2020 has revealed itself to be not just devastating in global impact of Covid-19 pandemic, but also the most data-greedy year to date. Vaccine Passports, Track and Trace apps, facial recognition cameras at airports to control travellers, mandatory Covid test records, those are just the tip of the data-hungry iceberg of 2020/21
Our personal data are increasingly appropriated, with both Big Tech giant commercial companies (Google, Apple, Facebook) and our own governments forcing us to share our sensitive data with no guarantee of that data being kept in a secure way. In addition, data privacy as practiced by Big Tech is more than opaque – Shoshanna Zuboff noted that permission of use of Google Nest requires equivalent of us signing 1000 contracts!
Recently it has been revealed that Microsoft and many US government departments like Dept of Homeland Security fell victim of Solar Winds hack, infecting thousands of their clients causing havoc to data security world-wide. If government spooks can’t protect our data, then who can? And who should be held responsible?
Cybersalon invited the panel of Digital Sovereignty experts from Canada, Iceland, UK and India to debate – who is best positioned to protect your data? Is it your city, your Nation State, Google or should we strive for digital self-sovereignty?
4 layers of Data Ownership
Eva Pascoe has introduced the current personal data ecosystem, describing 4 layers of data ownership – starting from personal level, a strong case for self-sovereignty where:
I hold my own data in a digital vault, companies and State have to ask me for permission to access
The second level is your City level, where we give our data to the city and share data at city level with our fellow citizens for benefit of managing the city better using combined data.
Thirdly, we could share data at region level, where German Bundts are good example or Councils in UK, like Westminster Council. Fourth is the level of Nation State (Estonia, UK, Iceland) or, aggregated and even bigger , super state like EU (currently talking about ‘sharing civic data’ but with no opt-out option, a risky and poorly defined data ownership concept).
The panel has been asked the question – which of those levels may be the best for us individually to share our data with to achieve the best protection of our personal data but also to get the benefit that is derived from combining data as a collective. We do benefit from sharing data at government level (health, defence, crime intel) but at a price.
Who owns your data today? Gov or Google/Facebook?
As noted by the first speaker, Derek Alton, independent digital governance consultant from Canada (Digital Canada), today only some of our data is in the hands of one of the above 4 layers.
In fact, most of our data and majority of digital places we use daily are currently commercially owned and data of users is taken as ‘new oil’. Google, Apple, Facebook, Amazon and other Big Tech are the gatherers and ‘horders’ of a lion share of our personal data, not our governments or our cities.
We have to trust Big Tech as they own the devices that we work on, play on and date on. The world of Mobile-First has radically changed the paradigm, moving from relative freedom of choice on Desktop, to everyone being a captive of the manufacturer of our mobile phones. This shift has started about 2005 and now 80% of ecom, banking, e-health is done by mobile phones, feeding the device owners with terabytes of our personal data.
Alas, data security is not the biggest priority for those commercial platforms, as revealed by a series of cybersec breaches affecting Big Tech. Data services held by Google or Facebook also come with business model based on insidious ads collection and microtargeting.
As Priya Prakash (Design for Social Good) notes, the business model of Silicon Valley is aiming to utilise/commoditise users’ data to benefit the company, not users. This is very different from what government infrastructure is intended to do- where Use Case of digital infrastructure owned by government (in theory) should act for the benefit of it’s citizens and as Derek notes, align with each culture/national values and local sense of degree of privacy required.
Unlike countries that lost trust in their governments (UK, US, Poland, Hungary and many others) , Canadians overall trust their the government is high. Derek noted that on the whole, they prefer to have government to run country’s digital data infrastructure rather than be at the mercy of Google and Apple. They also want to embed civic design values into the digital tools for the use of their own citizens.
Derek current research is on advising Canadian government on how to set up it’s digital infrastructure free and independent from commercial suppliers, away from commercial designs or Silicon Valley business models. He has also working on solutions for (preferred) Self-Sovereignty for data ownership for Canadians.
Derek has also brief for Digital Governance and Trust in those tools by Candian citizens. The project of 5 Digital Pillars of Canada digital data infrastructure is broadly similar to Estonia framework. It raises the question if in longer term, such 5 Digital Pillars can become public utility?
It also follows, that citizens may want to choose to e-join a new country if they prefer it’s values – for example, David Jennings and John Horsley has chosen to register as E-Estonian to enable him to set up a business in EU post-Brexit.
This approach is certainly giving citizens the right to choose their digital sovereignty and vote with their feet if they don’t’ like data infrastructure of the original country.
Derek is also interested in use Open Source tools for Digital Canada, while not making the tools and UX too hard to use (often a case with Open Source projects). He is investigating optimal use of public dollars, the impact of IT budgets transparency on platform governance and trust.
Canada is also looking to build digital Public Square where data does not drop to Facebook yet enable community ‘forums’ and keeping in touch with grandma without handing over data to a commercial company.
The challenge for governmental ownership is that it will always lack scale that comes from Google, Apple or Facebook ability to provide slick services based on feedback from not millions but billions of users. How to make government services equally slick with less feedback? This is probably the million Canadian dollars questions as citizens have high standards, used to slick and fast service on their mobiles, provided by commercial Big Tech.
Future trust in our digital infrastructure must be acquired by good design, not just good intention as notes Priya Prakash.
Why your Data should be kept in the City?
Birgitta Jonsdottir, former MP for Iceland and ex Wikileaks digital mover and shaker has been at the forefront of experiments with digital sovereignty since 2008.
Elected as MP for Iceland Parliament (Pirate Party) in 2013, she has spent the last few years on the barricades working on developing digital infrastructure for Iceland government, from inside and has deep scars to show for it!
She is more ambiguous on the nature of ‘ideal digital solutions’ saying that:
I fell in love with the Internet back in the early 90s, but I am having a hard time staying in love with it
Birgitta notes that Iceland has developed a government owned ID system, has advanced and well trusted own online tax payment with 97% of Icelanders paying tax online with no pain or stress, unlike the previous system. The system is slick and proven, trusted and widely used. Iceland can build on that extending the gov service into other areas.
However, that is on the surface, as underneath, Google Cloud is widely used and is the preferred Government cloud (same like in UK government where all services are held on Google Cloud as of 2020).
On currency – Iceland has own currency Krona and survived crisis of 2008-2010 by locking bankers up. But Google Pay and Apple Pay are the major payment tools – Birgitta argues that Iceland must re-think it’s Digital Sovereignty strategy and find ways to keep data in the country.
Voting on digital infrastructure projects
Iceland has attempted to will develop an online tool to vote on digital projects for the citizens. Initially the plan was to allocate 0.25% of tax income to be spend on digital infrastructure projects, using people’s democratic vote. However, this has been derailed, something of Birgitta’s big regret and her project to return to in the future.
A successful example of well completed digital infrastructure is a project in Mexico on which Birgitta was an advisor. MEXICO CITY has written own constitution thru inclusive digital consultation process, utilising modern tech to give more people voice on which digital tools to progress and spend the budgets on.
Birgitta also commented on mention the trend to centralisation, thru technology where many local services are drawn away from smaller towns or villages, to ‘optimse costs’. However, a warning is that as a result of that centralisation of services and privatisation of services, citizens’ data (used for those local services) is local no more but now sits in the more remote centres. It took away significant sense of ownership and ended up in loss of control over data as an outcome of digital centralisation – certainly a warning worth heeding!
Birgitta argues that any digital infrastructure that needs to be built by the government should be campaigned for from inside – it is not for just civic society, which is necessary but not sufficient but it is a job for a sitting MPs. MPs and civic society must collaborate tightly.
(Derek Alton supports that but noted that sometimes, to push the government to do the right thing, civic society can campaign and lobby for specific solutions, work from OUTSIDE as the government can be pushed/guided to move on certain issues if it is seen as welcome by the voters).
Birgitta commented that civic society can support/drive and lobby MPs but ultimately it is their call and only theirs. This needs to be understood to pick the battles and timing.
She is a proponent of digital localisation, data sovereignty at local level:
Let cities do what they do well – manage their own citizen’s data
Priya Prakash notes that from designer’s lens, it is useful to know :
People understand geography and local, they understand neighbours, sharing data within their city, they don’t really relate to abstract like Liberalism
So we should keep the discussion about data ownership to local/relatable levels.
Birgitta’s Advice for UK post Brexit:
Birgitta mentioned Iceland’s benefits from being in European Free Trade Association (participating in European Single Market but not in European Customs Union). Iceland it is also in European Economic Area, benefits from a commercial treaty, and is not participating in common Fisheries or common Argiculture Policy as it has never been accepted by the local voters. Her view is that there are huge advantages of staying close to EU as EFTA members and the biggest win is that it keeps US chlorinated chicken away!
Her recommendation for improvements of Digital Infrastructure and governance is to force MACHINE READABLE LAW – to ensure the law making is set in a transparent way and no shady processes are running in the background, wrapped up in a language no civic society can understand or scrutinise.
This is supported by David Birch, who notes that ROBOT HANDBOOKS are increasingly used in Financial Services.
Priya Prakash notes that a warning here is that it is often a lip service, while in fact, behind the scene, the usual legal shenanigans and negociations carry on.
The most valuable data that big tech wants from us is our trail of online purchases – who should have access ?
Dave Birch, financial expert, digital sterling advisor and author of The Currency Cold War speaks on how personal data ownership needs to start at the point of gathering data. A good example would be a city creating it’s own coin (Manchester Coin, similar to Bristol Pound).
This allows the City to keep fees from providing Payment services to it’s citizens. It also keeps data from financial transactions – the most valuable data that exists and data that can drive efficiencies and new services.
Similar, if Britain creates digital pound, does it mean it will keep the data created during payments flow rather than seeing the data flowing off to Visa, Google Pay or Apple Pay?
David also notes that the History of Identity indicates that it has been generally owned by the State. Some exceptions were strong cities like Florence or Pisa that fought back and head their own identity provisions. Both cities held up against the data-holic Italian state and did not accept state identity till late 1890ties. This shows potential for cities in the Era of Data.
David notes that:
We have moved to post-cash society, removing the high cost of handling cash and high cost of exchanging different types of currency in physical notes, but we haven’t changed the way we think about money, we still do everything as if the handling costs are high
The cost of exchanging digital currencies is tiny, allowing us to start thinking bigger about local money. Citizens of Manchester should have a choice to use local currency, that keeps money from payment service and data from your purchase trail for the benefit of the City.
That enriches the city and enables it to use this raised budget to make investment in line with Manchester needs – not in line with London or Sheffield needs. Local is the new global!
David notes that enabling more creative and local micropayment digital data infrastructure for Cities and their digital sovereignty requires support of MPs (back to Birgitta’s comment that it all needs to be driven by MPs). Alas, as David comments:
“UK MPs would not know how microwave works, let alone how Internet works”
He notes that “our digital democracy is still in ‘beta”
India and China – keeping their payment services to themselves, thus keeping data in the country. Should we consider same?
David also notes that Facebook has shifted “ From Libra to Calibra” – Facebook wants our financial data but has backed out from issuing it’s own digital currency, instead backing governments’ digital efforts in each country – mainly as US government did not approve this attempt at ‘financial land grab’ and users payment data.
Important to beware of Digital Dollar – data will be shared with FBI, so would digital Sterling be a good alternative? The answer rests on the question if we believe UK government does not share data with US spooks (err…)
Priya Prakash agreed that the most useful and valuable data that are gathered from us as users is payment data. Companies pay good money to get their hands on that trail of purchases. It costs a lot of money to buy but if you have your own payment system, then you actually can gather that data and keep it for yourself (or to your selected payment company, your Bank, your country, or it is kept by Visa, MasterCard).
China has WePay, which processes most of the payment in the country.
India has just pushed out Google Pay as well as Amazon Pay creating their own payment to keep the payment data to themselves in a new system called Paytm – Priya notes there are lessons we should be following in Europe and US, arguing that it is not too late for governments can wrestle control of payment data (the best data there is) from commercial Big Tech.
What are politicians for?
As we are getting to grips with how to drive digital sovereignty change, we get closer to the question of what MPs can do and what they can’t do.
Jim Killock (Open Rights Group) noted that at end of the pandemic and Brexit, UK MPs are like a sad herd of castrated stallions, with the government removing their cojones using the pretext of Brexit.
MPs were not able to scrutinise Trade Deal with EU (none of the draft was made available to MPs), they did not see Japan-UK trade deal till it was done. They couldn’t comment on the progress of negociations as none of the documentation was shared. EU MEPs had full access to negociating documents during Brexit, with politicians fully in the loop of discussions.
As a result of that usurpation of executive power and removal of scrutiny process, it is clear by now, that UK post Brexit will be a lot less secure for our personal data ownership than currently.
Jim notes on UK trade deal, that data agreements section in essence stop UK from remaining in Data Adequacy/Mutual acceptance agreement with EU.
This leaves UK floating towards US personal data framework, much less secure than what we had till now. Although there as some states pushing thru GDPR-like law (California, NY), overall, US data protection is much weaker comparing to EU.
USA has a consumer framework , not citizen framework or human rights framework
We need to be aware of Balkanisation of the Internet, but acknowledge that in fact it may be desirable if it gives better protection of individual data to citizens (ref Wendy Hall note on Four Internets ) https://www.cigionline.org/publications/four-internets-geopolitics-digital-governance
We should decide which Internet layers should stay as Standard (fundamental protocols) versus which layer should diverge (applications, Identities, Payments) to offer personal data protection infrastructure
5 pillars of Canada Digital Strategy will lead to Estonia 2.0 -like framework where other countries’ citizens can apply for digital citizenship – more countries should develop full government ID, Payments, Credentials and more digital infrastructure.
Lobby for better Law
GDPR regulation is limited in providing personal data security- civic society must work on how we can make it actually deliver on what it says ‘on the tin’ (currently just tax on companies and Xmas come early for lawyers).
Role of MPs – Civic society to work tighter with MPs to shift the conversation from ‘motivational posters’ to real “data seatbelts” personal data protection.
Local is the new Global
City Coins can help to raise money for projects fully aligned with values of it’s citizens. We should focus on educating cities on the low costs of running City Coins, upside of keeping data local and reclaiming payments.
Panelists – event chat can be read here
Eva Pascoe – co-founder of Cybersalon.org, think-tank on Digital Futures, advocate of Bill of Digital Rights, proponent of London Coin and giving people choice to use currency with values we agree with @cybrsalon
Birgitta Jonsdottir – former MP for Iceland, co-founder of Pirate Party, poetician, , IMMI chair, Twitter @birgittaJ
Derek Alton – Digital Canada, building gov infrastructure and trust/data governance, Fellow of Newspeak House @derekAlton
David Birch – author of “The Currency Cold War”, advisor to Bank of England, proponent of Manchester Coin and micro-currencies to recover local economies post – Covid @dgwbirch
Jim Killock – Open Rights Group, Executive Director leading on scrutiny of UK post Brexit trade deals and Data Adequacy in post-Brexit UK, pushing for MPs to regain their right to see trade deals (as MEPs can see, discuss and scrutinise), lead on scrutiny of Japan-UK Trade Deal @jimKillock
Priya Prakash – designer and founder of @DS4C Design for Social Change, Smart City/Urban Tech, location and identity data researcher, advocate of user-centered design in government and smart city solutions