It is no accident that a small country in Northern Europe is the center for announcing recommendations to the rest of the world on how to approach our freedoms for online privacy and identity. Estonia is held as one of the leaders in e-governance and digital society because they have been able to create a digital infrastructure that leaders from countries across the globe travel thousands of miles to learn about.
For those who may not know too much about Estonia, over the last few centuries it has fought for its independence several times, achieving it first in 1914 and again in 1991 after the former Soviet Union fell – a hard-won independence that is now again being threatened by a neighbor who wants to reunite an outdated empire. As this year’s conference kicked off, and the keynotes moved to working groups, C130s landed in Tallinn with American troops, reinforcing a solemn awareness that freedom for Estonia is held in a similar balance to our own digital rights online.
In his keynote address, Estonian President Toomas Hendrik Ilves said, “When we talk about freedom and democracy, we mean the whole package: free and fair elections, rule of law, independent judiciaries, respect for fundamental rights and freedoms. And in the modern digitized society, which is actually only about 20 years old, a free Internet is just as much a part of the package.”
As Eastern Europe faces the threat of Russian encroachment, all of us around the world are feeling the threat of our digital rights evaporating with more and more governments and corporations using “Big Data” to seemingly watch our every action. The irony is not lost on me that the frustration and anger against Russian aggression in the Ukraine was similar to the anger and frustration felt around U.S. policy when Snowden revealed the extent of the collection and monitoring of personal data globally. There’s a significant difference, in that the U.S. administration acknowledged concern and need for oversight around its policy, though there are still challenges remaining in how to create a clear path forward.
As Secretary of State John Kerry noted at the FOC summit, “You can discern an absolutely unmistakable pattern, the places where we face the greatest security challenges today are also the places where governments set up firewalls against basic freedoms online.”
So what’s the answer? How do we balance protection and freedom? How do we promote the good in Big Data, without setting the stage for the bad to infiltrate our lives?
It all comes down to the human element. Big Data is ultimately going to help humanity. If it’s used the right way, it will allow us to solve some of the most pressing public health, poverty, security and safety issues, but it comes at a price. Just as it will bring about fascinating new technology by monitoring human interaction, it will allow for just that – the monitoring of every human interaction. As President Ilves stated, “Today we do live in a global village. Governments, Google searches, the apps in your smartphone and your credit card swipes make you an open book, just as if you were living in a small 17th-, 18th- or 19th-century village. Everything can be known, and in some cases everything is known.”
And so, as a global community, and especially as leaders of the free world here in the U.S., we should be constantly working to innovate, explore and develop concrete, enforceable policies and laws that not only protect us, but empower us to improve the world we live in.
At the FOC conference, there were many that questioned the ability for governments to actually take action and give teeth to the policies set forth. Even as Secretary Kerry spoke harshly about the restrictions of human rights to the crowd over a Google+ connection, there was an air of distrust in the sentiment he expressed. It seems that other countries are starting to take the lead in developing more progressive rules and regulations, as Chile, Iceland, Estonia and other smaller democratic nations pave the way to their own Internet governance practices in freedom, transparency and auditability.
Transparency and auditability, in fact, along with integrity and privacy were all recurring themes at the 2014 summit, where the Coalition announced official recommendations for the path to a free and secure Internet. But they’re simply recommendations, and that’s the problem. This is a first step, an initial framework that will need to be built into enforceable rules and international laws.
And we’re already behind, not keeping up with the very technologies that protect our personal freedom. Take encryption, for example, it’s important, but it’s not the only path to security. Certainly, privacy is important, but the integrity of data is critical – it’s one thing to have someone read your medical records, and quite another for someone to alter them. Both privacy and data integrity need to be protected, though our emphasis seems to be mostly around the encryption, even as the recent Heartbleed crisis clearly demonstrates that encryption will not always protect us. Estonians understand this. They have some of the world’s most renown cryptographers at the University of Tartu and have an advanced knowledge of the structure and development of security and data that rivals the rest of the world.
At the FOC summit’s Presidential Dinner, CTO of Guardtime Matt Johnson observed, “What I discovered is that Estonian scientists have built a technology that allows the entire planet to verify every event in cyberspace in such a way that the privacy of each event is maintained, but the integrity of the event cannot be denied.”
Technology is a powerful tool that creates efficiency in our lives, but we must be careful not to automate the humanity out of ourselves. As much as this privacy-versus-security balance is a policy discussion, we can’t forget that the technology we’re talking about is software that we create as humans, and so we have the power to build oversight into that software to keep governments in check when handling our personal information. In a way, we can regulate the regulators.
To be sure, the path toward striking that right balance will be full of significant challenges, but those governments that are proactive and lead by example will reap the rewards and benefits of adopting both policy and technology that move us forward, while protecting human rights. Taking a page from Lawrence Lessig, how we build that policy requires four fundamental controls: law, markets, social and architecture. To that end, we will need to build the architecture for establishing trust, once again, through transparency and auditability.