A stark warning about governments’ ability to abuse technology to muzzle citizens, track movements, and shut down peaceful protests has emerged at this week’s Internet Governance Forum in Istanbul. We are in a post-Snowden reality and his revelations of mass government surveillance programs continue to rattle people around the world. He demonstrated how governments – the U.S. chief among them – were conducting broad, unfocused surveillance on individuals. While reform is needed we cannot allow policymakers to play engineers and break the Internet. Unfortunately, many leaders are proposing to do just that. They are calling for all of the data of their citizens be stored locally, or in-country. That would fundamentally change how the Internet works. It would go from a flexible, efficient, and open global network to a rigid, failure-prone network with walls. Worse yet, the proposals would lead to a system even more ripe for government abuse, that would paradoxically have little effect on surveillance. This policy could create what some are calling a “splinternet” – a world with country-specific “internets” that don’t connect with each other to form today’s global network. Today, the Internet allows information to flow to all parts of the world, with no particular regard for state boundaries. It is a resilient network of networks that enables communications to take the fastest and most efficient routes, and to route around blockages and broken connections. Since communications do not have to follow pre-determined routes, data can be stored potentially anywhere and accessed everywhere. This won’t be the case under data-localization laws governments are proposing. Requiring Internet services to store data in each user’s home country will create huge barriers for providing globally accessible services. Perhaps the current Internet giants could afford to build servers in each country, but small and medium sized enterprises won’t be able to compete. Then there is the problem of government intrusion into people’s privacy. Requiring countries to store data within their borders means that national governments will have much easier access to their citizens’ communications. Legal protection to prevent abusive access to their communications is essential. Today, when an Internet company considers whether to voluntarily locate servers within a country, they should conduct a human-rights impact assessment and thoroughly vet whether local law provides adequate protections for people’s rights to privacy and freedom of expression. With localization mandatory, however, authoritarian governments could insist on easy access to servers regardless. Local-data laws won’t do much to limit NSA surveillance either, since it pursues a variety of strategies in its collection of information, including tapping undersea cables. The best path forward to securing people’s information against government surveillance requires strengthening and securing Internet architecture, while reforming the laws that govern domestic and global surveillance. To do that, we need more widespread encryption of data, including our personal emails, phone calls, and video chats. It also means making tapping cables less fruitful by having more undersea cables connected to the global network with routing security. Increasing the number of Internet exchange points would enable providers to exchange traffic closer to where their users are. These are all doable. On the policy front, we’ve also got a lot of work to do. In the US, the movement on reform legislation is encouraging, but we need to see the reforms through to completion. Governments need to be willing to discuss reform in the context of global human rights principles. A recent report by the UN High Commissioner on Human Rights points out that governments have obligations regarding surveillance of citizens within their borders and abroad. We must pursue solutions to pervasive government surveillance that are a net win for human rights.