Digital Watch newsletter – Issue 30 – April 2018

1. Increasing scrutiny for the tech industry

In April, Facebook’s CEO Mark Zuckerberg faced questions from the US Senate Judiciary and Commerce committees and the House Energy and Commerce Committee. During the 10-hour sitting, split over two days, the CEO was questioned about Facebook’s practices in the wake of the Cambridge Analytica scandal.

One of the main highlights of the testimony was that Zuckerberg acknowledged the inevitability of data protection regulation. It is not a matter of ‘if’ such regulation will happen, he noted, but rather of ‘how’ and in what form.

He also hinted to what is perceived by many as a discrepancy in the current business model of Internet companies: They provide users with free services, but sustain their business model by monetising users’ data (mostly through advertisement arrangement). The question is whether a new model should emerge, in which users pay fees for online services, without their data being monetised. Facebook’s CEO seemed to indicate the possibility of a two-tiered Facebook: a free version with an automatic opt-in data agreement where users implicitly agree to their data being used by the company for targeted advertisement, and a premium ad-free version in exchange for a fee.

The testimony also made it clear that Facebook is relying heavily on the power of algorithms and artificial intelligence (AI) to address content policy issues in areas such as tackling the spread of hate speech and fake news over the network. AI also seems to be strongly used by the company to generally improve the results of its content moderation activities.

What happened since the testimony? First, although Zuckerberg said the EU’s General Data Protection Regulation (GDPR) was a positive move, Facebook moved over 1.5 billion users in Asia, Africa, Australia, and Latin America, out of the GDPR’s reach, by changing the jurisdiction from Ireland (where the company is headquartered) to the USA.

Secondly, the European Parliament has also asked Facebook's CEO to testify in the EU. In March, Zuckerberg refused an invitation to appear in front of the UK Parliament; it remains to be seen how he will respond to a request from the EU legislative body.

2. Cybersecurity Tech Accord: What's in and out, who's in and out

This month, over 30 technology companies signed a Cybersecurity Tech Accord, pledging to protect civilians online. The signatories include Microsoft, Facebook, Cisco, HP, and Oracle, as well as a number of cybersecurity firms. Notably, Amazon, Apple, Google, and Twitter are currently not part to the agreement.

Under this Accord, companies are committing to: (a) protect users, and design, develop, and deliver products and services that prioritise security, privacy, integrity, and reliability; (b) oppose cyberattacks on innocent citizens and enterprises from anywhere; (c) empower users, customers, and developers to strengthen cybersecurity protection; (d) partner with like-minded groups to enhance cybersecurity.

The Cybersecurity Tech Accord is an updated version of an original proposal, published in April 2017, as part of Microsoft’s proposal for a Digital Geneva Convention. The 2017 version, called for a Tech Accord to protect people in cyberspace, highlighted that companies should not assist governments with offensive cyber operations, they should protect consumers everywhere, co-ordinate to address vulnerabilities, and fight the proliferation of vulnerabilities.

The signed Accord brings several new elements and changes:

• It highlights the impact on society by mentioning the role of digital technologies in addressing current challenges in areas such as education, healthcare, future of work, and environmental sustainability.
• It indicates more clearly that companies will strive to protect users from surveillance.
• It provides for a more general approach to designing, developing, and delivering products and services that prioritise security, privacy, integrity, and reliability, as opposed to ‘issuing patches’ under the older version.
• It includes a capacity development dimension, as companies commit to enabling users and developers to protect themselves in cyberspace, and to supporting other stakeholders ‘to build cybersecurity capacity’.
• While the 2017 proposal spoke about the need for the government and the technology industry to partner on cybersecurity, in the new Accord, collaboration is ‘with each other’ and through ‘formal and informal partnerships with industry, civil society, and security researchers’.
• The new accord departs from the ‘critical role of industry’ in cybersecurity, in favour of the notion that the protection of cyberspace ‘is in everyone’s interest’.

3. A busy month for e-commerce

The UNCTAD E-Commerce Week 2018 brought together stakeholders to discuss development opportunities and challenges associated with the evolving digital economy. Participants explored the role that digital platforms play in facilitating international trade, as well as their potentially disruptive influence on the economy and the job market.

The second meeting of the Group of Intergovernmental Experts on E-commerce, themed ‘Fostering Development Gains from Domestic and Cross-border E-commerce in Developing Countries’, also took place during E-Commerce Week. The discussions were guided by some questions proposed for reflection, and member states and observers were invited to present written contributions beforehand.

In parallel, the group of 71 World Trade Organization (WTO) member states that signed the Joint Statement on Electronic Commerce at the 11th WTO Ministerial Conference (MC11) met and started to put forward non-papers to advance ‘exploratory work toward future WTO negotiations on trade-related aspects of e- commerce’. Some of the main proposals included:

• Do not duplicate the work done elsewhere; focus on specific policy issues that can be addressed through potential trade rules (New Zealand)​
• Future discussions should cover all aspects of e-commerce, without splitting topics (Russia)​
• Establish new rules only where necessary to address new developments or gaps in the existing system (Argentina, Colombia, and Costa Rica)​
• Focus on development as a core element (Brazil)​
• Draw on lessons learned from free trade agreements (Japan; New Zealand; Singapore)​
• Identify potential elements that could form the basis of a future agreement (Separate Customs Territory of Taiwan, Penghu, Kinmen and Matsu)

Countries expressed interest in exploring several specific areas, including market access commitments, trade facilitation, consumer protection, and data flows. According to ICTSD,[link] the coalition will reconvene in May and in June, followed by a stocktaking exercise in July.

The monthly Internet Governance Barometer of Trends tracks specific Internet governance issues (IG) in the public policy debate, and reveals focal trends by comparing the issues every month. The barometer determines the presence of specific IG issues in comparison to the previous month. Read more about each update.

Global IG architecture

increasing relevance

Thirty-four technology companies signed a Cybersecurity Tech Accord, committing to protect civilians online and improve the security, stability, and resilience of cyberspace.

Commonwealth Heads of Government adopted a Commonwealth Cyber Declaration, focusing heavily on cybersecurity, followed by development and economy, and human rights aspects.

G7 security ministers called on countries and the Internet industry to work together and create ‘effective solutions’ for countering the use of online technologies by terrorists.

Sustainable development

decreasing relevance

Denmark joined the World Bank's Digital Development Partnership, an initiative focused on assisting developing countries in taking advantage of digitalisation on their path to sustainable development.

Security

increasing relevance

The European Commission is proposing new rules to facilitate cross-border access of law enforcement agencies to electronic evidence.

The US Department of Homeland Security, the Federal Bureau of Investigation, and the UK’s National Cyber Security Centre released a technical alert warning against Russian state-sponsored cyber actors targeting network infrastructure devices. Australian authorities also argue that hundreds of businesses have been targeted by such actors.

Unidentified hackers have attacked networks in Iran, Russia, and several other countries, disabling equipment of Internet service providers (ISPs) and data centres.

The UK National Cyber Security Centre has elaborated a new cyber incident framework, to harmonise the description and prioritisation of cyber threats. France is developing its own encrypted messenger service to be used by government officials.

E-commerce and Internet economy

increasing relevance

The UNCTAD E-commerce Week 2018, featured discussions on the development opportunities and challenges associated with the evolving digital economy. Several WTO members have put forward proposals to advance exploratory work on trade-related aspects of e-commerce and identify possible elements that could form the basis of a future agreement on e-commerce.

In Europe, 22 countries concluded a Blockchain Partnership, to share expertise in blockchain-related technical and regulatory fields. Vietnam is planning to tighten the control of cryptocurrency activities, following reports of a massive Initial Coin Offering fraud. In South Korea, 14 crypto exchanges have committed to a set of rules to improve the transparency of their activities.[link]  Antigua and Barbuda is set to launch its first cryptocurrency exchange, while the Caribbean Tourism Organization intends to facilitate the use of crypto-payments for tourism services.

Uber lost another case in front of the Court of Justice of the European Union (CJEU), as the court ruled that EU member states 'may prohibit and punish the illegal exercise of a transport activity such as UberPop'. The ruling reiterated a December 2017 decision which found that UberPop was a transportation service. Elsewhere, a judge in Philadelphia, USA, ruled that drivers working under the UberBlack limousine service are independent contractors.

Digital rights

increasing relevance

A court in Moscow, Russia, approved a request from the country’s telecommunications regulator, Roskomnadzor, to block access to Telegram messaging services, due to the company’s repeated refusal to hand over encryption keys.

The Ranking Digital Rights 2018 notes that very few of the 22 assessed major Internet and telecom companies make users' right to privacy and freedom of expression a central priority.

The European Commission has launched a set of legislative proposals to strengthen consumer rights online.

Jurisdiction and legal issues

increasing relevance

In a move described by some as an attempt to reduce its exposure to the EU GDPR, Facebook plans to make changes to its terms of service, so that non-EU users will no longer be subject to agreements with the company’s Ireland headquarters.

The US Supreme Court dismissed the Microsoft Ireland case as moot, in light of the CLOUD Act. Microsoft will now have to provide US authorities with data stored in Ireland, following CLOUD Act provisions.

A UK  judge has ruled in favour of the right to be forgotten, by ordering Google to de-list from its search results articles about years-old crimes committed by a businessman. Malaysia’s parliament passed a law against fake news, introducing fines of up to USD$123 000 and a maximum of six-year jail term for offenders.

Infrastructure

same relevance

Several countries on the West African coast were affected by a subsea cable cut.

The Internet Corporation for Assigned Names and Numbers (ICANN) and EU data protection authorities continue exchanges over ICANN’s proposed model to ensure that domain name registries and registrars are in compliance with ICANN policies and the GDPR.

Net neutrality

same relevance

US states continue to pass their own net neutrality rules, following the December 2017 decision of the Federal Communications Commission to repeal the federal rules. The Oregon Governor signed a net neutrality bill that prohibits public bodies from contracting with ISPs that engage in network management activities based on paid prioritisation, content blocking, or other forms of discrimination. In California, a strict net neutrality bill is close to becoming law, despite objections from telecom providers.

New technologies (IoT, AI, etc.)

increasing relevance

Twenty-five European countries adopted a Declaration of Cooperation on Artificial Intelligence (AI), while the European Commission outlined policy measures to ‘put AI at the service of Europeans’. A study by The Economist Intelligence Unit ranks South Korea, Germany, and Singapore as the countries most prepared for dealing with the advancements in automation and AI. In an open letter to the European Commission, over 150 experts raised concerns over the idea of granting robots a legal status.

Authorities in California, USA, can now issue permits for fully autonomous vehicles to be tested on public roads, as the applicable regulations entered into force on 2 April.[link] China has introduced nationwide guidelines for the testing of such vehicles on public roads.

The Select Committee on AI in the UK House of Lords published a report with recommendations aimed to support the UK government and other stakeholders in 'realising the potential of AI for society and economy, and to protect society from potential threats and risks'.

Microsoft announced plans to invest USD$ 5 billion in research and innovation in the Internet of things (IoT) in the next five years.

Many policy discussions take place in Geneva every month. The following updates cover the main events of the month. For event reports, visit the Past Events section on the GIP Digital Watch observatory.

Cyber 9/12 Student Challenge 2018

The fourth Cyber 9/12 Student Competition, held on 5–6 April, brought together teams from 20 universities to find solutions to a simulated cyber incident. The contest scenario required the students to respond to a European-level cyber crisis targeting the aviation ecosystem. Their role was to assess the crisis and provide strategic policy recommendations for government leaders. After two days of competition, the Black Knights team of the US Military Academy at West Point came first, followed by two Swiss teams: NOBUS (HSG Universität St. Gallen and ETH Zurich) and ETHernet (ETH Zurich). The competition is organised annually by the Geneva Centre for Security Policy and the Atlantic Council.

CCW Group of Governmental Experts on Lethal Autonomous Weapons Systems (LAWS)

The Group of Governmental Experts, established under the framework of the Convention on Certain Conventional Weapons, convened on 9–13 April, to address potential challenges posed by emerging technologies in the area of LAWS. Building on the November 2017 meeting, the group focused on the characterisation of autonomous weapons systems, the human element in the use of lethal force, and possible options to address the humanitarian and security challenges posed by LAWS. While significant differences remain on issues such as the need and scope of a definition of LAWS, states found considerable agreement on the importance of significant human control in the selection and engagement of human targets.

ITU Expert Group on International Telecommunication Regulations – 4th meeting

The 4th meeting of the International Telecommunication Union (ITU) Expert Group on International Telecommunication Regulations (ITRs), held on 12–13 April, completed a process that began in February 2017 to conduct a review of the 2012 ITRs. The group’s final report outlines the divergent views of members states on issues such as the applicability and relevance of the 2012 ITRs in the context of the rapidly evolving telecommunications/ICT environment, the existence of potential conflicts between the obligations of signatories to the 2012 ITRs and the 1988 ITRs, and the holding of a new World Conference on International Telecommunications (WCIT). The report was submitted to the ITU Council for consideration and subsequent submission to ITU Plenipotentiary Conference 2018.

UNCTAD E-commerce Week

The United Nations Conference on Trade and Development (UNCTAD) hosted its annual E-Commerce Week on 16–20 April, under the theme ‘Development dimensions of digital platforms’. Participants discussed ways in which e-commerce and digital platforms could support economic growth and sustainable development. Emphasis was placed on the need to ensure that developing and least developed countries are able to enjoy the benefits of the evolving digital economy, and that enabling environments – from telecommunications infrastructures, to digital skills, and access to financial systems – are in place for this to happen. Other highlighted issues included challenges to consumer trust in e-commerce, data flows and the impact of data policies on digital trade, and the impact of the sharing economy and other new business models on the labour force. The Geneva Internet Platform provided just-in-time reports from many sessions related to digital policy.

GIS for a Sustainable World Conference

Held on 17–19 April, the conference was co-hosted by Esri and the Operational Satellite Application Programme of the UN Institute for Training and Research. Discussions focused on how geographic information systems (GIS) could be used to support progress towards the sustainable development goals (SDGs). It was stressed that GIS applications could help governments better assess the efficiency of measures taken to reach the SDGs. Participants also provided examples of GIS applications in areas such as refugee crises, humanitarian aid, and disaster management. In addition, there were debates on the use of drones and other robotics applications for the benefit of aid, health, development, and environmental protection.

ITU Council – 2018 Session

On 17–27 April, the ITU Council met in Geneva to discuss a wide range of issues pertaining to the mission of the organisation, in advance of the 20th ITU Plenipotentiary Conference. ITU Secretary-General Houlin Zhao set the scene for the meeting, noting that it is the task of both the Council and the Plenipotentiary ‘to ensure that ITU’s activities, policies, and strategies fully respond to today’s digital transformation’. The Council discussed issues such as ITU’s work to support the implementation of the SDGs, the organisation’s activities on strengthening its role in building confidence and security in the use of ICTs, and reports from its several working groups (e.g. international Internet-related public policy issues, child online protection, and ITRs). The Council’s decisions will be made available on its webpage.

The UNCTAD E-Commerce Week has grown in recent years to become a key opportunity for information-sharing, agenda-setting, and networking. This yearly event gathers a diverse audience of governments, international organisations, business representatives, academics, and civil society. In 2018, the presence of governments was strengthened by the second meeting of the Intergovernmental Group of Experts on E-commerce and the Digital Economy taking place in parallel to the E-commerce Week.

E-commerce is a fast-growing field. Several initiatives are dedicated to collecting accurate information that will contribute to policy-making in this area, such as data on cross-border flows, elements that could boost consumer trust, the products that sell more easily in certain regions, and the concrete gaps that countries need to fill when it comes to developing their e-commerce readiness strategies. Some of the enabling conditions for e-commerce include the need to strengthen the digital aspects of the Trade Facilitation strategy, to overcome cross-border barriers to digital payments, and the adoption of concrete measures to support small and medium enterprises (SMEs), while fostering trust in cross-border trade.

The overarching theme of the e-commerce week was ‘Development dimensions of digital platforms’, therefore several sessions were dedicated to discussing the economic and social impact of online platforms. Some of them addressed the interaction between SMEs and platforms, while others focused on the platform-centred job market and the standards that need to be observed for fair work conditions to be achieved. The effects that a platform-based economy could have on future developments were discussed in a high-level ministerial dialogue.

From 18 to 20 April, governments got together at the second session of the Intergovernmental Group of Experts on E-commerce and the Digital Economy. This meeting provided an opportunity for knowledge-sharing among governments, academics, and business representatives. Discussions covered issues such as the revenue model of online platforms and the precarious work conditions of the labour force joining the online job market. This new reality requires the updating of policies relating to competition, industrial, trade, and privacy, for example.

The meeting also tackled barriers to accessing global e-commerce and possible ways to overcome them, the importance of public-private partnerships, the need for breaking down barriers to cross-border trade, and the elimination of operational constraints, and detailed best practices for e-commerce adoption in the developing world. One of the concrete proposals advanced at the meeting was the creation of a working group focused on helping developing nations measure domestic e-commerce indicators and incorporating global perspectives.

Throughout the week, it became clear that e-commerce is a multidimensional issue, which cannot be successfully tackled without the collaboration between public and private sectors. The role of business in protecting online consumers was discussed, as well as the need to introduce consumers’ interests and concerns in trade negotiations, especially in a context in which users’ data becomes an increasingly valuable asset.

The challenges that unhindered data flows and online platforms could pose to development were also highlighted. If data is the new oil, then it should not be given away for free by developing countries to large foreign corporations. In addition, the potentially negative consequences of provisions aiming to forbid the mandatory disclosure of software source-codes – on fields as varied as national security, public safety, and food production – were analysed.

Emerging technologies and approaches could play an important role in supporting e-commerce. Some examples can be found in the use of blockchain to enhance trade facilitation, and in the way that e-Residency, Estonia has enabled the creation of a digital identity provided by the government of Estonia,  granting the ability to use the country's digital platform to access the European market.

Several sessions tackled the need to strengthen capacity building efforts, in general, and to improve the skills necessary to boost entrepreneurship in Africa, more specifically.Concrete examples of capacity development initiatives[link] were shared, such as a course on e-commerce that has been jointly offered by DiploFoundation, CUTS International Geneva, the International Trade Centre, UNCTAD, and the GIP.

Read our reports from most digital policy sessions held during UNCTAD’s E-Commerce Week.

Fully autonomous weapons might not yet exist, but their possible development and use is seen with concern by states party to the Convention on Certain Conventional Weapons. Since November 2017, a Group of Governmental Experts (GGE) has been exploring the potential implications of lethal autonomous weapons systems (LAWS) and the need for policy options to possibly govern them. The group met this month in Geneva; we summarise the main issues.

Addressing the challenges of LAWS

Building on their work from November 2017, the GGE convened to address the humanitarian and security concerns that may arise with the potential development of LAWS.

Some states raised concerns that autonomous weapons could lead to an international arms race, fundamentally change the nature of warfare, and generate dangerous asymmetries between states. They also pointed to the risk of LAWS being acquired by non-state actors and terrorist groups.

At the technical level, there are risks related to errors in the machines and bias in the algorithms, and the possibility that they could be hacked and interfered with. There is also the issue of ethics in allowing machines – which do not have ethical reasoning or emotion – to make a decision on taking the life of a human being. From a legal point of view, the main question is whether LAWS could comply with international humanitarian and human law.

Searching for a definition

Deciding on whether and how to define LAWS remained one of the most important points of debate. While some states prefered to keep the debate flexible, others emphasised the need for a definition to be able to move towards policy options.

The approach that seemed to have gathered the most support is to describe LAWS as weapons systems with autonomy in their critical functions, i.e., selecting and attacking targets without human intervention. But the discussion was not finalised, as some underlined the need for a better understanding of the term ‘critical functions’, while others expressed concern over the use of the term ‘lethal’, noting that weapons can inflict excessive harm even if they are not intended to be lethal.

Meaningful human control and human accountability

There was general agreement that meaningful human control is essential in the development and use of LAWS. What remained difficult was to define concepts such as ‘control’, ‘meaningful’, and ‘sufficient’.

Another issue discussed was the need for accountability and human responsibility to be present throughout the lifecycle of an autonomous weapon, from development, to testing and use. On the question of who bears the ultimate responsibility if the weapons system is misused or if it malfunctions, most seemed to agree that this responsibility should remain with the commander who decides to launch the system.

Exploring policy options

Are international laws comprehensive enough to address the risks associated with LAWS? If not, do we need to improve the implementation of current laws, or create new instruments?

Some argued that new regulation is not needed. The concerns around LAWS and their compliance with humanitarian law could be addressed through strengthening Article 36 of Additional Protocol I to the Geneva Conventions – which should ensure that no unlawful weapon will be developed and used.

In addition, there was increasing momentum for a political declaration to affirm that states share the conviction that humans should continue to make the ultimate decision on the use of lethal force and exercise sufficient control over LAWS.

A growing number of states voiced their support for a legally binding instrument prohibiting the development and use of LAWS, and a moratorium on their current development and use, based on the ethical, legal, military, and technological risks they pose to humanity.

What next?

As reflected in the Chair’s summary, this session of the GGE managed to further explore the concept of LAWS and promote common understanding, especially on the notion of meaningful human control. The group's next meeting in August 2018 will determine whether this common understanding will be able to lead to concrete recommendations.

Meanwhile, it is likely that the potential implications of automation and AI for warfare and international security will generate more debate in the public space. This month, for example, The Economist dedicated one article in its most recent print edition to autonomous weapons, by reviewing Paul Scharre’s book Army of None: Autonomous Weapons and the Future of War. While Rand Corporation published a paper on How might artificial intelligence affect the risk of nuclear war.

Read the full briefing paper on the outcomes of the April meeting of the GGE.

As our daily life gets more and more digitalised, the health space increasingly relies on technology. ICTs are used to bring more efficiency through applications, such as electronic medical records and electronic prescribing, while telehealth and telemedicine allow remote access to healthcare services.

Mobile health applications and wearable devices are developed to monitor, detect, and prevent health issues (by both patients and doctors). 3D printing technology is used in prosthetics, facilitating the development of highly personalised artificial limbs. And robotics and AI have more and more applications in the medical field, from medical robots to algorithms that can improve medical diagnosis and treatment.

But these advancements inevitably carry several implications for digital policy, in areas such as security of devices, misuse of personal data, and inequalities in accessing to digital health solutions.

Read about the technological developments and policy implications of digital health on our dedicated space.