Digital Watch newsletter – Issue 29 – March 2018

1. Cambridge Analytica case increases scrutiny on Facebook and Internet companies

In recent months, Internet companies have been under increasing pressure over several issues. In March, the Cambridge Analytica scandal involving the data of 30 million Facebook users placed Internet companies under even more scrutiny.

The case involved data which was collected from Facebook users by a researcher through a mobile application, which also harvested the data of users’ friends. Violating the agreement to use the data for research purposes only, the researcher gave the data to Cambridge Analytica, which matched the data with other records to construct personality profiles. The compiled data was then sold to political campaigns to influence voters.

The case has several implications, including intermediary responsibility, content policy, consumer protection, and data security.

In addition to the implications, the case helped raise awareness about privacy. A look at the global search trends for privacy-related terms since 2015 shows a spike in searches corresponding to major developments or incidents.

In January and September 2015 (points 1 and 2 on the graph on page 3), the rise in the number of searches was linked to a Facebook privacy hoax. In June 2016 (point 3), the spike was linked to a court judgment concerning browser cookies. In October 2016 (point 4), the privacy hoax e-mail resurfaced, while In March and April 2017 (point 5), the US President’s repeal of the Federal Communications Commission’s online privacy rules drew interest. In March 2018 (point 6), the spike was in reaction to the Cambridge Analytica case.

While the media continues to report on the ongoing investigations, it is expected that this trend will continue into April.

2. Taxation: European Commission issues proposals, OECD releases interim report

The issue of taxation in the digital economy has been high on the international agenda over the past year.

In March, the European Commission announced the much-anticipated tax proposals: a long-term proposal, aimed at reforming the EU's corporate tax rules for digital activities, and a short-term interim tax on revenue from digital activities.

The proposals were welcomed by many EU countries, but they also triggered concerns. Some commentators worry that the proposals would attract retaliatory acts by the US government, since many of the targeted companies are based in the USA. Others believe that the proposed measures will benefit mostly large countries in the EU; in any case, the EU should be working alongside the Organisation for Economic Co-operation and Development (OECD) to develop international rules.

A second development this month was the OECD’s interim report, which highlights the implications of digitalisation and the digital economy on taxation. 

The interim report underlines the complexity of tax issues raised by digitalisation, and notes that more than 110 countries agree on the need for a coherent set of international tax rules. However, countries have different views on whether and how international tax rules should change. No agreement was therefore reached on interim measures. 

The OECD will continue to review the implications of digitalisation on two main taxation issues: nexus (the link between value creation and location) and profit allocation rules. A final report is expected in 2020.

3. Autonomous car accident raises safety and security issues

Earlier this month, an Uber autonomous test car with a safety driver on board was involved in a fatal accident in Temple, Arizona, USA.

The accident amplified concerns about autonomous vehicles and road safety issues. Driverless cars need to learn how to navigate heavy traffic and adverse weather conditions. They also need to react swiftly to pedestrians’ unpredictable behaviour. AI plays a crucial role, but so does the human element.

How will the incident affect the further development of autonomous cars? Uber’s operations are the most impacted: For now, Uber suspended its testing operations across North America, either on its own or as directed by authorities. Two other companies – Toyota and Nvidia took a similar temporary decision.

Beyond these temporary interruptions, the development of driverless cars is likely to continue around the globe. Additional safety considerations, however, will need to be taken on board during the critical testing period. Developers will need to ensure that the technology is fast enough to react to unpredictable situations. The main test is whether driverless vehicles can be trusted enough to be on public roads, with – and eventually without – a safety driver.

Questions related to liability will also continue to arise. Who is responsible if a vehicle-related fault occurs? Are current road regulations adequate to deal with issues of safety, responsibility, and insurance?

Authorities in different parts of the world, such as Arizona, California, and the UK, are seeking to answer some of these questions.

The monthly Internet Governance Barometer of Trends tracks specific Internet governance issues in the public policy debate, and reveals focal trends by comparing the issues every month. The barometer determines the presence of specific IG issues in comparison to the previous month. Learn more about each update.

Global IG architecture

decreasing relevance

Preparations for IGF 2018 kick-started with the first round of Open Consultations and a MAG meeting.

At a meeting on 'Preparing for jobs of the future', G7 Ministers of Employment and Innovation established an Employment Task Force to look at how governments could prepare for the future world of work, and agreed to convene a multistakeholder conference on AI in autumn 2018.

Sustainable development

increasing relevance

Participants in the WSIS Forum 2018 reiterated that digital technologies have an important role to play in achieving social and economic development goals.

Security

same relevance

The US government has publicly blamed Russia for conducting a ‘multi-stage intrusion campaign’, since at least March 2016, targeted at governmental entities and critical infrastructure sectors. Expedia has found evidence of hackers gaining access to 880 000 credit cards. The Supreme Court of the Russian Federation has ruled that the instant messaging service Telegram must share its private encryption keys with Russian authorities. Telegram plans to appeal the ruling.

E-commerce and Internet economy

increasing relevance

In Turkey, taxi drivers are accusing Uber of operating an unlicensed taxi service. In Egypt, a court has temporarily suspended the licences of Uber and its competitor Careem. In other locations, such as in London and in Barcelona, Uber is working to bring its services in line with local regulations.

The OECD has launched its interim report on tax challenges arising from digitalisation, while the European Commission presented a long-term proposal and an interim solution for digital tax reform.

The USA filed a complaint at the World Trade Organization (WTO) on China’s trade practices related to intellectual property, technology transfer, and innovation. In Belarus, the Ministry of Finance paved the way for the use of cryptocurrencies. The EU rules against unjustified geoblocking entered into force on 22 March.

Digital rights

increasing relevance

Revelations about political data firm Cambridge Analytica using the data of Facebook users to influence voters in the USA and the UK placed Facebook under intense scrutiny.[link]

Facebook announced updates to its privacy settings, as well as the shutting down of the Partner Categories app.

The European Commission is reportedly planning to include digital services that collect users’ data under the EU consumer protection rules.

The Nigerian Senate has passed a Digital Rights and Freedom Bill containing provisions for the protection on human rights online.

The Internet Corporation for Assigned Names and Numbers (ICANN) has proposed an interim model for ensuring that generic top-level domain (gTLD) registries and registrars comply with the EU General Data Protection Regulation (GDPR). The organisation also wrote to EU data protection authorities asking for guidance on the proposed model.

A report published by Interpol and ECPAT International shows that boys and very young children are at greater risk of severe online sexual abuse. It calls for more resources to be put into achieving a better understanding of online exploitation and identifying victims.

The UN Human Rights Council has extended the mandate of the Special Rapporteur on the right to privacy for a period of three years.

Jurisdiction and legal issues

increasing relevance

The European Commission has recommended a set of measures for states and the Internet industry to improve their response to illegal online content.

The French Prime Minister has announced that the country will toughen its stance against hate speech, to make sure that social media companies are more proactive in removing racist content from the Internet. The Turkish parliament has passed a bill that will allow the country’s radio and television watchdog to supervise online video content.

The World Intellectual Property Organization (WIPO) handled 3074 domain name cybersquatting cases filed by trademark owners in 2017.

Infrastructure

same relevance

A report published by the Alliance for Affordable Internet (A4AI), World Wide Web Foundation, and UN Women reveals that US$408 million collected to expand the Internet access across Africa has been left unused.

The US Federal Communications Commission (FCC) intends to allocate almost US$954 million towards restoring and expanding communications networks in Puerto Rico and the US Virgin Islands.

Week-long Internet shutdowns occurred in Sri Lanka.

Net neutrality

same relevance

The Coalition for Internet Openness filed a petition against the US FCC over its decision to roll back the 2015 net neutrality rules. In California, a net neutrality bill was introduced in the state senate, demonstrating that states continue efforts to adopt their own rules, despite the FCC's Open Internet Order preventing them from doing so.

The UK regulatory authority for electronic communications, OFCOM, has launched an investigation to determine whether the traffic management practices of operators Vodafone and Three are in line with the EU Open Internet Access Regulation..

New technologies (IoT, AI, etc.)

increasing relevance

A fatal accident involving an autonomous Uber car has  led to concerns about safety, liability, and insurance issues around autonomous cars. Researchers have developed a system that could allow driverless cars to notice unexpected obstacles before they come into view.

In the USA, authorities in Arizona and California have introduced regulations outlining the conditions under which fully autonomous vehicles can be tested on public roads. The UK government announced a three-year review of existing driving legislation, to identify 'any legal obstacles to the widespread introduction of self-driving vehicles and highlight the need for regulatory reforms'.

The United Arab Emirates (UAE) Cabinet has created a Council for Artificial Intelligence (AI), while in the USA a bill was introduced in the Congress to create a National Security Commission on AI. The European Commission has announced plans to form a High-Level Expert Group on AI and an Expert Group on liability and new technologies. The French president launched the country's AI strategy, pledging to invest €1.5 billion in AI initiatives by 2022.

Many policy discussions take place in Geneva every month. The following updates cover the main events of the month. For event reports, visit the Past Events section on the GIP Digital Watch observatory.

EBU Big Data Conference 2018

The Big Data conference, hosted by the European Broadcasting Union (EBU) 28 February – 1 March, addressed the data-driven strategies of media organisations and the potential of data journalism and personalised services, among others. Part of Big Data week, the event convened media professionals, and industrial, legal, marketing, and policy experts to compare and learn from the experience of public service media across Europe. The main takeaways included (a) more organisations are adopting data-driven strategy, but the pace across Europe is not uniform; (b) trust in public service media must be a key indicator for modern societies; (c) attracting data scientists is challenging, as is the collaboration with competitors; (d) a data science approach and a fully fledged data architecture are needed to reap the benefits of the digital environment. 

UN Human Rights Council – 37th Session

Several main and side sessions at the 37th session of the UN Human Rights Council, 26 February – 23 March, touched on digital rights issues. One of the key points emerging during the discussions was that human rights protection can help achieve the sustainable development goals (SDGs), but increasing importance needs to be placed on how rights are protected in the digital age, from access to information, to privacy and data protection. In a Resolution on the right to privacy in the digital age, the Council extended the mandate of the Special Rapporteur on the right to privacy for three years. Several side events discussed good practices in using ICTs to ensure economic, social, and cultural rights and reducing inequalities, the implications of digital identities, smart cities, and data-intensive systems for the right to privacy, and whether and how existing human rights instruments apply to cyberspace activities.

CyberMediation: New Technologies for Political Mediation

The GIP hosted the launch of the initiative CyberMediation: New Technologies for Political Mediation, on 13 March, prepared by the UN Department of Political Affairs, DiploFoundation, the Centre for Humanitarian Dialogue, swisspeace, and researchers from Harvard University. The discussions explored opportunities and challenges stemming from the use and misuse of new-tech manifestations, such as smart applications, social media, and big data sets. Questions arose about transparency, spoilers, and confidentiality in a field that is traditionally viewed as low-tech and human-intensive. In its initial phase, the CyberMediation initiative will consists of four main thematic streams: impact of new technologies on mediation; social media; data for mediation; and artificial intelligence (AI), including text mining. The event was attended by diplomatic missions, international organisations, and civil society in Geneva. 

IGF 2018: First Open Consultations and MAG Meeting

The meeting, that ran from  20 to 22 March, brought together members of the Multistakeholder Advisory Group (MAG) and the broader IGF community for discussions on what went well during the IGF 2017 cycle and what could be improved for IGF 2018 and how. It was noted by some participants that the IGF should continue bringing innovations to its format and content, building on some of the new elements introduced in Geneva, such as the high-level opening sessions and the Geneva Messages. There were suggestions for bringing more focus and cohesion to the IGF programme, for example by having days or time slots dedicated to specific themes or to specific types of sessions or activities (workshops, best practice forums, main sessions, etc.). During the MAG meeting, a decision was made to launch a call for issues allowing the IGF community to indicate topics of high interest that they would like to see tackled at IGF 2018.

WSIS Forum 2018

Hosted by the International Telecommunication Union (ITU) 19–23 March, the WSIS Forum[link] brought together stakeholders from around the world to look at what progress has been made in implementing the WSIS action lines, and how they could be further aligned with the SDGs. Participants exchanged information and shared good practices on how the Internet and digital technologies can be used to advance sustainable development. The event covered a broad range of digital policy issues, such as access and digital divides, cybersecurity and privacy, and the Internet of Things (IoT) and AI. It emerged from the discussions that new technologies can bring solutions to some of the world’s most pressing problems, but also economic, security, legal, and ethical implications that countries need to consider. The Geneva Internet Platform provided just-in-time reports from the forum. Read the session reports, and download the Summary Report.

In 2014, political data firm Cambridge Analytica obtained the data of 30 million Facebook users, constructed personality profiles, and sold the data to politicians to influence voters. Although this was revealed soon after, a former employee’s testimony this month has placed Facebook's practices under intense scrutiny.

How was the data obtained?

In 2014, a researcher from Cambridge University developed an app which paid users to take a personality quiz. Users were required to give the app access to their Facebook profile and those of their friends.

In addition to the 270,000 users who took the quiz, the app was able to access the full profiles of over 50 million of their friends. To harvest such data through Facebook’s API, the researcher obtained a licence from Facebook, ‘for research purposes only’.

How was the data used?

The researcher violated the licence by giving the data to political data firm Cambridge Analytica. Once in the firm’s hands, the data of 30 million users was matched with other records to construct profiles on millions of American voters, with the aim of influencing voters’ behaviour.

Although it was reported that Facebook did not verify how the data was being used, the company said it removed the app in 2015 after learning that the data had been sold to political campaigns. The researcher, Cambridge Analytica, and a former employee said they had deleted the data.

This month, the same former employee provided documents to The Times and the Observer which confirmed that a large amount of the data was still on the company’s servers. How much the data actually contributed to influencing voters is still debated.

Implications for digital policy

The case raises many questions, and carries several implications for digital policy.

Convergence: Once considered as separate industries, the media and the Internet industry have now converged around the data model. In this model, users provide their own data in exchange for using the service; data is then used for advertising and marketing purposes. This ‘gold rush’ for data by so many companies means that issues and risks are increasing exponentially.

Intermediaries: One of the issues relates to intermediaries’ liability for the data they collect and process. How will potential breaches of data be dealt with, and who is responsible if an agreement between Facebook and third parties is breached? Data breaches, misuse of data, and breaches of users’ rights are inherently connected.

Content policy: A main criticism levelled against both companies and authorities relates to the large amounts of data points the companies are allowed to harvest ‒ ranging from ‘likes’ to geographical data, and ‘shadow profiles’ of non-users which is inferred from other data. Once harvested, legal and ethical questions also arise, related to how the data and data analyses will be used.

Consumer protection: Most of the data is collected from the users themselves. Studies show that users either do not understand the data trade-off, or see the exchange of information as an inevitable trade-off. Who should safeguard the users’ position vis-à-vis the bargaining power of the Internet industry, and who should ensure that users are well-informed about the implications of their consent, and any potential alternatives?

Privacy and data protection: While users did consent to giving their data to Facebook, the network did not specifically inform them that their data could be/had been passed on to a researcher. Although the transfer of data may be legal due to blanket provisions in the company’s data policy, the lack of disclosure could be illegal in the USA and the UK.

Security: A Facebook executive said that no breach or infiltration had occurred; the violation had been committed only by the firm. This highlights a larger debate as to what extent Facebook is able to remove potentially dangerous loopholes, secure its systems, and protect users’ data as it changes hands.

Economic: The data model has raised questions related to compensating users for their data, data which has contributed significantly to the revenues of the Internet industry. Two trends have emerged: The first relates to governments’ push for updating tax rules for the digital economy. The second relates to calls for users to be compensated more directly. 

Visit the dedicated page on the GIP Digital Watch observatory for more detailed analysis.

At this year’s WSIS Forum, participants continued discussing ways in which digital technologies could help advance sustainable development. The event confirmed a trend that emerged at the 2017 forum: there is less and less difference between (digital) development and the wider digital policy discussions, especially with the evolution of technologies such as IoT and AI. Here we summarise how development was seen through the lenses of these digital technologies.

Setting the scene

In 2003, the Geneva Plan of Action adopted during the first WSIS phase outlined action lines to be carried out by various stakeholders to ensure that people around the world could use ICTs as tools for development. Twelve years later, one of the goals included in the 2030 Agenda for Sustainable Development was to ‘significantly increase access to ICT and strive to provide universal and affordable access to the Internet[...]’. Both documents make it clear that ICTs have an important role to play in achieving social and economic development, and this year’s WSIS Forum strengthened this message. It did so by placing a greater emphasis on the role of new and emerging digital technologies in meeting the SDGs.

Opportunities and challenges

The power of technology can be harnessed to achieve economic growth and sustainable development. We have seen this throughout history, during the various industrial revolutions, and we are starting to see it again, as we witness what many call ‘the fourth industrial revolution’. The IoT, big data, automation, and AI are now realities, and they all have the potential to support wellbeing and development.

In 2017, participants at the WSIS Forum looked at how countries, both developed and developing, can take advantage of these technologies to realise the SDGs. This year, the discussion intensified, and there was a greater emphasis on the role of big data, IoT, automated systems, and AI as mechanisms that can help the world meet the 2030 development targets.

Taken on their own, or in convergence, these technologies can be used to address some of today’s problems and support development. Drones now deliver medicines and other humanitarian aid in hard-to-reach locations, unmanned vehicles improve agricultural activities, and smart cities allow a more efficient use of resources and better public and private services. AI applications, from machine translation, to medical robots, to enhanced e-government services can be of help, too, while also generating new economies, businesses, and jobs.

But with an increasing reliance on digital technologies also comes challenges. Connected devices raise issues of safety, (cyber)security, and privacy and data protection, among others. Advances in automation and AI lead to growing concerns, from their impact on the jobs market, to increasing inequalities and new divides, and to the risks associated with AI systems making decisions on their own.

The way forward

Translated into simple words, the message shared by many at the WSIS Forum this year was that new technologies are here to stay and we have to find ways to embrace their potential for good, while addressing their inherent challenges.

When it comes to safety and security concerns around IoT devices, policies and regulations, combined with technical standards and more responsibility from the side of manufacturers, are a good way forward. As AI is expected to impact productivity growth at rates not observed before, social and economic policies are needed to shape the way this growth will be distributed and to avoid increasing inequalities and new digital divides. And to help address the risk of people left behind in the context of a labour market which is more and more susceptible to automation, focus should be placed on training and retraining current employees, while also ensuring that tomorrow’s workforce has the skills required in an automation- and AI-driven society.

Taking this one step further, questions related to the ethics of AI and automated and autonomous systems can be best addressed through making sure that such systems are designed and used in transparent and accountable ways, consistent with human rights and values, peace, security, and sustainable development. Policies and regulations designed by governments and intergovernmental organisations could help here as well, but what is maybe more important is to bring all relevant stakeholders to the table, and ensure they all contribute, in their own roles, to ensuring that people and their wellbeing are put at the centre of technological progress.

This article is based on the WSIS Forum 2018 Summary report, prepared by the Geneva Internet Platform, with support from ICANN and the Internet Society.

From the launch of online services such as Yahoo! and Twitter, to court decisions and governmental policies having an impact on the use and evolution of digital technologies, the historical timeline of the Internet and Internet governance is as interesting as it is remarkable. Here, we take a look at main developments that took place in March.

Visit the GIP Digital Watch observatory for more anecdotes.