I attended a conference, on the Digital Transition chapter of the CoFoE final report. This was hosted by the Estonian Human Rights centre and held in Tallinn. This article contains my notes and views of what happened. The conference invited two keynote speakers but otherwise looked at the four objectives from the COFOE final report, Chapter 6 on Digitisation, which I précised on my blog [or on Medium], in working groups. The conference came to together in plenary to share its findings on the CoFoE proposals. My key takeaway may be that the Eastern European citizen’s legitimate fear of a censorious and surveillance state, will lead to a failure to regulate private sector players who are driven by profit, wealth and exploitation.
Who was there?
The icebreaker consisted of identifying our place of residence and then moving around the room to make a map of Europe. About 50% of the attendees were from Estonia, there were significant contingents from Croatia, Slovenia and Portugal with smaller teams from Czechia, Germany and of course me, the sole UK representative. The average age, was young.
Human rights and conflict
The opening session was addressed by Ann Väljataga, who is a Law Researcher at NATO’s Co-operative CyberDefence Centre of Excellence; she contributes to the annual human rights report on the topic of data protection and privacy. The CCDCOE claims to be multi-disciplinary organisation and it would seem characterising at as NATO’s CERT (Computer Emergency Response Team) might belittle and misrepresent its work. Its office is in Tallinn.
My notes on Ann’s presentation reflect the fact that digitisation has led to a privatisation. One wonders why? Historically network services were built out by the public sector organisations because the capital expenditure was beyond the means of any private sector organisation and the profit horizons too far away to entice private investment. In fact the internet, was initially created using military funding and so followed this model. Other reasons for public ownership of these networks is/was that the networks needed various legislative privileges most importantly land purchase and planning privileges. Finally, the economies of scale required initial subsidy; whoever bought the first and second phone had a level of confidence beyond many. I note that we need to reassert our public property rights.
Ann spoke of the changing powers and rights needed in the circumstances of war. It seemed to me that her definitions of when a cyber-war starts are missing; the fact is that it’s current and persistent. From the Anglo-sphere we can see that the Russians have influenced both the election of Trump and the Brexit referendum (& the Tory party).
In her exploration of the boundaries between peace and war, she referenced her current project, which reported last year. Whenever I look at law & war it fascinates me that such worthy aims are written down and yet so often ignored and the law becomes a tool in the war for mind share. The report deals with a number of issues covering aspects of international humanitarian law, the protection of civilians and civilian infrastructure, and privacy rights during wars and in post war investigations. When does one turn off citizen privacy protection, and of course Ukraine raises the question of which other rights can be turned off. If governments restrict workers’ and citizens’ rights, than company owners need to contribute to the war effort too.
Ann states the CoE principles remain as part of the legal structure and act as constraints on surveillance through the basic COE principles, of legality, necessity, proportionality, safeguarding and remediation.
She stated that the ECHR has allowed mass surveillance’ I say surely not in all circumstances and CJEU and GDPR prohibit it, although with the GDPR, there’s always the national security exceptions and member state restrictions. It all raises the questions about the national security exceptions, a matter of some currency in the UK as the courts are striking down the immigration services exceptions written into the UK laws.
Questions that came to mind, although I did not ask them, are if there is a point at which additional defensive measures are installed, why have we permitted without retaliation Russian hybrid warfare, impacting the US Presidential election in 2016 and the UK’s Brexit referendum? Also, given she is employed by NATO, how can an organisation like NATO manage the conflict of interest in husbanding offensive and defensive cybersecurity artefacts?
Where is the digital transformation going?
After lunch, we were addressed by Tea Danilov, Head of the Foresight Centre, a think tank at the Estonian Parliament. Tea introduced herself, the Centre has been looking at the coming data economy. The URL hosts its latest reports and the talk was inspired by their latest.
The demand for storage is becoming an environmental problem as people and companies store data with a ‘just in case’ justification thus in the case of companies, failing to meet the storage limitation principle, that one keeps data only for as long as its needed. (Perhaps I need to apply this to my mail boxes.) Tea also asked if it needs to be online, although when I was at Sun in the noughties, both Sun and Veritas looked at hierarchical storage systems although these were optimised for cost not longevity. My experience also reminds me of some regulations/laws need for immutable storage media, which means that even if retired, the data cannot be destroyed, or not cheaply nor environmentally soundly. (I remember in my earliest days, the company I worked for considered treating their hard disk as if they were a mafia corpse, encasing them in concrete and dropping them down a mine. (Did we really consider this? It was of course before the Iranian’s put together the US’s shredded material from their Embassy which goes to illustrate how much effort might go into discovering data that should have been destroyed. ) And I am considering buying myself a scanner to move my household papers online.) Tea argues we don’t care enough about our online footprint and she’s probably right.
In order for companies to manage their data protection duties, I argue they need a data map or that personal data is flagged as such in the meta-model, and that the logical and physical instantiations are recorded in the meta-model. Perhaps people need this too, which led to me considering is SIOC is part of the answer. I have looked at this on an off since, 2018, and my last thoughts were that it is not part of the answer; perhaps I need another think.
The most accessible part of the presentation was the Boston box on our digital futures, plotting business interests vs the public, and the interests of the few, vs the many. Their words can be found in the report.
It’s an interesting dichotomy, but to me what made me think, is her description of “the State takes charge” as dystopian. I recognise that those of us in Western Europe need to respect the lessons of the peoples of the ex-soviet satellite states, and also have some humility about our own answers. She had to work quite hard to make a private but democratic governance structure, although co-ops or other mutuals might work. She spoke of ‘date trusts’ which might be quite like co-operatives although large co-operatives suffer from the same principal-agent problem of companies. Characterising the state as acting for the few, is a political judgement and one that while I respect the its lineage, the conclusions mean that collective action becomes very hard and yet only collective action and the use of political power can constrain the plutocrats that are seeking to control our data and now the use of AI. They are only frightened of the shoal.
I am reminded when she spoke of the State which she characterised as dystopian, that the 21st century socialists do not have a good model for workers control, within a planned economy; I have no doubt that the 20th century Morrisonian corporation does not work, perhaps I should study the literature around Germany’s corporate governance and their worker’s councils, although I joke that as one looks at the failure of nationalised industry that Ted Grant’s ⅓,⅓,⅓ looks much more sensible than when I first came across it in the seventies, at least it recognised the conflicts in goals between local workers, the broader class interests and any national need.
One proposal about the future which I am unsure will come to pass, is that the datenkraken will become suppliers of education and healthcare. I am not so sure. Certainly, the CoFoE argued for the extension of EU competency into these areas as they wanted a common standard based on need not profit.
Tea looked briefly at the Data Act, which aims to “… clarifies who can create value from data and under which conditions. The Data Act will ensure fairness by setting up rules regarding the use of data generated by Internet of Things (IoT) devices.” and also at the Digital Services Act which is designed to regulate large players, create a level playing field for SMEs and place legal duties on very large platforms to reduce crime. I have said elsewhere, the compliance costs of the DSA and its international equivalents will act as a barrier to entry for SMEs.
Tea asks a similar question as to whether regulation would inhibit the birth of the value economy, which takes us onto the issue of the sharing and monetisation of personal data; the old adage that if you aren’t paying, you are product is important here and that the individual right to sell personal data has welfare diseconomies and undermines the right of others not to. When I first started to study the politics of privacy, I was guided by those who contrasted the US & EU approaches as that between market and rights, but the thinking hadn’t been done that they compete, My conclusion today is that you can’t have both, which may jeopardise the “value economy”.
Much of the thinking around this seems utopian as very few are considering monopoly regulation. I also wonder if the unalienable nature of rights contradicts or enhances the proposal to have a common or interoperable chat protocol, between all suppliers. I must say I miss pidgin.
I am grateful for this presentation, while I am not sold on the four options, asking the question is important.
On the CoFoE Proposals
Between the expert speeches, the delegates broke into groups, to examine the Digital Transition chapter of the Outcomes of the CoFoE final report which I commented on the day before the conference, [ and on Medium].
I was in a group who were to report back on Proposal 31. Access to Digital Infrastructure. We spent time examining the inclusivity of the proposals, had a debate on whether the proposal’s focus in children excluded the need to teach literacy first. it seems that a key issue for access and safety is that of education. In our group on access, again we focused on disadvantaged groups, but I note that within CoFoE report, there are demands for universal public provided and defined curriculums; we don’t want the definition of good practice and usage to be defined by the tools vendors such as Microsoft, and the other datenkraken.
There was a keenness to address the rural connectivity problems; it made me wonder about Estonia’s population density and whether they had rural connectivity gaps and if this impacted their elections.
Another growing demand is that for public services, there must be offline alternatives.
I observed that the planned technology futures needs to be relevant and not just a fashion statement, that’s you bitcoin and virtual worlds that is. I also added, that AI is at its most dangerous if applied to justice not in business, although we can all see today the strange racism endemic in software and the business example quoted was that of the use of algos in recruitment. I quoted the automated fining of speeding in the UK, and emphasised that human centricity and protection from automated decision making must remain one of the principles of EU law.
A discussion on privacy enforcement led us to the conclusion that the national data protection supervisors were underfunded, even when the will to act was high, which is not universally true.
While CoFoE recommends that the EU takes power to licence and thus ban certain players in the market, this was not picked up by the Conference. There is an understandable distrust of the state which was most acutely addressed in the discussion as to whether we can build a trusted fact checking service. The CoFoE chapter on Democracy suggests that the EU’s Media Observatory could be extended, and I mentioned the private sector or C4 fact checking service in the UK. It interests me that one of the rapporteurs was firm in the idea that hate speech should be suppressed but not fake news. I wasn’t able to suggest that fake news is a danger to democracy and driven by plutocrats or foreign anti-democratic state actors. The opponents are right that state censorship is a problem and threat but while lying on an industrial state remains a political tactic, it needs to be combatted.
I am assuming that many of those present grew up in post-soviet Europe. Their fears of the anti-democratic forces are real although I feel they throw the out the baby with the bath water. We all need to build states that people can trust and while, as in much of Eastern Europe, those that argue for some form of collectivism are tarred with same brush as their predecessors, rightly so in some cases, it’s going to be hard. It should be easier in the UK where the end game of the corruption of right-wing populism aided by its media oligarchs and behalf of the uber-rich who are beyond the need for citizenship, is on exhibition in full view.
At the conference, I was given a copy of “Europe, the Unfinished Democracy” by Ute Scheub, now to read it.