart lawyers and technologists who can hammer them out in a digital Svalbard Treaty.
This digital Svalbard Treaty can be a part of Norwegian foreign policy just as the physical Svalbard Treaty is; we can offer a safe online haven both for Norwegian municipalities and foreign companies who want to give their services a privacy stamp of approval. Fortunately, the domain name letters ".sj" and ".bv" provide lots of possibilities for marketing slogans in both Norwegian and English, "sj" can stand for "sound jurisdiction!" or "safeguard justice!", while "bv" can stand for "be vigilant!". (Help me out here.)
The system can be managed by NORID which runs the registry for Norwegian domain names today. They must be given a wider mandate to adminster and monitor websites using ".sj" and ".bv". They will certainly be able do so.
Some will not like this idea. For intelligence services it is easier if data crosses borders unencrypted. And those who have invested in data centers outside Norway may be skeptical. But for users, new network names can make the internet a little safer.
One of the best things about the internet is that the whole world uses the same standards for communication and therefore that we can communicate with people and machines everywhere. The Internet has made the world a better place, and few want to go back to a life without global information access. The new domain names will not change this. We will continue to live in the world and data will still cross borders. But we also have the right to build a safe haven, and the names of remote arctic islands may help give us shelter.