Digital Watch newsletter – Issue 37 – January 2019
OUR PREDICTIONS: DIGITAL POLICY IN 2019
The digital realm is mirroring societal developments. Cyber risks and uncertainties are growing. A cyber-arms race is in the making. Opportunity-wise, artificial intelligence (AI), quantum computing, and blockchain are spearheading a wave of new applications in health, agriculture, and development. In 2019, the digital realpolitik trend will accelerate, and there are 10 areas of development which we will need to watch closely.
1. Data governance: Discussions will mature amid tensions
As data continues to oil the modern economy, the contentious issues surrounding cross-border data rules will intensify. Policymakers will continue their quest for data governance solutions that balance the interests of the private sector, users, and law enforcement agencies (LEAs). Moreover, the variety of data (personal, business, scientific, etc.) will be increasingly reflected in varied data regulation worldwide. For example, security data is likely to be kept under national jurisdictions, while business and scientific data will flow more easily across national borders. Likewise, the trend of diversification of data policies of the major tech companies will continue.
2. Digital geo-economics: The race for tech dominance will continue
The China‒US trade war is set to continue this year. Behind the tensions are both countries’ ambitious plans in tech sector: President Trump’s pledge to ‘make America great again’ runs parallel to President Xi’s ‘Made in China 2025 plan’. These plans could lead to more state influence over firms and impact competition in the digital economy worldwide. As the two presidents have agreed to halt new trade tariffs for 90 days to allow for talks, all eyes will be on these talks between the two countries.
3. Geo-politics: A security and cyber-arms race in the making
The cyber-arms race will accelerate in 2019, as countries continue to develop offensive cyber capabilities. One main question is likely to be discussed in both multilateral and multistakeholder processes: Where do we draw the line with armament and the use of cyber-capabilities? Cyber intrusions and subversions under the threshold of armed attack will probably increase, and so will the open attributions and accusations. The lack of clear evidence for attribution may, however, bring about co-operation in establishing certain common methodologies for attribution.
4. Artificial intelligence: Maturing beyond hype
The discussion around AI is expected to mature and move beyond the hype, including within policy spheres. We can expect more countries to create national AI strategies, while international entities will continue the debate on issues such as ethics and human rights, the future of work, and lethal autonomous weapons (LAWs). Safety and security issues around autonomous cars will become more prominent. Questions around liability and a possible legal status for autonomous systems are also likely to remain in focus in 2019.
5. Security will be omnipresent
With their increased reliance on IT infrastructures and data, it is expected that companies will take cybersecurity even more seriously, feeding a fast-growing market for cyber-insurance. The security of the Internet of Things (IoT) will need to be given closer attention, as smart devices become more commonly used. We can also expect stronger calls for national regulation on higher security standards, as well as more pressure from governments for lawful access to data to help with cybercrime investigations. The question of anonymity on the Internet will also likely resurface.
6. Tech companies: The dawn of government regulation
The market power and influence of giant Internet companies have made policymakers very uncomfortable. 2018 ushered in a new wave of regulation on issues such as taxation, Internet intermediaries’ responsibility, and data localisation requirements. As demonstrated at this year’s World Economic Forum (WEF), the call for government regulation is expected to continue. The main question is whether countries will agree on global rules, or will go at it alone. As the trend from 2018 showed, more and more countries are taking action unilaterally, bilaterally, and regionally.
7. Global e-commerce rules will hang in the balance
After years of failed attempts to start negotiations within the World Trade Organization (WTO) on a set of e-commerce rules, over 70 countries agreed to start the talks in March. It will not be smooth sailing though, as strong divergences already exist. From a regulatory perspective, the relevance of global rules will depend on how fast countries will manage to pen a WTO agreement. And while member states grapple with negotiations, regional deals will continue to exert control over trade and investment, demonstrating, once again, that geography matters.
8. Hardware is back
For some time, most digital policy discussions focused on software and data. But in 2019, we can expect more focus on hardware. The increasing relevance of microchips in the modern economy will drive countries to push for self-reliance on domestic production. There will be more discussions on standardisation and security issues around IoT sensors and devices. The deployment of 5G networks will accelerate in 2019, supporting new applications, but also generating new debates on spectrum policies. Quantum computing will gain momentum, as countries and companies continue research in this area.
9. Blockchain and cryptocurrencies: A year of reckoning
After a lot of hype around the potential of blockchain, 2019 will be a year of reckoning. Experiments will be reviewed and assessed, and those with an interest in the technology will need to decide whether to sustain it. Cryptocurrencies are also in hot water after the losses suffered by some of them. While experts say that their volatility is a natural characteristic, policymakers remain less optimistic. The overall regulatory trend is to properly recognise different types of cryptocurrencies and to update financial rules to classify new digital financial assets.
10. Digital identities will catch on
Questions of identity of individuals, groups, and nations are behind many political controversies worldwide. Identity issues are spilling over from real to digital issues with many possibilities, some risks, and a few dilemmas. In 2019, many countries will search for solutions to develop digital identity systems, and India’s Aadhaar and the India Stacks approach are expected to serve as an inspiration for many. On the private sector side, the power that Internet companies gain from becoming providers of digital identities will continue to attract the attention of policymakers.
These predictions are based on DiploFoundation's 'crystal ball' exercise.
Read the full text of the predictions for digital policy in 2019 at www.diplomacy.edu/2019predictions
Digital policy developments
The monthly Internet Governance Barometer of Trends tracks specific Internet governance issues in the public policy debate, and reveals focal trends by comparing the issues every month. The barometer determines the presence of specific IG issues in comparison to the previous month. Learn more about each update.
Global IG architecture
World leaders attending the WEF annual meeting stressed the need for global co-operation to tackle the challenges that come with technological progress. To this end, the Forum’s Centre for the Fourth Industrial Revolution expanded to more emerging economies, to support them in the development of adequate policies. The Forum also launched an Artificial Intelligence Council to work on addressing issues such as ethics and AI and the future of work.
The IGF community started preparations for the 14th Internet Governance Forum (IGF), with the first round of Open Consultations and a meeting of the Multistakeholder Advisory Group. Many participants outlined the need for innovation to make the IGF more relevant, focused, and attractive.
The UN Secretary General’s Task Force on Digital Financing of the Sustainable Development Goals held its first meeting and started working on recommendations to harness the potential of financial technologies to advance the sustainable development goals (SDGs).
A draft paper prepared by the Secretariat of the UN Conference on Trade and Development notes that rapid technological change offers a significant opportunity to achieve the SDGs, but also poses new challenges for policy-making, threatening to outpace the capacity of governments and society to adapt.
Cyber-attacks, data fraud or theft, and critical information infrastructure breakdowns are among the top 10 global risks for 2019, according to the WEF. Redbanc, the company that connects the ATM network of Chilean banks, disclosed that it was infiltrated by hackers in December 2018.
France will use cyber-weapons, in addition to traditional weapons, to respond and attack, according to Minister of the Armed Forces Florence Parly. The Philippines launched a Cybersecurity Management System Project, to protect government agencies from cybersecurity threats and attacks. Google's cybersecurity incubator Jigsaw expands its Project Shield for political organisations in Europe, allowing them to protect their websites from attacks, in the context of EU parliamentary elections in May 2019.
According to TechCrunch, Islamic State supporters hijacked dormant Twitter accounts to spread terrorist propaganda.
E-commerce and Internet economy
Seventy-six members of the World Trade Organization (WTO) have expressed their intention to start negotiations of trade-related aspects of e-commerce.
Indonesia is introducing new rules requiring e-commerce companies to share financial data with authorities, while reiterating the need for such companies to pay their fair share of taxes. Austria intends to require major Internet companies to pay a 3% tax of their advertising revenue. The Spanish government is proposing a 3% revenue tax for large Internet companies. Chile is also exploring the possibility of a 19% tax for multinational Internet companies.
The controversies around an EU digital tax continue. While the Commissioner for Economic and Financial Affairs Pierre Moscovici acknowledged that it would be difficult for member states to agree on such a tax, the Commission is proposing that new EU tax rules are approved by a qualified majority in the Council, as opposed to the current unanimity rule.
The Cyberspace Administration of China (CAC) has issued a regulation requiring blockchain service providers to register with the CAC, and banning them from using the technology to produce and disseminate illicit information.
The French Appeals Court ruled that a former Uber driver was an employee, because he could not choose his clients or decide on his rates. An opposing ruling was issued by a court in Brussels, which ruled that Uber drivers cannot be considered employees because they are free to choose their work time. The same ruling also stated that Uber does not provide transportation services.
Indonesia plans to regulate the minimum and maximum tariffs for ride-hailing services, in response to drivers’ demands for more oversight. Uber and Cabify have decided to suspend their services in Barcelona, after regional authorities introduced tighter rules.
The French National Data Protection Commission fined Google €50 million for failing to comply with provisions of the EU General Data Protection Regulation (GDPR) related to transparency and consent. The Irish Data Protection Commission is investigating Twitter’s compliance with the GDPR. The European Commission adopted an adequacy decision on Japan, recognising that the country has safeguards in place to guarantee that personal data is protected at EU standards.
In what is being described as one of the country’s worst cybersecurity breaches, hackers recently revealed the personal data of hundreds of German politicians, journalists, and celebrities.
A judge in California, USA has ruled that law enforcement agencies may not compel suspects to unlock devices with biometric identifiers, calling the practice unconstitutional.
Several Internet restrictions – ranging from the blocking of social media channels to complete Internet shutdowns – were reported this month around the world, in Chad, the Democratic Republic of Congo, Gabon, Sudan, and Zimbabwe.
Jurisdiction and legal issues
As part of the legal case between Google and the French data protection authority on the enforcement of the right to be forgotten at the global level, The Advocate General of the Court of Justice of the European Union has proposed that the Court limits the scope of the right to be forgotten in the EU.
Russia’s communications regulator opened administrative proceedings against Facebook and Twitter for failure to comply with data localisation rules.
India is proposing new rules requiring Internet intermediaries to remove and disable access to unlawful content at the request of authorities, and to deploy tools for ‘proactively identifying and removing or disabling access to unlawful content’. WhatsApp and Twitter criticised the proposed rules as being against privacy and leading to censorship.
The proposed EU copyright directive might not be adopted anytime soon, as EU member states failed to agree on some of the most controversial provisions on the ‘link tax’ and upload filters.
In Singapore, the Ministry of Law is proposing changes to copyright legislation, ‘to better support creators and the use and enjoyment of creative work in the digital age’.
The South Pacific island nation of Tonga lost access to the Internet as the undersea fibre cable was severed, possibly by the anchor of a ship.
The European Commission has decided to harmonise the radio spectrum in the 3.4-3.8 GHz band to enable future use of 5G across EU countries.
As of January 2019, the contract to deploy a fibre optic undersea cable between Latin America and Europe is in force. By 2020, the cable will enable high broadband connectivity between the two continents.
In the USA, the net neutrality debate is set to continue in court, as the Federal Appeals Court denied a request from the Federal Communications Commission (FCC) to postpone the start of the proceedings in the suit filed against the FCC’s repeal of net neutrality rules. On the industry side, the lack of net neutrality rules has not led to increased investments in infrastructure, as the FCC had claimed; it was revealed that three major telecom companies – Comcast, Charter, and Verizon – lowered their capital expenditures in 2018.
New technologies (IoT, AI, etc.)
The Japanese government is planning to randomly hack into about 200 million Internet of Things (IoT) devices to test the security of the devices and identify potential cyber vulnerabilities. Singapore launched a public consultation on an IoT Cyber Security Guide to promote cybersecurity practices among IoT developers and users.
The AI4EU project was launched on 1 January 2019, as a pan-EU initiative to create an open and collaborative platform to foster economic growth in the EU through the use of AI.
The Central Board of Secondary Education in India has decided to introduce AI as an optional subject for students in the eighth, ninth, and tenth grades. According to Tan Sri Richard Malanjum, Malaysian's chief justice, judges in the country will soon begin using AI to help them issue more consistent decisions.
Singapore released a model governance framework for AI, built on two principles: AI-based decisions that are explainable, transparent, and fair; and human-centric AI solutions.
Facebook and the Technical University of Munich have announced co-operation in developing a research centre to focus on ethics in the context of AI.
Microsoft signed a co-operation memorandum with the district government of Pudong New Area (Shanghai) to launch an AI and IoT lab in Shanghai.
AI was among the most prominent topics at the this year's WEF meeting. According to German Chancellor Angela Merkel global co-operation and engagement through a collective architecture are needed to address AI-related challenges. UN Secretary-General António Guterres referred to a need to integrate new technologies such as AI in the laws of war.
Many policy discussions take place in Geneva every month. The following updates cover the main events of the month. For event reports, visit the Past Events section on the GIP Digital Watch observatory.
Science fiction meets policy | Policy meets science fiction
Identified as a tentative process of cross-fertilisation, this event that took place on 15 January [link] addressed the question: What can sci-fi teach us about digital politics and its future? With the interdisciplinary participation of policymakers, diplomats, designers, writers, it brought different ways of thinking to the international architecture of Geneva in an attempt to identify major digital trends in the near future. The final part of the workshop consisted of four parallel interactive sessions. The groups were led by experts who zoomed in on sci-fi and digital politics from different perspectives and provided hands-on practical exercises to challenge participants to think outside the box. Read the event report.
AI and the Law Public Conference
The AI and the Law public conference, which took place on 16 January, was organised by the Law Faculty of the University of Geneva in collaboration with the Geneva-Harvard-Renmin-Sydney Platform. The conference tackled issues raised by the evolution and development of AI, focusing specifically on the latest developments in robotics. So-called smart robots are now able to interact with humans and the environment, in addition to being able to learn, adapt, evolve, and therefore make autonomous decisions. The conference featured discussions on the global impact of AI on the law, the concept of choice and optimisation, the identification of state responsibility in case of cyber-attacks, and finally, on the humanitarian implications of the use of AI.
Launch of the International Labour Organization Global Commission on the Future of Work report
On 22 January, on the occasion of its centenary, the ILO Commission on the Future of Work published its report Work for a brighter future. The Commission was composed of 27 members from leading figures of the business and labour sector, think tanks, academia, and non-governmental organisations. In the report, the Commission calls for a human-centred agenda for a decent future of work, issuing ten key recommendations and pushing for the provision of a universal labour guarantee, a social protection guarantee, and a lifelong learning guarantee, among others. Challenges caused by new technology and climate change are taken into account and the need to find a collective response to these issues is emphasised in order to avoid potential negative impacts on the future of work. Experts recognised the risk of job losses caused by AI and automation but also pointed out the potential of these technologies for the creation of new jobs if implemented investing in people’s capabilities and the existing institutions of work.
De-Briefing of the meetings of the UN High-Level Panel on Digital Cooperation and the Global Commission on Stability in Cyberspace
On 25 January, the GIP hosted a debriefing on the meetings of the United Nations Secretary General’s High-Level Panel on Digital Cooperation (HLP.DC) and the Global Commission on Stability in Cyberspace (GCSC). After four months of intensive public consultations and discussions, the HLP.DC started drafting its report and recommendations during the Geneva meeting (21-22 January). The Panel will hold another round of consultations on the draft report and recommendations. The final report will be submitted to the UN Secretary General on 31st May. The GCSC is a multistakeholder initiative formed by a selected group of experts working to make sure that silos can make a more informed decision and avoid norm collision. The work of the Commission follows a bottom-up approach which starts by considering the politically binding norms in cyberspace (e.g. the core beliefs shared within a multistakeholder environment). At present, the GCSC has a working definition of cyber stability that is still under revision. The Commission is currently open to suggestions about cyber stability, and it is expected to make final recommendations by the end of 2019. Read the event report.
The launch of the World Intellectual Property Organization report on AI
On 31 January, WIPO launched its first 'Technology Trends' report, on AI, which shows that there has been a significant increase in AI-based inventions and patent filing, and that the technology is making its way into mainstream markets. It further identifies the most active stakeholders in AI technology development from industry and academia as well as the geographical distribution of AI patent protection. AI patents are mostly filed by US companies; IBM and Microsoft are named as having the largest AI portfolio in terms of patent applications. Most patent filings concern machine learning techniques.
Discussing state behaviour in cyberspace: what should we expect?
In December 2018, the UN General Assembly approved the creation of two distinct groups to further explore issues related to responsible state behaviour in cyberspace: an Open-Ended Working group (OEWG) and a new Group of Governmental Experts (GGE). The two groups were proposed in resolutions put forward by Russia and the USA, respectively. What are their mandates, and what can we expect from these groups?
How the mandates compare
Proposed by Russia, the OEWG will start its work in June 2019. Its composition is declared as open, implying that it will include all UN member states that express a desire to participate. The main task of the group will be to further develop norms, rules, and principles of responsible state behaviour, and ways to implement them, as well as to study the possibility of institutionalising the dialogue on the application of international law on a regular basis under the auspices of the UN. Also included in the group’s mandate is a study of existing and potential threats to information security and possible confidence-building measures and capacity-building. The OEWG will work on a consensual basis to develop its report, which is to be presented at the 75th UN session, in autumn 2020.
The GGE, proposed by the USA, is designed for a longer period – three years – and will continue the activities of the previous GGEs, studying further possible joint measures to address threats in the field of international information security, including norms and rules of responsible behavior, as well as the application of international law to the use of ICT by states. The result will be a report that does not imply the consensus of all participants, but must contain an annex in which the GGE members will include their national positions on the application of international law in the ICT environment.
One notable difference between the two groups is related to their composition. The OEWG is to involve all interested UN member states and also hold ‘intersessional consultative meetings’ with businesses, non-governmental organisations, and academia. The GGE is taking a more intergovernmental path: It will have limited participation from member states, on the basis of ‘equitable geographic distribution’, and will hold consultations with regional inter-governmental organisations and all UN member states.
Prospects for both groups
The creation of two separate groups to discuss international information security issues has attracted different reactions. Some member states are concerned that the two parallel tracks could lead to less effectiveness, while others have noted that the processes are in fact compatible.[link] In reality, both groups have advantages and disadvantages.
The OEWG format has many advantages. The resolution it is based on already includes a list of particular norms to be further developed, so it is possible for the group to focus its discussion on ways and mechanisms of their implementation. The open composition of the group allows every member state to participate, in contrast to the limited number of members of the previous GGEs. The rule of consensus decision-making will ensure that the common interests of all participants will be included in the final document. Also, the time factor plays a crucial role – the report will be submitted in two years, faster than the report of the GGE.
But there are also several disadvantages. The open composition does not imply the participation of key countries ‘by default’, thus the composition of the group may be much smaller than desired. For example, countries that did not vote for this resolution may be less likely to participate. The mandatory consensus can play a blocking role, or significantly affect the final wording of the report, making it more general in scope, unless the group consists of like-minded states who agree on issues of international information security. Finally, the involvement of other stakeholders in the exchange of views on the issue strikes a ‘good tone’ today. But significant challenges could appear in attracting the involvement of relevant actors from business and civil society.
The GGE format could be seen as having a strength in its principle of equitable geographical distribution in the selection of its members. A smaller group can be more efficient in its work as compared to a larger group. The absence of a binding consensus can also be viewed positively – the report would be submitted to the Secretary-General in any case. Regardless of what the group agrees on, the report will also contain national positions on the application of international law to the use of ICT by states. However, the group will need three years to submit a report, which can be seen as a significant drawback in an environment characterised by the continuous development of technologies and the emergence of new threats from ICT to international security.
Despite the creation of these two groups, states are still at the beginning of the development of legally binding norms of responsible behavior in cyberspace. Of course, further progress will depend largely on the content of the report produced by the groups, but these documents will serve only as recommendations for states. Even if the work of both groups is successful, the probability of maintaining the polarisation of positions on international information security is still high, and the final goal may not be achieved.
Cryptocurrency and crypto-assets: mapping the regulation
In the past few months, we looked at the regulations around the world which are tackling cryptocurrencies and crypto-assets. With the help of publicly available data and other research sources, we mapped the regulations of around 140 countries and looked at the solutions implemented.
In our research, we looked separately at national regulations around cryptocurrencies, Initial Coin Offerings (ICOs), and/or online exchanges. What follows is a summary of our main findings.
Clarifying the terms
As with many novel technologies, first efforts are on track towards establishing a common taxonomy and topology for the cryptocurrency system. Apart from cryptocurrencies, crypto-assets are being recognised in many countries as a new financial instrument. This includes crypto tokens issued through the ICO processes. Many companies are using this method to raise money and the main issue for regulators is how to look at these tokens from an investment point of view. Central financial institutions are issuing recommendations for token classification and this is helping informed decisions around consumer protection concerns.
Only a few countries have imposed a full ban on cryptocurrencies or ICOs. Policymakers are most oriented towards establishing clear procedures around online exchanges for cryptocurrency trading. Across the globe, regulators are enhancing the rules on Anti-Money-Laundering laws to append online cryptocurrency trading platforms. Almost all online exchanges are now implementing Know-Your-Customer procedures. The anonymity of cryptocurrency traders is almost non-existent.
Addressing financial concerns
Central banks around the world are being particularly careful about the public risks associated with the use of cryptocurrencies, and almost all have issued warnings on the risks involved in cryptocurrency trading. Tax rules are also being amended in many countries to include profits for trading cryptocurrencies.
Some of the countries under the toughest financial sanctions have introduced plans to create national cryptocurrencies as a way of circumventing those sanctions. Venezuela has created the state-backed cryptocurrency named Petro; other countries are considering this course. On the other hand, small states and states with more liberal financial rules are trying to leapfrog with progressive regulation and innovative solutions for blockchain-based services.
Identifying regional trends
The EU is focusing on tougher customer protection rules and more transparent user policies. Asia is looking at the model of self-regulation by the industry, while Africa is searching for better consumer protection regulations and a possible leverage of crypto industry towards wider financial inclusion. Latin America is divided between those who believe that cryptocurrencies will bring financial freedom (Venezuela) and those that are completely banning cryptocurrencies and their use (Bolivia). The MENA region (Middle East and North Africa) is being tough on cryptocurrencies, but quite open towards decentralised data ledger technologies, often called blockchains.
For a more in-depth analysis of each country, including sources to regulations and other information, visit our interactive map on the GIP Digital Watch observatory
The main digital policy events in 2019
The events below ‒ an extract from a very busy calendar of events ‒ are likely to mark digital policy in 2019. While the list highlights events, in most cases they form part of processes which will run throughout the year. A full database of upcoming events and processes is available on the GIP Digital Watch observatory.