Acknowledgement: This guide is for educational purposes only. See the Legal Disclaimer at the bottom before taking any action.

Section A — What "Sovereign AI" and "Sovereign Data" Mean

Sovereign AI

Sovereign AI means artificial intelligence that runs entirely under your control — on your own hardware, in your own environment, with no dependency on a remote cloud server. You own the model, the inference engine, and the data. No company can read your prompts, log your conversations, update the model without your consent, or hand your data to a government under foreign law.

Simple test: If unplugging your internet connection stops the AI from working, it is not sovereign.

Sovereign Data

Sovereign data means you — not a corporation, not a cloud provider, not a government — control where your data lives, how it is encrypted, who can access it, and under which jurisdiction it sits. True data sovereignty requires:

Why Cloud AI Is Inherently Non-Sovereign

Every major cloud AI service — regardless of how privacy-friendly its marketing appears — has structural features that undermine sovereignty:

Bottom line: If your data touches a cloud server you do not own, you have ceded sovereignty over it.

Section B — Threat Model

A threat model is a structured way of asking: Who wants my data, why, and what can they do with it? Different adversaries require different defenses.

Threat Governments

Further reading: Orwell's Shadow — 1984 & the Modern Surveillance State (ai.tedlee.ca)

Threat Corporations

Threat Criminals

Case study: The CIRO Hack — AI-Assisted Social Engineering in Action (ai.tedlee.ca)

Threat Cloud AI Providers

Adversary Primary Goal Key Lever Primary Defense
Government Surveillance, control Legal compulsion Encryption, jurisdiction choice
Corporation Profit from data Terms of service Minimization, local storage
Criminal Financial gain Exploits, social engineering Backups, strong auth, patching
Cloud AI provider Model improvement, analytics TOS acceptance Local AI, no sensitive prompts

Section C — Sovereign AI in Practice

Running AI locally means your prompts never leave your device. The following stack lets you use powerful AI tools without trusting any third party.

Step 1 — Choose a Local Model

Open-source models can run on consumer hardware. Well-regarded families include:

Why open-source? You can inspect the weights, verify no hidden telemetry is baked in, and run the model fully offline. Closed models from cloud providers are black boxes by definition.

Step 2 — Use a Local Inference Engine

Step 3 — Keep All Supporting Data Local

Step 4 — Operational Rules for AI Usage

Section D — Sovereign Data Storage

Data sovereignty exists on a spectrum from fully air-gapped to internet-connected. Each tier offers different trade-offs between accessibility and security.

Tier 1 — Offline / Air-Gapped

The highest level of protection. Data is never connected to a network. Suitable for seed phrases, private keys, legal documents, and irreplaceable archives.

Tier 2 — Near-Offline (LAN-Only)

Data is accessible within your home or office network but never exposed to the internet. High availability with strong privacy.

LAN-only rule: Firewall your NAS to deny all inbound and outbound connections from the WAN interface. Access it only from trusted devices on your local network.

Tier 3 — Online but User-Controlled

If internet access to your data is required, self-hosting is far more sovereign than using a third-party cloud provider.

Warning: Third-party cloud services — even "encrypted" providers like Dropbox, Google Drive, or iCloud — are never fully sovereign. The provider holds the keys or can be compelled to create access. Self-host or store nothing sensitive.

Section E — Operational Security (OpSec)

Operational security is the discipline of protecting information through consistent habits and practices. Good OpSec closes the gaps that strong encryption alone cannot.

Password Hygiene

Full-Disk Encryption

Browser Privacy

Related: AI Scams & Digital Surveillance — Practical Defences (ai.tedlee.ca)

Local-Only AI for Sensitive Work

The 3-2-1 Backup Rule

3 copies of your data — 2 different media types (e.g., SSD + external drive) — 1 copy stored offline or off-site

Section F — Resilience & Disaster Planning

Data sovereignty means nothing if your data is destroyed by a disaster. Resilience planning ensures you can recover from fire, theft, flood, hardware failure, or ransomware.

Physical Threat Protection

Off-Site Encrypted Backups

Checksum Verification

Test Restores — The Most Overlooked Step

A backup you have never restored from is an untested assumption. Schedule a full restore test at least once per year. Verify that your encrypted backups can actually be decrypted and that all critical files are intact.

Section G — Data Poisoning: What It Is & How It Protects You

What Is Data Poisoning?

Data poisoning is the intentional modification, corruption, or manipulation of data to influence how an AI model learns or behaves. When an AI model is trained on large datasets scraped from the internet, the content of that data directly shapes the model's outputs, biases, and capabilities.

Data poisoning works in two directions:

Key principle: If companies scrape your data without consent to train AI systems, you have a right to make that data as unhelpful to them as possible.

Types of Data Poisoning

Type 1 Label Flipping

In supervised learning, every training example has a label (e.g., "this image shows a cat"). Label flipping assigns incorrect labels to training data — telling the model that cats are dogs, or that benign emails are spam. When a model trains on enough flipped labels, its classification behavior degrades or inverts. This is primarily an offensive technique used to attack commercial AI pipelines.

Type 2 Content Corruption

Content corruption embeds misleading patterns or deliberately incorrect information within training data. An example is writing text that looks coherent and authoritative but contains subtly false facts or contradictory statements. If this content is scraped at scale, the model learns from the corrupted signal and may produce systematically wrong outputs on related topics.

Type 3 Adversarial Noise

Adversarial noise involves adding carefully calculated perturbations — modifications so small that human eyes cannot detect them — to images, audio, or text. The result looks identical to the original but causes AI models to misclassify, misinterpret, or fail to learn useful representations from it. This is the most technically sophisticated form of data poisoning and is the basis of several defensive tools described below.

Type 4 Watermarking

Watermarking embeds a hidden, detectable signature into your data — an imperceptible pattern that persists through scraping and training. If a model is later found to reproduce your watermarked data, the watermark provides forensic evidence that your content was used without authorization. This enables legal action and attribution. Watermarking is a purely defensive technique — it does not degrade AI systems; it makes unauthorized use of your data traceable.

See also: Technical & Policy Safeguards for AI-Generated Content (ai.tedlee.ca)

How You Can Use Data Poisoning Defensively

The following techniques are available to individuals who want to protect their images, documents, and personal data from being scraped and used for AI training:

Ethical Boundaries

Defensive poisoning is ethically acceptable when you are protecting your own data — your images, your writing, your identity. You are not obligated to make your data useful for systems that exploit it without consent.

Offensive poisoning is a different matter entirely. Deliberately corrupting training data belonging to or used by others — particularly in ways intended to cause safety failures, spread false information, or harm third parties — is unethical and may constitute criminal activity under computer fraud, sabotage, or telecommunications laws in many jurisdictions.

The line is clear: Protect your own data aggressively. Do not weaponize data poisoning against systems or people that did not consent to receive it.

Related Video Resource

The following video provides additional context on AI sovereignty, data privacy, and protecting yourself from surveillance systems:

⚠ Legal Disclaimer