The top digital policy trends in October
Every month, we analyse hundreds of developments to identify the trends in digital policy and the unfolding issues that drive it forward. These are the key trends that sum up the month.
1. Surveillance: Backdoor access, new tools
In recent years, many Internet companies have implemented encryption across their products and services, and others are following suit. But law enforcement authorities (LEAs) have been arguing that encryption limits their ability to carry out investigations (e.g. identify criminals, access the content of their communications). They have repeatedly asked companies to allow backdoor access to bypass the encryption mechanism and access traffic, localisation, and content data.
Such a request was recently made by the UK, the USA, and Australia: They asked Facebook not to proceed with implementing end-to-end encryption across its messaging services, ‘without including means for lawful access to the content of communications to protect citizens’.
This case brings into focus the perennial question of how to balance the safety of citizens with the need to protect fundamental rights such as privacy. As Facebook noted, if Internet companies allow backdoors for LEAs, this could undermine the privacy and security of all users, and, therefore, diminish trust. But can companies resist the increasing pressure from governments, especially when accompanied by arguments such as those related to the need to protect children? Users themselves have to decide whether limiting privacy is acceptable, in exchange for a safer environment for everyone.
Other issues are at stake as well. Once LEAs have access to encrypted services, what guarantees do we have that they only use this for crime investigations? How can we prevent abuse? And do we really want authorities all over the world (including in authoritarian regimes) to have access to encrypted communications?
This brings us to the issue of governmental surveillance. Beyond the risk of technology being used by criminals, there is also the risk of governments using technology to monitor citizens. Backdoor access to encrypted communications is only one way of achieving this.
Recent studies have shown that surveillance is a reality. At least 75 countries are actively using AI for surveillance purposes, including facial recognition technology (FRT), smart city platforms, and smart policing tools. The collection and retention of biometric data – fingerprints and faces – is ramping up worldwide. Even attempts to create digital welfare states can lead to surveillance, argues the UN Special Rapporteur on Extreme Poverty and Human Rights, Philip Alston. Beyond the declared purposes of using technologies to improve citizens’ wellbeing, digital technologies are often used to ‘automate, predict, identify, surveil, detect, target, and punish’.
State surveillance is a serious matter, but the problem is not the technology itself. The issue is whether, how, and to what extent governments should use digital technologies for surveillance purposes. There is also an issue of clarity: We need to make a distinction between mass surveillance (and the legality questions it raises) and surveillance used in specific investigations, in line with the rule of law.
2. Facial recognition technology faces regulation
In our July/August newsletter, we explained that the main concerns surrounding the use of FRT include privacy, bias, and discrimination. These concerns continue to fuel debates on the use and regulation of this technology, as it becomes increasingly used in the public and private sectors.
France drew attention recently with its plans to roll out a facial recognition digital ID mobile application. The app, Alicem, would be used to access services such as banking, taxes, and social security. It is not clear whether the government will make the app mandatory for accessing certain services. If it does, this could breach legal provisions regarding consent, as the French data protection authority has noted. Security is also a concern: A hacker revealed that he broke into the app in little over an hour.
In another example of FRT use, over 10 000 apartment buildings in Shanghai now have FRT installed. The deployment was reportedly carried out in coordination with the local police to identify suspicious persons and prevent crimes.
These and other cases show that FRT is used for good purposes as well as questionable ones. One fundamental issue is to determine whether regulation could help minimise the risks associated with FRT. For some, the answer is ‘yes’. In the USA, for example, Oregon and New Hampshire have already banned the use of FRT by LEAs. California passed a similar bill this month preventing LEAs from using FRT in officer body cameras until January 2023. New York lawmakers are also discussing three bills to regulate the use of FRT. In the UK, the Information Commissioner has called on the government to introduce a statutory and binding code of practice on the deployment of live FRT by LEAs.
Beyond regulatory efforts, we also see court cases against the use of FRT. One recent example is a lawsuit brought by a Russian activist against the use of FRT by Moscow city authorities. The argument here is that the system uses citizens’ biometric data without their written consent, thus violating Russia’s law on personal data protection.
What if authorities can demonstrate they can use FRT with proper safeguards? This seems to be the case in Sweden, where the data protection authority allowed the police to use FRT to help identify criminal suspects.
It is clear that the efforts to regulate the use of FRT are strong. The issues remain the same: How to protect citizens’ privacy and address the issue of user consent. How to use the technology in a way that can help improve users’ lives. And how to avoid bias.
3. Libra faces more scrutiny and setbacks
Ever since it announced its plans to launch the Libra cryptocurrency, Facebook has been under intense scrutiny from financial regulators, especially in the USA and the EU. This scrutiny was not without consequences, as several payment services providers announced this month that they were leaving the Libra project.
The first company to announce its withdrawal from the Libra Association was PayPal. Later, Visa, Mastercard, Stripe, Mercado Pago, and eBay confirmed they were leaving as well. It seems that all companies are reluctant to be part of Libra before regulatory clarity is ascertained.
Despite this setback, Facebook is going ahead with its plans. On 14 October, the Libra Association Council was established (composed of 21 companies), thus giving Libra a formal governance structure. Association officials stressed that the developments around Libra will be carefully planned and that applicable regulatory frameworks around the world will be respected.
Meanwhile, Facebook CEO Mark Zuckerberg testified in the US House of Representatives. Zuckerberg stressed that Libra was intended as a payment system, and not a currency in the classical sense. He pledged not to release Libra until it is in full compliance with US and global rules. And he specifically committed to following standards and rules on preventing the use of Libra in money laundering and other criminal activities.
Zuckerberg pointed several times to the issue of competitiveness: If Libra does not take off in the USA, China will launch a similar initiative and will gain dominance in the field. Given the current trade conflicts between the USA and China, this argument is a strong one to use.
Compared to other technological developments, the Libra project is attracting greater interest from everyone. Governments are looking carefully into regulatory issues, companies are showing an interest in being involved, and users are following the developments closely (some with enthusiasm, others with caution). From the outside, it is almost refreshing to see so much scrutiny as a reaction to a project that is not yet fully operational, compared to the usual approach of launching investigations after something has happened (as we saw with Cambridge Analytica, for instance).
Digital policy developments in October
With so many developments taking place every week, the policy environment is chock-full of new initiatives, evolving regulatory frameworks, new court cases and judgments, and a rich geo-political environment.
Through the Digital Watch observatory, we decode, contextualise, and analyse these issues, and present them in digestible formats. The monthly barometer tracks and compares them to reveal new focal trends and to determine the presence of new issues in comparison to the previous month. The following is a summarised version; read more about each one by following the blue icons, or by visiting the Updates section on the observatory.
Global IG architecture
The UN Special Rapporteur on human rights and extreme poverty has drawn attention to the negative implications of digital technologies on the welfare state.
According to the Alliance for Affordable Internet (A4AI),[link] in low and middle-income countries, 1GB data costs 4.7% of average income, more than double the UN threshold for Internet affordability.
ICTs are accelerating sustainable development in small island developing states, but barriers are limiting their impact, says the International Telecommunication Union (ITU).
A Data for Now initiative has been launched to improve timeliness, coverage, and quality of the sustainable development goals (SDGs).
The USA, the UK, and Australia have asked Facebook to either drop their encryption plans or allow backdoors for LEAs.
The Netherlands has made public its position on the applicability of international law in cyberspace.
Tax records of over 20 million Russians were exposed online. A data breach affecting Russian Internet Service Provider Beeline has compromised the personal data of 8.7 million customers. UniCredit Italy has announced that the personal data of 3 million clients were affected by a data breach.
The largest child pornographic website operating in the darknet has been taken down.
A ransomware attack has prompted Johannesburg to shut down several municipal systems. A massive cyberattack affected over 2000 websites in Georgia.
E-commerce and Internet economy
The Organisation for Economic Co-operation and Development (OECD) has proposed a new framework for taxing the digital economy. The EU intends to agree on a digital tax on its own if no global deal is reached by the end of next year.
Turkey is planning a tax of 7.5% of gross revenues obtained by digital companies in the country.
In the EU, workforces in the Netherlands, Denmark, and Sweden are the most prepared for a smooth transition towards the knowledge economy.
The UN Special Rapporteur on Freedom of Opinion has urged governments and companies to protect vulnerable groups and targets of hate speech.
The Finnish Presidency of the Council of the EU has released the latest version of the draft ePrivacy Regulation.
Facebook has agreed to pay the £500 000 penalty imposed in the UK over the Cambridge Analytica case.
Google has released new privacy tools for its most-used products.
Singapore's law against online falsehoods and manipulation has taken effect.
Twitter has decided to ban political advertising. Facebook CEO’s defence of company’s policy to not fact-check political ads has attracted both support and criticism.
The EU has told Internet companies that the impact of self-regulatory measures against disinformation remains unclear.
Jurisdiction and legal issues
A new data access agreement between the UK and the USA will allow LEAs to demand access to criminals’ data from tech companies.
The Court of Justice of the European Union (CJEU) has ruled that a pre-ticked box is not sufficient for valid consent from users for the storage of cookies.
The CJEU has also ruled that national courts can order Facebook to remove, at global level, ‘identical and, in certain circumstances, equivalent comments previously declared to be illegal’.
Germany will reportedly allow Huawei to build parts of its new ultra-fast mobile network.
The global over the top (OTT) market is estimated to grow over US$ 77 billion in the next four years.
The Appellate Court for Washington, DC, has ruled that the repeal of the net neutrality rules by the Federal Communications Commission (FCC) was lawful. But states can impose their own rules.
New technologies (IoT, AI, etc.)
The incoming European Commission has promised ethical rules on AI in the first 100 days of mandate.
Malta and Russia have launched national AI strategies. A Strategic Action Plan for AI and an AI Coalition have been launched in the Netherlands. Serbia has created a working group to draft an AI strategy.
Five vehicle manufacturers (Honda, Renault, BMW, General Motors, and Ford Motors) have joined forces to pilot a blockchain-based ID and payment process for autonomous vehicles.
California has banned the use of FRT in officers’ body cameras until 2023. New York lawmakers plan to regulate FRT use. The Swedish data protection authority has approved the use of FRT by police.
The EU’s new commission: Digital policy in the limelight
Anticipation is mounting for the work of the new European Commission (EC) to start officially. Delayed by vetting procedures, the incoming Commissioners will soon start implementing the political guidelines for 2019‒2024. For Europe, this means a new set of priorities; for other countries, this means that Europe is pursuing new ambitions in global geopolitics.
Its digital policy priorities for the next five years
In her political guidelines, A Union that strives for more, incoming EC President Ursula von der Leyen has set an ambitious plan around climate, technology, and demography, proposing concrete policy actions. In relation to technology and digital policy, the EC President will focus on 10 key areas, including AI and data, which she sees as the key ingredients that can help solve societal problems, 'from health to farming, from security to manufacturing’.
1. AI: Legislating on human and ethical implications
The incoming EC President believes that strong ethical standards can safeguard EU citizens’ trust in the union. The focus on ethical standards is the strongest in the field of AI policy: ‘In my first 100 days in office, I will put forward legislation for a coordinated European approach on the human and ethical implications of AI.’
With so many policy documents, guidelines, and recommendations on AI and ethics emerging globally (including by the Commission’s own High-Level Expert Group on AI), the EU wants to take on a global leadership role in underpinning ethical standards in the development and use of AI.
2. Data governance: Balancing free flow with strong standards
Strongly linked to AI is the use of (big) data. The EC President wants to see a more balanced approach to how data is used: allowing the flow and use of data for the benefit of innovation and market growth, while adhering to strong privacy, security, and ethical standards.
Arguably, the EU’s GDPR is doing a good job of protecting the data of EU citizens. But if von der Leyen is looking for a more balanced approach, does this point to a weakness in the regulation, or will the balance be rather achieved through the planned legislation on human and ethical implications of AI? How will this impact other countries and regions?
3. Taxation: Legislating on a fair digital tax for businesses
The current tax framework is no longer adequate for business models in the digital age. A fairer system, for both companies and countries, is needed. Right now, there is a patchwork of proposals and tax rules.
But von der Leyen has now injected new impetus by launching a deadline: ‘If, by the end of 2020, there is still no global solution for a fair digital tax, the EU should act alone.’
4. Cybersecurity: Setting up a joint Cyber Unit
The new President’s political guidelines clearly emphasise the need for a safer and more secure digital space, to the extent that she considers cyber(security) a core aspect of digitalisation. Focusing especially on information-sharing among member states’ authorities, she intends to set up a joint Cyber Unit to facilitate these exchanges.
5. Emerging technologies: Achieving tech sovereignty
Europe has missed out on creating a tech industry as robust as Silicon Valley. Yet, there are emerging areas – which von der Leyen calls ‘critical technology areas’ – where Europe can achieve sovereignty.
This task will not be easy, given the USA’s and China’s giant industries. So what can Europe do? Invest, and define standards: ‘To lead the way on next-generation hyperscalers, we will invest in blockchain, high-performance computing, quantum computing, algorithms and tools to allow data sharing and data usage. We will jointly define standards for this new generation of technologies that will become the global norm.’
6. Developing joint standards for 5G networks
Linked to developing standards for emerging technology is the push for 5G. Von der Leyen believes that since Europe is already successful in setting standards for telecommunications, ‘it should replicate this success and develop joint standards for [its] 5G networks’.
7. Content policy: Developing a joint approach and common standards
Illegal or harmful online content such as disinformation, hate speech, and violent extremist content has been plaguing the Internet. Many solutions are in place. The problem of harmful content, however, remains.
The incoming EC President wants to do more: she will urge the development of a joint approach and common standards to get rid of harmful content. In doing so, a few issues will need to be tackled, ranging from the liability of intermediaries, to human rights considerations. It will be interesting to see how these new standards will impact global policy.
8. Digital services: New (and updated) rules for service providers
There is a host of issues surrounding digital services, which the EC President would like to tackle. A new Digital Services Act, together with a probable update to the E-commerce Directive, will attempt to solve these issues.
A European Commission document leaked a few months ago had already started preparing the groundwork for the new group of commissioners who will take over. While the work will focus mainly on EU rules, the impact will be far-reaching, given the global nature of e-commerce and other services provided by digital companies.
9. Education: Improving digital literacy and digital skills
When it comes to digital technology, there are two main education-related areas which the new EC President will focus on. The first is to strengthen the digital skills (tech proficiency) and digital literacy (effective use of technology, often referred to as digital competencies) of young people and adults. This involves updating the EU’s Action Plan for Digital Education.
A second priority is to improve the conditions of platform workers, who offer their services online to other parties looking for a service provider. Von der Leyen will focus on improving workers’ skills and education. This may set a good example for others to follow.
10. Digitalising the European Commission: Introducing new methods and tools
By extending the notion of A Europe fit for the digital age to the work of the Commission, von der Leyen wants the EC to lead by example, by transforming it into a fully digitalised operation. She plans to do this by introducing new digital methods and digital diplomacy tools. The aim is to make the Commission more agile, more flexible, and more transparent.
Who are the new digital chiefs?
Several commissioners on von der Leyen’s team will deal with digital-related issues. Among them, two commissioners still need to be vetted, while the UK still needs to put forward a name (or acknowledge that a name is needed).
Concrete policy actions and their link to digital policy
If we zoom out and look at all the concrete policy actions proposed by von der Leyen, we find that some of them have strong links to digital policy:
Coming up: 14th Internet Governance Forum
The 14th Internet Governance Forum (IGF) meeting will take place on 25–29 November in Berlin, Germany, under the theme One World. One Net. One Vision. What is new at this year’s IGF? And how will the Geneva Internet Platform and DiploFoundation contribute?
Highlights for Berlin
Last year in Paris, the IGF spanned three days. Now the forum is back to its traditional format: Day 0 for pre-events and four full days with hundreds of workshops, main sessions, open forums, dynamic coalition meetings, and more.
There are a few elements that make this IGF stand out, and they seem to be the result of a strong co-operation between the Multistakeholder Advisory Group (MAG), the host country, the UN, and other stakeholders involved in this process.
- The participation of the UN Secretary General António Guterres and the German Chancellor Angela Merkel, who will open the forum, showing that the IGF remains an important place for addressing Internet policy issues.
- A focus on three main themes, identified by MAG earlier in the year following an open call for issues: data governance; digital inclusion; and safety, security, stability and resilience.
- A discussion on the future of the IGF, in the context of a main session dedicated to the report of the UN Secretary General’s High-level Panel on Digital Cooperation, and, in particular, the proposal for an IGF Plus model.
- An effort to bring the IGF to the attention of members of national parliaments; many parliamentarians will be joining the IGF this year, and a main session will be dedicated to legislative processes.
- A clear focus on capacity development, as a travel support programme was put in place for stakeholders from developing countries.
- A Youth IGF Summit, welcoming over 100 young people from around the world right before the start of the IGF.
Read our reports and daily briefs from IGF 2019
The GIP Digital Watch observatory and DiploFoundation have teamed up with the IGF 2019 host country and the Internet Society to provide just-in-time reporting from IGF sessions.
Along with individual session reports we will provide a daily brief summarising the main highlights of the day alongside topic analyses. A final report, published after the IGF meeting, will include a thematic summary. These will complement the dynamic updates offered through the observatory. The reports and briefs will be available on dig.watch/igf2019 and on an app that will be launched in the days prior to the IGF. If you’re in Berlin, don’t forget to visit us at the booth!
Make sure to follow us on https://twitter.com/GenevaGIP for additional material.
Upcoming events: Are you tuned in?
Learn more about the upcoming digital policy events around the world, and use DeadlineR to remind you about important dates and deadlines.
Policy discussions in Geneva
Many policy discussions take place in Geneva every month. The following updates cover the main events of the month. For event reports, visit the Past Events section on the GIP Digital Watch observatory.
World Trade Organization (WTO) Public Forum | 8–11 October 2019
The conference discussed the rapidly changing trade environment and how the WTO and other actors can adapt to current and future challenges. Although digitalisation has contributed to the increase in services trade, cross-border data flow, e-commerce, etc., its implications, particularly for developing countries, need to be examined carefully. The conference also focused on the role of new generations, the millenials and Gen-Z, in global trade. Youth entrepreneurs introduced their business models using technology and called for international support to harness innovative businesses run by the youth. Read our reports from the conference.
As the UDRP Turns 20: Looking Back, Looking Ahead | 21 October 2019
The World Intellectual Property Organization (WIPO) conference marked the 20th anniversary of the Uniform Domain-Name Dispute-Resolution Policy (UDRP), which has been a vital enforcement online tool to address domain name disputes. WIPO Director General Francis Gurry lauded the UDRP’s success as an international solution that has combated online abuse and contributed to building trust in the Internet for global market transactions. The conference discussed potential changes that could be brought to the UDPR as it is scheduled for a formal review by ICANN in 2020. Conference participants agreed that more harm than good could result from potential new changes and alerted that ICANN should not take the future success and stability of the UDRP for granted.
AI from dreams to reality | 31 October 2019
The conference, held at the Geneva School of Engineering, Architecture and Landscape (HEPIA), discussed the current state of AI and its practical applications, the impact of AI on business and society, and the future of AI. AI developments are attracting both excitement and suspicion related to potential risks. Benefits and potential negative implications were addressed during the discussions, which concluded that due to fast developments in AI, existing regulations may be inadequate in striking a balance between the need to reap the benefits, while safeguarding privacy, data protection, and other rights.
Two new digital newsletters launched in Geneva
Les breves du numerique is the University of Geneva’s newsletter dedicated to its digital policy activities. Published by its Digital Transformation Office, the newsletter covers the university’s research and training initiatives, and features news from its partners. Subscribe to the newsletter. The University of Geneva is a partner of the Geneva Internet Platform.
Geneva Brief is a new monthly newsletter published by Think Tank Hub in Geneva. It covers news, publications, and events organised by platforms in Geneva, including the Geneva Internet Platform. Subscribe for the next issue to learn more about innovative projects and events taking place in International Geneva.
Issue 44 of the Digital Watch newsletter, published on 4 November 2019, by the Geneva Internet Platform and DiploFoundation | Contributors: Stephanie Borg Psaila (editor), Dylan Farrell, Andrijana Gavrilovic, Jovan Kurbalija, Marco Lotti, Nagisa Miyachi, Sorina Teleanu | Design: Aleksandar Nedeljkov, Viktor Mijatović, and Mina Mudrić, Diplo’s CreativeLab.