Digital Policy - Atlantic Council

Read the full issue brief here.

After Vilnius: What’s next on Ukraine’s path to NATO?

Eastern Europe NATO Security & Defense Ukraine

Today’s Ukraine is often described as a testing ground for new military technologies, but it is important to stress that Ukrainians are active participants in this process who are in many instances leading the way with new innovations ranging from combat drones to artillery apps. This ethos is exemplified by initiatives such as BRAVE1, which was launched by the Ukrainian authorities in 2023 as a hub for cooperation between state, military, and private sector developers to address defense issues and create cutting-edge military technologies. BRAVE1 has dramatically cut down the amount of time and paperwork required for private sector tech companies to begin working directly with the military; according to Ukraine’s defense minister, this waiting period has been reduced from two years to just one-and-a-half months.

One example of Ukrainian tech innovation for the military is the Geographic Information System for Artillery (GIS Arta) tool developed in Ukraine in the years prior to Russia’s 2022 full-scale invasion. This system, which some have dubbed the “Uber for artillery,” optimizes across variables like target type, position, and range to assign “fire missions” to available artillery units. Battlefield insights of this nature have helped Ukraine to compensate for its significant artillery hardware disadvantage. The effectiveness of tools like GIS Arta has caught the attention of Western military planners, with a senior Pentagon official saying Ukraine’s use of technology in the current war is a “wake-up call.”

Alongside intensifying cooperation with the state and the military, members of Ukraine’s tech sector are also taking a proactive approach on the digital front of the war with Russia. A decentralized IT army, consisting of over 250,000 IT volunteers at its peak, has been formed to counter Russian digital threats. Moreover, the country’s underground hacktivist groups have shown an impressive level of digital ingenuity. For example, Ukraine’s IT army claims to have targeted critical Russian infrastructure such as railways and the electricity grid.

Ukraine’s tech industry has been a major asset in the fightback against Russia’s invasion, providing a much-needed economic boost while strengthening the country’s cyber defenses and supplying the Ukrainian military with the innovative edge to counter Russia’s overwhelming advantages in manpower and military equipment.

This experience could also be critical to Ukraine’s coming postwar recovery. The Ukrainian tech industry looks set to emerge from the war stronger than ever with a significantly enhanced global reputation. Crucially, the unique experience gained by Ukrainian tech companies in the defense tech sector will likely position Ukraine as a potential industry leader, with countries around the world eager to learn from Ukrainian specialists and access Ukrainian military tech solutions. This could serve as a key driver of economic growth for many years to come, while also improving Ukrainian national security.

David Kirichenko is an editor at Euromaidan Press, an online English language media outlet in Ukraine. He tweets @DVKirichenko.

The post Kumar and CBDC tracker cited by the Observer Research Foundation appeared first on Atlantic Council.

Kumar quoted in Axios on cryptocurrency regulation

mrashid — Tue, 18 Jul 2023 13:54:51 +0000

Read the full newsletter here.

The post Kumar quoted in Axios on cryptocurrency regulation appeared first on Atlantic Council.

“New Rules for Stablecoins and the Future of Payments” event featured in Politico

mrashid — Mon, 17 Jul 2023 16:31:54 +0000

Read the full newsletter here.

The post “New Rules for Stablecoins and the Future of Payments” event featured in Politico appeared first on Atlantic Council.

“New Rules for Stablecoins and the Future of Payments” event featured in Politico

mrashid — Mon, 17 Jul 2023 13:50:03 +0000

Read the full newsletter here.

The post “New Rules for Stablecoins and the Future of Payments” event featured in Politico appeared first on Atlantic Council.

Lipsky quoted by Politico on CBDCs and CBDC Tracker cited

rmurphy — Mon, 10 Jul 2023 14:37:31 +0000

Explore the #AtlanticDEBRIEF series

The post Lipsky quoted by Politico on CBDCs and CBDC Tracker cited appeared first on Atlantic Council.

#AtlanticDebrief – What’s the significance of the EU’s AI Act? | A Debrief with Brando Benifei MEP

nlawler — Thu, 06 Jul 2023 16:20:54 +0000

IN THIS EPISODE

What’s behind the EU’s push to regulate AI? What will the legislation require of companies who develop AI systems? With the trialogues underway, what are some of the key issues that will dominate interinstitutional negotiations? How did the introduction of ChatGPT change the way the European Parliament was looking at regulating AI? And what’s the relationship between regulation and innovation when it comes to AI technologies?

On this episode of #AtlanticDebrief, Fran Burwell sits down with Brando Benifei MEP, co-rapporteur of the EU’s AI Act, to discuss what the EU hopes to achieve with its legislative proposal.

You can watch #AtlanticDebrief on YouTube and as a podcast.

SUBSCRIBE TO #Atlanticdebrief

listen to #AtlanticDEBRIEF as a podcast

MEET THE #ATLANTICDEBRIEF HOST

Fellow

Frances Burwell

Distinguished Fellow

Central Europe Digital Policy

Europe Center

Providing expertise and building communities to promote transatlantic leadership and a strong Europe in turbulent times.

The Europe Center promotes the transatlantic leadership and strategies required to ensure a strong Europe.

The post #AtlanticDebrief – What’s the significance of the EU’s AI Act? | A Debrief with Brando Benifei MEP appeared first on Atlantic Council.

CBDC Tracker update cited by Forkast

mrashid — Wed, 05 Jul 2023 17:14:56 +0000

The post CBDC Tracker update cited by Forkast appeared first on Atlantic Council.

CBDC Tracker cited by CoinGeek

rmurphy — Mon, 03 Jul 2023 15:12:35 +0000

The post CBDC Tracker cited by CoinGeek appeared first on Atlantic Council.

Lipsky op-ed on CBDCs published by Il Sole

rmurphy — Mon, 03 Jul 2023 14:03:16 +0000

The post Lipsky op-ed on CBDCs published by Il Sole appeared first on Atlantic Council.

CBDC Tracker update cited by Trade Finance Global

rmurphy — Thu, 29 Jun 2023 16:19:00 +0000

The post CBDC Tracker update cited by Trade Finance Global appeared first on Atlantic Council.

CBDC Tracker update cited by finews.asia

rmurphy — Thu, 29 Jun 2023 16:17:02 +0000

The post CBDC Tracker update cited by finews.asia appeared first on Atlantic Council.

What policymakers need to know about artificial intelligence

Philip L. Frana — Thu, 29 Jun 2023 13:00:00 +0000

Defining artificial intelligence
How artificial intelligence works
Machine learning
Deep learning
Global competition and controversies
Dangers, myths, and misconceptions

Despite an abundance of books, articles, and news reports about artificial intelligence (AI) as an existential threat to life and livelihoods, the technology is not a grave menace to humanity in the near term. Undeniably, the comments of deep learning pioneer Geoffrey Hinton, who resigned from Google, are concerning. “I have suddenly switched my views on whether these things are going to be more intelligent than us. I think they’re very close to it now and they will be much more intelligent than us in the future. How do we survive that?” Hinton said in a recent interview. Hinton fears that AI may come to intentionally or inadvertently exert control over humanity, a hypothetical scenario known as an “AI takeover.” He is also worried about the potential spread of AI-generated misinformation or the possibility that an oppressive leader may attempt to use AI to create lethal autonomous weapons systems (LAWS). But AI programs have no agency to act on their own. Generative AI language models currently operate only within the controlled environments of computer systems and networks, and their capabilities are constrained by training datasets and human uses.

The generative transformer architecture that is powering the current wave of artificial intelligence may reshape many areas of daily life. OpenAI CEO Sam Altman has been making a global tour to engage with legislators, policymakers, and industry leaders about his company’s pathbreaking Generative Pre-trained Transformer (GPT) series of large language models (LLMs). While acknowledging that AI could inflict damage on the world economy, disrupt labor markets, and transform global affairs in unforeseen ways, he emphasizes that responsible use and regulatory transparency will allow the technology to make positive contributions to education, creativity and entrepreneurship, and workplace productivity.

At present, however, Altman’s generative AI is most useful in improving natural language processing and machine translation. Generative transformers are flexible and scalable models that outperform recurrent neural networks—which made voice-activated assistants on smartphones possible—in certain tasks, such as capturing relationships between different words within long documents and answering questions about them. Examples include GPT, BERT, T5, and LaMDA. They do not on their own possess independent capabilities associated with artificial general intelligence or superintelligence, and it is unlikely that a truly versatile human-like cognitive AI will become a reality before 2050. Even an ultrasmart AI program may never bootstrap itself into consciousness. And there is almost zero chance that—as in the Roko’s Basilisk thought experiment—a spiteful and malicious AI will emerge that rewards those humans who assist it and punishes any who dare attempt to stop it. As Sam Altman puts it “GPT4 is a tool not a creature.”

What is certain is that AI tools and methods will be crucial for confronting a slew of slow-motion catastrophes unfolding across the world. COVID-19 has claimed almost seven million lives worldwide, and based on excess mortality likely many more. Strife, stress, and conflict endangers democracies on both sides of the Atlantic. Unschooling and remote work movements mingle with cultural and political divisions and societal disruptions. Climate change brings extremes in heat, drought, and wildfires along with melting ice caps and sea level rise.

Machine learning (ML) is able to tackle these issues head-on. Admittedly, it has a long way to go before it’s a feasible tool for pandemic control, but AI is attaining good performance in the diagnosis, evaluation, and prognosis of infected individuals; predictions of pandemic spread; and COVID-19 drug discovery as well as vaccine development. Responsible applications of AI are strengthening communities and empowering democracies. Over the past few years, this technology played a particularly powerful role in knitting humanity together virtually amidst the spread of disease, snarled traffic, scarce fuel, and the high cost of living. AI-enabled technologies are also monitoring the world’s climate, agriculture, and economies, as well as providing solutions to feed and clothe the world without further damaging the environment. They can facilitate many paths to sustainable planet-wide development. Green AI technologies representative of the convergence of social innovation and technological change include ecobots, biodiversity and ecosystem services, and renewable energy solutions.

Nonetheless, humanity is living in uncertain, complex, and ambiguous times. But as Sun Tzu explained in The Art of War, in the midst of chaos, there is also opportunity. It is not surprising that the current generation has invented AI and social media-fueled empathy scorecards intended to replace or supplement credit scores, prescription video games and other “calmtainments,” and AI-assisted chatbot therapists (Woebot and Wysa). AI is being brought to bear against the labor squeeze and workers’ demands for higher wages, supply chain disruptions and volatilities in manufacturing, and the omnipresent threats of wars of occupation.

Defining artificial intelligence

The ultimate goal of AI is to emulate human-like thinking or perform tasks that normally require human activity. John McCarthy, Marvin Minsky, Nathaniel Rochester, and Claude Shannon, in their original proposal to bring together mathematicians, cyberneticists, and information processing innovators for a formative 1956 summer research workshop on AI at Dartmouth College, contended that “every aspect of learning or any other feature of intelligence can be so precisely described that a machine can be made to simulate it.” AI can be subdivided in several different ways, but the major branches are usually described as artificial narrow intelligence (ANI), artificial general intelligence (AGI), and artificial superintelligence (ASI).

ANI is the branch where the overwhelming majority of AI-inclined developers work. ANI thereby represents the state of the art in AI. It is a category that includes all useful applications of AI to specific problems such as calculating risks and reducing errors, handling repetitive or boring tasks, making informed recommendations or decisions quickly, or automating job duties that are difficult or dangerous. ANI developers are rarely concerned about whether their AI systems are capable of true cognition, awareness, metacognition, or affectivity. Instead, they are content to regard them as models for understanding intelligent behavior and building useful tools. Common areas of activity in ANI are speech recognition, natural language processing, chatbots, search engines, recommender systems, digital assistants, computer vision, image recognition, and machine translation. Every sort of machine intelligence encountered in daily life is limited to specific tasks and knowledge domains that are not readily translated into other tasks or domains irrespective of how sophisticated they are.

On the other hand, AGI and ASI have as their shared goal the achievement of a complete or comprehensive range of human intelligence capabilities, including perhaps even consciousness. In AGI and ASI, the model is the mind; the map is the territory. Should the goal be reached, some researchers believe ASI will surpass human intelligence, with cognitive capacities well beyond those of the smartest people and in a wide variety of domains. An ASI’s “mind” would not just be different in degree from the human one; it would be different in kind. Indeed, some researchers assume that any potential candidate for ASI would require a self-modifying property. Many people, including, most famously, Bill Gates, Stephen Hawking, and Elon Musk, have spoken out about AGI/ASI safety and control. Stuart Russell and Peter Norvig, authors of the leading textbook on AI, note that “[a]lmost any technology has the potential to cause harm in the wrong hands, but with AI and robotics, we have the new problem that the wrong hands might belong to the technology itself.” Others have been more sanguine. Neuroscientist Anthony Zador and computer scientist Yann LeCun, for example, suggest that there is no reason why a machine would develop a self-preservation instinct or evolve into a dangerous competitor.

How artificial intelligence works

The typical AI developer writes code—sometimes employing the assistance of context-aware intelligent code-completion software like IntelliSense or Copilot. At the core of all AI systems written today are intelligent agents. The classical approach to AI is in the form of sense-think-act: agents perceive their environment using sensors, consider choices and make decisions, and react using effectors. They may be physical (robots) or virtual (software) and are often both. Agents now have all sorts of different abilities, goals, preferences, knowledge representations, and memories of past experiences. Humans themselves are considered very complex intelligent agents by AI developers, albeit biological ones. This is why it is sometimes said that the “holy grail” of AI is to understand man as a machine.

Agents are ubiquitous in everyday life. Siri, Cortana, and the Google Assistant are agents, as are tabletop smart home appliances like Amazon Echo, Google Home, Samsung Bixby, Xiaomi Xiao Ai, and Apple HomePod. Agents are also embedded in many autonomous and semiautonomous robotic devices like the Roomba vacuum cleaner, Tesla driver-assistance system, and General Atomics Gray Eagle Extended Range unmanned aerial military drone. Large, pretrained language models are the foundation of the latest—potentially disruptive and transformative—conversational agents like Google Bard, Jasper Chat, OpenAI’s ChatGPT, and Microsoft’s Bing chatbot.

Practitioners of symbolic AI, a dominant early approach to simulating humanlike cognition, compared the brain to a sophisticated computer program. From the mid-1950s and continuing into the 1980s, computer scientists created general and specific problem solver programs. Software developers also created general inference engines upon which specialized rule bases could be applied interchangeably. These so-called expert systems consisted of heuristics or rules of thumb developed from direct interviews with experts and professionals (e.g., physicians, lawyers, mechanics, and chemists). Heuristic programming assumed as a given that an expert is a specialist.

Expert knowledge, however, is rarely fixed. Indeed, it is regularly updated through new discoveries and experience. Heuristic systems struggle to keep up with all but the most predictable definitions and structured reasoning methods. AI researchers describe this as the “knowledge acquisition bottleneck.” Training an AI program to serve as a clinical decision support system, for example, is only feasible if there is a reasonably efficient way to keep up with an exponentially growing reservoir of medical knowledge and know-how. Often, the domain expert and the programmer find it difficult to maintain their systems and keep them current.

Knowledge engineers argue among themselves about whether the right approach is to carefully simulate the reasoning abilities of experts in models of human information processes or rather to discover entirely new methods for weighing evidence that can only be accomplished using computers. Ironically, as expert system prototypes proliferated, they became more specialized, limited in scope, and fragmentary. The history of expert systems has proven that machines, like humans, perform better in specialized domains. Exceptional general-purpose thinking is rare among machines, and perhaps also among human beings.

Expert systems gave way to directly mining the data of extremely large numbers of cases. Data mining requires figuring out how to represent knowledge and extract useful patterns through automatic or semiautomatic analyses so that they might be used effectively. Data mining techniques include cluster analysis, anomaly detection, and association rule mining. This movement away from the primacy of experts has been likened to the demise of the Greek Oracle of Delphi.

By the 1990s, connectionist approaches featuring artificial neural networks (ANNs) eclipsed symbolic AI in popularity. The metaphor for the connectionist approach to AI is the brain as a collection of billions of neurons that both wire and fire together. The application of neural networks to AI also dates to the 1950s but had fallen out of favor until resuscitated by Hinton, the cognitive psychologist who recently left Google, and others who described a new procedure called “backpropagation” for training multilayered neural networks. The connectionist approach became even more exciting as advances in computing hardware and schemes for handling large volumes of structured, semi-structured, and unstructured data (“big data”) made it possible to improve the efficacy of neural networks.

Machine learning

ML today is a subset of AI which relies on both the symbolic and neural network approaches. The synthesis of neuro-symbolic AI and development of hybrid architectures is relatively new. Computer scientists use ML and data analytics to train algorithms and neural networks with statistical methods to discern patterns, make classifications, predict outcomes, and uncover significant insights from available masses of information. In ML, models of learning are used to dexterously organize the capabilities of intelligent agents as they improve themselves using data extracted from online systems or the environment. ML is divided into roughly three categories—supervised, unsupervised, and reinforcement learning.

In supervised learning, labeled data are used to train algorithms. The computer is “taught” to recognize general rules using “training data” (labeled inputs and desired outputs). Supervised learning algorithms may engage in active learning to label new data points with desired outputs, classification to organize data into relevant categories, regression analysis to investigate relationships between independent features or variables and dependent variables or outcomes, or similarity learning, where the goal is to measure the resemblance or relatedness between things.

In unsupervised learning, the algorithm discovers structure, features, and insights from unlabeled data. Unsupervised learning is helpful where common properties of the dataset are unknown or poorly understood. Additionally, unsupervised learning is helpful in solving clustering and association-type problems. Clustering algorithms group data based on similarities and differences. Marketing companies often use clustering and demographic segmentation of customers to identify and group households that are similar to one another in wealth, buying behavior, or lifestyle. These clusters are given names like Married Sophisticates, Penny Pinchers, Skyboxes and Suburbs, Summit Estates, Shotguns and Pickup Trucks, Rolling Stones, Single City Struggles, Aging Upscale, and Timeless Elders. Association algorithms find interesting relationships between variables. Association rule learning can be useful in market-based analyses of customer purchases, allowing retailers to recognize relationships between items that customers frequently buy together and predict the likelihood of purchases of an item based on the occurrence of other items in an individual transaction.

A computer performs reinforcement learning when it learns through interaction with the environment and feedback to achieve a predefined goal or maximize a reward. In reinforcement learning, the AI improves by first making mistakes. Reinforcement learning has applications in teaching self-driving cars to avoid obstacles and stay on the road, training AI non-player characters in video games, and instructing caregiver robots on how to grasp common household objects.

Deep learning

Deep learning is a type of ML that depends primarily on ANNs and training data. The neural networks train by imitating the natural neural interconnectivity of the brain using layers of nodes and connections. These nodes are composed of various inputs and weights, a given threshold, and an output value. When the output value surpasses the predefined threshold, it “fires” like a biological neuron, activating the node and passing data along to the next layer of the network. AlexNet, one of the pioneering technologies in the field of computer vision, was designed by Hinton and his students. This deep learning tool used to analyze visual imagery is composed of eight layers—five convolutional layers, two hidden layers, and one output layer. AlexNet was trained on graphics processing units (GPUs). It outperformed all other challengers in the 2012 ImageNet Large Scale Visual Recognition Challenge. Deep neural networks and platforms are employed in many contexts today; they promote cybersecurity (Deep Instinct), predict criminal recidivism (COMPAS Core), make early diagnoses in oncology (Behold.ai), teach next-gen driverless cars (Tesla, Waymo, Nvidia), and boost the creativity of artists (DALL-E, Stable Diffusion) and writers (GPT-4, Charisma). Generative transformer models are a prime example of deep learning, and they are revolutionary in their ability to quickly find relationships and capture context across large datasets.

Computational creativity is one subfield of AI that has been dramatically reshaped by deep learning. Computational creativity applications attempt to generate original ideas and artifacts. These “generative AI” applications are transforming our understanding of machines as helpmates to humans and altering bedrock conceptions of novelty. Is the goal to replicate human storytelling or to create new media for storytelling? Can an AI agent create a real emotional connection with a person? Can a machine have an original thought or imagination? How would an AI program recognize that something is imaginary? In a world of computational creativity, some common tropes and normative modes of seeing, hearing, and knowing may have to be unlearned.

All sorts of possibilities are being explored with generative AI. The annual National Novel Generation Month (NaNoGenMo) contest is the brainchild of computer programmer and internet artist Darius Kazemi. NaNoGenMo is the artificial spiritual twin of the National Novel Writing Month (NaNoWriMo), a nonprofit organization that encourages human authors to find their voices by banging out drafts of fifty-thousand-word novels in November. Programmers following Kazemi’s rules instead write code that generates fifty thousand words of machine-made fiction. NaNoGenMo provides a standard corpus of public domain lists and texts for rapid prototyping, but participants use all sorts of public domain writings to train their AIs. In the NaNoGenMo submission The Seeker, the intelligent agent is at once algorithm, agent, protagonist, and narrator. The Seeker reads differently each time because the code randomly shuffles in a new selection from its corpus to parse, deconstruct, and reconstruct.

Today, humans and artificial intelligences have joined forces to tell prize-worthy stories like The Day a Computer Writes a Novel, which passed the first round of screening for the Hoshi Shinichi Literary Award in Japan, and 1 the Road published by Jean Boîte Éditions. The author of 1 the Road, Ross Goodwin, was a speechwriter in the Obama administration. Goodwin trained a Long Short-Term Memory Recurrent Neural Network (LSTM-RNN) with three different sets of texts (science fiction, poetry, and “bleak” writings) totaling sixty million words. 1 the Road is particularly interesting because the AI’s input is supplemented using sensors—a video camera, microphone, GPS device, and clock timer—exposed to the sights and sounds of a road trip from New York to New Orleans. Typically, large language models are trained on massive amounts of textual data and can be tens of gigabytes—even petabytes—in size. Researchers are concerned about running low on this kind of data to train models, which means that accessing data from other sources such as audio dialogue, images, spreadsheets and databases, and video clips will become increasingly important.

In this networked world exposure to content is constant. Generative AI promises to exponentially increase the amount created annually. Generative AI applications today are spiritedly responding to an apparent “creativity crisis” among human beings as measured by a thirty-year decline in scores on the Torrance Tests of Creative Thinking, a prominent test for human creativity. Generative AI has manufactured all sorts of objects, discoveries, and/or performances. However, some examples of computer-aided creativity are quite old. One precedent is Alan Turing’s imitation game. Another is the general problem solver of AI pioneers Herbert Simon, Allen Newell, and John Clifford Shaw.

In 1958, Simon and Newell wrote that “within ten years a digital computer will write music that will be accepted by critics as possessing considerable aesthetic value.” This prediction has now been fulfilled by the subfield of generative music and algorithmic composition. One of the most famous examples is David Cope’s Experiments in Musical Intelligence (“Emmy”). Emmy is an algorithmic composer capable of analyzing existing musical compositions, rearranging and recombining them, and ultimately inventing new works that are indistinguishable from those of Johann Sebastian Bach, Frédéric Chopin, and Wolfgang Amadeus Mozart. Shimon at Georgia Tech University is a marimba-playing improvisational jazz-bot musician. DeepMusic.AI, OpenAI’s MuseNet, and the Magenta Music Transformer are all online tools for creating music with deep learning and generative AI. Recently, two programmers have been trying to make music infringement lawsuits obsolete by securing copyright to every combination of eight quarter notes in the C major scale using tones generated with the Musical Instrument Digital Interface (MIDI) standard electronic music protocol. And, similar to NaNoGenMo, a song contest has sprung up that is exclusively for artificially generated music. The first AI “Eurovision Song Contest” winner, the Australian group Uncanny Valley, sampled kookaburra bird calls and koala grunting noises. Additionally, there are AI painters, Dungeons & Dragons dungeon masters, journalists, filmmakers, dancers, stunt performers, and theater players.

Global competition and controversies

A number of countries have established national strategies, initiatives, and funding mechanisms to promote AI innovation and adoption. Former US President Donald J. Trump established the American AI Initiative by signing an executive order in 2019. The order did not allocate any direct federal funding, but it highlighted the significance of employing AI in a responsible manner and taking action to respond to significant investments made by other nations. In 2020, the US Congress passed the National AI Initiative Act. The National AI Initiative (NAII) establishes a coordinated program that spans the federal government. It is aimed at expediting AI research and development (R&D) to strengthen the country’s economic growth and national security. The act provides almost $6.5 billion in funding over five years for R&D, education, and standards related to AI. The National Science Foundation, the Department of Energy, the Department of Commerce, the National Aeronautics and Space Administration, and the Department of Defense will jointly oversee a nationwide network of interdisciplinary AI research institutes.

The US government’s efforts are partially motivated by China’s substantial investments in AI technology. The New Generation Artificial Intelligence Development Plan, announced in 2017, is the Chinese government’s national strategy for AI R&D. China hopes to overtake the United States by 2030 and establish the country as a global leader in the production of AI technology and talent. The major port city of Tianjin in northern China has declared its intention to establish reserves totaling ¥100 billion (equivalent to $15.7 billion) to bolster the AI industry, as well as a separate ¥10 billion fund to advance intelligent manufacturing. China passed a national law aimed at addressing ethical and regulatory concerns related to AI in 2021. In April 2023, the Cyberspace Administration of China issued regulations mandating that content generated by AI must align with the fundamental principles of socialism.

The Russian Federation also has a National AI Development Strategy designed to bolster investment in AI research, education, and industrial development. Somewhat surprisingly, the 2019 Russian AI strategic decree does not mention national defense, though it does emphasize the importance of AI for economic development and healthcare. The decree also does not mention budget, deadlines, or enforcement mechanisms. Due to the recent military conflicts in Libya, Syria, Nagorno-Karabakh, and Ukraine, it is anticipated that Russia will allocate significant resources toward developing AI systems for unmanned aerial drones, counter-drone technologies, and AI-powered surveillance systems.

Significant and unheralded projects are also underway in Africa. The African Union has unveiled an Artificial Intelligence Continental Strategy for Africa, which is intended to facilitate the participation of stakeholders, initiate capacity-building efforts, and fortify regulatory frameworks for AI technology and data management. Artificial Intelligence for Development in Africa (AI4D) is a four-year initiative launched in 2020 by Canada’s International Development Research Centre and Sweden’s International Development Cooperation Agency. The objective of AI4D is to team up with Africa’s government and scientific communities to encourage AI research, innovation, and talent. The ultimate aim is to elevate the standard of living for people in Africa and beyond. African nations are particularly concerned with issues of machine bias and ethics and wary of patterns of manipulation and abuse in the form of automated imperialism, algorithmic colonialism, and digital extractivism.

Canada, Australia, Japan, South Korea, Germany, France, and the United Kingdom also have significant national strategies to address challenges posed by a future empowered by AI. Many of these nations are worried about the likelihood of global competition in AI leading to an arms race or authoritarianism fueled by information technologies. Entrepreneurs, politicians, and engineers warn of an impending “AI Cold War.” An AI arms race to create near-autonomous weapons systems is in full swing, despite being a topic of controversy. The banning of these so-called killer robots may not even be practical. Governments around the world have developed a number of other controversial applications of AI, such as image recognition and mass surveillance, predictive policing, deepfakes and misinformation campaigns, and social credit scoring.

Dangers, myths, and misconceptions

AI can be destructive even when used as an instrument for creative discovery. One of the dangers of unleashing computational creativity tools is being submerged by a culture of automation that dampens individual creative expression and dialogue with human audiences, participants, and partners. In 2022, an AI-generated artwork took first place in a fine arts competition at the Colorado State Fair, which outraged many. Only months later, an internationally acclaimed photography competition—the Sony World Photography Awards—was won by an image generated using AI. Getty Images and established art communities are refusing to accept AI-generated masterpieces. But in general, AI is valuable because it empowers humanity with tools that extend bodies and minds and mitigates risks and perilous circumstances.

Deep learning pioneer and serial entrepreneur Andrew Ng has said that worrying about AI is like worrying about overpopulation on Mars. Artificial agents will not need to be excused or incarcerated for crimes and misdemeanors that upon analysis and reflection can be traced to human error, indifference, or greed. Whole brain emulation, artificial consciousness, technological singularity, and AI apocalypse are all well over the horizon. The threats that remain are still significant. The chief near-term dangers of AI technology are pervasive and more subtle. They include risks such as over-optimization, weaponization, deception and distraction, complexification, moral and practical deskilling, amplification of competition and conflict, job losses due to automation, and harms to human uniqueness, privacy, and accountability.

What lies behind the hype and fear of AI is a fundamental misunderstanding of current objectives, as well as severe shortsightedness. Most AI is meant to supplement human intelligence, not replace it. AI is intelligence augmentation until—and only if—humanity commits and finds ways to entirely remove human beings from the loop as creators, controllers, and decisionmakers. “Exiting the loop” will prove difficult: Humans are extraordinarily skilled at handling ambiguous situations, such as intuiting the emotional state of other drivers on the road. AI will not become human-like merely because humans anthropomorphize it either. An AI program does not try to learn (although it can improve through reinforcement learning methods); it plucks statistical patterns and distributions from training data using pipelines, algorithms, and parameters unglamorously selected behind the scenes by programmers. ANNs are not reasoning the way brains do, and adversarial ML involves no clashing of titans. Thinking about the past, present, and future of AI is imperative. When IBM said that the Jeopardy!-winning Watson AI would also revolutionize medicine, it in effect denied a century of hard-won gains in health informatics R&D (and has yet to achieve its lofty promises). It is not possible to simply wave our hands and say that quantum computing, DNA data storage, and neuromorphic chips will pave the way for an AI-infused next industrial revolution. Real progress in AI comes much more slowly, albeit with occasional surprising leaps forward, and ultimately depends on the real wants and needs of human beings.

Philip L. Frana is an associate professor in the Interdisciplinary Liberal Studies and Independent Scholars programs at James Madison University. His scholarly interests focus on the social and cultural aspects of robotics, automation, and information technology.

GeoTech Cues May 22, 2023

The regulators are coming for your AI

By Steven Tiell

The Group of Seven (G7) has lobbed the latest of three notable salvos in signaling that governments around the globe are focused on regulating Generative Artificial Intelligence (AI). The G7 ministers have established the Hiroshima AI Process, an inclusive effort for governments to collaborate on AI governance, IP rights (including copyright), transparency, mis/disinformation, and responsible […]

Technology & Innovation

GeoTech Cues Jan 25, 2023

AI generates new policy risk

By Jonno Evans

New AI tools will have a huge impact on how people work and live and can support innovation and productivity across sectors. But it is also important to be mindful of its potential for misuse. Governments, policymakers, and other stakeholders must be proactive to ensure that these tools are not exploited to cause harm.

Technology & Innovation

GeoTech Center

Championing positive paths forward that societies can pursue to ensure new technologies and data empower people, prosperity, and peace.

The post What policymakers need to know about artificial intelligence appeared first on Atlantic Council.

Lipsky cited by Bloomberg on Chinese digital yuan

rmurphy — Thu, 29 Jun 2023 12:59:37 +0000

The post Lipsky cited by Bloomberg on Chinese digital yuan appeared first on Atlantic Council.

The disinformation landscape in West Africa and beyond

Tessa Knight, Jean le Roux — Thu, 29 Jun 2023 09:00:00 +0000

Download pdf

Introduction

The prominence of West Africa, and Africa as a whole, within the global disinformation ecosystem cannot be ignored. A report by the Africa Center for Strategic Studies released in April 2022 identified twenty-three disinformation campaigns targeting African countries dating back to 2014. Of these campaigns, sixteen are linked to Russia.

The listed disinformation campaigns—nine of which were identified by the DFRLab—reveal two key points. First, there has been a marked increase in the number of publicly identified disinformation campaigns in recent years. Whether this is due to an increase in the scrutiny, analytical capacity, or efforts on the part of bad actors is unclear. Second, the characteristics of each of these influence operations are distinct—these operations target a wide variety of issues, such as elections, the war in Ukraine, commercial interests, and domestic and international politics.

Further, relations between France and francophone West Africa have, following years of amicable relations built on the back of military cooperation, seen a marked erosion that was underscored by the exit of the last of the French troops from Mali in August 2022. Anti-France and pro-Russia sentiments have surged contemporaneously, with overlapping narratives positioning Russia as a viable alternative to Western aid. When French forces began their departure from Mali in June 2022, Russian private military companies (PMCs) such as the Wagner Group stood ready to fill the void.

This report examines several influence operation case studies from the West African region, with a particular emphasis on Mali, Burkina Faso, Côte d’Ivoire, and Niger. The narratives, actors, and contexts supporting these influence operations are summarized alongside their impact on regional stability. Russian influence plays a significant role in these case studies, an unsurprising fact considering the geopolitical history of this region.

This report also includes case studies from outside the Sahel region, consisting of thematically distinct but strategically noteworthy influence campaigns from elsewhere on the continent. For example, the Nigerian government used social media influencers to suppress citizen participation in the #EndSARS movement. Elsewhere, the Ethiopian diaspora used innovative click-to-tweet campaigns to spread international awareness of the conflict in Ethiopia’s Tigray region. In South Africa, the rise in violent xenophobic demonstrations was precipitated by a popular social media campaign that normalized prejudice against foreign nationals.

The plethora of actors, targets, strategies, and tactics make a blanket approach to studying African disinformation networks difficult. The depth and breadth of these campaigns shows that Africa is facing the same challenges as the rest of the world insofar as disinformation is concerned. Moreover, the interest shown by foreign governments attests to the region’s geopolitical significance. This combination of geopolitical importance and a vulnerability to influence campaigns makes Africa a notable case study.

Background

Africa’s information environment is not monolithic Analog channels such as radio and film are used in conjunction with digital efforts to reach audiences, but Internet penetration rates and the accompanying reli- ance on analog media differ significantly from country to country For example, as of January 2022, Morocco, the Seychelles, and Egypt maintained Internet penetration rates of higher than 70 percent, nearly ten times the rate of the country with the lowest penetration rate, the Central African Republic (7 percent).

In the countries mentioned in the table above, Facebook and Instagram maintain a leading position insofar as social media penetration is concerned This can be partly ascribed to Facebook’s Free Basics service that “zero-rates” data (including Facebook and Instagram data) on participating mobile networks. These mobile networks can then bundle Facebook and Instagram data into a consumer’s service plan without the consumer having to pay extra for that data use Considering that mobile connections outstrip desktop connections, and that mo- bile data is more expensive than fixed broadband, it is clear why this has been effective to expand Facebook and Instagram’s footprint Meta shuttered the Free Basics program in some regions at the end of 2022 as the program’s spiritual successor – Meta Discover – was being rolled out The impact this will have on the information environment remains to be seen.

Social media and internet penetration rates in some of the African countries referenced in this report

Read full report

With contributions from

The Atlantic Council’s Digital Forensic Research Lab (DFRLab) has operationalized the study of disinformation by exposing falsehoods and fake news, documenting human rights abuses, and building digital resilience worldwide.

learn more

The post The disinformation landscape in West Africa and beyond appeared first on Atlantic Council.

CBDC Tracker update cited by Reuters

rmurphy — Wed, 28 Jun 2023 20:40:08 +0000

The post CBDC Tracker update cited by Reuters appeared first on Atlantic Council.

CBDC Tracker update cited by La Nación

rmurphy — Wed, 28 Jun 2023 16:13:14 +0000

The post CBDC Tracker update cited by La Nación appeared first on Atlantic Council.

CBDC Tracker update cited by CNBC Africa

rmurphy — Wed, 28 Jun 2023 16:09:50 +0000

The post CBDC Tracker update cited by CNBC Africa appeared first on Atlantic Council.

CBDC Tracker update cited by Yahoo! Finance

rmurphy — Wed, 28 Jun 2023 13:11:08 +0000

Jörn Fleck and James Batchik: Europe is taking a hard look at itself

The post CBDC Tracker update cited by Yahoo! Finance appeared first on Atlantic Council.

The ‘de-risk’ is in the details: A look at Europe’s ambitious new economic security strategy

Atlantic Council experts — Thu, 22 Jun 2023 18:23:24 +0000

Don’t call it decoupling. This week, the European Commission released its European economic security strategy, an ambitious plan to intercede in the European economy to reduce security risks across supply chains, critical infrastructure, and digital technology. European Commission Executive Vice-President Margrethe Vestager underscored that the strategy will “de-risk” the European Union (EU) from threats, not “decouple” its economy. But from whom? While the strategy dodges a direct answer, the EU’s top trading partner in goods, China, is an understood top concern.

Read insights below from Atlantic Council experts on what’s in the strategy and what it reveals about Europe’s economic and geopolitical future.

Click to jump to an expert analysis:

Barbara C. Matthews: The EU is acting to decrease points of vulnerability for renewable energy

Charles Lichfield: While not mentioned, China is the central focus of the strategy

Sarah Bauerle Danzman: The road to an EU outbound investment mechanism will be rocky

Elmar Hellendoorn: The strategy seeks to be adaptable but also comprehensive

Europe is taking a hard look at itself

The European economic security strategy represents a welcome development not just for its contents but in how the European Commission is thinking about economic security—and itself.

Under a framework of “promote, protect, and partner,” the strategy sheds light on the commission’s approach to de-risking, the phrase du jour of today’s geopolitics. It proposes new assessments of vulnerabilities, strengthened rules on key areas like foreign direct investment and export controls, and new rules on outbound investment. It also recycles existing proposals—the Critical Raw Materials Act, Net-Zero Industry Act, and Cyber Resilience Act, for example. By themselves, these are not groundbreaking. But it would be a mistake to stop there. Taken together, the strategy is a welcome document that outlines how the commission sees its policies become larger than the sum of their parts.

The contents of the strategy notwithstanding, there are three takeaways about how Europe sees its economic future. First, it starts with knowing oneself. The strategy opens with a frank acknowledgement that Europe was “insufficiently prepared” for many of the challenges that the COVID-19 pandemic, Russia’s war in Ukraine, and challenges from unnamed—read: China—players posed to Europe. Second, the strategy acknowledges that the European market, its regulations, and cohesion is by itself a European strength that can “keep global supply chains open and shape standards.” Third, that there is a direct reference that the economic risks identified could threaten Europe’s national security is a small but notable addition. It shows a recognition of the convergence of the geopolitical and the economic.

However, the strategy also shows both the potential and the limitations of the commission. First, as much as the Berlaymont may be thinking geopolitically, the commission still relies on capitals across the continent to approve and implement new rules. Throughout the strategy, there are polite reminders for member states to implement or enforce existing or future rules. Second, and perhaps more crucially, it’s clear that the commission is increasingly out ahead of member states on issues of security, defense, and now economics. Many member states will have reservations, if not objections to some of the conclusions and proposals in the strategy. There is no shared consensus among member states about how to adequately defend themselves against China.

It’s important to remember that, as the strategy’s sentences, conjunctions, and punctuation will now be parsed and debated across the continent and the European Parliament, the strategy is not a roadmap that will solve all of Europe’s woes but an opening salvo.

—Jörn Fleck is the senior director of the Europe Center at the Atlantic Council.

—James Batchik is an assistant director at the Atlantic Council’s Europe Center.

Online Event Fri, June 23, 2023 • 10:30 am ET

Competition or cooperation: Debating a transatlantic de-risking strategy on China

Is a transatlantic agenda on China possible? EU and China experts unpack the US and EU approaches to China in an era of increasing geopolitical confrontation.

China Economy & Business Europe & Eurasia European Union

The EU is acting to decrease points of vulnerability for renewable energy

The newly announced European economic security strategy constitutes a shift beyond the EU’s previous “strategic autonomy” security priorities. It will likely generate friction with both China and the United States in the near term regarding key renewable energy resources.

Until this year, the EU’s main focus was to ensure that its capacity to pursue its strategic interests remain unconstrained. It sought to ensure that policy conflicts and tensions between the United States and other countries (such as China and Russia) did not adversely impact its own interests.

Now, the EU seeks actively to minimize “the risks arising from economic linkages that in past decades we viewed as benign.” Those past linkages include Russia (natural gas), China (automobile component and other industrial manufactured exports) and the United States (a deeply integrated, multidimensional trade relationship that includes a deep reliance on retail technology giants that dominate the twenty-first century). Following Russia’s illegal invasion of Ukraine in 2022, the EU effectively replaced Russia with the United States as the key external supplier of energy resources, even as it made great strides toward delivering an energy mix that, for the first time, is generated more from renewable sources (specifically, wind and solar) than from gas.

The new EU “de-risking” strategy now views none of these economic linkages as benign. It views concentrated economic relationships as a source of risk that must be managed through a diversification strategy that places alignment on key norms (such as democracy, decarbonization, and commitment to open economies) as the foundation for future engagement.

Europe’s successful shift in the last year toward renewable energy implies a sharp increase in demand by Europe for a range of energy inputs that are, at present, predominantly controlled by China. Not only does China “dominate all steps of solar panel production,” it also has long served as the “dominant or near-monopoly producer” of most critical minerals needed to produce modern technology and renewable energy components such as wind turbine parts. Europe’s demand for hydrogen and lithium are set to skyrocket in the next decade, increasing the importance of the forthcoming Critical Minerals Agreement negotiations with the United States. The EU is acting now to decrease these points of vulnerability by mobilizing significant financial resources to promote renewables developments across Africa, the Middle East, and Latin America, even as it prepares to implement its carbon tax later this year.

The European policy shift to “de-risking” holds the promise of aligned transatlantic policy priorities in which EU and US initiatives complement each other to provide an effective counterbalance to Chinese economic pressure globally across the resource-rich Global South. It also holds the risk that misalignment with the United States regarding resource access and digital policy will generate frictions that can be exploited by other countries. Successful execution of this policy will require more than checkbook diplomacy. It will require Washington and Brussels to focus on the larger strategic picture to avoid individual technical issues from derailing their strategic relationship.

—Barbara C. Matthews is a nonresident senior fellow at the Atlantic Council. She was the first US Treasury attaché to the EU with the Senate-confirmed diplomatic rank of minister-counselor.

While not mentioned, China is the central focus of the strategy

The seventeen-page long “communication” on a European economic security strategy does not mention China once. It does refer to Russia, but only in its scene-setting introduction. For the rest of the paper, economic risks stem only from phenomena, not countries. Third countries are the focus of the section following these risks, but this puts them in an exclusively positive light: to confront challenges to its economic security, Europe needs the broadest possible partnerships.

Can there be any purpose to a strategy that dares not mention which countries are causing the risks it is supposed to tackle? The answer is still yes.

The robust discussions that took place between European Commission President Ursula von der Leyen’s team and the European Council—representing the views of all twenty-seven member states—are well publicized. A critical mass of national capitals, though concerned about the consequences of Chinese economic practices, are keen to avoid falling into a ratchet of policies and partnerships leading to an anti-China coalition. This includes members who have long been calling for the EU to take a more hands-on approach on economic statecraft, such as France.

And yet, even under such constraints, the strategy gets many things right. Alongside the traditional calls for cooperation, it pushes for more structured dialogue with the private sector—something that has been lacking on economic security strategy so far. We should also remember that von der Leyen did get to set out her views on EU-China relations not too long ago. So even if China isn’t mentioned, we can be pretty sure it remains the central focus of the EU’s fledgling strategy.

—Charles Lichfield is the deputy director and C. Boyden Gray senior fellow, of the Atlantic Council’s GeoEconomics Center.

The road to an EU outbound investment mechanism will be rocky

This strategy makes clear that the commission is going to bat for outbound investment controls, likely tightly connected to the three emerging technologies most poised to transform war making capabilities—advanced semiconductors, quantum computing, and artificial intelligence. This position reflects a rapid evolution in the commission’s thinking; just last year it was less enthusiastic toward outbound controls when the United States first announced its intention to develop a tool to regulate such investments. Then it only agreed to “study the issue.” Despite the commission’s commitment to propose an outbound initiative by the end of 2023, the debate between the EU, member states, and the business community is likely to be fierce.

In the near term, the inclusion of outbound investment in the strategy has two important implications. First, it substantially increases the likelihood that the United States will move forward with its own mechanism—through an executive order—in the next couple of months. The Biden administration can now point to the document as evidence of a growing consensus among partners and allies to place narrow restrictions on outbound investments into key strategic technologies. Second, and in line with the recent Group of Seven (G7) communiqué on economic resiliency, it frames the issue of outbound regulation squarely around technology security and technology leakage rather than around broader policy objectives such as supply-chain diversification.

The road to an EU outbound investment mechanism will be rocky. The economic security strategy identifies technology security as an element of “economic security,” but the proliferation of dual-use technology has traditionally been viewed as a matter of national security—an area over which member states, rather than the commission, have competence. Moreover, the EU has traditionally—through both export control and inward screening policies—sought to develop tools that do not discriminate between foreign countries. If the EU maintains this policy principle, its outbound mechanism will likely look quite different from the United States’ plan to only focus on investments into entities operating in or owned by “countries of concern” such as China.

—Sarah Bauerle Danzman is a nonresident senior fellow with the GeoEconomics Center’s Economic Statecraft Initiative and associate professor of international studies at the Hamilton Lugar School for Global and International Studies, Indiana University Bloomington.

The strategy seeks to be adaptable but also comprehensive

The most important element of the document can be read between the lines: it is not so much about what the commission is going to do about economic security but how. Three key principles seem to be guiding the commission’s economic security strategy.

The first principle is strategic adaptability. The commission announces that it will constantly work toward a vision on economic security that will help to tie the different policy instruments together. As geopolitical circumstances are changing in unforeseeable and complex ways, the commission has wisely refrained from setting its economic security policy approach in stone. Adaptability and flexibility appear to be baked into the commission’s thinking on this issue.

The second principle is comprehensiveness. In the strategy, the commission clearly expresses the ambition to break through different policy silos. While it does sum up the different policy instruments the EU has to strengthen its economic security—ranging from foreign direct investment screening to cybersecurity—the underlying question is how it is going to coordinate the use of its economic statecraft toolkit to achieve a maximum result.

The third principle is cooperation. The commission also shows a certain humility in pointing out all the work ahead on economic security. Clearly, it needs the support of its member states, not only in terms of policy execution, but also in helping to fully understand the challenge. Also, the EU is going to align its diplomacy and economic security policy more, thus targeting countries that the EU can work with to achieve greater economic security. Lastly, in terms of further conceptualization of its strategic approach to economic security, the commission also seems to be reaching out to the wider private sector.

—Elmar Hellendoorn is a nonresident senior fellow with the Atlantic Council’s GeoEconomics Center.

The post The ‘de-risk’ is in the details: A look at Europe’s ambitious new economic security strategy appeared first on Atlantic Council.

More than adequate: New directions in international data transfer governance

Kenneth Propp — Tue, 20 Jun 2023 04:00:00 +0000

Recent progress between US and European Union (EU) negotiators to secure a more sustainable transatlantic data transfers regime has put a critical area of the transatlantic economy on a more secure footing. Yet the work for digital policymakers on both sides of the Atlantic is far from done.

Imminent completion of the US-EU Data Privacy Framework (DPF), to replace the invalidated Privacy Shield agreement, will open a new chapter in transatlantic data transfers. However, the DPF is expected to face an immediate challenge in the Court of Justice of the European Union from European privacy advocates whose past efforts doomed previous data transfer agreements.

Washington and Brussels should explore other forms of bilateral engagement on this long-troublesome set of issues. They could ask the Trade and Technology Council (TTC) to study commonalities in transatlantic approaches to accountability for personal data in the commercial context. A second avenue could be a stand-alone digital trade agreement, utilizing at least some elements of provisions on that subject developed during the failed Transatlantic Trade and Investment Partnership negotiations.

But fashioning sustainable data transfer architecture is a global – and not simply transatlantic – problem. The EU’s model of conditioning data flows on strict privacy protections has won widespread adherence around the world, but it has yielded a complex and tangled international reality. The US approach of open data flows has supporters internationally, but it has faltered in recent years as US administrations have abjured broad-scale trade agreements. The US failure to adopt comprehensive privacy legislation also makes it a global outlier.

This issue brief outlines and assesses multilateral efforts to achieve greater policy coherence across the global data transfer ecosystem. These include the World Trade Organization’s e-commerce negotiations, the Organization for Economic Co-operation and Development’s declaration on government access to personal data, Council of Europe Convention 108+, the G7 Data Free Flow with Trust initiative, and the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system.

The interplay and synergies among these mechanisms could in time encourage a durable, interoperable global data transfer architecture.

About the author

Fellow

Kenneth Propp

European Union Digital Policy

Issue Brief Apr 20, 2023

The US-EU Trade and Technology Council: Assessing the record on data and technology issues

By Frances Burwell and Andrea G. Rodríguez

The TTC must keep its forward-looking gaze, but also take steps to address challenging regulatory issues, either by oversight or direct discussion, or it will lose the essential support among stakeholders that can keep US engagement in the TTC alive.

Digital Policy Economy & Business

New Atlanticist Jan 24, 2023

Biden’s call to modernize US tech policy would pay transatlantic dividends

By Kenneth Propp

If Congress and the White House can unite to pass regulations on data privacy and tech competition, they would set the stage for deeper EU-US coordination.

Digital Policy European Union

Report Nov 2, 2022

Digital sovereignty in practice: The EU’s push to shape the new global economy

By Frances Burwell, Kenneth Propp

What does the European Union’s push for “digital sovereignty” mean in practice? Frances Burwell and Ken Propp provide an update to digital sovereignty and its transatlantic impacts.

Digital Policy Economy & Business

Europe Center

Providing expertise and building communities to promote transatlantic leadership and a strong Europe in turbulent times.

The Europe Center promotes the transatlantic leadership and strategies required to ensure a strong Europe.

The post More than adequate: New directions in international data transfer governance appeared first on Atlantic Council.

Ukraine’s Diia platform sets the global gold standard for e-government

Anatoly Motkin — Wed, 31 May 2023 01:30:31 +0000

Several thousand people gathered at the Warner Theater in Washington DC on May 23 for a special event dedicated to Ukraine’s award-winning e-governance platform Diia. “Ukrainians are not only fighting. For four years behind the scenes, they have been creating the future of democracy,” USAID Administrator Samantha Power commented at the event.

According to Power, users of Diia can digitally access the kinds of state services that US citizens can only dream of, including crossing the border using a smartphone application as a legal ID, obtaining a building permit, and starting a new business. The platform also reduces the potential for corruption by removing redundant bureaucracy, and helps the Ukrainian government respond to crises such as the Covid pandemic and the Russian invasion.

Since February 2022, the Diia platform has played a particularly important part in Ukraine’s response to Russia’s full-scale invasion. According to Ukraine’s Minister of Digital Transformation Mykhailo Fedorov, in the first days of the invasion the platform made it possible to provide evacuation documents along with the ability to report property damage. Other features have since been added. The e-enemy function allows any resident of Ukraine to report the location and movement of Russian troops. Radio and TV functions help to inform people who find themselves cut off from traditional media in areas where broadcasting infrastructure has been damaged or destroyed.

Today, the Diia ecosystem offers the world’s first digital passport and access to 14 other digital documents along with 25 public services. It is used by more than half the Ukrainian adult population. In addition to consumer-oriented functions, the system collects information for the national statistical office and serves as a digital platform for officials. Diia is widely seen as the world’s first next-generation e-government platform, and is credited with implementing what many see as a more human-centric government service model.

Subscribe to UkraineAlert

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Name
First Last
Email*
Comments
This field is for validation purposes and should be left unchanged.

In today’s increasingly digital environment, governments may find that they have a lot of siloed systems in place, with each system based on its own separate data, infrastructure, and even principles. As a result, people typically suffer from additional bureaucracy and need to deal repeatedly with different official organizations. Most e-government initiatives are characterized by the same problems worldwide, such as technical disparity of state systems, inappropriate data security and data protection systems, absence of unified interoperability, and inefficient interaction between different elements. Ukraine is pioneering efforts to identify more human-centric solutions to these common problems.

One of the main challenges on the path to building sustainable e-government is to combine user friendliness with a high level of cyber security. If we look at the corresponding indices such as the Online Services Index and Baseline Cyber Security Index, we see that only a handful of European countries have so far managed to achieve the right balance: Estonia, Denmark, France, Spain, and Lithuania. Beyond Europe, only Singapore and Malaysia currently meet the necessary standards.

Ukraine has a strong record in terms of security. Since the onset of the Russian invasion, the Diia system has repeatedly been attacked by Russian cyber forces and has been able to successfully resist these attacks. This is an indication that the Ukrainian platform has the necessary reserve of cyber security along with a robust and secure digital public infrastructure.

Eurasia Center events

Frances Burwell: The TTC must help the US and EU confront their geopolitical challenges

After Vilnius: What’s next on Ukraine’s path to NATO?

Eastern Europe NATO Security & Defense Ukraine

The success of the IT industry in Ukraine over the past decade has already changed international perceptions of the country. Instead of being primarily seen as an exporter of metals and agricultural products, Ukraine is now increasingly viewed as a trusted provider of tech solutions. The Ministry of Digital Transformation is now working to make Diia the global role model for human-centric GovTech. According to Samantha Power, the Ukrainian authorities are interested in sharing their experience with the international community so that others can build digital infrastructure for their citizens based on the same human-centric principles.

USAID has announced a special program to support countries that, inspired by Diia, will develop their own e-government systems on its basis. This initiative will be launched initially in Colombia, Kosovo, and Zambia. Ukraine’s Diia system could soon be serving as a model throughout the transitional world.

As they develop their own e-government systems based on Ukraine’s experience and innovations, participating governments should be able to significantly reduce corruption tied to bureaucratic obstacles. By deploying local versions of Diia, transitional countries will also develop a large number of their own high-level IT specialists with expertise in e-government. This is an important initiative that other global development agencies may also see value in supporting.

Anatoly Motkin is president of the StrategEast Center for a New Economy, a non-profit organization with offices in the United States, Ukraine, Georgia, Kazakhstan, and Kyrgyzstan.

Atlantic Council — Fri, 26 May 2023 16:31:06 +0000

The United States and the European Union (EU) appear poised to take joint action on some of their biggest common challenges in trade and technology, including on export controls, China’s non-market practices, and possibly even artificial intelligence (AI).

Those actions are set to be unveiled on May 30-31, when US and EU officials convene in Luleå, a small city in northern Sweden, for the fourth meeting of the US-EU Trade and Technology Council (TTC). What can Europeans and Americans expect to see at this meeting? And can Brussels and Washington surmount lingering obstacles to transatlantic cooperation on trade and technology? We gathered rapporteurs from the TTC Track 2 Dialogues series—a forum for policy debate and stakeholder dialogue organized jointly between the Atlantic Council’s Europe Center and the Brussels-based European Policy Centre—to share their insights.

Click to jump to an expert analysis:

Georg Riekeles: The first step to addressing China is improving the EU-US relationship

Andrea García Rodríguez: The TTC meeting must meet the moment on AI

Olga Khakova: The TTC is timely and powerful—but it needs to launch into action in Sweden

Philipp Lausberg: The TTC should lay out the path for a transatlantic green industrial policy

Annika Hedberg: The TTC should help unleash transatlantic power for sustainable prosperity

The TTC must help the US and EU confront their geopolitical challenges

When the TTC was announced in June 2021, many analysts and stakeholders believed it could usefully address the severe asymmetries between US and EU approaches to trade and technology, while also repairing the transatlantic rifts that had emerged during the Trump administration. That optimism was almost immediately challenged as the TTC leadership agreed that pending legislation was excluded from the discussion agenda and as negotiations over data privacy and green steel were put on separate tracks. Instead, the TTC focused on laying small stepping stones toward future cooperation on AI, standards setting, supply-chain transparency, small and medium-sized enterprises, and external trade issues such as the use of forced labor.

Since Russia’s full-scale invasion of Ukraine, the TTC turned from a moderately useful mechanism for coordinating US-EU standards-setting efforts to an important forum for dealing with challenges posed by China and Russia. The TTC quickly became the transatlantic forum for coordinating export controls on Russia, dove deeper into tracking supply chains, focused more intensely on tech and democracy issues, and began to experiment with countering Chinese influence in the Global South through small projects in Kenya and Jamaica.

These new priorities are not, however, the ones most valued by stakeholders from the business community, whose support for the TTC has become rather tepid. Those stakeholders focus on instances of potential protectionism or overly intrusive regulation, such as the possible forced sharing of data under the EU Digital Services Act. The TTC has increased its stakeholder engagement in recent months, with a focus on standards for 6G rollout, digital trade, e-mobility, AI taxonomy, and other issues. These are important and will help the United States and the EU develop a foundation for future technical and economic cooperation.

But these “deliverables” should not be the only measure of the TTC’s success. Perhaps even more important has been the increase in communication between US and EU officials at all levels, but especially among the leadership. European concerns about the US Inflation Reduction Act (IRA) could have escalated sharply without the relationships and communication channels constructed by the TTC. This has also contributed to a visible transatlantic convergence of views around AI, supply chains, subsidies, investment controls, and other issues.

The question now for the TTC is whether it can steer the growing use of economic measures to address geopolitical concerns in a way that is complementary and cooperative. The TTC will need to expand its work on supply chains from simply mapping to jointly addressing issues. It will also need to seek greater transatlantic cooperation aimed at limiting the spread of disinformation via social media and AI. And the United States and EU must figure out, through the TTC, how they can jointly approach countries with significant quantities of rare-earth elements so that they do not compete over resources to their mutual detriment. Finally, the TTC will need to navigate a way through the green transition that enhances US and EU resilience without weakening the transatlantic partnership (a weakening that seemed likely when the IRA first emerged).

The TTC has evolved since its founding in 2021, and it will continue to do so. The true test of its relevance will not be whether it builds cooperation in a particular standard-setting body—although that is useful—but whether it helps the United States and EU confront their current geopolitical challenges.

—Frances Burwell is a distinguished fellow with the Atlantic Council’s Europe Center and a senior director at McLarty Associates. She is also a rapporteur for the data and technology-regulation track of the TTC Track 2 Dialogues series.

Issue Brief

Apr 20, 2023

The US-EU Trade and Technology Council: Assessing the record on data and technology issues

By Frances Burwell and Andrea G. Rodríguez

Digital Policy Economy & Business

The first step to addressing China is improving the EU-US relationship

Highs and lows have marked the EU-US Trade and Technology Council since its inception in 2021, but the definitive low point came at the most recent ministerial meeting in December. Officials on both sides were putting on brave faces, despite being fundamentally at loggerheads over the IRA’s discriminatory and protectionist measures.

A central question at the Sweden meeting inevitably will be whether the EU and the United States can agree on how to work effectively together—not against each other—to address challenges posed by China. China was in many ways a raison d’être for the TTC from the beginning, with the United States wanting a tech ally against China and Europe wanting a deeper transatlantic economic space.

In early phases this worked well, and a convergence of views on China was further buoyed by Russia’s invasion of Ukraine and unprecedented transatlantic collaboration on sanctions. Here in Brussels, the word was that Europeans and Americans had rarely before thought so similarly about China.

Then came the IRA in August 2022 and much changed. In Europe’s eyes, it became clear not only that the continent could become collateral damage from the US-China rivalry, but that Washington’s actions bluntly aimed to establish US economic domination by capturing European investments, value chains, and industry. Fundamentally, it brought to the fore the central difficulty with attaining economic security: Partners can also be rivals.

Europe can ill afford Washington’s logic of economic confrontation with China and unruly competition across the Atlantic. German Chancellor Olaf Scholz’s visit to Beijing last November demonstrated this divergence. While Washington insists on an economic and technological decoupling from China, Berlin still believes in and plays a game of mutual dependency, as symbolized by the parallel investments of German industrial flagship BASF in Zhanjiang and of the Chinese state-owned Cosco in the port of Hamburg.

Are there any grounds for more optimism on transatlantic agreement now? Not all Europeans are ready for a hardline approach to China (as highlighted also by French President Emmanuel Macron’s recent Beijing visit), but they agree on the need to protect themselves against an increasingly hegemonic and coercive power. As von der Leyen said recently during a speech she gave on EU-China relations at the European Policy Centre, through the decade that Chinese leader Xi Jinping has ruled, there has been a clear push to “make China less dependent on the world and the world more dependent on China.”

The United States and EU will meet in Sweden a week after attending a momentous G7 Summit in Japan. But succeeding at the TTC is much harder than at the G7 because it is not enough to produce carefully worded communiqués, it’s about tangible deliverables and actions. Doubts about the council’s effectiveness have marred the TTC since its inception. In Sweden, US-Europe convergence on China now depends on being able to deliver concretely on trade, industry, and economic-security priorities. This includes forging a viable partnership on critical minerals, agreeing on transparency and rules for green-industrial subsidies and making progress on methodologies for carbon accounting. It also hinges on taking credible steps toward deepening transatlantic trade, because the first step in building common economic security is certainly to remove obstacles and discriminatory practices between one another.

—Georg Riekeles is an associate director and head of the Europe’s political economy program with the European Policy Centre. He is also a rapporteur of the trade and supply-chains track of the TTC Track 2 Dialogues series.

New Atlanticist

Dec 2, 2022

Policy memo: How the EU and US should overcome their trade and supply-chain disputes

By Charles Lichfield and Georg Riekeles

Ahead of the next meeting of the US-EU Trade and Technology Council, here are five tests for the EU and United States to show progress on the trade and supply-chains agenda.

Economy & Business European Union

The TTC meeting must meet the moment on AI

The meeting in Sweden will be fundamental for the continuity of the TTC over the next few months. Since the TTC’s last meeting in December, the European Parliament cleared the way for a plenary vote on the AI Act (slated for mid-June) and the use of OpenAI’s ChatGPT has skyrocketed, sparking a variety of reactions to generative AI. China has unveiled its own model, Baidu’s Ernie Bot, and several European countries have accelerated policies to respond to AI’s challenges. For instance, Italy banned ChatGPT until OpenAI addressed regulators’ concerns. All in all, these developments have raised new questions about how to govern general-purpose AI systems to ensure they remain aligned with democratic values. A transatlantic response is essential in addressing these concerns.

Following the publication of the Joint AI Roadmap after the TTC meeting in December, it is important that the coming meeting unveils developments in this area. This is not only because challenges are multiplying rapidly, but also because the roadmap presents a unique opportunity for the United States and the EU to design common approaches to governing emerging technologies—and if democratic powers want to be the ones to set international technology standards they shouldn’t let that opportunity go to waste. These approaches to addressing AI can be replicated when addressing other technological challenges, such as challenges posed by the Metaverse or quantum computing. That is a reason why this next meeting is crucial: It will either show that the TTC can take real action or it will bring the council’s diplomatic weight—and its ability to advance the global governance of emerging technologies—into question, increasing the risk that the multistakeholder community loses interest in such collaboration.

—Andrea García Rodríguez is the lead policy analyst for digital at the European Policy Centre and a rapporteur of the data and technology regulation track of the TTC Track 2 Dialogues.

Issue Brief

Apr 20, 2023

The US-EU Trade and Technology Council: Assessing the record on data and technology issues

By Frances Burwell and Andrea G. Rodríguez

Digital Policy Economy & Business

The TTC is timely and powerful—but it needs to launch into action in Sweden

An indispensable resource for deploying technology and trade tools to address the most urgent climate and energy security threats, European leaders need to reinvigorate the TTC’s full potential in coming meetings. This is especially critical in the face of other challenges facing Europe, not least Russia’s brutal war and escalating global tensions with China.

The TTC’s lack of progress on the green transition track since its last meeting in December is not indicative of the TTC’s potential to address the trade, supply-chain, and technology barriers that arise when forging secure and low-carbon economies on both sides of the Atlantic. The May meeting could be the springboard to launch this track into action.

To achieve more meaningful clean-energy outcomes, policymakers must use the upcoming meeting to outline tangible goals for its existing green transition work streams, including those related to semiconductors, the Transatlantic Initiative on Sustainable Trade, export controls, the Talent for Growth Task Force, additive manufacturing, the recycling of plastics, and alignment on electric-vehicle charging infrastructure. Policymakers should also utilize this meeting to ensure that trade and tech policy is maximizing efforts to curb emissions and strengthening energy security. To do so, the EU and the United States will need to more broadly align on standards related to measuring carbon and environmental impacts, including by clarifying the role of digitalization in decarbonization and the role of digital solutions in streamlining carbon-emissions measurements and verification.

One particularly meaningful action the TTC can focus on is efforts to build on its export-controls track by improving transparency and information sharing regarding export-control evasion—particularly around the energy sector, since the energy industry is one of Russia’s biggest sources of funds for its war. The TTC’s work on the critical-minerals supply chain could reinforce the work of the US-EU Task Force on the IRA. In areas in which the TTC may not have capacity to do the work, the platform could still outline key opportunities for action and work closely with the existing mechanisms, such as the World Trade Organization, the US International Development Finance Corporation, the European Bank for Reconstruction and Development, the Export-Import Bank of the United States, the US-EU Energy Council, and others.

The TTC won’t be the panacea for all trade and technology challenges. However it is a timely, powerful body for exchanging information and best practices, aligning standards, forging transparency, and testing out audacious ideas—and most importantly, identifying concrete actions for US-EU cooperation.

—Olga Khakova is the deputy director for European energy security at the Atlantic Council’s Global Energy Center. She is a rapporteur for the green transition track of the TTC Track 2 Dialogues.

The TTC should lay out the path for a transatlantic green industrial policy

The IRA cast a shadow on the previous TTC meeting outside Washington in December. Its local content requirements—which extend subsidies to clean tech goods produced only in North America—is perceived in the EU as an attempt to capture the bloc’s manufacturing base. Since then, the EU has launched its own Green Deal Industrial Plan, and both sides have been keen to limit the fallout of the IRA and move ahead together amidst mounting geoeconomic challenges. The two sides set up a special US-EU Task Force on the IRA, and European Commission President Ursula von der Leyen visited US President Joe Biden at the White House where they announced their intent to conclude a targeted agreement on critical minerals and put in place a Clean Energy Incentives Dialogue. This presents the United States and EU with four tests for showing whether they can coordinate on green industrial policy and economic security at their upcoming Sweden meeting—and beyond.

The first test is how far the United States will accommodate EU demands to adjust the elements of the IRA that are “discriminatory” against European companies. The aforementioned critical minerals agreement would allow relevant raw materials extracted or processed in the European Union to count toward requirements for clean vehicles delineated in the clean-vehicle tax-credit section of the IRA, effectively circumventing the “made in America” provisions. Although the form this agreement takes—and whether it could be extended to a wider set of European products—is yet to be determined.

Second, the United States and EU will be tested on whether they can better coordinate industrial incentive programs in the future. While expectations on fundamental changes to the IRA are low, its negative fallout for the EU has also been blamed on a lack of institutionalized coordination on transatlantic industrial policy. The new Clean Energy Incentives Dialogue presents the TTC with the opportunity to correct this fault by creating a better understanding of mutual interests and vulnerabilities through increased information sharing. However, it is unclear whether information sharing and closer coordination will be enough to prevent one side from granting advantages to its industry at the expense of the other in the future.

A third test is how the two sides can facilitate a more coordinated and effective approach to green industrial policy on the international level: for example, with respect to non-market practices by third parties such as China, but also in multilateral fora such as within the Group of Seven (G7) Partnership for Global Infrastructure and Investment. The two sides will be tested on whether they can tackle their economic-security challenges while also fostering sustainability and development in third countries.

A fourth test will be whether the United States and EU are willing to cooperate deeply enough in the global scramble for critical raw materials. This includes bauxite, cobalt, lithium, and nickel, which are necessary for clean-tech products such as batteries, wind turbines, and electric vehicles. So far, there has been little cooperation in this field, but a coordinated strategy on these critical raw materials has huge potential given the EU and United States’ combined economic might and their similar geopolitical interests.

—Philipp Lausberg is a policy analyst in the European Political Economy Programme at the European Policy Centre.

The TTC should help unleash transatlantic power for sustainable prosperity

The benefits of enhanced transatlantic cooperation on the green agenda are immense—and wait to be seized. Collaborating in creating more sustainable energy, mobility, and food systems, and improving production and consumption patterns, would lead to greater resilience, security, and prosperity. It can benefit consumers, companies, and workers. It would lead to better jobs, cleaner air, and healthier societies. It would allow us to address the climate, environmental, and resource crises more effectively.

Thus, it is no surprise that the EU and the United States have committed to strengthening and accelerating much-needed transatlantic collaboration on the green transition under the TTC. What is disappointing, though, is how slow the progress on the green transition track has been, despite the benefits that such collaboration promises.

The upcoming TTC meeting should bring new momentum into these discussions. There is no time to waste. This world is fraught with geopolitical tensions—fueled by Russia’s war in Ukraine and China’s unreliability as a partner—which also influence global supply chains and access to resources. The climate emergency, environmental degradation, and pollution are threatening life as we know it and demand our urgent attention. It is vital for the EU and the United States to work together and with like-minded countries if they wish to succeed in addressing these multiple challenges.

Some progress has already been made. A good example is the ongoing attempt to develop similar electric vehicle charging infrastructure across the Atlantic. The potential for collaboration, however, is so much greater than what has been realized thus far. To achieve the green transition, including the clean energy transition, it’ll be essential for the EU and the United States to team up on ensuring they have access to needed resources (i.e. materials, technologies, and skills); creating resilient and sustainable supply chains; and reducing risky dependencies. The EU and the United States should also do more to explore transition pathways to a circular economy, which should include eliminating trade barriers for recycled materials and enhancing the durability, reusability, and recyclability of materials and products needed for the green transition.

The TTC is far from the only channel for the EU-US collaboration. However, it is in the interest of both to use the TTC platform to step up efforts toward creating a transatlantic marketplace for products and services that are urgently needed to address planetary crises. The EU and the United States must turn competition and partnership into a transatlantic green power that will enhance prosperity across the Atlantic.

—Annika Hedberg is the head of the programme for sustainable prosperity for Europe at the European Policy Centre. She is a rapporteur of the green transition track of the TTC Track 2 Dialogues.

About the “TTC Track 2 Dialogues” series

The “TTC Track-2 Dialogues” series was created by the Atlantic Council and the European Policy Centre to foster policy debate and stakeholder dialogue on the issues covered by the US-EU Trade and Technology Council. The series aims to connect US and EU stakeholders for discussions along three thematic tracks relating to the TTC’s priorities: (i) trade and supply chains issues; (ii) data and technology regulation, and (iii) the green transition. Each track consists of two separate workshops with transatlantic stakeholders, which are used to inform short policy briefs containing concrete recommendations for US and EU decision makers.

The post Here’s what to expect on China, AI, green energy, and more when EU and US officials meet in Sweden appeared first on Atlantic Council.

Ukraine’s growing defense tech prowess can help defeat Russia

Mykhailo Fedorov — Thu, 18 May 2023 18:41:08 +0000

For as long as humans have waged war, technology has played a key role. New military technologies determine the form and manner of warfare while offering undeniable advantages to those who possess them. Today, the rise of AI, drones, and autonomous control systems is changing the face of warfare and shifting the battlefield to the technological realm. Ukraine is at the cutting edge of this process.

Since February 2022, Ukraine has been defending itself in a major war against an enemy that enjoys overwhelming superiority in both conventional weapons and manpower. But while Russia relies on the brute force of artillery bombardments and human wave tactics, Ukraine is waging an innovative form of warfare that utilizes a range of highly creative and often improvised tech solutions. This emphasis on defense tech has been instrumental in many of Ukraine’s most striking military successes of the past fifteen months. Given the right support, it can help secure victory over Russia.

The Ukrainian military has already demonstrated its ability to use everything from drone technologies to satellite communications to effectively manage the modern battlefield. These technologies help save the lives of Ukrainian soldiers and civilians while also dramatically enhancing the effectiveness of combat operations.

At the same time, it is important not to underestimate the enemy. Russian army commanders recognize the increasing importance of defense tech and are working hard to close the gap in areas where Ukraine has established a lead. To stay ahead, it is vital to constantly innovate. This requires a systematic approach to the development of Ukraine’s defense tech sector.

Ukraine’s immediate goal is to create a fast track for defense tech innovation that can make a powerful contribution to the defeat of Russia’s invasion. We must create an environment where startups flourish and innovative products can move rapidly toward mass production. Creativity must be tailored to the specific needs of the military, with the necessary expertise and state support readily available to turn great ideas into military advantages.

Subscribe to UkraineAlert

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Name
First Last
Email*
Name
This field is for validation purposes and should be left unchanged.

This was the thinking behind the Brave1 defense tech cluster, which was launched by Ukraine in late April. A joint initiative of Ukraine’s Ministry of Digital Transformation, Defense Ministry, General Staff, National Security and Defense Council, Ministry of Strategic Industries, and Economy Ministry, Brave1 is designed to serve as a hub for the country’s defense tech industry. It is a platform to optimize cooperation between individual defense tech companies, the state, the Ukrainian military, investors, and other potential partners.

The scope of Brave1 is necessarily broad. Ukraine is seeking to promote new developments in a wide range of defense-related tech segments including supply and logistics, unmanned aerial vehicles, cybersecurity, navigation, and medical care. We have designed the initiative relying on international experience, though in the end, we have quite a unique Ukrainian story. Brave1 includes partner accelerators and incubators, investor engagement opportunities, and educational courses.

The Brave1 Defense Innovation Council is headed by Mark Lennon. Mr. Lennon has held senior leadership positions at Apple, Gartner, and in the US government, and has also served for 24 years as a US Naval Officer. His background and credibility will enable Brave1 to become a powerful platform capable of generating war-winning technologies.

Eurasia Center events

After Vilnius: What’s next on Ukraine’s path to NATO?

Eastern Europe NATO Security & Defense Ukraine

The long-term objective is clear: Ukraine must become one of the world’s leading defense tech countries. This is entirely realistic. After all, Ukraine is already acquiring unique wartime experience on a daily basis and boasts a very large number of highly skilled IT professionals and engineers. Moscow’s full-scale invasion has turned Ukraine into a testing ground for new military technologies. It is also transforming the country into a defense tech superpower.

This process has the potential to profoundly impact Ukraine’s national security and the country’s economy. I am confident that in the coming years, we will witness the emergence of powerful Ukrainian defense tech companies worth billions of dollars. The growth of this sector will play a critical role in Ukrainian defense policy for decades to come and will remain a top national priority.

All that lies ahead. The task now is to defeat Russia. The war unleashed by Vladimir Putin is unlikely to end soon. Instead, it should be viewed as a marathon. Ukrainians must be ready for a long fight. We must play to our strengths as a tech-savvy nation of innovators, and must do everything to maximize effective cooperation between creative minds, state bodies, and the military. Ukrainians have already demonstrated to global audiences that they are some the bravest fighters on the planet. They must now confirm that are also among the smartest.

Mykhailo Fedorov is Ukraine’s Vice Prime Minister for Innovations, Development of Education, Science and Technologies, and Minister of Digital Transformation.

Specifically, the proposed legislation reflects an operational sensibility based on stakeholder feedback on significant issues. It has incorporated more flexibility to frame rules to address changing situations, provided for a transition period, relaxed data localization requirements, and expressly recognized the importance of international cooperation and safeguard measures for facilitating data flows.

The South Asia Center serves as the Atlantic Council’s focal point for work on the region as well as relations between these countries, neighboring regions, Europe, and the United States.

Issue Brief Mar 8, 2023

Inside Bangladesh’s new data protection laws

By Stephen Weymouth

Bangladesh Digital Policy

Issue Brief Apr 17, 2023

Pakistan’s rapidly digitizing society requires clear policymaking

By Uzair Younus

This issue brief provides recommended steps that policymakers in Pakistan ought to take to address key concerns around free expression on the internet, and to generate momentum to catalyze higher levels of growth in Pakistan’s technology ecosystem.

Digital Policy Economy & Business

Issue Brief May 4, 2023

India’s personal data protection act and the politics of digital governance

By Stephen Weymouth

The Digital Personal Data Protection Bill of 2022 aims to balance the interests of Indian consumers seeking enhanced privacy and data security against the business need for unconstrained data flows.

Digital Policy Economy & Business

Southasiasource Blog

The post Bangladesh draft data protection act 2023: Potential and pitfalls appeared first on Atlantic Council.

India’s personal data protection act and the politics of digital governance

Stephen Weymouth — Thu, 04 May 2023 16:13:20 +0000

Download PDF

India recognizes the importance of establishing policy foundations for digital commerce, as cross-border data flows are essential to firms in all sectors, not just in technology. In manufacturing, three dimensional printing and robotics are revolutionizing production processes. Agriculture is benefiting from sensors and analytics, which optimize crop yields and resource usage. Healthcare is being transformed by electronic medical records, health information exchanges, and algorithms that analyze patient data and detect illness. Financial services are using blockchain technologies and AI to enable faster and more secure transactions. All industries rely on electronic payments, data analytics, and cloud storage to streamline various processes. With customers located worldwide, cross-border data flows are the byproduct of digital transactions. Data privacy frameworks can facilitate these flows by building consumer trust, thereby unlocking innovation and efficiency in all sectors.

Given the significance of cross-border data flows to its economy, India has actively engaged in multilateral and bilateral discussions on digital trade governance. It is a member of the Quadrilateral Security Dialogue (Quad), a strategic forum comprising the United States, Japan, India, and Australia, a possible venue for coordination on digital governance. India has also joined the Indo-Pacific Economic Framework (IPEF), a US-led framework for economic cooperation which will facilitate conversations seeking “high-standard rules of the road in the digital economy, including standards on cross-border data flows and data localization.” The US-India Initiative on Critical and Emerging Technologies (iCET), launched by Indian Prime Minister Narendra Modi and US President Joe Biden during the Quad summit in May 2022, presents an opportunity to build India-US trade ties through an industry-focused agenda. Finally, India and the United States have launched a new bilateral Defense Industrial Cooperation Roadmap to accelerate technological cooperation.

This issue brief delves into the politics of India’s evolving digital governance, focusing on the draft Digital Personal Data Protection Bill of 2022 (DPDPB). The DPDPB aims to balance the interests of Indian consumers seeking enhanced privacy and data security against the business need for unconstrained data flows. The government’s responsive approach to stakeholder feedback on previous versions of the bill indicates that achieving these goals is feasible. However, concerns persist about ambiguities surrounding data transfers and institutional arrangements that exempt the government from complying with the law in ways that may encourage surveillance and censorship of opposing viewpoints.

The South Asia Center serves as the Atlantic Council’s focal point for work on the region as well as relations between these countries, neighboring regions, Europe, and the United States.

Issue Brief Apr 17, 2023

Pakistan’s rapidly digitizing society requires clear policymaking

By Uzair Younus

Digital Policy Economy & Business

Issue Brief Mar 8, 2023

Inside Bangladesh’s new data protection laws

By Stephen Weymouth

Bangladesh Digital Policy

SouthAsiaSource Nov 23, 2022

India’s new data bill is a mixed bag for privacy

By Justin Sherman

India’s parliament has released its Digital Personal Data Protection Bill, offering a mixed bag for privacy.

Digital Policy Economy & Business

sOUTHASIASOURCE bLOG

The post India’s personal data protection act and the politics of digital governance appeared first on Atlantic Council.

Russia’s invasion of Ukraine is also being fought in cyberspace

Vera Mironova — Thu, 20 Apr 2023 16:30:09 +0000

The Russian invasion of Ukraine is the first modern war to feature a major cyber warfare component. While the conventional fighting in Ukraine often resembles the trench warfare of the early twentieth century, the evolving battle for cyber dominance is highly innovative and offers important insights into the future of international aggression.

The priority for Ukraine’s cyber forces is defense. This is something they have long been training for and are excelling at. Indeed, Estonian PM Kaja Kallas recently published an article in The Economist claiming that Ukraine is “giving the free world a masterclass on cyber defense.”

When Russian aggression against Ukraine began in 2014 with the invasion of Crimea and eastern Ukraine’s Donbas region, Russia also began launching cyber attacks. One of the first attacks was an attempt to falsify the results of Ukraine’s spring 2014 presidential election. The following year, an attempt was made to hack into Ukraine’s electricity grid. In 2017, Russia launched a far larger malware attack against Ukraine known as NotPetya that Western governments rated as the most destructive cyber attack ever conducted.

In preparation for the full-scale invasion of 2022, Russia sought to access Ukraine’s government IT platforms. One of the goals was to obtain the personal information of Ukrainians, particularly those working in military and law enforcement. These efforts, which peaked in January 2022 in the weeks prior to the invasion, failed to seriously disrupt Ukraine’s state institutions but provided the country’s cyber security specialists with further important experience. “With their nonstop attacks, Russia has effectively been training us since 2014. So by February 2022, we were ready and knew everything about their capabilities,” commented one Ukrainian cyber security specialist involved in defending critical infrastructure who was speaking anonymously as they were not authorized to discuss details.

Subscribe to UkraineAlert

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Name
First Last
Email*
Phone
This field is for validation purposes and should be left unchanged.

Ukrainian specialists say that while Russian hackers previously tried to disguise their origins, many now no longer even attempt to hide their IP addresses. Instead, attacks have become far larger in scale and more indiscriminate in nature, with the apparent goal of seeking to infiltrate as many systems as possible. However, the defenders of Ukraine’s cyberspace claim Russia’s reliance on the same malware and tactics makes it easier to detect them.

The growing importance of digital technologies within the Ukrainian military has presented Russia with a expanding range of high-value targets. However, efforts to access platforms like Ukraine’s Delta situational awareness system have so far proved unsuccessful. Speaking off the record, Ukrainian specialists charged with protecting Delta say Russian hackers have used a variety of different methods. “They tried phishing attacks, but this only resulted in our colleagues having to work two extra hours to block them. They have also created fake interfaces to gain passwords and login details.”

Ukrainian security measures that immediately detect and block unauthorized users requesting information have proved effective for the Delta system and similar platforms. Russian hackers have had more success targeting the messaging platforms and situation reports of various individual Ukrainian military units. However, due to the fast-changing nature of the situation along the front lines, this information tends to become outdated very quickly and therefore is not regarded as a major security threat.

Eurasia Center events

After Vilnius: What’s next on Ukraine’s path to NATO?

Eastern Europe NATO Security & Defense Ukraine

Ukraine’s cyber efforts are not exclusively focused on defending the country against Russian attack. Ukrainians have also been conducting counterattacks of their own against Russian targets. One of the challenges they have encountered is the comparatively low level of digitalization in modern Russian society compared to Ukraine. “We could hack into Russia’s railway IT systems, for example, but what information would this give us? We would be able to access train timetables and that’s all. Everything else is still done with paper and pens,” notes one Ukrainian hacker.

This has limited the scope of Ukrainian cyber attacks. Targets have included the financial data of Russian military personnel via Russian banks, while hackers have penetrated cartographic and geographic information systems that serve as important infrastructure elements of the Ukraine invasion. Ukrainian cyber attacks have also played a role in psychological warfare efforts, with Russian television and radio broadcasts hacked and replaced with content revealing suppressed details of the invasion including Russian military casualties and war crimes against Ukrainian civilians.

While Ukraine’s partners throughout the democratic world have provided the country with significant military aid, the international community has also played a role on the cyber front. Many individual foreign volunteers have joined the IT Army of Ukraine initiative, which counts more than 200,000 participants. Foreign hacker groups are credited with conducting a number of offensive operations against Russian targets. However, the large number of people involved also poses significant security challenges. Some critics argue that the practice of making Russian targets public globally provides advance warning and undermines the effectiveness of cyber attacks.

Russia has attempted to replicate Ukraine’s IT Army initiative with what they have called the Cyber Army of Russia, but this is believed to have attracted fewer international recruits. Nevertheless, Russia’s volunteer cyber force is thought to have been behind a number of attacks on diverse targets including Ukrainian government platforms and sites representing the country’s sexual minorities and cultural institutions.

The cyber front of the Russo-Ukrainian War is highly dynamic and continues to evolve. With a combination of state and non-state actors, it is a vast and complex battlefield full of gray zones and new frontiers. Both combatant countries have powerful domestic IT industries and strong reputations as hacker hubs, making the cyber front a particularly fascinating aspect of the wider war. The lessons learned are already informing our knowledge of cyber warfare and are likely to remain a key subject of study in the coming decades for anyone interested in cyber security.

Vera Mironova is an associate fellow at Harvard University’s Davis Center and author of Conflict Field Notes. You can follow her on Twitter at @vera_mironov.

Executive summary

To date, the US-EU Trade and Technology Council (TTC) has provided mixed results in solving digital policy issues. However, after three meetings, it is now clear that the role of the TTC is not to address direct regulatory controversies but to seek “success stories” and set the stage for future collaboration in pressing data and technology policy issues.

In the last year and a half, the TTC has achieved tangible results in several areas, developing into a prime forum for US-EU alignment on the impact of digitalization on democracy. First, it has endorsed the Declaration for the Future of the Internet (DFI) and increased support for human rights defenders online. Second, it has successfully positioned itself as the framework to coordinate governance approaches to emerging technologies, publishing a roadmap for transatlantic cooperation on artificial intelligence (AI) and identifying quantum technologies as another priority.

The DFI and the Joint AI Roadmap are the first two success stories of the TTC. Prior to their endorsement, both the European Union and the United States had a shared vision about the urgency to defend an open and free cyberspace and to establish a trustworthy transatlantic AI area. In addition, both the White House and the European Commission agreed that the measures had to be future facing instead of reactive to legislation, especially in light of shared perceived external challenges like the rise of authoritarian digital regimes, such as China.

While these three aspects have facilitated the birth of the DFI and the Joint AI Roadmap, the TTC also faces a dilemma. Different approaches to technology and digital governance and the lack of regulatory autonomy make the TTC best suited to address emerging issues that do not require changes in legislation. Yet, this is precisely where stakeholders see the value of the TTC, which faces several unresolved questions challenging its continuity, such as how domestic politics will affect US or EU commitment to the TTC or whether it will remain important, especially for the business community, without having regulatory authority.

Considering these challenges, there are five things that the TTC can do to remain an important forum of US-EU cooperation in technology and digital issues:

Make AI a test case and build from the lessons of the Joint AI Roadmap.
Engage in issues where there is an initial strong value alignment and no regulation.
Work on moonshot ideas such as the “metaverse” or low-earth orbit governance.
Take oversight over the special task forces it has created to tackle critical issues such as the US Inflation Reduction Act.
Think more actively about how to push its efforts into multilateral forums with like-minded partners.

Bridging perspectives in the TTC

The establishment of the TTC occurred during intense regulatory activity in the European Union (EU). When the Biden administration accepted the European Commission’s proposal to launch the TTC in the spring of 2021, the EU had already launched a comprehensive set of legislative proposals to regulate online platforms (i.e., Digital Services Act, Digital Markets Act) and artificial intelligence (i.e., AI Act).

Following in the footsteps of the General Data Protection Regulation (GDPR), these proposed rules were intended to increase data protection safeguards for EU citizens, improve algorithmic transparency, and secure a “level-playing field” for EU companies. Many in the EU were also convinced that creating a strong regulatory regime along these lines would help boost European innovation and provide a model for desirable international standards.

In the last year and a half, the TTC has achieved tangible results in several areas, developing into a prime forum for US-EU alignment on the impact of digitalization on democracy.

In the United States, the new administration did not yet have a defined technology agenda. In the absence of clear ambitions for data governance or tech policy, the US saw the TTC primarily as a way to rebuild the US-EU relationship and enlist the Europeans in addressing the challenges presented by China in the trade and technology fields. In the EU, the TTC was seen as an opportunity to reduce trade tensions and advance common approaches around the twin green and digital transitions.

The TTC has become a place to discuss actions around emerging and current issues in which both parties see the benefit of transatlantic coordination. In that sense, the TTC has been all about bridging different perspectives around technology and data policy while respecting the different regulatory cultures. This has created some degree of US-EU convergence, most notably on supply chain issues and export controls. This convergence has been reinforced by the Russian invasion of Ukraine, which strengthened incentives to work together while also heightening concerns in Europe about the authoritarian use of technology. On both sides of the Atlantic, there is now increased understanding in policy and business circles of the importance of working together—and with other “like-minded” governments—on data and tech issues.

This external pressure has not, however, increased agreement on sensitive regulatory areas, such as platform regulation or data governance. Instead, the TTC has based its work on two guiding principles: values alignment and regulatory autonomy. As a result, the TTC has been distinctly limited in addressing some of the sharpest EU-US differences, including the Digital Services Act (DSA) and Digital Markets Act (DMA), which will impact many US tech companies. The TTC also has yet to formally address European concerns about the US Inflation Reduction Act (IRA) and its content rules for electric vehicles and batteries or significant subsidies for renewable energy. These issues have been discussed at TTC meetings, especially those held at the co-chair level, and the TTC has acted as a mechanism for ensuring that the views of each party are heard at a high political level. But these problematic issues have not been part of the formal agenda, and it is unclear whether the TTC discussions have contributed to any resolution. In some cases, the matter has been assigned to a task force outside of the TTC structure, as was done with the IRA.

Values alignment: A successful TTC story?

The effect that the TTC has had in aligning US-EU perspectives in certain digital and tech policy areas is undeniable. This success reflects a conscious attempt to subscribe to the values that undergird policy choices that have resulted in ambitious declarations. To date, these declarations have been both promising and limited. However, questions remain on how to operationalize them, not only because of restraints on the TTC’s ability to address current legislation but also because of the difficulties the transatlantic partnership faces in drawing in other like-minded partners. For that reason, it is helpful to examine two areas in which the TTC has clearly advanced: the fight against the authoritarian internet and artificial intelligence governance.

Democracy and digitalization: The Declaration for the Future of the Internet

While the TTC’s efforts to address platform governance quickly fizzled in the face of EU resistance to anything that might disturb current legislation, there has been some progress in building transatlantic harmonization in one area of platform governance—that related to the internet and its impact on democracy. Working Groups 5 (Data Governance and Technology Platforms) and 6 (Misuse of Technology Threatening Security & Human Rights) have focused, respectively, on transparency of content moderation, algorithmic amplification, and data access for researchers to address the spread of illegal and harmful content online and on the use of online tools by authoritarian regimes.

Both the United States and the EU have drawn on the 2022 Declaration for the Future of the Internet (DFI), which called on signatories to “actively support a future for the Internet (sic) that is open, free, global, interoperable, reliable, and secure.” The DFI further called on partners to work toward: the protection of human rights and fundamental freedoms; maintaining a global internet; ensuring inclusive and affordable access to the internet; fostering a trustworthy digital ecosystem; and strengthening multistakeholder internet governance. Building on that, at the December 2022 TTC meeting in College Park, the United States and the EU produced a joint statement outlining their commitment to protecting human rights defenders online. They also pledged to study the causes and frequency of internet shutdowns.

However, it must be stressed that the DFI is nonbinding for signatories. None of these efforts at supporting democracy online commits the United States or EU to any legislative initiative or any other specific action. In fact, a major question about the DFI is whether it will progress beyond an aspirational declaration by developing benchmarks against which signatories can be judged. Nor does the Joint Statement on Protecting Human Rights Defenders Online include any regulatory requirements. The TTC’s work in this area is a prime example of values alignment without requiring regulatory convergence or harmonization.

Emerging technologies governance: Joint roadmap for trustworthy AI and risk management

If the TTC’s record on data governance is mixed, it has been more successful in addressing emerging technologies, especially AI. Since its beginning, the TTC (through Working Group 1 and its AI subgroup) has focused on identifying common priorities and aligning governing principles for artificial intelligence based on trustworthiness, which both parties define differently at home. Both the United States and the EU have sought to build on their ongoing domestic efforts to frame the development of AI tools and services. In the United States, the National Institute of Standards and Technology (NIST) AI Risk Management Framework focuses on the effective management and mitigation of risks of AI systems, and the White House Office of Science and Technology Policy’s Blueprint for an AI Bill of Rights identifies five principles for trustworthy AI design. At the European Union level, the AI Act aims to implement harmonized rules on different risk-based categories of AI systems, creating special obligations for manufacturers and operators. In addition, the EU’s AI Liability Directive will establish broader protection for victims of AI misuse or damage, while the Product Liability Directive is also likely to have a significant impact.

The EU and the United States agree on the need to prevent AI from eroding democratic values, to respect fundamental rights, and for regulation to be based on a risk management framework.

On a superficial level, these efforts have contributed to a gradual convergence of EU and US views on AI. In particular, the EU and the United States agree on the need to prevent AI from eroding democratic values, to respect fundamental rights, and for regulation to be based on a risk management framework. But while this agreement on common values should be applauded, better alignment on rules is necessary to ensure that ongoing regulatory efforts (especially on the EU side) do not create barriers to transatlantic AI goods and services. The establishment of a transatlantic “trustworthy AI area” will be important for the EU and the United States to demonstrate the benefits of lawful and democratically governed AI versus authoritarian models that, like the Chinese approach, compromise individual rights and freedoms. To that end, at the College Park TTC, the United States and the EU issued a Joint Roadmap on Evaluation and Measurement Tools for Trustworthy AI and Risk Management. The roadmap aims to bring the US and EU approaches closer together and establishes an implementation plan for common transatlantic efforts across three categories: definitions and taxonomies; present and emerging AI risks; and technical standards.

Despite being a remarkable effort from both sides to reconcile different regulatory cultures by building cooperation from the ground up, the roadmap also indicates how far there is to go to make transatlantic cooperation truly concrete and effective. Achieving interoperable definitions of basic terms—including trustworthy, risk, harm, bias, robustness, and safety—can only be an initial step. Cooperation on international technical standards is a desirable goal, but the roadmap only touts the value of such cooperation rather than tying the United States or EU to any commitments. Once again, there is significant alignment on values and goals, but fewer specifics on achieving them. There are some important steps forward—a shared repository of metrics and methodologies to be developed and studies of existing standards—but again, these are initial steps.

The roadmap may even be too late, as Europe is already well advanced in its efforts to regulate AI. In December 2022, the Council adopted its position on the AI Act and the European Parliament is expected to do the same before the next TTC in mid-2023. This will limit the impact of the TTC’s efforts to agree on common definitions and taxonomies, especially that of risk, which will be, in practice, defined by the EU AI Act. However, if the TTC makes progress in defining common standards for AI systems, the roadmap’s recipe could become a replicable success for other emerging technologies, notably quantum computing or the governance of low-earth orbit satellite constellations.

Common ambitions: Defining TTC success stories

At College Park, the TTC identified new workstreams on additive manufacturing, plastics recycling, digital identity, postquantum encryption, and the Internet of Things (IoT) and identified quantum technologies as a new area of interest. Considering that the biggest success to date has been the publication of the AI Roadmap, it makes sense that the TTC would become more ambitious in reconciling approaches to emerging technologies while deciding that data issues should be tackled elsewhere, as has been the case for the new proposed EU-US Data Privacy Framework. Keeping that in mind, while the TTC’s attempts to generate US-EU cooperation are still relatively recent, a few key criteria for success have emerged:

1. Shared vision and ambitions. An essential indicator of successful US-EU cooperation is the shared vision of how that digital future should look (e.g., DFI) or shared ambitions for the use of a particular technology. These can be negative (i.e., AI should not be used for social scoring), or positive (i.e., AI should be human-centric and trustworthy). The TTC provides a forum for the EU and the United States to agree on these common ambitions at the political level and for EU and US experts to work on concrete deliverables to realize them. However, it remains to be seen whether cooperation can exist when there are also significant differences in the approach to reaching those aspirations. The AI example shows that success can be limited if the TTC does not have regulatory autonomy or the ambition to change how topics are dealt with at home. The US AI Blueprint is aspirational and nonbinding, while the EU’s AI Act will be enshrined into law by late 2023 or early 2024. But whether these differences in “tactics” could frustrate the achievement of a shared strategy toward AI is still unclear. In theory, cooperation can be productive even under these circumstances. AI standard setting is particularly promising. The United States and EU could still collaborate on standards development in multilateral standards organizations, despite their differing approaches, precisely because there is a shared understanding of how the technology should be used.

This shared understanding of how technology should be used, and the purposes of that use, has been lacking in the US and EU approaches to data management and platform governance. The EU seeks to regulate the market for industrial data (and restrict that for personal data), while the United States does not have a settled data policy, although the Biden administration has recently endorsed the idea of a privacy law at the federal level. The EU seeks to constrain the behavior of platforms through the DMA and DSA, while the United States has taken a more laissez-faire approach. This lack of consensus has stymied any serious cooperation in this area within the TTC. Whether President Biden’s January 2023 op-ed and his remarks in the State of the Union speech will provide a basis for closer cooperation at future TTC meetings is yet to be seen.

2. Sense of shared external threat or challenge. There is no doubt that the rise of China as a dominant player in the global digital economy and the Russian invasion of Ukraine have spurred transatlantic cooperation, especially since the United States accepted the invitation to establish the TTC precisely to create a united front against China. Therefore, it is worth asking if the TTC would have happened at all without the perception of China (and later of Russia) as an external threat shaping not only global geopolitics but also markets. This, in addition to the dual-use nature of emerging technologies and the need to diversify global supply chains, has made controlling the acquisition of strategic applications or fundamental technologies a necessary element of technology policy—as seen recently with semiconductors.

General-purpose technologies, such as artificial intelligence or quantum technologies, can be used to build disruptive applications which can result in military advantages or market dominance in certain innovative sectors (e.g., sensors). In addition, their impact on fundamental rights and freedoms, for example, in the case of mass surveillance or breaking encryption through quantum capabilities or using AI tools, has pushed the United States and the EU to find common solutions at the TTC—especially in the field of standards—and recapture the leadership role in this process from China.

3. Efforts should be future facing rather than reactive to legislation. Many countries and private companies already have their own data governance models, albeit some are more developed than others. In some jurisdictions, there are already specific regulations to counter the malicious use of data (e.g., GDPR to safeguard the privacy of EU residents), and, increasingly, to regulate the activities of platforms. Once those regulations are in place—or even proposed—it is extremely difficult to overturn or adjust them. Thus, efforts to use the TTC to dissuade the EU from pursuing the DMA and DSA came too late in the EU legislative process and collided with any jurisdiction’s tendency to resist limiting their own domestic rules because of international pressure.

For the TTC, emerging technologies—where few regulatory regimes already exist—offer a forward-looking, proactive opportunity to build cooperation from the ground up.

In contrast, approaches to emerging technologies are often aspirational and proactive. As technology reaches the maturity that allows for commercialization, the risk of misuse inevitably arises. Transatlantic coordination to avoid misuse often begins by framing innovation in a values-based manner. The European Commission’s High-Level Expert Group on artificial intelligence (HLEG AI) led to the proposal of an AI Act that puts forward a vision of “trustworthy” AI and proposes a risk-based approach to AI applications. In the United States, the Blueprint for an AI Bill of Rights creates a nonbinding framework that emphasizes what should be protected—especially in terms of civil rights and anti-discrimination measures—against the free ride of technological innovation. For the TTC, emerging technologies—where few regulatory regimes already exist—offer a forward-looking, proactive opportunity to build cooperation from the ground up. Similarly, efforts to identify and limit the negative use of digitalization by authoritarian regimes do not affect domestic rules but require cooperation with like-minded partners.

Confronting the TTC dilemma: The path toward success

These lessons from the past two years make the TTC’s dilemma clear: in the areas of data governance and emerging technologies, the TTC is most suited to addressing issues that do not require changes in domestic regulation. Yet, this is precisely what stakeholders, crucial for the TTC’s continuity, want it to address. For that reason, the TTC has been mostly successful in framing common approaches to emerging technology issues rather than discussing current discontent around data policy.

Should the outcomes of the 2024 US election decrease political support for the TTC, the business community’s support would be crucial for its continuation despite, paradoxically, the lack of involvement of the multistakeholder community in these conversations.¹ The European Parliament’s elections will also occur in 2024, but in this case, it is unlikely that the results would challenge the new Commission’s support for the TTC. Therefore, for the TTC to remain important over the next months and beyond, it must prove itself capable of addressing regulatory questions so that it can grow support from relevant stakeholders on the one hand, and new success stories on the other. During the next six months, the TTC can build its credibility as an effective transatlantic forum on digital and tech issues, not only by scoping out future cooperation on emerging technologies and defending democracy from authoritarian abuse of the internet but also by moving beyond values alignment to addressing regulatory differences.

In particular:

The TTC should make AI a test case. Before the TTC co-chairs convene in mid-2023, it is possible that the European Parliament will have finished its position and the AI Act will enter the negotiation phase with the rest of the institutions (trilogues), leaving little to no room for any change. At the same time, it is hard to imagine that the TTC would have made sufficient advancements in negotiating common taxonomies and definitions around AI by then, thereby reducing the TTC’s chances to impact the co-regulatory process in Europe. Therefore, the challenge for the Europeans will be to make the TTC agree on definitions that echo those in the AI Act, while for the United States, it will be to identify and agree on definitions that are interoperable with those used in Europe. As the AI roadmap working groups advance in their work, will the AI Act put forward a definition of “high risk” that is compatible with TTC deliberations? This will be a crucial test.

Efforts to identify and limit the negative use of digitalization by authoritarian regimes do not affect domestic rules but require cooperation with like-minded partners.

If the final content of the AI Act effectively limits the possibilities for US-EU cooperation, the TTC will be weakened. Now is a key time for the TTC to engage on this important test, both at the expert level and among the co-chairs and their deputies.

The TTC should engage on other issues (beyond AI) where strong alignment on values and regulation is now beginning to grow. One of the striking elements of the TTC continues to be the absence of cybersecurity. Although the EU-US Cybersecurity Dialogue addresses issues related to threat assessment and protection of critical infrastructure, some elements of cybersecurity could fit well in the TTC structure, especially in the wake of the EU’s NIS2 directive and the proposed Cyber Resilience Act, which the Commission adopted and will be reviewed by the European Parliament and Council. Both the United States and EU are moving toward improving their cybersecurity regulation landscape. However, as usual, the EU will develop formal rules while the US government will rely more on “soft law” guidelines.

At College Park, the TTC inaugurated two cybersecurity-related workstreams, one on postquantum encryption and another on IoT. While it is expected that by 2030 quantum computers will be able to break most public-key encryption algorithms, transatlantic efforts to coordinate the transition to postquantum or quantum-proof encryption algorithms have been scarce. The Biden administration issued a series of memoranda urging federal agencies to create an inventory of cryptographic systems and transition to quantum-resistant protocols. The US NIST has spearheaded a process of standardization of postquantum algorithms. In the EU, there has been little coordination on the transition to postquantum encryption apart from the technical attention of the EU’s Agency for Cybersecurity (ENISA).

Similarly, the IoT is increasingly subject to ongoing regulatory processes on both sides of the Atlantic. In the EU, the Cyber Resilience Act will create new cybersecurity obligations for all things connected, including both hardware and software. In the United States, the Software Bill of Materials, which requires developers to inventory software components, will be fundamental for software security, especially in identifying third-party supply-chain risks. Both efforts will affect which devices can be placed on the market and under which requirements.

Further discussions on these two areas—IoT and postquantum encryption—as well as the broader question of how to regulate to reinforce cybersecurity efforts, could be an important addition to the TTC agenda. It will be hard to advance on these new tracks if cybersecurity issues are only addressed elsewhere.

The TTC should begin working now on one or two moonshot efforts in the digital and tech arena. This could involve developing a joint approach to the metaverse for example. Such a venture could both give the TTC a higher profile and address an issue that could become divisive in the future, especially as the EU is already exploring the possibility of regulation. If this ambition moves forward, it would be useful to have a shared understanding of the metaverse, its challenges and opportunities, and perhaps even develop a joint approach. This could fall within the TTC’s remit through Working Groups 5 and 6.

In addition, adopting a common approach to the governance of low-earth orbit constellations could be the TTC’s next success story. As outer space remains mostly unregulated and technological advances and private-sector competition have reduced the costs of launching space assets, the new space race puts at risk current space-based services, such as weather forecasts or communications. This is because orbits, especially low-earth ones, are becoming more congested, increasing the risk of collision and new debris. This could fall within the TTC’s remit through Working Groups 4, 5, and 10.

The TTC should have oversight of the special task forces charged with resolving significant US-EU differences.

The TTC should have oversight of the special task forces charged with resolving significant US-EU differences. In the short term, the TTC is unlikely to resolve sharp differences on its own—such as those over the IRA—although they will inevitably be discussed. However, the TTC can be strengthened by making sure that task forces set up to address such disputes report to the co-chairs. Since these leaders generally must support any deal, this will both streamline the process and boost the credibility of the TTC. The final resolution of disputes will undoubtedly require approval at the executive level by both the White House and European Commission, but a review and buy-in by the TTC would be a constructive step.

The TTC should think more actively about how to push its efforts on digital and technology issues into multilateral forums. There is real value in a bilateral US-EU discussion, especially in laying the groundwork for cooperation on a range of issues. But the areas of successful cooperation in the digital and tech space will eventually require working with other like-minded governments. The United States and EU are already reaching out to other governments to enlarge participation in the DFI, for example. The TTC could also boost US-EU cooperation regarding the UN’s ongoing Global Digital Compact consultations and the International Telecommunication Union’s World Summit on the Information Society (WSIS) process. More specifically, establishing standards for AI, quantum, and other emerging technologies will also require cooperation with those who share US and EU values.

Such engagement will also boost the TTC’s credibility by giving it a broader international reach while demonstrating its ability to achieve tangible results. But this outreach should be accompanied by renewed diplomatic efforts to convince those countries on the edge between democracy and autocracy, most of them enjoying favorable trade and diplomatic relations with China and Russia. The establishment of an EU-India TTC, though still on paper, is a good sign, but it should be activated. Discussing TTC outcomes at the Organisation of Economic Co-operation and Development, Internet Governance Forum, Freedom Online Coalition, and the United Nations General Assembly could be a good way to test the waters and attract nonaligned countries.

The TTC must keep its forward-looking gaze, but also take steps to address challenging regulatory issues, either by oversight or direct discussion, or it will lose the essential support among stakeholders that can keep US engagement in the TTC alive.

Conclusion

Strengthening US-EU political leadership in digital matters and improving cooperation on technology to build transatlantic economic security are at the backbone of what the TTC wants to achieve. Yet, for effective transatlantic governance and the TTC to reign at the center of it, the United States and the EU must not lose sight of the lessons outlined above and their implications for productively addressing data and tech-related issues. At the same time, the TTC needs to stretch its ambition and begin working on some issues where regulations are pending. Values alignment is insufficient for success if regulatory autonomy is absolute. During the next six months, the TTC must keep its forward-looking gaze, but also take steps to address challenging regulatory issues, either by oversight or direct discussion, or it will lose the essential support among stakeholders that can keep US engagement in the TTC alive.

Frances G. Burwell is a distinguished fellow at the Atlantic Council’s Europe Center and senior director at McLarty Associates.

Andrea G. Rodríguez is the lead digital policy analyst at the European Policy Centre.

Fellow

Frances Burwell

Distinguished Fellow

Central Europe Digital Policy

Appendix: About the “TTC Track 2 Dialogues” series

The “TTC Track-2 Dialogues” series was created by the Atlantic Council and the Brussels-based European Policy Centre to foster policy debate and stakeholder dialogue on the issues covered by the US-EU Trade and Technology Council. The series aims to connect US and EU stakeholders for discussions along three thematic tracks relating to the TTC’s priorities: (i) trade and supply chains issues; (ii) data and technology regulation, and the (iii) green transition. Each track consists of two separate workshops with transatlantic stakeholders, which are used to inform short policy briefs containing concrete recommendations for US and EU decision makers.

We thank all the participants in these workshops for the invaluable input they have provided to inform this policy brief.

Europe Center

Providing expertise and building communities to promote transatlantic leadership and a strong Europe in turbulent times.

The Europe Center promotes the transatlantic leadership and strategies required to ensure a strong Europe.

New Atlanticist Dec 2, 2022

Policy memo: How the EU and US should overcome their trade and supply-chain disputes

By Charles Lichfield and Georg Riekeles

Ahead of the next meeting of the US-EU Trade and Technology Council, here are five tests for the EU and United States to show progress on the trade and supply-chains agenda.

Economy & Business European Union

New Atlanticist Dec 2, 2022

The big problems you won’t hear about at the EU-US Trade and Technology Council

By Kenneth Propp

The TTC’s exclusion of the issues of greatest import in transatlantic economic affairs does not inspire confidence that it will prove to be a lasting institution.

Economy & Business Europe & Eurasia

Report Nov 2, 2022

Digital sovereignty in practice: The EU’s push to shape the new global economy

By Frances Burwell, Kenneth Propp

What does the European Union’s push for “digital sovereignty” mean in practice? Frances Burwell and Ken Propp provide an update to digital sovereignty and its transatlantic impacts.

Digital Policy Economy & Business

1 At the time this paper was written, the European Commission had only recently launched the “Trade and Technology Dialogue” (TTD), an initiative designed to help TTC coordination by improving stakeholder engagement. The Atlantic Council and European Policy Centre’s “TTC Track 2 Dialogues” series, of which this paper is a product, is independent and not affiliated with the TTD.

The post The US-EU Trade and Technology Council: Assessing the record on data and technology issues appeared first on Atlantic Council.

Pakistan’s rapidly digitizing society requires clear policymaking

Uzair Younus — Mon, 17 Apr 2023 15:09:32 +0000

Download PDf

A rapidly digitizing society, in which access to affordable mobile internet has become the norm, is seen as a transformative opportunity for Pakistan. This, in addition to the fact that the majority of the country is below the age of thirty, is often cited as a datapoint that highlights the economic, technological, and social tailwinds of which Pakistan is primed to take advantage. As a result, Pakistan’s technology ecosystem has taken off in the last few years, attracting record inflows of investment into the country’s burgeoning startup ecosystem, and earning critical export earnings through both technology companies and freelancers selling their services in global markets.

At the same time, recurring economic and political crises, coupled with policy instability and ad hoc interventions in key sectors—including technology— continue to cast a dark shadow. These issues have been compounded by regulatory and legislative proposals that have raised concerns among both civil-society and private-sector actors, including foreign companies operating in Pakistan.

To better understand the regulatory and legislative state of play in Pakistan’s technology ecosystem, and to uncover ways in which policymakers can build confidence among key stakeholders, the Atlantic Council’s South Asia Center hosted a private roundtable in February 2023. This document seeks to highlight the concerns raised in this convening, and provides recommended steps that policymakers in Pakistan ought to take to address key concerns around free expression on the internet, and to generate momentum to catalyze higher levels of growth in Pakistan’s technology ecosystem.

The South Asia Center serves as the Atlantic Council’s focal point for work on the region as well as relations between these countries, neighboring regions, Europe, and the United States.

Public Event Fri, March 31, 2023 • 8:15 am ET

Issue Brief Mar 8, 2023

Inside Bangladesh’s new data protection laws

By Stephen Weymouth

Bangladesh Digital Policy

SouthAsiaSource Mar 6, 2023

Amid Pakistan’s political and economic turmoil, risks to curbs on digital freedoms grow

By Uzair Younus

Growing polarization and instability in Pakistan have increased the likelihood that as elections draw near, curbs on speech, largely limited thus far to television channels, may extend to internet platforms like YouTube, Facebook, and Twitter.

Civil Society Elections

Report Oct 3, 2022

Pakistan sees growing culture of innovation amid tech startup boom

By Hamna Tariq and Uzair Younus

A tightening global macro environment coupled with increasing domestic political instability is a cause of concern for the sector, especially the domestic startup economy.

Economy & Business Entrepreneurship

SouthAsiaSource Blog

European Commission’s Margrethe Vestager: Europe must de-risk, not de-couple, from China

Nick Fouriezos — Sat, 01 Apr 2023 00:33:35 +0000

Watch the full event

A conversation with Executive Vice-President Margrethe Vestager

AN #ACFRONTPAGE EVENT – Executive Vice-President of the European Commission Margrethe Vestager discussed how Europe is addressing the geopolitical moment and its economic challenges.

Digital Policy Economy & Business Energy & Environment Europe & Eurasia

As the European Union looks to reassess its relationship with China, European Commission Executive Vice-President Margrethe Vestager gave an early preview of what reposturing around economic and technological innovation might look like.

“We have no interest in decoupling from the second largest economy in the world. Rather, we need to build a de-risking strategy in order to manage the relationship that we will have in China,” Vestager said Friday at an Atlantic Council Front Page event in Washington.

It won’t be easy, though. Europe will need to juggle technological, climate, and economic concerns and use all the de-risking tools in its disposal, which Vestager said includes Europe’s new Foreign Subsidies Regulation, international screening and procurement instruments, and outbound investment controls.

Meanwhile, the European Union (EU) and its members will have to carefully balance regulation and much-needed government financing for new technology development while not stifling domestic innovation from private enterprise, which could also have effects on its economic and philosophical rivalry with China.

That delicate dance was exemplified by the conversation around ChatGPT, as Vestager commended a recent letter from prominent tech leaders calling for a “pause” in developing artificial intelligence (AI) as a sign that society is taking AI concerns seriously, while also urging caution about actually holding off on developing such technology.

“Imposing a pause would be not only difficult to achieve, but maybe also not the way to go, because, as we speak, they’re coding in China,” Vestager said. “What we need is a direction. Where you say, well, this is where we want to go.”

Across all these competing sectors, Vestager had one clear message: urgency.

“We have very little time, and we can only do it together,” she said of the United States and the EU.

In her role, Vestager addresses critical challenges around economic competition, trade and technology, digital sovereignty, and green energy, all of which she discussed in her conversation with Jörn Fleck, senior director of the Europe Center at the Atlantic Council.

Read on for more highlights.

Addressing the EU-China relationship

Will the Commission’s repositioning on China going forward be more like Lithuania or more Germany? “I would hope you can expect more Europe,” Vestager said, going on to say that the European approach will need to be specific in its strategy. “I think precision, in what we see as risky, is absolutely key,” she said, alluding to how low-risk products need to be treated differently than sensitive technologies.

Vestager said Europe should be aggressive in its strategy to combat China as an economic competitor and systemic rival, coming off the heels of Commission President Ursula von der Leyen’s call Thursday to reassess Europe’s diplomatic and economic relationship with China, ahead of her trip to China next week along with French President Emmanuel Macron. In the coming days, Europe “must put much more muscle on the bone of the strategy, so that we can take actions,” she said.

A critical part of Europe’s pivot will be around reducing its strategic dependencies on China, a lesson gleaned from watching Europe struggle with soaring energy costs amid Russia’s war against Ukraine. “We should only need to learn this once. Now we need to act upon it,” Vestager said. However, other tactics will be needed as well, as Europe can’t succeed with just one approach, but will need to “combine the tools we have.”

Combating Chinese cyber attacks and technology competition is key, with the acceleration of the digital age presenting unique challenges for democracies around the world. That will include addressing 5G networks but also data integrity and disinformation campaigns that threaten human rights. “We cannot throw away, in just a few years, what it has taken us decade after decade after decade to achieve,” she said.

On technology

Commending a recent op-ed by US President Joe Biden aimed at keeping “Big Tech” accountable around privacy issues, Vestager noted that the EU has had the General Data Protection Regulation in place since 2016 and is currently investigating TikTok’s use of data. However, she added that such controls are not enough: “As long as this kind of data is for sale, and China can buy it anyway, we still have work to do.”

She also addressed the challenges of moderating content, citing the EU’s Digital Services Act as one key effort to make sure platforms have systems for taking down illegal content while still preserving freedom of expression by “enabling people to come back if they find that they’re not being fairly treated,” she said.
Platforms must conduct risk assessments to see how they are affecting young people’s mental health and how their service could be misused to undermine democracy, so that they can mitigate those concerns. “We want a digital market that is open, that businesses can get access to data that they would otherwise not have access to… and that they should not fear their data is being used against them,” she said.

Change in the digital marketplace will be difficult to create without public buy-in, she said: “In my experience, when you change legislation, that is difficult, but what you have changed is perception. When you implement legislation, you want to change behavior—one hundred times more difficult.”

However, Vestager warned against overregulation that kills healthy competition, as open, dynamic markets, and the innovation they bring, will be critical to advancing core technologies to confront major challenges, from China to climate change. “What we are in the midst of is, of course, a very small window to make sure we get some of the design right for a fully digitized world that honors the basics of our beliefs.”

That lesson was exemplified by the AI conversation, in which Vestager said she felt like the European Commission’s work to assess some of the high-risk cases was “on track,” including tools to help developers and regulators, such as the AI Roadmap and AI for Good initiative. Rather than ban AI technologies like ChatGPT, Vestager urged agreement around central questions, such as “what are the guardrails” and “what is the direction of travel, when it comes to AI?”

Climate change

Commending Europe’s commitments to reach net-zero carbon emissions by 2050, Vestager noted how policies such as the US Inflation Reduction Act and the EU Green Deal Industrial Plan can push clean energy forward. Those initiatives must be mutually reinforcing, though, and also not result in a transatlantic subsidy race that doesn’t accelerate green efforts worldwide. “The paradox is that, while we have this back and forth in the short term, mid- to -long-term, there is enough for everyone,” Vestager said. “We need net-zero industries in the US, in Europe, in India, in China, in every jurisdiction. Otherwise we will fail.”

Avoiding disruptions to trade and investments will be essential to making progress on net-zero goals, said Vestager, who underscored the need to reinforce transatlantic supply chains after their weaknesses were exposed during the COVID-19 pandemic. “We need to be able to depend on one another, and we need to be able to trust that we can do that also on a rainy day.”

Similar to technology, fighting climate change will require a delicate balance between enforcing regulation and encouraging innovation. Political leaders have a responsibility to make the green transition happen, Vestager said, but they also cannot succeed without relying on the free market. “This is why it’s so important to balance how you subsidize, how you incentivize, how you fix the market failures that are out there, in order to not break these market dynamics that are crucial for us all to be successful.”

Nick Fouriezos is a writer with more than a decade of experience reporting around the globe.

Watch the full event

The post European Commission’s Margrethe Vestager: Europe must de-risk, not de-couple, from China appeared first on Atlantic Council.

Banning TikTok alone will not solve the problem of US data security

Jonathan Panikoff — Fri, 31 Mar 2023 16:24:22 +0000

Last week, the TikTok chief executive officer, Shou Zi Chew, appeared before the US House of Representatives Energy and Commerce Committee. The media and political perception within the Washington Beltway is that it did not go well, and it didn’t. Chew’s answers were unconvincing and at times disingenuous, including when he downplayed accusations that the company had spied on journalists critical of the company. On social media, including on TikTok, the perception of the hearing by users was equally decisive, but not in Congress’s favor.

There are 150 million US users of TikTok, and the contrast between the creative and often viral nature of clips produced on the platform—including those defending Chew—and the stodgy nature of C-SPAN’s fixed camera positions, pre-planned talking points, and members demanding “yes” or “no” answers to their questions, made for an unfavorable contrast for committee members. US policymakers considering a ban on TikTok need to think about the very serious ramifications to people and small businesses whose livelihoods do, at least in part, rely on the app. Those Americans who use the app for professional and business purposes should have their legitimate concerns addressed by policymakers in a meaningful manner alongside any sort of ban.

But TikTok users’ usage of the social media app, even if only to generate business, does not mitigate the potential threats to US national security associated with it. In December, Director of National Intelligence Avril Haines warned about the potential uses of TikTok by Beijing stemming from the data the app collects and the possibility of using it to influence public opinion. TikTok’s algorithm, for example—which experts view as more advanced than that of Facebook parent company Meta—could be used by China to create propaganda that seeks to influence or manipulate elections and the broader information environment.

TikTok’s connections to China’s government stem from it being a wholly owned subsidiary of the Beijing-based company ByteDance. Chew testified that “ByteDance is not owned or controlled by the Chinese government.” However, Article VII of China’s National Intelligence Law of 2017 makes clear the mandated responsibility for private sector companies (and any Chinese organization) to “support, assist, and cooperate” with China’s intelligence community. ByteDance, therefore, has an absolute obligation to turn over to China’s intelligence apparatus any data it requests.

There are significant reasons to be skeptical of Chew’s claims that “Project Texas”—TikTok’s effort to wall off US user data from Chinese authorities by solely storing it in the United States—will prevent China from having access to US user data in the future. Worse, even if one takes Chew at his word that “Project Texas” will accomplish this feat, it defies logic to believe that ByteDance would not—independently or compelled by China’s intelligence agencies—retain a copy of all 150 million current US users’ data.

At the same time, TikTok is just a symptom of a much bigger problem. The United States and its allies have a more fundamental issue when it comes to their citizens using China-based apps, programs, or any technology that collects their data. All China-based companies have the same obligations to provide data information to China’s intelligence services whenever requested.

What the US government can do

TikTok’s ban would mitigate the immediate threat posed by the ByteDance subsidiary, but there’s far more work that needs to be done. The Committee on Foreign Investment in the United States (CFIUS) has, up until now, been the most prominent tool used to prevent foreign governments, or individuals associated with them, from making investments in the United States that could be used to ultimately undermine US national security. CFIUS has a specific and meaningful role focused on investments, but nowadays it has too often become the default instrument for reconciling an increasingly broad swath of national security challenges. This is in part because it has a track record of success, but also because it’s one of the only meaningful tools available to policymakers. But it is not an ideal tool for every situation, something best demonstrated by CFIUS’s challenge in resolving TikTok’s ongoing review that has stretched on for more than two years now.

The bipartisan RESTRICT Act—which would give the Department of Commerce the right to review foreign technologies and ban them in the United States or force their sale—is a thoughtful place from which to begin discussions about additional ways to mitigate the US national security challenges related to information and communications platforms available for mass use. But that act alone would not solve the broader data challenges as they exist today.

The lack of federal regulation related to commercial data brokers, which today can and do legally collect and resell the data of millions of Americans, is a glaring gap that needs to be filled immediately. A ban on TikTok, for example, would do nothing to prevent data brokers from aggregating the same consumer data from other apps and re-selling it to commercial entities, including those in China.

The threat posed by China to US national security, and to Americans’ individual data, is acute. The good news is the United States can deal with these challenges, but it will take more than just banning TikTok.

Jonathan Panikoff is a senior fellow in the Atlantic Council’s GeoEconomics Center and the former director of the Investment Security Group, overseeing the intelligence community’s CFIUS efforts, at the Office of the Director of National Intelligence.

The views expressed in this publication are the author’s and do not imply endorsement by the Office of the Director of National Intelligence, the intelligence community, or any other US government agency.

The post Banning TikTok alone will not solve the problem of US data security appeared first on Atlantic Council.

The problem with India’s app bans

Justin Sherman — Mon, 27 Mar 2023 20:33:24 +0000

TikTok is front and center in the US debate on technology, privacy, cybersecurity, and US-China relations. Yet, the app has also been subject to conversation about national security in another country: India. Just before the Trump administration issued its executive order in August 2020 attempting to ban TikTok in the United States (later struck down in multiple courts and then withdrawn by the Biden administration in June 2021), New Delhi banned TikTok in June 2020. In the time since, India expanded this strategy, banning hundreds of other apps in the country—many with links to China—citing national security and sovereignty justifications.

The most recent iteration was in February, when the Indian government initiated a process to ban 138 betting apps and ninety-four lending apps, many of which it claimed have links to China. Authorities walked a few of these bans back after Indian companies like LazyPay and Kissht reportedly demonstrated they had no such links. Some US policymakers have praised India’s app bans, namely Federal Communications Commission Commissioner Brendan Carr, who said in January of this year that India set an “incredibly important precedent” by banning TikTok from the country.

But India’s app bans are not an example of constructive, careful, and established policy and process on the risks posed by foreign technology companies, products, and services.

Government overreach with no transparency

The administration of Prime Minister Narendra Modi is grossly mistaken in playing hundreds of rounds of whack-a-mole against Chinese apps. The bans were imposed with very little transparency and little or no public consultation. They were followed up by state orders—which went largely unquestioned—for internet service providers (ISPs) in India to filter out Indians’ access to TikTok servers. To top it off, India has no comprehensive privacy regime—exactly what it needs to better protect Indian citizens’ data, including from the undemocratic Modi government.

Instead, the country is witnessing overreaching government policies that make sweeping assessments of mobile apps behind closed doors, with few avenues of recourse by the public. Citizens’ data, meanwhile, remains vulnerable to widespread abuse.

India has banned hundreds of apps since the first round of app expulsions in June 2020. The government banned fifty-nine Chinese apps in June 2020, forty-seven apps in July 2020, 118 apps in September 2020, and forty-three apps in November 2020. In February 2022, over a year after the prior set of bans, New Delhi announced fifty-four new app bans. Most recently, in February 2023, the government initiated a process to ban 232 apps; the exact number of banned applications is unclear due to a lack of media coverage on subsequent walk-backs.

A data analysis of the bans indicates that they focus heavily on utility apps, photo and video apps, social media apps, messaging and social networking apps, and gaming apps. In many of these cases, New Delhi has asserted that the apps are prejudicial to the national security and sovereignty of India. Clearly, this language was selected because it pulls from Section 69(A) of India’s Information Technology Act of 2000, the legislation which the Indian government invokes with these bans. The provision states that:

“Where the Central Government or a State Government or any of its offers specially authorized by the Central Government or the State Government, as the case may be, in this behalf may, if satisfied that it is necessary or expedient to do so, in the interest of the sovereignty or integrity of India, defense of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offense relating to or above or for investigation of any offense, it may be subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource.”

With each of these app bans, the Indian government has given little public notice or none at all. For example, the scramble in the wake of the February 2023 bans—where companies in India were banned because of alleged links to China, though they subsequently demonstrated nothing of the sort—suggests the companies were not approached or notified by the government prior to the bans’ public announcement. New Delhi has also consistently provided insufficient information on its reasoning for the bans. As the nonprofit Internet Freedom Foundation in India wrote after the first round of June 2020 bans, “currently we only have a press release and not the actual order,” which is needed “since it contains the reasons for the ban which are important when we try to assess the legality and validity of the ban.” The lack of public notice is especially significant given that the actions did not target a single app or company at once; instead, each round of bans threw dozens or even more than one hundred apps out of India at a time.

Governments need to provide a clear public explanation (if not also evidence) for decisions to restrict a tech company, product, or service’s market access for “security” reasons. This is because not every risk posed by a technology company, product, or service is the same. Consider a hypothetical example: a social media platform could raise questions about the risk of corporate data abuse; foreign government data access; foreign government content manipulation; addictiveness for children; and so on. Each of these are different concerns requiring unique diagnoses and policy responses. Hence, broadly claiming “security” and “sovereignty” is an insufficient justification for a complete ban—just as US policymakers who initially said “TikTok is owned by a Chinese firm” were not properly breaking down the perceived risks. Democracies (even if backsliding) should provide the public, the private sector, and civil society with explanations for their tech policy decisions.

In India’s case, the state has failed to properly do so time and time again with these bans.

A lack of due process for ban policies

The process for India’s app bans is also highly concerning. The so-called IT Blocking Rules from 2009 laid out regulations for how these types of bans should take place (as required in Section 69(B) of the Information Technology Act). But, as the Internet Freedom Foundation noted in June 2020, it was unclear if the Indian government’s decision to enact these bans followed the proper process—to include holding a pre-decisional hearing. Process rarely makes for interesting conversation, but it’s vital. How a government reviews tech companies, products, and services for security risks; how it makes determinations about those risks; whether it consults with outside voices on those risks; and how it communicates those risks and that process to the public all shape whether government security reviews are nuanced, transparent, and accountable.

Even if one agrees with the result of a ban—such as expelling TikTok from India—how the Modi government arrived there, and its unilateral power to block and censor in this area, are still great reasons for concern. There has been woefully insufficient press attention, in India and even more so in the West, to the fact that New Delhi quickly got Apple and Google to remove apps from their stores and then ordered ISPs, at least in TikTok’s case, to filter Indians’ web traffic to block access to servers.

There is also a strong political dimension to these actions. When the Indian government first started banning China-linked apps in June 2020, including TikTok, it followed an India-China border clash in which twenty Indian soldiers and four Chinese soldiers reportedly died. That India’s app bans were compared to “digital counterstrikes” from India to China underscore the fact that the move was heavily politically motivated, meant to signal to the Indian public that the Modi government was responding, and to China that India was willing to constrain Chinese apps’ market access. New Delhi was able to signal resolve against Beijing (at least in its mind), defending Indian “sovereignty” (as per the ban press release) without taking military action.

Modi’s administration has also been increasing pressure on tech companies operating in India. For instance, there was significant media reporting about Facebook, India, and the ruling Bharatiya Janata Party (BJP); in addition to underinvesting in content moderation in India and many other countries, Facebook reportedly had internal pushes to relax its rules for BJP officials spreading hate speech because the users in question belonged to the party in power. Indian police also raided (empty) Twitter offices in 2021—a move reminiscent of the Russian government’s coercive tactics—after the company applied a “manipulated media” label to a tweet from a BJP official. Even with discussions of data localization in India, one of the many motivations at play was the Indian government’s interest in applying pressure to—and holding leverage over—tech companies operating there.

The app bans fit within this broader context of tech company coercion and state efforts to increase control of the tech environment.

No data privacy regime means “anything goes”

Lastly, India has no comprehensive privacy law. The new Digital Personal Data Protection Bill is a mixed bag for privacy but has some improvements over the previous legislation (the Personal Data Protection Bill) which had broad data localization requirements among other things. Negotiations are still ongoing. Yet, that is exactly the point: the Modi government has banned hundreds and hundreds of apps, many with links to China, in the past 2.5 years, while India is still without a law to constrain corporate data collection, rein in the sale of Indians’ data by data brokers, and place guardrails around expanding Indian government surveillance.

Without a doubt, the Chinese government is heavily engaged in espionage against countries around the world—India included—and it’s safe to assume that most if not all Chinese tech firms must answer to Beijing when asked. China is not micromanaging all companies all the time (as that would be unwieldy) but the risks of Chinese state influence on Chinese tech firms are certainly present.

The Indian government needs to build a comprehensive, transparent, and accountable means of addressing data privacy and security risks. Playing endless rounds of arbitrary whack-a-mole against apps—with little to no public consultation—is a step in the wrong direction with serious consequences.

The author thanks Rose Jackson for comments on an earlier draft of this article.

Justin Sherman (@jshermcyber) is a nonresident fellow at the Atlantic Council’s Cyber Statecraft Initiative and the founder and CEO of Global Cyber Strategies, a Washington, DC-based research and advisory firm.

The South Asia Center serves as the Atlantic Council’s focal point for work on the region as well as relations between these countries, neighboring regions, Europe, and the United States.

SouthAsiaSource Mar 6, 2023

Amid Pakistan’s political and economic turmoil, risks to curbs on digital freedoms grow

By Uzair Younus

Civil Society Elections

SouthAsiaSource Dec 5, 2022

India’s data localization pivot can revamp global digital diplomacy

By Anand Raghuraman

India’s stance on data localization constrained its ability to engage in digital diplomacy. With a new privacy bill, however, it has outlined a compromise option.

Digital Policy Economy & Business

SouthAsiaSource Nov 23, 2022

India’s new data bill is a mixed bag for privacy

By Justin Sherman

India’s parliament has released its Digital Personal Data Protection Bill, offering a mixed bag for privacy.

Digital Policy Economy & Business

SouthAsiaSource Blog

The post The problem with India’s app bans appeared first on Atlantic Council.

Inside Bangladesh’s new data protection laws

Stephen Weymouth — Wed, 08 Mar 2023 15:51:38 +0000

Download pdf

The 2022 Draft Data Protection Act (DPA), which establishes new restrictions related to the processing, storage, and transfer of data, appears to move Bangladesh’s digital governance in a different direction. The DPA is the first data-privacy law to be proposed in Bangladesh; it follows in the wake of new digital-privacy laws passed around the world over the past several years. Provisions of the bill have been met with criticism due to the restrictions they place on digital business activity and the lack of constraints established over the government’s enforcement authority.

The expansion of the digital economy raises legitimate concerns about data privacy that governments need to address. Yet, blanket restrictions on information flows, coupled with vague enforcement provisions, are unlikely to buttress consumer protections; and they may instead erode human rights. Some fear that governments can suppress opposition through digital surveillance under the guise of data governance.

This policy brief examines Bangladesh’s draft Data Protection Act. Following a brief overview of the act, it provides a framework for understanding the political tradeoffs that governments face when implementing digital-economy regulations. The article then considers how the act may influence the trajectory of Bangladesh’s integration in global markets, and the country’s prospects for continued growth.

The South Asia Center serves as the Atlantic Council’s focal point for work on the region as well as relations between these countries, neighboring regions, Europe, and the United States.

SouthAsiaSource Dec 5, 2022

India’s data localization pivot can revamp global digital diplomacy

By Anand Raghuraman

India’s stance on data localization constrained its ability to engage in digital diplomacy. With a new privacy bill, however, it has outlined a compromise option.

Digital Policy Economy & Business

SouthAsiaSource Nov 23, 2022

India’s new data bill is a mixed bag for privacy

By Justin Sherman

India’s parliament has released its Digital Personal Data Protection Bill, offering a mixed bag for privacy.

Digital Policy Economy & Business

SouthAsiaSource Sep 12, 2022

The international community must see the Bangladesh of 2022

By Mohammad A. Arafat

Though Bangladesh is not without fault, the international community has good reason to see it as a constructive, democratic partner in South Asia.

Bangladesh Economy & Business

Southasiasource Blog

The post Inside Bangladesh’s new data protection laws appeared first on Atlantic Council.

Critical connectivity: Reducing the price of data in African markets

Aubrey Hruby — Fri, 03 Mar 2023 20:35:27 +0000

Download Pdf

This report is part of an ongoing partnership on the Power of African Creative Industries between The Policy Center for the New South (PCNS) and the Atlantic Council’s Africa Center.

“Critical connectivity: Reducing the price of data in African markets,” by Africa Center Senior Fellow Aubrey Hruby, analyzes the current state of the digital transformation in Africa and outlines how affordable and accessible data is imperative for further development. Finally, it provides concrete recommendations to the key actors and facilitators of the transition outlined in the Digital Transformation with Africa; a new initiative the Biden administration announced at the 2022 US-Africa Leaders Summit, which emphasizes the importance of reducing data costs in Africa to spur growth and employment.

In outlining why data remains so costly and inaccessible across Africa, Hruby profiles four main detriments: infrastructure, competition, policy, and consumption patterns. Through case studies and success stories from other developing nations who struggled with high-priced data and implemented successful mitigation measures, Hruby develops a framework for reform and showcases how key changes can rapidly reduce data costs, spur development, and transform entire industries. Her recommendations directly address the current US administration, African governments seeking to build and benefit from a digital economy, and global development finance institutions (DFIs) that are already investing and making much needed transformative inroads into African markets.

Throughout the 21st century, African markets have unleashed the globe’s most significant digital revolution, and they are poised to continue doing so over the next few decades as the world’s youngest population reaches maturity. Currently, 40 percent of the continent’s total population is under the age of 15 and represents 27 percent of the entire world population. From 2000 to 2010, the African mobile phone market grew at a rate of 44 percent per year, bringing the number of subscriptions to around 700 million, more than in both the European Union and the United States combined. For African creative and mobile industries, which are emerging at the forefront of this digital revolution, infrastructure and technological systems are critical to the sector’s continued growth. The African Continental Free Trade Area connects 1.3 billion people across fifty-five countries with a combined GDP of over $3 trillion. Digital infrastructure is a vital economic opportunity and a crucial security issue for African nations and their partners.

The African vision is increasingly shaped by the digital tools and platforms African consumers use and the new opportunities that have emerged in a growing start-up ecosystem. According to the UN, the digital economy is set to expand in Africa by 57 percent between 2020 and 2025. With projections by the Alliance for Affordable Internet forecasting that the continent’s digital economy will grow six times over by 2050 to $712 billion and the fact that African startups raised more than $4 billion in venture capital in 2021, it is clear that this sector is booming. Undoubtedly the future is digital, and Africa must be able to access this future affordably if it is to share in the benefits of this global revolution.

The Atlantic Council is the only DC global think tank to have placed African creative industries at the center of its security and prosperity work. The Africa Center’s focus on the creative industries was launched by the Africa Creative Industries Summit of Washington in October 2021 at the Smithsonian National Museum of African Art and was opened by a message from Vice President Kamala Harris. The program is now fully supported by strong sponsors and partners, from ADS Group and Afreximbank to OSF and OCP, allowing the Atlantic Council to continue its leadership in the field by hosting events such as the Sports Business Forum, held in Dakar, and the financial engineering task force for African creative industries. This work was crowned by the Africa Center’s partnership with the US Department of State and its participation in the organization of the African and Young Leaders Diaspora Forum on the first official day of the US-Africa Leaders Summit of December 2022 at the African American Museum of History and Culture in Washington.

Report author

Fellow

Aubrey Hruby

Africa Center

Economy & Business Future of Work

The Africa Center works to promote dynamic geopolitical partnerships with African states and to redirect US and European policy priorities toward strengthening security and bolstering economic growth and prosperity on the continent.

AfricaSource Jun 16, 2022

Better data is the key to unlocking major investment in Africa

By Tom Koch

As COVID-19 and the war in Ukraine continue to hurt the African continent, many countries will require significant investment to revitalize their economies. But a persistent attribute of many African markets will continue to be a barrier to private investment: a relative lack of data. This drives up diligence costs, creates difficulties in valuing assets, […]

Africa Digital Policy

New Atlanticist Dec 5, 2022

Can the US and Africa usher in a new era for globalization?

By Katherine Walla

US Trade Representative Katherine Tai discussed the future of US-Africa trade with the African Continental Free Trade Area’s secretary-general, Wamkele Mene, at an exclusive Atlantic Council event.

Africa Trade

AfricaSource Jul 8, 2022

Europe’s Green Deal plan is Africa’s green finance opportunity

By Emilie Bel

Can natural gas and nuclear power be green? “Sometimes, and for a limited period of time,” said the European Parliament on July 6, as part of an ongoing negotiation over the EU taxonomy, a key component of the European Green Deal (EGD). The EGD is the European Union’s ambitious plan to create the first emissions-neutral […]

Africa Climate Change & Climate Action

The post Critical connectivity: Reducing the price of data in African markets appeared first on Atlantic Council.

Tech innovation helps Ukraine even the odds against Russia’s military might

Mykhailo Fedorov — Tue, 28 Feb 2023 22:50:23 +0000

For more than a year, Ukraine has been fighting for its life against a military superpower that enjoys overwhelming advantages in terms of funding, weapons, and manpower. One of the few areas were Ukraine has managed to stay consistently ahead of Russia is in the use of innovative military technologies.

Today’s Ukraine is often described as a testing ground for new military technologies, but it is important to stress that Ukrainians are active participants in this process who are in many instances leading the way with new innovations. The scale of Russia’s invasion and the intensity of the fighting mean that concepts can often go from the drawing board to the battlefield in a matter of months or sometimes even days. Luckily, Ukraine has the tech talent and flexibility to make the most of these conditions.

With the war now entering its second year, it is clear that military tech offers the best solutions to the threats created by Russia’s invasion. After all, success in modern warfare depends primarily on data and technology, not on the number of 1960s tanks you can deploy or your willingness to use infantry as cannon fodder.

Russian preparations for the current full-scale invasion of Ukraine have been underway for much of the past two decades and have focused on traditional military thinking with an emphasis on armor, artillery, and air power. In contrast, the rapidly modernizing Ukrainian military has achieved a technological leap in less than twelve months. Since the invasion began, Ukraine has demonstrated a readiness to innovate that the more conservative Russian military simply cannot match.

Subscribe to UkraineAlert

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Name
First Last
Email*
Name
This field is for validation purposes and should be left unchanged.

Modern weapons supplied by Ukraine’s international partners have played a crucial role in the Ukrainian military’s battlefield victories during the first year of the war. Likewise, Western countries have also supported Ukraine with a range of tech solutions and assistance. At the same time, Ukrainians have repeatedly demonstrated their ability to develop and adapt new technologies suited to the specific circumstances of Russia’s ongoing invasion. Ukraine has used everthing from drones and satellite imagery to artificial intelligence and situational awareness tools in order to inflict maximum damage on Russian forces while preserving the lives of Ukrainian service personnel and civilians.

Drones deserve special attention as the greatest game-changers of Russia’s war in Ukraine. Thanks to the widespread and skillful use of air reconnaissance drones, the Ukrainian military has been able to monitor vast frontline areas and coordinate artillery. Meanwhile, strike drones have made it possible to hit enemy positions directly.

The critical role of drones on the battlefield has helped fuel a wartime boom in domestic production. Over the past six months, the number of Ukrainian companies producing UAVs has increased more than fivefold. This expansion will continue. The full-scale Russian invasion of Ukraine is fast evolving into the world’s first war of robots. In order to win, Ukraine needs large quantities of drones in every conceivable category.

This helps to explain the thinking behind the decision to launch the Army of Drones initiative. This joint project within the framework of the UNITED24 fundraising platform involves the General Staff of the Ukrainian Armed Forces, the State Special Communications Service, and the Ministry of Digital Transformation. Within the space of six months, the Army of Drones initiative resulted in the acquisition of over 1,700 drones worth tens of millions of dollars. This was possible thanks to donations from individuals and businesses in 76 countries.

Ukraine is currently developing its own new types of drones to meet the challenges of the Russian invasion. For example, Ukraine is producing new kinds of naval drone to help the country guard against frequent missile attacks launched from Russian warships. Ukrainian tech innovators are making significant progress in the development of maritime drones that cost hundreds of thousands of dollars and can potentially target and deter or disable warships costing many millions.

Eurasia Center events

Dave Keating: Think big with EU treaty reform

After Vilnius: What’s next on Ukraine’s path to NATO?

Eastern Europe NATO Security & Defense Ukraine

Ukrainian IT specialists are creating software products to enhance the wartime performance of the country’s armed forces. One good example is Delta, a comprehensive situational awareness system developed by the Innovation Center within Ukraine’s Defense Ministry. This tool could be best described as “Google maps for the military.” It provides real-time views of the battlefield in line with NATO standards by integrating data from a variety of sources including aerial reconnaissance, satellite images, and drone footage.

Such systems allow the Ukrainian military to become increasingly data-driven. This enables Ukrainian commanders to adapt rapidly to circumstances and change tactics as required. The system saves lives and ammunition while highlighting potential opportunities for Ukraine to exploit. This approach has already proven its effectiveness in the defense of Kyiv and during the successful counteroffensives to liberate Kharkiv Oblast and Kherson.

Ukraine has also launched a special chatbot that allows members of the public to report on the movements of enemy troops and military hardware. Integrated within the widely used Diia app, this tool has attracted over 460,000 Ukrainian users. The reports they provide have helped to destroy dozens of Russian military positions along with tanks and artillery.

In addition to developing its own military technologies, Ukraine has also proven extremely adept at taking existing tech solutions and adapting them to wartime conditions. One prominent example is Starlink, which has changed the course of the war and become part of Ukraine’s critical infrastructure. Satellite communication is one of Ukraine’s competitive advantages, providing connections on the frontlines and throughout liberated regions of the country while also functioning during blackouts. Since the start of the Russian invasion, Ukraine has received over 30,000 Starlink terminals.

Ukraine’s effective use of military technologies has led some observers to suggest that the country could become a “second Israel.” This is a flattering comparison, but in reality, Ukraine has arguably even greater potential. Within the next few years, Ukraine is on track to become a nation with top tier military tech solutions.

Crucial decisions setting Ukraine on this trajectory have already been made. In 2023, efforts will focus on the development of a military tech ecosystem with a vibrant startup sector alongwide a strong research and development component. There are already clear indications of progress, such as the recent creation of strike drone battalions within the Ukrainian Armed Forces.

The war unleashed by Russia in February 2022 has now entered its second year. Putin had expected an easy victory. Instead, his faltering invasion has highlighted Ukraine’s incredible bravery while also showcasing the country’s technological sophistication. Ukrainians have demonstrated their ability to defeat one of the world’s mightiest armies using a combination of raw courage and modern innovation. This remarkable success offers lessons for military strategy and security policy that will be studied for decades to come.

Mykhailo Fedorov is Ukraine’s Deputy Prime Minister and Minister of Digital Transformation.

Atlantic Council experts — Fri, 03 Feb 2023 02:43:28 +0000

The landscape before the European Union (EU) at the beginning of 2023 is unrecognizable from that of just one year ago. Europe has been faced with a new geopolitical reality in the aftermath of Russia’s illegal invasion of Ukraine, and the EU has been compelled to reconsider everything from its military posture and relations with Ukraine to tech and trade challenges and its own institutions. How will the EU continue to bolster its security with conflict raging in its backyard and a changing world order? Can Brussels forge a new path toward better relations with partners in the United Kingdom, Ukraine, and the Western Balkans? Our experts spell out the areas where the EU needs to adapt in 2023.

Click to jump to an expert reaction:

Daniel Fried: Sustain momentum on aid to Ukraine and Russia sanctions

Marie Jourdain: Find the ridgeline of EU military support to partners

Ilva Tare: Find a meaningful path forward for EU enlargement

Rachel Rizzo: Integrate and deepen defense efforts—with a leadership role for Germany

Aaron Korewa: Develop a ‘military Schengen’ and forge a stronger Polish-German relationship

Olga Khakova: Come together for the sake of energy security and decarbonization

Frances Burwell: Push a more active US-EU Trade and Technology Council

Tyson Barker: Advance a heavy digital legislative docket

Security and defense

Think big with EU treaty reform

Russia’s invasion of Ukraine roughly one year ago has prompted an EU response that for years had seemed unthinkable, and 2023 may see the bloc implement institutional changes to formalize that shift into EU structures. The idea of a European Defense Union, long just a pipe dream, is now a reality and is guiding the EU’s first-ever funding of equipment for a foreign conflict. Russia’s gas brinksmanship has also prompted unprecedented decisions on energy sourcing, another area which, like defense, has typically been a competence belonging to member states, not the EU.

So far, these unprecedented moves have been made using existing institutions and the existing EU treaties. But the EU is long overdue for another round of treaty reforms, having last updated what serves as the EU’s constitution in 2009. Last year, citizens at the Conference on the Future of Europe called for the treaties to be revised to enable the EU to act with greater speed and unity of purpose. That would first require calling a constitutional convention, such as the one that took place in 1999 to draft what eventually became the 2009 Lisbon Treaty. This time, the EU would want things to move much faster, given current events.

Treaty reform has been embraced with varying degrees of enthusiasm by some member states in Western and Southern Europe and by European Commission President Ursula von der Leyen. But it is being strongly opposed by member states in Eastern and Northern Europe—and particularly opposed by Sweden, which currently holds the rotating presidency of the Council of the EU. French President Emmanuel Macron is keen to put the subject on the Council’s agenda this year. One of the most contentious ideas, supported by German Chancellor Olaf Scholz, Macron, and von der Leyen, is ending remaining unanimity voting requirements in the Council in areas like foreign policy—so for instance, Hungarian Prime Minister Viktor Orbán can no longer veto EU action against Russia. But this is strongly opposed by smaller member states who fear they will always be outvoted by larger ones under qualified majority voting, which is weighted by population.

If these changes are made, it could make the EU a more dependable and flexible partner for the United States on diplomatic and security matters.

—Dave Keating is a nonresident senior fellow at the Europe Center and the Brussels correspondent for France 24.

Sustain momentum on aid to Ukraine and Russia sanctions

Despite shortcomings, a slow disbursement of funds, and agonizing German debate on military assistance, the EU and European member states helped Ukraine sustain its fight against Russia in ways that few—and especially not Russian President Vladimir Putin—anticipated before February 24 last year. Arms and funds for Ukraine, support for millions of Ukrainian refugees, and sanctions against Russia look impressive in the aggregate. Europe, with the help of a warm winter, resisted Putin’s use of his energy leverage. While Poland, the United Kingdom, Baltic and Nordic states, and other Eastern European states led the way, the French and German governments have stepped up, notwithstanding uneven rhetoric. A few years ago, there were no NATO plans to defend its eastern frontier from Russian attack. Now, Western Europeans debate not whether to send armor to Ukraine but what sort and how much.

But Putin appears determined to crush Ukraine by attacking civilians and creating stalemate or even retaking the offensive. In that case, European (and US) resolve will be tested, especially if Putin offers a “peace plan” that includes the West’s acceptance of his aggression while he prepares for more.

In 2023, Europe’s (and the United States’) task will be to help end the war on Ukraine’s terms. That means intensifying the flow of military and economic assistance to Ukraine and ramping up economic pressure on Russia.

The economic to-do list includes making the oil price cap work; finding other Russian exports to restrict; enforcing and expanding export controls on Russia; and enforcing existing sanctions, going after sanctions violators wherever they are. As the price tag for assistance to Ukraine rises, Europe and the United States should find ways to repurpose immobilized Russian exchange reserves to benefit Ukraine.

Skeptics from the outset questioned whether Europe and the United States could stay the course politically. The track record so far, and evidence suggesting continued Russian atrocities and war crimes, suggests they may in the future.

—Daniel Fried is the Weiser Family distinguished fellow at the Atlantic Council and a former US ambassador to Poland.

Find the ridgeline of EU military support to partners

Over the past year, the EU devoted an unprecedented level of resources and energy for Ukraine, making available up to thirty billion euros in financial, economic, and humanitarian support to Ukraine, plus twelve billion euros in military assistance, including 3.6 billion euros of support through the European Peace Facility (EPF). Ukrainian needs in its war effort require the EU and member states to maintain this mobilization through 2023. While the EU will continue to prioritize Ukraine, and rightly so, there is a risk that the EU will leave out other partnerships and unbalance them: The EU’s credibility and attractiveness as a partner are at stake here. That does not mean the EU should stop investing in Ukraine’s future, but it does mean that the EU must not disregard critical partnerships. The EU, in attempting to step up as a geopolitical actor, must maintain a global reach, which will help avoid allowing potential adversaries to shape the strategic environment in a way that affects the EU’s stability and security.

Keeping an eye on the balance between the south, east, and close neighborhood will require close coordination within the EU. One instrument to do that is the EPF: It was designed to fund the costs of EU Common Security and Defence Policy missions and operations and to provide assistance to partners across the world (including providing lethal and non-lethal military equipment for the armed forces, as it is doing for Ukraine). The EPF’s 2021–2027 budget was settled ahead of the war, meaning it did not plan for the level of support to Ukraine that it will end up issuing: In 2021, the EPF gave the Ukrainian armed forces thirty one million euros in support (compared with the 3.6 billion euros in support in 2022). As demonstrated by the EU’s dormant training missions in Mali and the Central African Republic (although the EU did recently launch a new military mission partnership with Niger), the EU seems to be shifting from the south to the east with a new EU Military Assistance Mission for Ukraine, support for Moldova and Georgia that is likely to increase, and growing attention on the Western Balkans’ needs. While the European Council agreed to increase the financing of the EPF (because 86 percent of the financial ceiling had already been committed for use by 2022), the EU must demonstrate its reliability by offering attractive partnerships to countries showing interest, risking otherwise to leave a vacuum that will quickly be exploited by adversaries.

—Marie Jourdain is a visiting fellow at the Europe Center and previously worked for the French Ministry of Defense’s Directorate General for International Relations and Strategy.

Politics and diplomacy

Find a meaningful path forward for EU enlargement

The war in Ukraine has brought the question of EU enlargement to the forefront of European debate in ways that it hasn’t been in more than a decade. By offering candidacy to Ukraine and Moldova, the EU has been forced to start grappling with why its policy of enlargement had stalled out in the first place. This reinvigorated debate may spur new thinking about how the dream of a Europe whole, free, and at peace may eventually get realized despite the many roadblocks still in its way.

The old enlargement policy was already showing early signs of weakness with Turkey’s candidacy, but it really ran aground in the Western Balkans, which the EU had committed itself to fully absorbing at a summit in Thessaloniki, Greece in 2003. The path to full membership was based on the belief that the countries could be induced to reform and democratize in exchange for getting full voting rights in the bloc. But the carrot and stick approach lost credibility over the years, with reforms stagnating while European voting publics lost the enthusiasm for admitting new members.

The new thinking involves a process of “staged accession,” or “gradual integration,” wherein tangible benefits—most notably, access to and participation in the common market—are granted piecemeal as candidates make key reforms. By not promising full voting rights in the bloc in the immediate and medium term, the inherently political question of how new members might upset existing power balances in the union are set aside. And tangible, potentially lasting, benefits for candidate countries’ citizens and economies are likely to be accessed sooner.

The Western Balkans could be the laboratory for how this new approach could work. As Ukraine fights for its right to exist, building a workable model for integrating new countries into a meaningful and prosperous European system is of the highest importance. Once the shooting stops, Ukraine will have to have a meaningful path forward for its Western aspirations.

—Ilva Tare is a nonresident senior fellow with the Europe Center and host of the Europe Center’s #BalkanDebrief series.

Integrate and deepen defense efforts—with a leadership role for Germany

The EU has shown impressive solidarity over the past year in response to Russia’s invasion of Ukraine. From bilateral support including weapons and financial aid to taking part in (and helping hold together) a vast Western sanctions regime against Russia, the unity has been strong. The EU as an institution has also responded decisively by setting up mechanisms through which the EU can better integrate its defense and security efforts. The problems that have long plagued deeper integration, however, remain.

There is a fundamental lack of trust between some European countries, which leads to an unwillingness to work together or to hand over (either in reality or by perception) any part of their decision making to Brussels. There’s also a lack of a real leader in European security. Germany set expectations sky-high last February after Scholz’s “Zeitenwende” speech, but the country has been slow to deliver. Of course, Germany’s contributions to helping Ukraine win this war should be lauded. However, the debate around whether Germany should send Leopard 2 tanks (or sign off on third party transfers of those tanks), for example, shows just how timid the country still is. Ultimately, Germany made the right decision, and it deserves credit for that. However, Germany must eventually be willing to truly play a leadership role instead of waiting for the United States to provide diplomatic cover. If this doesn’t occur, I have my doubts whether the EU as a whole will be able to integrate and deepen its security and defense efforts in the way that it must, especially as the United States continues its rebalance toward Asia.

—Rachel Rizzo is a nonresident senior fellow at the Europe Center.

Develop a ‘military Schengen’ and forge a stronger Polish-German relationship

Just as with Russia’s war of aggression against Ukraine in 2022, 2023 will likely see major developments for a crucial European relationship that has been strained by war but has the potential to emerge better and stronger if the right choices are made.

On the eve of the war, 60 percent of Poles viewed Germany as an ally. In October, that number had plummeted to 20 percent. Yes, key voices in the Polish government have publicly engaged in sharp anti-German rhetoric, but it would be a mistake to view this mistrust as partisan. With Berlin dragging its feet to provide necessary weapons deliveries to Ukraine, what looks like German ambivalence in the face of the Russian threat has left many Poles questioning if their NATO partner will have their back should Poland itself come under attack. Germany may be changing—witness the recent decision to send Leopard 2 tanks to Ukraine—but perhaps not fast enough. It may be hard for Germany to have its decades-long assumptions shattered about how best to handle Russia, but Ukraine hardly has time for a German therapy session.

A constructive and operationally relevant Polish-German relationship is key for the future of transatlantic relations. For Germany, Poland is now a frontline state, the way it was during the Cold War. For Poland, Germany is the strategic depth and supply line for US military aid. Thankfully, there are many officials on both sides who realize this, even if the public debate may suggest otherwise.

For the EU, a smart policy would be to develop a “military Schengen area” that would make transportation of allied forces across borders easier and incentivize strategically important German-Polish defense cooperation. What Brussels should avoid is any perception that the EU prefers one side in the Polish parliamentary elections this fall—particularly since Poles sometimes equate Brussels with Berlin.

With the right kind of engagement, Poland will influence Germany’s and Europe’s view of Russia. Considering that the Poles were right about Putin, that is a very good thing.

—Aaron Korewa is the director of the Europe Center’s Warsaw Office.

Trade and technology

Come together for the sake of energy security and decarbonization

Russia’s weaponization of energy irreversibly transformed European energy systems. In response to the cutoff of Russian gas, Europe pivoted to alternative supplies and routes in record time. This transformation continues into 2023. But this year, Europe is taking the reins of its energy strategy and moving beyond mitigating the shocks from the Kremlin’s unsuccessful blackmail in 2022. Even though Russia lost the energy war, Europe must continue the shift toward a clean, secure, and affordable energy future.

To sustain and accelerate its energy transformation, the EU will need to maintain solidarity across member states and with its Western allies, while balancing immediate needs with long-term security and decarbonization concerns. The bloc has multiple avenues for achieving these goals.

Within Europe, energy ministers should work together to ensure that temporary emergency measures such as the natural gas price caps and windfall taxes do not impede investments. The impacts of these mechanisms on private-sector behavior and confidence must be carefully assessed. Europe must also agree upon efficiency measures, which the continent desperately needs to resolve the supply crisis.

A broader challenge involves unifying pathways to fund new clean energy and low-carbon generation. The proposed Sovereignty Fund—a joint borrowing mechanism—is one possible solution, but it already faces fierce opposition from some parts of the EU. The public sector should not shoulder these investment costs alone, but it must play a bigger role in incentivizing clean energy and low-carbon projects and mitigating risks to unlock private sector financing.

On the multilateral front, the transatlantic cohesion over multiple waves of sanctions is an undisputable, unprecedented win for the alliance. Fine-tuning implementation and enforcement will optimize sanctions’ sting on the Russian economy and funding for the war. This unity must continue as global routes are reshuffled for oil and refined products in order to comply with the Group of Seven (G7) nations’ price caps, which aim to reduce Russia’s revenues while keeping the volumes on the market.

But tensions remain for US-EU relations due to the massive US climate law, the Inflation Reduction Act (IRA), which favors homegrown electric vehicle manufacturing among other climate incentives. The EU and the United States must find ways to mitigate these concerns and focus on areas of cooperation, such as critical minerals supply chains, standards alignment, permitting reform, and expedited commercialization of new technologies. And finally, multilateral coordination will be essential to securing multiple alternative energy suppliers. Europe will have to commit to the next wave of long-term contracts to satisfy future demand, while working with exporters to lower the carbon intensity of shipments.

By strengthening internal and transatlantic cohesion, the EU will be able to get ahead of the looming supply shortages anticipated for next winter, while forging a broader security and climate strategy for decades to come. Russia’s role will be diminished irrevocably in both.

—Olga Khakova is the deputy director for European energy security at the Atlantic Council’s Global Energy Center.

Push a more active US-EU Trade and Technology Council

In 2023, the European Union will find the global multilateral trading system—which has been key to Europe’s own prosperity—increasingly challenged. Leading EU economic policymakers, including Executive Vice President Valdis Dombrovskis and Director-General Sabine Weyand, have made clear the continuing EU commitment to the World Trade Organization (WTO)—albeit a reformed WTO. Meanwhile, the new Swedish presidency of the EU Council of Ministers has identified trade negotiations as a priority (the EU currently has trade agreements with seventy-two countries and negotiations ongoing with thirty more).

Yet the multilateral trading system is arguably a thing of the past. The current geopolitical climate has made everyone re-examine their supply chains. Cost and market access can no longer be the sole determinant of where goods are made. The EU’s own policies will also challenge the system of free trade, especially with growing environmental, social, and governance (ESG) rules. New EU reporting requirements or restrictions on forced labor, deforestation, carbon emissions, and other issues will force companies to adjust their supply chains.

But the biggest challenge to the EU’s trade policy in 2023 will be the approach of its closest economic partner, the United States. US trade policy, with its “worker-centric” focus and emphasis on reshoring key industries, is moving far from its former leadership of the multilateral trading system. This shift has been demonstrated in the Biden administration’s rejection of the WTO decision against the Trump administration’s steel tariffs, as well as the discriminatory provisions in last year’s Inflation Reduction Act (IRA).

At the same time, the US-EU Trade and Technology Council (TTC) has emerged as the most prominent bilateral transatlantic mechanism. It has largely focused on building cooperation on future tech and trade challenges and harmonizing some responses to the Russian invasion of Ukraine, while avoiding tough trade conflicts, with the IRA and steel tariffs assigned to special task forces. Those task forces should be brought into the purview of the TTC, so that its leadership and credibility can address the growing transatlantic gap over the global trading system. This will be a risk for the TTC, but cooperation on artificial intelligence taxonomies will mean little if the United States and EU cannot find a way to jointly address the changes needed in the global trading system, especially as related to subsidies and sensitive supply chains. Geopolitics has made returning to the old multilateral system impossible, but the United States and Europe, along with their like-minded partners, could build a new (or reformed) system that balances rule of law with resilience and security. As the United States heads toward its 2024 elections, the EU must take the lead.

—Frances Burwell is a distinguished fellow at the Europe Center and a senior director at McLarty Associates.

Advance a heavy digital legislative docket

This year will see a last, mad dash of EU digital legislation before the 2024 European Parliament elections. This will mean a flurry of legislative and new implementation actions—as the Von der Leyen Commission tries to fulfill the promise of Europe’s “digital decade”—with significant stakes for US and Euro-Atlantic interests.

First, the window is narrowing for the EU to scale up its signature techno-industrial policy on semiconductors—resolving EU CHIPS Act funding questions on semiconductors, fast-tracking Important Projects of Common European Interest authorization, and accounting for increased gas and raw-material prices resulting from Russia’s war in Ukraine. On Europe’s double helix of platform governance—the Digital Services Act and Digital Markets Act—2023 will see the first major enforcement push, testing big tech’s ad-based business models and challenging, at times, wayward content-moderation decisions from Musk to Meta. Euro-Atlantic discussion around EU legislative enforcement in the metaverse is also likely to increase. As this enters the enforcement phase, some have contended the TTC could play a bigger role.

At the same time, the EU is undertaking an ambitious set of interlocking rules around the Internet of Things and industrial data. These touch on cybersecurity (the Cyber Resilience Act), data ownership and usage (Data Act), algorithmic governance (AI Act and AI Liability Directive), data space creation, and cloud governance. With an adequacy decision on the US-EU Data Privacy Framework, successor to the ill-fated US-EU Privacy Shield, expected to be in force by summer 2023, the United States and Europe need to focus on a thriving Euro-Atlantic data space that guarantees free data flows, cybersecurity standards, rule of law, and human-rights protections. Even as it does so, the EU—together with the United States—should anticipate potential blind spots and divergences. Some areas include EU proposals for “fair share” payments by data-intensive tech to internet service providers, implementation of the Organization for Economic Cooperation and Development (OECD) agreement on a 15 percent minimum corporate tax, and increased techno-industrial policy around satellite internet connectivity. Both sides should also start consultations on next-generation strategic tech policy, including high-performance computing governance and 6G standards.

—Tyson Barker is a nonresident senior fellow with the Europe Center.

The post In 2022, the war in Ukraine awakened Europe. Here’s how it must adapt in 2023. appeared first on Atlantic Council.

Russia’s cyberwar against Ukraine offers vital lessons for the West

Yurii Shchyhol — Tue, 31 Jan 2023 17:47:28 +0000

Vladimir Putin’s full-scale invasion of Ukraine is fast approaching the one-year mark, but the attack actually started more than a month before columns of Russian tanks began pouring across the border on February 24, 2022. In the middle of January, Russia launched a massive cyberattack that targeted more than 20 Ukrainian government institutions in a bid to cripple the country’s ability to withstand Moscow’s looming military assault.

The January 14 attack failed to deal a critical blow to Ukraine’s digital infrastructure, but it was an indication that the cyber front would play an important role in the coming war. One year on, it is no longer possible to separate cyberattacks from other aspects of Russian aggression. Indeed, Ukrainian officials are currently seeking to convince the International Criminal Court (ICC) in The Hague to investigate whether Russian cyberattacks could constitute war crimes.

Analysis of the Russian cyberwarfare tactics used in Ukraine over the past year has identified clear links between conventional and cyber operations. Ukraine’s experience in countering these cyber threats can provide valuable lessons for the international community while offering a glimpse into a future where wars will be waged both by conventional means and increasingly in the borderless realm of cyberspace.

Subscribe to UkraineAlert

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Name
First Last
Email*
Phone
This field is for validation purposes and should be left unchanged.

The Russian cyberattack of January 2022 was not unprecedented. On the contrary, Ukraine has been persistently targeted since the onset of Russian aggression with the seizure of Crimea in spring 2014. One year later, Ukraine was the scene of the world’s first major cyberattack on a national energy system. In summer 2017, Ukraine was hit by what many commentators regard as the largest cyberattack in history. These high profile incidents were accompanied by a steady flow of smaller but nonetheless significant attacks.

Following the launch of Russia’s full-scale invasion one year ago, cyberattacks have frequently preceded or accompanied more conventional military operations. For example, prior to the Russian airstrike campaign against Ukraine’s civilian infrastructure, Ukrainian energy companies experienced months of mounting cyberattacks.

These tactics are an attractive option for Russia in its undeclared war against the West. While more conventional acts of aggression would likely provoke an overwhelming reaction, cyberattacks exist in a military grey zone that makes them a convenient choice for the Kremlin as it seeks to cause maximum mayhem in Europe and North America without risking a direct military response. Russia may not be ready to use tanks and missiles against the West, but Moscow will have fewer reservations about deploying the cyberwarfare tactics honed in Ukraine.

In addition to disrupting and disabling government bodies and vital infrastructure, Russian cyberattacks in Ukraine have also sought to manipulate public opinion and spread malware via compromised email accounts. The Ukrainian authorities have found that it is crucial to coordinate efforts with the public and share information with a wide range of stakeholders in order to counter attacks in a timely manner.

The effects of cyberattacks targeting Ukraine have already been felt far beyond the country’s borders. One attack on the satellite communication system used by the Ukrainian Armed Forces during the initial stages of the Russian invasion caused significant disruption for thousands of users across the European Union including private individuals and companies. Given the borderless nature of the digital landscape, similar scenarios are inevitable as cyberwarfare capabilities continue to expand.

Eurasia Center events

After Vilnius: What’s next on Ukraine’s path to NATO?

Eastern Europe NATO Security & Defense Ukraine

From a Russian perspective, cyberwarfare is particularly appealing as it requires fewer human resources than traditional military operations. While Moscow is struggling to find enough men and military equipment to compensate for the devastating losses suffered in Ukraine during the first year of the invasion, the Kremlin should have no trouble finding enough people with the tech skills to launch cyber offensives against a wide range of countries in addition to Ukraine.

Russia can draw from a large pool of potential recruits including volunteers motivated by Kremlin propaganda positioning the invasion of Ukraine as part of a civilizational struggle against the West. Numerous individual attacks against Western targets have already been carried out by such networks.

At the same time, Ukraine’s experience over the past year has underlined that cyberattacks require both time and knowledge to prepare. This helps explain why there have been fewer high-complexity cyber offensives following the initial failure of Russia’s invasion strategy in spring 2022. Russia simply did not expect Ukraine to withstand the first big wave of cyberattacks and did not have sufficient plans in place for such an eventuality.

Ukraine has already carried out extensive studies of Russian cyberwarfare. Thanks to this powerful experience, we have increasing confidence in our ability to withstand further attacks. However, in order to maximize defensive capabilities, the entire Western world must work together. This must be done with a sense of urgency. The Putin regime is desperately seeking ways to regain the initiative in Ukraine and may attempt bold new offensives on the cyber front. Even if Russia is defeated, it is only a matter of time before other authoritarian regimes attempt to wage cyberwars against the West.

The democratic world must adapt its military doctrines without delay to address cyberspace-based threats. Cyberattacks must be treated in the same manner as conventional military aggression and should be subject to the same uncompromising responses. Efforts must also be made to prevent authoritarian regimes from accessing technologies that could subsequently be weaponized against the West.

The Russian invasion of Ukraine is in many ways the world’s first cyberwar but it will not be the last. In the interests of global security, Russia must be defeated on the cyber front as well as on the battlefields of Ukraine.

Yurii Shchyhol is head of Ukraine’s State Service of Special Communications and Information Protection.

Two bills on tech competition—Senator Amy Klobuchar’s (D-MN) American Innovation and Choice Online Act and Senator Richard Blumenthal’s (D-CT) Open App Markets Act—also made progress in the last Congress but failed to get over the finish line. They would prohibit tech companies from forms of conduct such as preferencing their own products and services over those of rivals. Versions of Klobuchar’s bill cleared both the House and Senate judiciary committees with bipartisan support but never came to floor votes.

While the competition and privacy bills have seen cross-aisle cooperation, partisanship has complicated congressional efforts to address extreme and polarizing content hosted by internet platforms. Platforms currently enjoy immunity from liability for content they intermediate, thanks to the part of the Communications Decency Act—a law long considered a pillar of the internet—known as Section 230. In recent years, however, there have been several legislative proposals to remove its protections for cases in which hosted content could lead to criminal conduct. Many Republicans insist on linking these potential cutbacks to Section 230 immunity to their allegations that conservative political speech is being repressed by platforms. This dynamic seems likely to continue in the new Congress or, at least, in the House.

The EU, by contrast, has accomplished much more. The General Data Protection Regulation (GDPR), which took effect in 2018, sets out individual protections that partly inspired those in the proposed ADPPA. Although GDPR enforcement remains a work in progress, there is no denying the dominant role it has come to play in how companies handle personal information in Europe.

Last year the EU achieved the feat of completing major legislation on both platform competition and content in the Digital Markets Act (DMA) and the Digital Services Act (DSA), respectively. The European Commission is in the early stages of implementing both laws, beginning by identifying the companies meeting the scale criteria and thereby becoming subject to an array of legal obligations. The DSA left undisturbed the EU-law equivalent to the United States’ Section 230, opting instead for a series of content-transparency measures.

The disparity between Washington gridlock and Brussels action on tech legislation has become glaring. One former US regulator has pointed out that US technology companies are quietly complying with the new EU measures, asking rhetorically: “You can do this to help Europeans, why not help Americans?”

In fact, Brussels could use some competition when it comes to tech regulation. More than six years after their adoption, some of the GDPR’s policy judgments already appear outdated. For example, its strict limits on reusing data and its precautionary approach toward risk could constrain the development of artificial-intelligence (AI) technologies, which depend on access to broad data pools, observers have pointed out. A comprehensive US privacy law conceivably could better accommodate the fast-evolving applications of AI.

Even if Congress passes comprehensive privacy legislation, the United States is unlikely to become a global leader in the field. Many countries already have adopted such laws, and the GDPR invariably has been a major influence—even in authoritarian countries such as China and Russia. Notably, an increasing number of foreign countries follow the EU’s approach of conditioning international data transfers on the adequacy of a foreign jurisdiction’s data-protection laws.

In December, the European Commission proposed an adequacy finding for data transfers from Europe to the United States under the commitments set in the EU-US Data Privacy Framework (DPF). If the United States were to pass a comprehensive privacy law, it would solidify Europe’s case for US adequacy. Even more importantly, when the expected challenge to the DPF is lodged before the Court of Justice of the European Union, the United States would be better placed to argue that the framework’s protections meet European fundamental-rights standards.

Adopting legislation in Washington on platform content and competition also would set the stage for deeper transatlantic technology policy coordination. If Brussels avoids applying DMA and DSA restrictions only to US companies, the US government’s past suspicions about any discrimination by the Commission toward US platforms could be overcome. The two governments then could undertake detailed work under the auspices of the EU-US Trade and Technology Council to better align their approaches on platform transparency, for example.

All of this depends on whether the Biden administration and Congress can muster the necessary bipartisanship to enact even a portion of the technology policy agenda. Legislation that better protects children’s privacy remains one area of possible compromise. By waiting to make a forceful push until a Republican-controlled House of Representatives has taken office, the White House has generated skepticism about its commitment. If areas of consensus can be found, though, the benefits would be transatlantic as well as domestic.

Kenneth Propp is a nonresident senior fellow at the Atlantic Council Europe Center, teaches EU law at Georgetown University Law Center, and is a former legal counselor to the US Mission to the EU in Brussels.

The post Biden’s call to modernize US tech policy would pay transatlantic dividends appeared first on Atlantic Council.

Six ‘snow leopards’ to watch for in 2023

Andrea Ratiu — Fri, 20 Jan 2023 10:00:00 +0000

Six ‘snow leopards’ to watch for in 2023

We don’t see them, but they’re out there.

Rare, elusive, and well-camouflaged, snow leopards are exceptionally hard to spot. When sighted, these majestic cats seem to have come out of nowhere. And yet they were around us all along.

In the discipline of global foresight, as the Atlantic Council’s Peter Engelke wrote last year, a “snow leopard” is “a known but underappreciated—perhaps even forgotten—phenomenon” that has the potential to change the world and shape its future even though appearances might suggest otherwise.

The snow leopards discussed here are not predictions, but rather prompts for us to scrutinize overlooked phenomena. A technological breakthrough, for example, may not seem world-changing when still in development. Other phenomena might be so woven into our daily lives that they’ve become invisible to us, as with the recommendation algorithms highlighted below. The actors involved also influence how much weight we give to events and trends: If a head of state were to announce a country’s economic disengagement from China, we would sit up and pay attention, but companies deciding one by one to proceed with such “decoupling” may fly under the radar.

Our next-generation foresight experts at the Scowcroft Center for Strategy and Security brought a fresh perspective to the task of spotting the hard-to-spot. Check out their list of six snow leopards to watch closely in the year ahead.

The tightening regulation of algorithms

Algorithms are everywhere yet almost invisible, serving as the silent sifters and sorters of our lives. Their influence is baked into everything from email and smartphones to GPS and government services. On search engines and social media, “recommendation algorithms” leverage user data and history to curate information for billions of people. In their simplest form, algorithms are instructions or sets of rules—often used by computers—for completing a task. At their most complex, they drive machine learning and enable artificial intelligence (AI) to grow smarter and more sophisticated by the second.

With such sweeping capacity to shape how individuals and societies order and consume information—from the mundane recommendations of photo feeds and shopping lists to the grave amplification of extremist conspiracy theories that cause real-world terror—algorithms (and their designers) hold some responsibility for the social and political consequences of the content they propagate and the decisions they advance.

The need for AI governance, particularly to rein in algorithms, is increasing—and policymakers have demonstrated an appetite for it. This October, the White House published an AI Bill of Rights with a blueprint for addressing “algorithmic and data-driven harms” and potential remedies. Lawmakers in the US Congress have proposed legislation to limit algorithmic promotion of extremist content by holding social-media platforms liable if certain forms of amplified content lead to offline violence, with other bills on the subject under consideration as well. China implemented a law in 2022 to reduce algorithmic influence on public opinion by enabling users to decline algorithmic recommendations on websites and apps. (The law was part of China’s pursuit of “positive energy” online, under the country’s aggressive censorship.) The EU’s Artificial Intelligence Act, the first major, still-pending regulatory framework for AI that could set global standards, strives to curb algorithmic bias. The EU’s General Data Protection Regulation (GDPR) also offers guidelines on when companies can and can’t use algorithmic automated processing for decision-making—for example, regarding who to offer a loan to or at what interest rate.

Regulating algorithms is a broad and complex challenge, and pushback by the tech industry along with legal hurdles could halt even the most ambitious regulators. The public, and even policymakers, often lack the conceptual clarity to identify, define, and classify algorithms. And because it can be difficult to prove causation between algorithmic decision-making and the behavior or opinions of individuals influenced by it, accountability is hard to track.

Further breakthroughs may happen below the national level. New York City is reviewing the use of algorithms in decision-making across its government agencies and offices. The City Council curtailed the use of AI algorithms in decisions about hiring and promotion. And these steps are just the beginning, as state houses and activists energetically join the race to shape this new frontier.

Danielle Miller, Assistant Director, Scowcroft Strategy Initiative

Prior to joining the Atlantic Council, Miller worked in the US House of Representatives and was a research assistant at the University of California Berkeley’s Institute of European Studies.

The rise of preemptive corporate decoupling from China

In the days after the Kremlin launched its illegal war on Ukraine, Western companies based in Russia started fleeing the market, fearing unprecedented transatlantic sanctions, consumer backlash for continuing to do business with an invader country on an imperialist bender, and investor pressure to maintain profit margins. Now, as tensions between the West and China escalate, wary investors and multinational corporations may be starting to preemptively shift their market presence, supply chains, and investments away from China to insulate themselves from similar future impacts should the Sino-transatlantic relationship deteriorate.

Among the most interesting early developments: Apple, which has a huge production footprint in China, has decided to shift production of its iPhone 14 model to India, while some of Google’s production for the new Pixel phone will likely be heading to Vietnam. Another space to watch is pension funds, as growing concerns about political risks are prompting discussions about potentially exiting or at least reducing exposure to the Chinese market.

While it’s still early to call such decisions formal decoupling, these signs point to Western companies’ unease about the state of the Sino-transatlantic relationship, as well as a preemptive, corporate-led fragmentation of markets and supply chains in case tensions between China and Western countries bubble over. The private sector’s concerns about China’s restrictive zero-COVID policies, which have led to recurring lockdowns and disruptions at factories, may also be a factor in these developments, but the roots of these corporate moves can be traced back further to extensive tariffs and other economic tit-for-tat measures between China and the West—as well as nervousness about China’s own pursuit of self-sufficiency via efforts such as its “Made in China 2025” initiative. At stake in how these trends play out is nothing less than the future of globalization as we know it, along with the shape of the multipolar geoeconomic order, in which countries such as India will likely play an enhanced role.

Anca Agachi, Associate Director, Transatlantic Security Initiative

Previously, Agachi worked for the EU’s European Defence Agency on defense capability development projects in the information security and space domains, and served as a United Nations Youth Representative for Romania, focusing extensively on the UN 2030 Agenda and sustainable development goals.

The battery revolution that will democratize electric vehicles

The two main reasons why consumers are reluctant to buy electric vehicles? They cost a lot and can’t get very far on a charge. But a battery that could make electric cars cheaper, more efficient, and thus more popular may be on the horizon. The next breakthrough could come not by way of an updated lithium-ion battery—the kind that powers most electric vehicles on the road today—but rather by using current battery technology in different form through structural batteries built into a car’s frame. This has the effect of reducing the car’s weight (a chassis made of battery cells isn’t as heavy as a chassis plus a separate battery) and a lighter car can travel farther on a single charge. The potential benefits go far beyond increasing range. Integrating the battery into a car’s chassis could also cut down on manufacturing costs and make cars cheaper, while strengthening the body of the car as well.

Tesla has experimented with structural batteries in its Model Y cars and GM used them in the electric model of its Hummers, but their versions have yet to yield broader adoption. Yet technical development among automakers and other actors is ongoing and promising. Researchers at Sweden’s Chalmers University of Technology, for example, recently developed a more efficient structural battery that performs ten times better than its predecessors. Right now, electric vehicles are driven mostly by the wealthy: In the United States, for instance, 78 percent of federal electric-vehicle credits go to those with incomes over $100,000. If structural batteries can deliver on their promise, it will result in many more electric vehicles on the road around the world, democratizing ownership.

Imran Bayoumi, Assistant Director, Scowcroft Strategy Initiative

Bayoumi graduated with his master’s degree in global affairs from the Munk School at the University of Toronto where he held a Joseph-Armand Bombardier Canada Graduate Scholarship. He also holds a BA from Queen’s University in political studies.

The early glimmers of a global, platform worker-driven labor movement

An uneven post-COVID-19 economic recovery has stoked a labor-rights movement in the United States and efforts to unionize in some of the country’s largest corporations—from Starbucks to Amazon to Trader Joe’s. Around the world, meanwhile, similar fallout from the pandemic has produced another phenomenon: Platform workers—those who work for organizations that provide services directly to consumers through an online platform—are leading efforts to create better working conditions for themselves. Strikes and other protests from Brazil to the United Kingdom to the Philippines and beyond speak to rising unrest among these workers. The causes for disputes and the types of protest vary across regions, but concerns about pay are often a primary driver of the activity.

Such developments are significant in part because platform workers are a subset of the informal economy, which encompasses economic activities that are not monitored by the state. These activities include a wide range of work—from domestic labor to rideshare driving to market stands. More than 60 percent of the world’s adult labor force operates, at least part-time, in the informal sector, and on average that sector represents 35 percent of gross domestic product in low- and middle-income countries. In many cases, particularly in emerging markets and developing economies, platform workers are not aiming to formalize their economic activities. But their budding efforts to improve their working conditions could alter the world of work for the better, more strongly linking them with government protections and helping curb global poverty and precarious employment.

Caroline Multerer, Deputy Director of Operations, Scowcroft Center for Strategy and Security

Prior to joining the Atlantic Council, Multerer was a program associate at Jones Group International, a global consulting firm owned by General James L. Jones.

The risky promise of geoengineering

One approach to combating climate change is geoengineering, or deliberate, large-scale, technologically based interventions in the environment to mitigate some of the effects of climate change. These include removing carbon dioxide from the atmosphere and reflecting the sun’s rays back into space. Futuristic though it may sound, geoengineering is already here. China and the United Arab Emirates have undertaken efforts to “seed” clouds by artificially increasing the amount of precipitation they hold and creating rain. Researchers from the UAE’s National Center of Meteorology have looked into creating an artificial mountain that would induce cloud formation and rain. Other countries, including China, India, and the United States, are making steady progress in advancing their geoengineering capabilities. The 2022 federal appropriations act, for example directed the US Office of Science and Technology Policy to develop a multi-agency group for coordinating research on solar geoengineering. This form of climate engineering, where sunlight is sent back into space, seems most likely to have the biggest impact on limiting the consequences of climate change and thus most likely to be pursued.

But along with its promise solar geoengineering also brings numerous risks, including the potential alteration of regional weather patterns. There’s also the increasing likelihood that, given the pace of climate-driven impacts such as floods, droughts, severe storms, and heat waves, a country or multiple countries will attempt to geoengineer the planet unilaterally, before the underlying science is solidified and before adequate global governance mechanisms are in place.

Imran Bayoumi, Assistant Director, Scowcroft Strategy Initiative

The Japan-South Korea rapprochement that could shake up the Indo-Pacific

Although Japan and South Korea normalized diplomatic relations in 1965, their relations have continued to be complicated by the legacy of Japan’s colonization of Korea from 1910 to 1945, memories of World War II, and disputes over how to compensate Korean women who were forced into wartime sexual slavery by the Japanese military.

Despite this history, deeper reconciliation between the two countries, while politically difficult, is not an impossibility. In one indicator of a coming thaw, a meeting between South Korean President Yoon Suk-yeol and Japanese Prime Minister Fumio Kishida on the sidelines of the 2022 United Nations General Assembly, framed as a brief, informal gathering to avoid setting off domestic opposition at home, marked the first bilateral meeting between the leaders of these nations in three years. In another sign, the Japanese and South Korean publics are coalescing around concern about China. Were such a rapprochement to occur, it would dramatically alter the geopolitical environment in Asia while delivering significant benefits to both countries. Japan and South Korea face common and acute threats from China, North Korea, and Russia. With better relations, the two countries could pursue closer bilateral military ties, reach mutual understandings of regional threats, and develop responses to crises as they emerge. South Korea, one of the world’s leading advanced economies, could get more involved in the Quad grouping of Australia, India, Japan, and the United States. The United States would be able to count on both nations to counterbalance China’s influence in the region, while the three could promote shared values throughout the Indo-Pacific.

Imran Bayoumi, Assistant Director, Scowcroft Strategy Initiative

Global Foresight 2023

In this year’s edition of Global Foresight, the Atlantic Council’s senior experts identify the top risks and opportunities for 2023. Our foresight team spots “snow leopards” that could have major unexpected impacts in 2023 and beyond. And we share findings from our survey of global strategists and foresight practitioners on how human affairs could unfold over the next decade.

Learn more Full survey

Atlantic Council Strategy Paper Series Jan 9, 2023

Welcome to 2033: What the world could look like in ten years, according to more than 160 experts

To survey the future, we polled global strategists and foresight gurus on our most burning questions about the biggest drivers of change over the next decade. Check out their forecasts on everything from the prospect of nuclear proliferation to the probability of great-power war to the potential for more global volatility.

Atlantic Council Strategy Paper Series Jan 20, 2023

Six ‘snow leopards’ to watch for in 2023

Atlantic Council foresight experts spot the underappreciated phenomena that could have outsize impact on the world, driving global change and shaping the future.

Brazil China

Atlantic Council Strategy Paper Series Dec 23, 2022

The top 23 risks and opportunities for 2023

The war in Ukraine changed the world in 2022. How will it continue reshaping global affairs in 2023 and what else looms on the horizon? The Atlantic Council’s top experts brought their globe-spanning expertise to the task of forecasting the near future.

Africa Americas

The post Six ‘snow leopards’ to watch for in 2023 appeared first on Atlantic Council.

CBDC Tracker cited by the Harvard National Security Journal on the tradeoffs in the development of a cross-border CBDC

rlopezirizarry — Fri, 13 Jan 2023 15:10:21 +0000

The post CBDC Tracker cited by the Harvard National Security Journal on the tradeoffs in the development of a cross-border CBDC appeared first on Atlantic Council.

Post-war Ukraine needs a smart digital transformation strategy

Anatoly Motkin — Thu, 12 Jan 2023 15:52:20 +0000

The Russian invasion of Ukraine is still far from over, but it is already clear that Ukraine has defended its independence and won the right to become a fully fledged member of the democratic world. This trajectory was further underlined in summer 2022 when Ukraine received official EU candidate nation status.

Ukraine’s future prosperity is not just a matter of ending the war and moving toward membership of the European Union, however. Ahead lies the complex reconstruction of the country’s entire economy and national infrastructure. In order for this to succeed, there can be no return to pre-war conditions. Instead, Ukraine has a once-in-a-lifetime opportunity to reinvent itself as one of the most modern nations on the planet.

Subscribe to UkraineAlert

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Name
First Last
Email*
Phone
This field is for validation purposes and should be left unchanged.

Thanks to the unprecedented support of Ukraine’s international partners, today’s ambitious visions for a new Ukrainian economy are entirely feasible. This will in all likelihood be a green economy at the cutting edge of the digital revolution.

President Zelenskyy had already set Ukraine on the road to a digital future long before the horrors of Russia’s full-scale invasion. In the early days of his presidency in spring 2019, Zelenskyy identified digitalization as a national priority and vowed to create “a country in a smartphone.”

On the eve of the Russian invasion, Ukraine had already made significant progress in this direction. More than 10 million Ukrainians, or around one-third of the entire adult population, had installed the Diia app, which offered a range of public services and documents in digital format. The impact of this digitalization has been evident during the war, with Ukrainians frequently using virtual documents to identify themselves and pass checkpoints.

The tech sector had also established itself as a key engine of the economy in pre-war Ukraine. By the end of 2021, the IT industry was generating around $6.8 billion in annual export earnings, representing approximately 10% of Ukraine’s overall export revenues.

These developments are encouraging and indicate that Ukraine can seize the unique opportunities that may soon emerge. At the same time, the post-war transformation of the country will force the Ukrainian authorities and the domestic tech industry to think on a far larger scale than ever before. International investments alone will dwarf anything seen in Ukraine since the country regained independence in 1991.

Eurasia Center events

After Vilnius: What’s next on Ukraine’s path to NATO?

Eastern Europe NATO Security & Defense Ukraine

Ukraine’s IT industry certainly has the potential to rise to the coming challenges. On the eve of the invasion, there were more than 250,000 IT engineers in the country working for companies that developed advanced solutions for many of the world’s biggest brands. To harness this potential and position the country for future success, Ukraine’s Ministry of Digital Transformation must engage with the world’s leading experts to develop an effective digital transformation strategy.

This strategy must address a series of core issues such as mastering digital skills, engineering digital infrastructure, the digitalization of public services, and the digital transformation of Ukraine’s business environment. Ukraine must adapt its education system to make sure the emerging generation of young Ukrainians are equipped with the necessary English-language and tech skills to drive the country’s transformation forward. Teachers will need to have expert knowledge, while schools must have sufficient internet access and tech tools.

These innovations need to be applied evenly across the country to make sure progress is consistent and no regions are left behind. This is especially important for regions liberated from Russian occupation. Digitalization must also extend to every branch of public services including healthcare, housing, and municipal services.

Even this very brief overview highlights the vast proportions of the undertaking that lies ahead for Ukraine. The envisaged digital revolution will require the involvement of experts in a wide variety of fields including law, education, energy, medicine, and security as well as IT itself.

The experience of the past ten months leaves little room for doubt that the global community will be ready to support Ukraine’s post-war digital transformation. While the Ukrainian Ministry of Digital Transformation will have the task of coordinating the creation of a digital transformation strategy, the Ministry can call on the support of a range of national governments, international financial institutions such as the World Bank and the EBRD, global development agencies, and many of the world’s largest tech companies.

Today, while Ukraine’s heroic defense against Russian aggression is still underway, it is time to create a broad coalition of allies and establish expert working groups to develop a strategy development fund. The platform for this coalition can be the Digital for Freedom initiative already put forward by the Ministry of Digital Transformation in mid-2022.

Ukraine has already demonstrated that with enough military support, it can win the war. The country’s international partners must also be ready to begin the massive task of reconstruction as soon as circumstances allow. A comprehensive and ambitious digital transformation strategy can serve as one of the foundational documents for the coordination of efforts to make the new Ukraine an example of progress for the entire world.

Anatoly Motkin is president of the StrategEast Center, an independent institution working to develop Eurasia’s digital economy in collaboration with international financial institutions, development agencies, global tech companies, and Eurasian governments.

About the author

Fellow

Kenneth Propp

European Union Digital Policy

The post Propp in Lawfare: Gentlemen’s Rules for Reading Each Other’s Mail: The New OECD Principles on Government Access to Personal Data Held by Private Sector Entities appeared first on Atlantic Council.

CBDC Tracker cited by the National Interest on CBDCs potential use as a national currency.

rlopezirizarry — Tue, 10 Jan 2023 15:02:30 +0000

The post CBDC Tracker cited by the National Interest on CBDCs potential use as a national currency. appeared first on Atlantic Council.

Crypto Regulation Tracker cited by The Hill in an opinion piece on ‘The Six Principles for Governing Crypto Regulation.’

rlopezirizarry — Fri, 30 Dec 2022 04:21:00 +0000

The post Crypto Regulation Tracker cited by The Hill in an opinion piece on ‘The Six Principles for Governing Crypto Regulation.’ appeared first on Atlantic Council.

Lipsky interviewed by CoinDesk TV on the future of CBDCs

rlopezirizarry — Wed, 28 Dec 2022 04:32:00 +0000

The post Lipsky interviewed by CoinDesk TV on the future of CBDCs appeared first on Atlantic Council.

CBDC Tracker cited in Coin Republic on Nigeria’s CBDC policy

avishwanath — Thu, 08 Dec 2022 16:22:00 +0000

The post CBDC Tracker cited in Coin Republic on Nigeria’s CBDC policy appeared first on Atlantic Council.

CBDC Tracker cited in CoinTelegraph on Nigeria’s CBDC development

avishwanath — Wed, 07 Dec 2022 16:06:00 +0000

The post CBDC Tracker cited in CoinTelegraph on Nigeria’s CBDC development appeared first on Atlantic Council.

An introduction to the Freedom Online Coalition

Rose Jackson, Leah Fiddler, Jacqueline Malaret — Tue, 06 Dec 2022 20:00:00 +0000

Download pdf

Understanding the first ten years of the world’s democratic tech alliance

Democratic and authoritarian nations are in a global competition for the digital world, amid a bid to renew or remake the world order. On one side is the long-standing global norm that the Internet is a global good, governed by a multistakeholder community and designed to be free, open, secure, and interoperable. On the other side is a model antithetical to the universal rights and democratic norms around which the United States and its allies organize. That authoritarian model advances a version of the Internet in which states leverage technology to shatter citizen expectations of privacy, free expression, and assembly.

Core to the authoritarian strategy are efforts to drive a wedge between the historically effective alliance of democratic nations working collectively to ensure everyone, everywhere can benefit from a digital ecosystem in which basic rights are embedded. The growing variance in approach between democratic countries in governing their own use of technology only serves to broaden that wedge. As the authoritarian model spreads, it is politically and practically shifting the online experience of billions of people, including those within democracies. The stability and sustainability of a free, open, secure, and interoperable Internet relies on democracies’ ability to rebuke these efforts and defend the Internet as a key infrastructure to advance human rights. In addition to countering authoritarian repression abroad, this includes grounding their own use of technology in democratic principles and working to prevent emerging innovations from being misused to undermine human rights at home and around the world. A failure to do so will only accelerate the authoritarian capture of the Internet, and cause a global loss in access to speech, expression, and prosperity.

It is no surprise, then, that policymakers increasingly call for “democratic tech alliances” on everything from supply chains to emerging technology to global Internet freedom. This has renewed attention to the Freedom Online Coalition (FOC), which comprises thirty-five member countries committed to advancing Internet freedom and human rights online. The FOC’s mission is more relevant now than ever in its eleven-year history, providing opportunities for its member states to

coordinate public and private diplomatic action in response to threats to democracy and human rights online;
collaborate in multistakeholder and multilateral forums to bolster human-rights-aligned norms and standards for the digital ecosystem; and
maintain a trusted space for collaboration with civil-society and industry actors that serves as a center of gravity for joint strategic action.

At the same time, the FOC as an institution is at an inflection point. As democracies seek mechanisms to drive collaboration and action in an increasingly adversarial global space, FOC member countries have an opportunity to strengthen, clarify, and focus energy through the coalition. Doing so will require members to address long-standing debates related to its scope of work, incentives, and impact in international forums.

This primer on the FOC is intended to serve as an introduction to the entity, summarizing its structure and development over time. In the final section, this introduction provides an overview of the key tensions that member countries will need to address to make the coalition more effective, credible, and durable.

The document is based on a literature review of publicly available information on the FOC website, including the coalition’s descriptions of its activities, meeting minutes, declarations, and other materials related to convenings and workstreams. Additionally, DFRLab staff interviewed civil-society leaders from around the world who have worked in partnership with the coalition, and consulted with others present during the FOC’s founding and various iterations of its development. Staff also consulted former US government and other member-nation officials, and contacted the FOC Support Unit for information about its structure, budget, and workstreams.

What is the Freedom Online Coalition?

The Freedom Online Coalition is a multilateral group of thirty-five countries that coordinates diplomatic discussion and possible response on salient issues involving Internet freedom and digital rights. The central aim of the FOC is to ensure “that the human rights that people have offline enjoy the same protection online.”¹ The coalition aims to protect Internet freedom and ensure that digital rights are a priority in policymaking around the world. At its founding in 2011, the FOC focused predominantly on organizing diplomatic responses to threats to freedom of expression and association online, including threats related to content filtering, network disruptions, surveillance technology, and censorship. As the impacts of technology and the Internet become increasingly central in international and political discourse, the FOC has also considered the rights implications of cybersecurity, digital authoritarianism, and digital equality and access. The FOC has also sought to engage more formally with the private sector and civil society through thematic working groups, the FOC Advisory Network, and periodic external-stakeholder engagements.

Origins of the Coalition

Throughout the early twenty-first century, Internet connectivity increased around the world, as did its impact on political expression and attitudes. While citizens had started to leverage technology to organize protest movements as early as Iran’s 2009 Green Movement, the 2011 Arab Spring captivated the attention of much of the world and thrust social media platforms to center stage. As a result, governments and companies alike scrambled to make sense of the increasingly central role the Internet was playing in geopolitics. As activists deployed digital tools to organize protests and broadcast the subsequent brutal crackdowns, authoritarian governments sought to censor content, surveil citizens, or shutter open platforms altogether to reassert government control. Amid this dangerous match between citizens and authoritarian states, democratic governments explored how best to support those seeking to extend universal rights to and through the Internet.

In the United States, the nascent idea of “Internet Freedom” percolated as a foreign policy priority, with then Secretary of State Hillary Clinton leading a dedicated Internet freedom agenda. This new US government focus was based principally on values Clinton set out in a January 2010 address, notably promising to increase funding and diplomatic engagement on the issue set, and to seek opportunities to partner with other governments to do the same.² In the following years, the US government created the Open Technology Fund to develop anti-surveillance and anti-censorship tools for activists in authoritarian states, and secured bipartisan resources from the US Congress for the State Department’s Bureau of Democracy, Human Rights, and Labor to support those on the front lines of Internet freedom globally.³ It was in this context that the United States joined thirteen other countries in the Netherlands on December 8, 2011, to formally launch the FOC at the inaugural Freedom Online Conference, with the seemingly simple commitment to “engage together to protect human rights online.”⁴

Current Coalition structure and operations

The FOC is not a legal entity, and member contributions are made on a voluntary basis. The official structure and procedure for the coalition have been developed over time and are still somewhat ad hoc.⁵ The FOC is led each year by a different country chair, which is selected after members state their interest and the full coalition votes on the slate. The chair is supported by the “Friends of the Chair,” a rotating group of FOC member states intended to ensure continuity and consistency through the yearly transitions.⁶ Each year, the chair of the FOC assumes responsibility for coordinating the coalition, setting its agenda, providing diplomatic support, and hosting the Freedom Online Conference. Annually since 2017, the FOC has published its goals in a program of action that outlines substantive and organizational priorities for the upcoming year.“⁷ The coalition makes key decisions at annual conferences, on the sidelines of international convenings, and through continued communications throughout the year.

An organizational chart of the FOC’s current structure.

In addition to its core diplomatic-coordination role, the FOC also conducts outreach and programming with civil society and industry. The FOC advisory network (FOC-AN), created in 2017 and launched in 2018, is a group of nongovernmental stakeholders that provides FOC member governments with advice and serves as the main mechanism for the FOC to receive the insights of civil society and the broader multistakeholder community.⁸ The FOC also currently operates three task forces and a working group, each of which includes government, industry, and civil-society representatives: the Task Force on Artificial Intelligence and Human Rights; the Task Force on Digital Equality; the Task Force on Internet Shutdowns; and the Silicon Valley Working Group, which is particularly focused on engaging industry in the FOC’s work.

The current criteria to become an FOC member state are laid out in the Stockholm Terms of Reference, which were adopted in 2017. They require countries to demonstrate a strong commitment to human rights and Internet freedom—both domestically and through their foreign policy—as well as to be members in good standing of other democracy-focused multistakeholder and intergovernmental organizations and forums.“⁹ To be removed from the coalition, a country can voluntarily withdraw, or its membership can be terminated following a recommendation from the chair or “Friend of the Chair” and a review of the government’s actions. After such a recommendation, a case is prepared and sent to the full FOC, and, if there are no objections, the member is terminated from the coalition. This procedure has never been used.

The chair and “Friends of the Chair” effectively function as the rotating FOC secretariat, which is staffed by a Support Unit housed at Global Partners Digital (GPD), based in London.¹⁰ This support function was not created until 2014, and the funding, personnel, structure, ownership, and terms of reference are a patchwork that developed over the intervening years. GPD was selected by the FOC, in part, because it was already engaged in the digital-rights space and had existing funding through the US Department of State. The Support Unit is run by the executive director of GPD and three dedicated staff members. Its primary responsibilities are serving as the main point of contact for FOC members, organizing member convenings and conference calls, communicating with the FOC Advisory Network, supporting task-force communications, maintaining the FOC internal listserv, providing substantive guidance when appropriate, and administering the FOC website and social media accounts.

Funding for the Support Unit fluctuates on an annual basis, dependent on voluntary contributions from member states via flexible grant agreements.¹¹ The Support Unit’s funding has steadily increased over the past five years, with a budget of just over $625,000 in 2022. The Support Unit reports against the requirements of each individual grant signed with the respective FOC members, and its day-to-day activities are mandated by an internal program of action developed in partnership with the chair and “Friends of the Chair” cohort. The Support Unit then reports against this broader program of action with updates on the funding for its own operations, as well as for discrete projects and efforts of the FOC more broadly. Noting concerns around the unpredictability of this funding arrangement, the 2017 Stockholm Terms of Reference established a mandate for a voluntary member-state “Funding Coordination Group,” though it never became operational.

Coalition workstreams and outputs

Freedom Online Conference

The FOC’s most visible output is the Freedom Online Conference, which doubles as a stakeholder gathering and annual meeting of member states to discuss the state of digital rights and coordinate diplomatic strategies in response. Since the inaugural conference in The Hague in 2011, the FOC has held eight additional conferences: one every year except for 2017, 2019, and 2022.¹² FOC Conferences are hosted by each year’s chair, and have been held in Nairobi, Kenya (2012); Tunis, Tunisia (2013); Tallinn, Estonia (2014); Ulaanbaatar, Mongolia (2015); San José, Costa Rica (2016); Berlin, Germany (2018); Accra, Ghana (early 2020 as part of Ghana’s 2019 chairship); and Helsinki, Finland (2021). Instead of a conference this year, FOC chair Canada opted to convene strategic retreats in Paris and Rome for member countries and the FOC-AN.

Each conference convenes FOC member countries, civil society, and industry for panels, workshops, and plenary sessions. The annual conference also serves as a platform to discuss organizational changes for the coalition itself, and is often used to initiate strategic reviews and to negotiate or publish new terms of reference, other official documents, or processes. A summary of these gatherings and the resulting statements can be found in Annex I.

In addition to the Freedom Online Conference, the FOC has, on occasion, convened on the sidelines of various international forums, including the Organization for Security and Cooperation in Europe (OSCE), the International Telecommunication Union (ITU), the Internet Governance Forum (IGF), and the Stockholm Internet Forum.

Joint statements
The FOC publishes joint statements responding to challenges to Internet freedom. The FOC’s earliest statements stressed the importance of freedom of expression and compelled governments to protect it online. As the coalition evolved, it published joint statements on a wider range of topics related to digital rights, comprising Internet shutdowns and content filtering, disinformation, state surveillance, cybersecurity, and artificial intelligence. A list of these statements can be found in Annex II. The coalition as an entity has only once published a country-specific statement: in 2013, it condemned Internet legislation introduced in Vietnam that restricted access and limited online speech.“¹³ This statement led to significant debate within the coalition about the appropriateness of country-specific statements, due to sensitivities around complicating direct diplomatic relationships. Since then, the lack of direct government references in FOC statements has been a topic of debate, particularly as governments from Nigeria to Russia have moved to ban platforms or restrict Internet access in their countries.

In 2022, the Canadian government, as chair, led an effort to amend the Stockholm Terms of Reference to create a process for a form of “country-specific” statements—joint statements in which member states have the option of endorsing a statement critical of a named government, which is then distributed by the FOC. Additionally, the chair of the FOC can issue a “chair statement,” in which the chair drafts and issues a statement, and other member states have the option to endorse it. While the “country-specific” process has never been used, in March 2022, Canada issued a chair statement, condemning the Russian government for sponsoring and spreading disinformation to justify its invasion of Ukraine, with nineteen FOC member countries choosing to sign on.¹⁴

Diplomatic coordination
Core to the FOC mission is diplomatic coordination on issues related to human rights online and Internet freedom. The result of this diplomatic coordination may not always be publicly evident. As the Internet freedom field grows, and digital issues are infused into an increasing number of policy areas, one of the more important functions of the FOC Support Unit is maintaining the list of contacts responsible within each government system for Internet freedom and digital issues, particularly as points of contact within diplomatic missions frequently rotate. These contacts and regular engagement across governments are a sure, but uneven, benefit. The coalition has faced regular calls to increase the relevance and effectiveness of its diplomatic engagement, but doing so will depend on the ability to call the right person at the right time on the right issue.

Engagement with the multistakeholder internet community
At its inception, multistakeholder engagement with the FOC was relatively open and unrestricted. Civil society participated at the annual conference and was encouraged to make recommendations for, and provide input on, joint statements. In recent years, the FOC formalized mechanisms to include civil society and industry in its work through the FOC-AN (discussed above) and Silicon Valley Working Group. The FOC-AN standardized civil-society engagement, and has also helped to narrow which individuals and organizations are able to regularly access the coalition.

Additionally, the coalition has long collaborated with the multistakeholder community through a mixture of working groups and task forces. Since its creation, the FOC has run a total of eight such efforts, focused on everything from cybersecurity to digital inclusion, with four currently running. The efficacy of these working groups has been mixed, with early efforts garnering a fair amount of participation. Over time, however, insufficient resourcing—and a lack of clear aims and outputs—led some early participants to disengage with the coalition. A common complaint has been a lack of clarity on what the expected outputs and impact of these working groups could or should be, and a disconnection from contentious and important policy issues actively under debate.

By way of example, in the wake of the Edward Snowden disclosures beginning in June 2013, civil society and FOC members leveraged the now sunset “Internet Free and Secure” working group to drive serious discussions about state surveillance, civil liberties, and human rights—including domestic and international stakeholders who do not often sit at the same tables. While the discussion was highly relevant, the lack of follow-on action or member-country attention to the group’s recommendations left some civil-society collaborators disillusioned with the coalition more broadly.¹⁵

Support to frontline defenders and the Internet freedom ecosystem
While there is yet to be a reliable and dedicated funding stream for the FOC itself, the coalition launched the Digital Defenders Partnership (DDP) fund in 2012, administered by the nonprofit Hivos.¹⁶ The stated purpose of the pooled fund is to support frontline digital defenders. The ministries of foreign affairs of Australia, Canada, Czechia, Denmark, Estonia, Finland, Germany, Latvia, the Netherlands, and the United Kingdom, along with the Swedish International Development Agency (SIDA) and the US State Department, have contributed funding. Its current budget is 3.5 million euros through 2023. An exhaustive list of projects administered via the fund is not publicly available, though Hivos’s website cites implementation in Brazil, Yemen, and Russia.¹⁷

Coalition changes over time

Since its formation in 2011, the FOC has been in an iterative cycle, adding new functions and support, debating impact, and assessing opportunities to strengthen the entity. After its creation in 2011, the founding members reconvened in 2012 in Nairobi, in an effort to reinforce global support for, and relevance of, the coalition. The resulting Nairobi Terms of Reference established the annual rotation of the chairmanship on a voluntary basis, outlined the responsibility of the chair to host the annual conference, and delineated criteria for new members wishing to join.“¹⁸ It also initiated a conversation about with what substantive issues the coalition might engage, created the Digital Defenders Partnership and rallied funding for it, and identified forums and opportunities for the FOC to drive its action beyond the yearly gathering.

In 2013, the group convened in Tunis, in a nod to one of the earlier Arab Spring countries in the midst of a democratic transition. There, it established three working groups: An Internet Free and Secure; Digital Development and Openness; and Privacy and Transparency Online.¹⁹ The purpose of the working groups was to facilitate ad hoc convenings outside of the Freedom Online Conference, focused on specific topics under the umbrella of Internet freedom. The working groups also brought new stakeholders into the fold, giving civil society and industry the ostensible opportunity to strategically advise FOC governments and shape both domestic and international outcomes. The mandates of the original three working groups officially ended in 2017.

In 2014, current events drove the agenda at the coalition’s fourth formal gathering in Tallinn, Estonia, stalling what had been steady momentum in building clarity and action around the group. The Snowden disclosures hit newsstands in June 2013, with thousands of classified documents leaking to the press over the following year, bringing to light the extent of the US government’s digital-surveillance practices.“²⁰ For an entity focused on governments restricting Internet access and human-rights abuses, accusations of one of its founding members advancing extraconstitutional surveillance through the Internet was an unavoidable earthquake and credibility challenge. That year’s “Recommendations for Freedom Online,” referred to as the Tallinn Agenda, doubled down on the coalition’s founding principles.²¹ In addition to restating the coalition’s commitment to protect digital rights, it acknowledged the growing global concern around surveillance, and called on governments to establish strong domestic oversight of the deployment of such technologies.

Despite these foundational debates, FOC countries managed to advance organizational development at the Tallinn event, creating a secretariat and tapping GPD (as discussed above) to host the Support Unit, enabled through an increase of funding through an existing grant from the US government.

In 2015, Mongolia hosted the Freedom Online Conference in Ulaanbaatar (in a nod to growing concerns about China’s regional and global digital authoritarianism), where the coalition renewed the mandates of the original three working groups. In the wake of the 2014 disclosures, enthusiasm within the coalition waned, causing a change of focus to the need to reinvigorate and reform the wayward effort. Beyond featuring Mongolia’s leadership in a highly geopolitically contested region, the 2015 Ulaanbaatar conference’s primary contribution was the creation of an internal working group tasked with a strategic review of the organization. The strategic review was led by the United States and supported by the Netherlands, the United Kingdom, and other member countries. The group contracted an outside expert to lead a concurrent external survey, the full results of which are included in the table at the end of this document.

The FOC published the results of that “external strategic review” at the 2016 conference in San José, Costa Rica, finding that, while there was still broad support for the coalition, member states saw a need to clarify the mandate of the FOC and identify clear overarching goals and outputs.“²² Building on the results of the review, member states released the San José Statement, which reaffirmed the coalition’s core principles, and outlined a work plan to strengthen the FOC by increasing coherence among and expanding membership, improving the coalition’s and cross-regional coordination, and building external relationships.“²³

The strategic review and subsequent conversations around it in San José laid the groundwork for one of the most significant sets of structural changes and formalization since the founding of the coalition, the revision of the Nairobi Terms of Reference. The coalition formalized these updates in what is called the Stockholm Terms of Reference.²⁴ It is notable that this significant update occurred during one of the two years when the FOC had no chair. As there was no Freedom Online Conference that year, the updated terms of reference were adopted on the sidelines of the Stockholm Internet Forum in 2017. These new terms updated and expanded the structure of the coalition and clarified its workstreams. Notably, it expanded the procedure for a new member to join, established an “observer status,” and introduced a procedure for a government to either leave or have its membership revoked. Further, the Stockholm Terms of Reference established an organizational structure for the FOC that included outlining the responsibilities and election of the annual chair, establishing the “Friends of the Chair” structure, and clarifying working methods, including the process for issuing FOC statements.

The Stockholm Terms of Reference also restated the importance of the ad hoc working groups and created the FOC-AN, a new track for multistakeholder engagement, as discussed earlier. Finally, the new terms reframed the work of the FOC secretariat, formalizing the Support Unit as a neutral third party responsible for facilitating collaboration and coordinating convenings for FOC members.²⁵ This more inward-looking work occurred in the months following the 2016 US presidential election, amid rising global concern with a proliferation of disinformation online and brazen foreign interference in core democratic processes. Amid the shift in US administrations, the FOC released a joint statement condemning state-sponsored disinformation in 2017.

In 2018, Germany took over the FOC chair and formally launched the FOC-AN, later hosting the Freedom Online Conference in Berlin. In 2019, during Ghana’s term as chair, the FOC created a limited one-year task force on “Cybersecurity and Human Rights.”²⁶ Ghana hosted its conference early the following year in Accra with the theme of “Achieving a Common Vision for Internet Freedom,” which did not advance any organizational changes.²⁷ FOC members released a joint statement on digital equality at the Accra conference, after which the FOC established a task force focused on bridging the digital divide and on topics of diversity, equity, and inclusion more broadly. Despite lacking a chair from March 2020 until January 2021, the FOC in that same time period established a Task Force on Artificial Intelligence and Human Rights and issued three joint statements on topics ranging from COVID-19’s impact on Internet freedom to disinformation and artificial intelligence. This was the highest rate of statement releases in the coalition’s history.

Finland took over as chair in 2021 as the FOC celebrated its tenth anniversary. That year’s Helsinki Declaration restated the group’s commitment to the protection of digital rights a decade on.²⁸ The FOC also created a task force on Internet Shutdowns, as well as the Silicon Valley Working Group, which was intended to promote the work of the coalition and provide continuous engagement between parts of the tech industry and FOC governments.²⁹

As chair in 2022, adapting to COVID-19 concerns and accommodating the US-hosted virtual Summit for Democracy, Canada opted not to host a conference. Instead, it organized a strategic retreat for FOC members and the FOC-AN in Paris, and convened regional workshops on Internet freedom and digital rights across North America, Europe, the Middle East and North Africa, Asia-Pacific, Sub-Saharan Africa, and Latin America. The goal of these workshops is to update the Tallinn Agenda, with a new “Ottawa Agenda.”

Key issues and debates

As democracies and autocracies grapple over the future of the Internet, the Freedom Online Coalition is regularly raised as a conceptually important body with disappointing impact. The rationale for a venue for likeminded countries to coordinate shared approaches seems clear, and is often suggested anew by those seeking to address concerning trends in the digital world. Yet, the FOC is often overlooked or dismissed in those very conversations, leaving the coalition floating as yet another well-intended, poorly resourced international body, neither engaged seriously enough to be made central to an increasingly urgent issue nor fully disavowed to make way for something new.

This crisis of legitimacy is driven by a thematic set of perennial debates and questions that span the operational and substantive. For those newly engaging with the FOC, understanding these fault lines and strategic debates will be an important starting point. Below is an overarching summary of some of the key issues at play.

Mission and scope

The FOC was created originally to enable likeminded democracies to coordinate diplomatic action around state-based Internet repression. In its narrowest conception, this could be limited to coordinating individual country statements. In its most expansive conception, it could include growing the slate of countries proactively advancing a free, open, secure, and interoperable Internet. Divergent views on where on this spectrum the FOC should sit is one recurring debate that drives different strategies for the growth and focus of the coalition.

Another related debate centers on the tensions inherent in democratic nations organizing to call out the undemocratic actions of other countries, while sometimes replicating those same actions within their own borders. This dynamic was most evident in the wake of the Snowden disclosures, but it certainly extends to more recent questions around tech governance and regulation, and the significant variance between member-country domestic approaches. For some, this lack of willingness to “look within” undermines the worthiness and credibility of the coalition as a whole.

Funding and leadership

The FOC has never had a dedicated source of funding, and this lack of clear resourcing has implications for what it means to chair the group, what is achievable through it, and the ability to plan for more than a year at a time. This also impacts mechanisms for a support structure to carry out the work of the coalition through transitions.

The coalition is also impacted by an unequal and uncertain funding stream from each of its member states. Over the course of former US President Donald Trump’s administration, the FOC and other Internet freedom initiatives were disrupted by bipartisan reductions in US government funding. Some argue that this precariousness could be solved by an expansion of funding commitments from other members, while others feel that a broad reevaluation of funding strategy at large is vastly overdue.

Relatedly, with leadership of the FOC changing annually, there are limits to what “programs of action” can be carried through, with some arguing for longer terms and others believing the yearly rotating model better matches global examples.

Support and staffing

The FOC did not have a support mechanism until 2014, when the US government increased an existing grant to a United Kingdom-based organization to provide secretariat functions for the chair and FOC members. The expectations for that arrangement were more clearly articulated in 2017, but the setup remains somewhat ad hoc. Further, some have suggested that there is a conflict of interest in housing the Support Unit at an organization involved in the digital-rights space, saying that an organization that acts simultaneously as a key facilitator of the FOC and a civil-society advocate can wield asymmetric influence.

How a Support Unit is funded, housed, directed, and functions has major ramifications for the capacity and aims of the FOC itself. Many of the ideas for institutional learning, more intentional coordination and campaigns, greater support for working groups, task forces, and initiatives, and broader FOC strengthening depend on a stable and resourced Support Unit. The FOC is not the first organization to struggle with identifying funding for support mechanisms, but there is broad agreement that finding a sustainable model is essential.

Membership

From its inception, the FOC has been sensitive to the risk of appearing to be a club of Western countries lecturing the rest of the world. Member countries have sought to find regional balance in peers, but it is unquestionable that the group remains largely Western, with very few members from the “global majority.” While few argue that the FOC should not work to grow the community of countries aligned and coordinating on Internet freedom issues, how, when, and in what way to do so are still subjects of significant debate.

Simultaneously, there are others focused on ensuring FOC members are accountable to the principles of the coalition. Some are concerned that a sole focus on expanding national representation could result in a watering down of approach and substance and could detract from efforts to push existing countries to contend with difficult inconsistencies in their domestic and international approaches. For others, an expansion of membership is secondary to driving powerful countries to more successfully and seriously leverage their power to advance the cause of Internet freedom, whether diplomatically, or through foreign assistance or other means.

While none of these aims is necessarily contradictory with any other, optimizing for one or the other will lead to different approaches in funding, support, agenda, and mission—as well as affect the overall impact of the coalition itself.

Incentives

For those wishing to expand FOC membership, a common discussion focuses on what would incentivize countries to join. Are there streams of funding, support, or information sharing that could be made available only to members? Are there things the FOC can advance for member countries? For example, sharing good practices on digital public infrastructure or other digital-inclusion tools like advancing digital literacy? Simultaneously, are there any downsides for countries not joining the FOC? Those familiar with the FOC’s operations flag this as an important and underexamined element of the coalition’s potential approach.

Impact

Perhaps the single most important debate focuses on what success should look like for the FOC. With so many different visions for the coalition, and a real challenge to Internet freedom globally, it is no surprise few people are satisfied with the group’s achievements. The question of impact is closely tied to the debate around the FOC’s core mission and scope. For some, the FOC would be more impactful if it more successfully helped countries coordinate diplomatic responses behind the scenes. For others, success would include more forceful and collaborative public rebukes of antidemocratic actions.

Impact could also be demonstrated by the FOC’s ability to marshal resources and attention at high-impact moments such as the consideration of antidemocratic tech regulations, or situations like that in Russia in 2021, when the government coerced Apple and Google to remove a political-organizing app from their app stores.³⁰ There is also the question of how the FOC advances its work, whether through loose coordination of member and nonmember states at international forums (such as the International Telecommunication Union or the UN General Assembly) or solely through its own coalition.

Finally, for some, the end goal of the coalition should be more countries and people buying into a proactive vision of Internet freedom based on international human-rights law and norms. In some ways, clarity on what the FOC is not focused on may be just as important as clarity on its mission and goals. There is a real risk that the FOC collapses under the weight of undifferentiated expectations. Clarifying and building agreement around FOC priorities, mandate, and scope is, therefore, essential.

This primer is based on a literature review of publicly available information on the FOC website, including the coalition’s descriptions of its activities, meeting minutes, declarations, and other documents related to convenings and workstreams. Additionally, DFRLab staff interviewed civil-society leaders from around the world who have worked in partnership with the coalition (at its inception, or through the FOC-AN or working groups), and consulted with others present during the founding and various iterations of the FOC’s development. Staff also consulted former US government and other member-nation officials and contacted the FOC Support Unit (Global Partners Digital) for information about its structure, budget, and workstreams.

The DFRLab is grateful to the individuals who contributed their expertise as we prepared this resource. Particular thanks are owed to Jochai Ben-Avie, Jessica Dheere, Eileen Donahoe, Verónica Ferrari, Katharine Kendrick, Mallory Knodel, Sarah Labowitz, Emma Llanso, Katherine Maher, Susan Morgan, Christopher Painter, Jason Pielemeier, Chris Riley, and Michael Samway.

Annex I: Timeline: Evolution of FOC Structure

Annex II: Timeline: FOC Joint Statements

Annex III: Glossary: FOC Terms

Coalition Chair: The chair of the coalition is responsible for coordinating the day-to-day meetings and strategy of the coalition, as well as providing diplomatic and political support for coalition convenings. Chairs may elect to host the Freedom Online Conference. The chairmanship rotates on an annual basis.

Digital Defenders Partnership (DDP): The Digital Defenders Partnership is a fund initiated by the FOC and managed by Hivos, which is intended to support digital-rights activists and human-rights defenders.

Freedom Online Conference: The Freedom Online Conference is a multistakeholder convening hosted semiannually by the coalition chair. The purpose of the conference is to advance the chair’s goals, laid out in the program of action, and facilitate discussions on Internet freedom issues relevant to the local context of the conference.

Friends of the Chair: The “Friends of the Chair” are a group of FOC members that provide support to the coalition chair. The purpose of this grouping is to ensure continuity between annual rotations of the chairmanship.

FOC Advisory Network (FOC-AN): The FOC Advisory Network is the formal mechanism for the FOC to engage with the broader multistakeholder Internet community and global civil society.

Joint Statement: Joint statements allow all member governments of the FOC to react together, and to prioritize issues related to Internet freedom. These statements include all members of the coalition.

Country-Specific Statement: Country-specific statements are exceptional joint statements intended to call out the actions of a specific government that is threatening online freedoms. In this instance, the statements are opt in, and member countries may affirmatively choose to endorse them.
Chair Statement: The chair of the FOC may issue a statement that is related to Internet freedom or that calls out the actions of a specific government. Member states may choose to opt in and endorse the statement of the chair.

Program of Action: The program of action is an agenda authored by the coalition chair and “Friends of the Chair” that sets the priorities for the coalition on an annual basis.

Support Unit: The Support Unit assists the coalition by providing administrative and logistical work to advance the goals laid out in the program of action.

Ad hoc working groups and task forces: Ad hoc working groups and task forces are established by the “Friends of the Chair” and are focused on a narrow substantive mandate. They typically comprise multistakeholder experts and are used to drive action and advise the coalition on issues related to their mandate.

Transcript Dec 7, 2022

Can the Freedom Online Coalition live up to its potential?

By Atlantic Council

The Freedom Online Coalition has operated with varied success. As the US prepares to take over as chair of the body, civil society leaders who helped launch and shape the Coalition discuss how it can best be leveraged to advance a proactively democratic digital world.

Technology & Innovation

Transcript Dec 13, 2022

Canadian Deputy Foreign Minister David Morrison and US Deputy National Security Advisor Anne Neuberger on the importance of the Freedom Online Coalition

By Atlantic Council

Canada’s David Morrison discusses the end of Canada’s chairmanship of the alliance for democratic tech, while the United States’ Anne Neuberger outlines the top priorities ahead.

Technology & Innovation

360/StratCom Dec 8, 2022

The call for coordinated action for a free, open, and interoperable internet

By Erika Hsu

The DFRLab, as part of its annual 360/StratCom event, convened a discussion about the FOC, including the need to coordinate action to protect a free, open, secure, and interoperable internet.

Cybersecurity Disinformation

learn more

1 “Freedom Online: Joint Action for Free Expression on the Internet,” Freedom Online Coalition, December 8–9, 2011.

2 Hilary Rodham Clinton, “Remarks on Internet Freedom,” (remarks at the Newseum, Washington, DC, January 21, 2010), https://2009-2017.state.gov/secretary/20092013clinton/rm/2010/01/135519.htm

3 “About: Open Technology Fund,” Open Technology Fund, last visited November 9, 2022, https://www.opentech.fund/about/

4 “Freedom Online: Joint Action for Free Expression on the Internet.” The founding members of the FOC include Austria, Canada, Costa Rica, the Czech Republic, Finland, France, Estonia, Ghana, Ireland, Kenya, Latvia, the Republic of Maldives, Mexico, Mongolia, the Netherlands, Sweden, Tunisia, the United Kingdom, and the United States.

5 “Structure, Freedom Online Coalition,” Freedom Online Coalition, last visited November 9, 2022, http://freedomonlinecoalition.com/structure

6 Ibid. Current “Friends of the Chair” include Canada (2022 chair of the FOC), Denmark, Estonia, Finland, France, Germany, Ghana, the Netherlands, Switzerland, the United Kingdom, and the United States

7 Aims and Priorities, Freedom Online Coalition,” Freedom Online Coalition, last visited November 9, 2022, http://freedomonlinecoalition.com/aims-and-priorities.

8 “Advisory Network, Freedom Online Coalition,” Freedom Online Coalition, last visited November 9, 2022, http://freedomonlinecoalition.com/advisory-network.

9 Stockholm Terms of Reference of the Freedom Online Coalition,” Freedom Online Coalition, May 16, 2017, https://freedomonlinecoalition.com/document/the-stockholm-terms-of-reference/.

10 “Global Partners Digital,” Global Partners Digital, last visited November 9, 2022, https://www.gp-digital.org. The “Friends of the Chair” convene on a monthly basis, and the minutes of these calls are published at: “Friends of the Chair Monthly Call #1,” Freedom Online Coalition, last visited November 9, 2022, https://freedomonlinecoalition.com/wp-content/uploads/2022/04/Minutes-from-the-Friends-of-the-Chair-Call-1-January-1.pdf.

11 Member states that contributed to the Support Unit’s 2022–2023 budget include Australia, Canada, Estonia, Finland, Ireland, the Netherlands, Switzerland, and the United States.

12 The FOC did not have a chair in 2017 or 2020. The 2019 chair (Ghana) hosted its conference in February 2020.

13 FOC Joint Statement on The Socialist Republic of Vietnam’s Decree 72,” Freedom Online Coalition, August 2013, https://freedomonlinecoalition.com/wp-content/uploads/2021/06/FOC-Joint-Statement-on-The-Socialist-Republic-of-Vietnams-Decree-72.pdf.

14 “Statement on Behalf of the Chair of The Freedom Online Coalition: A Call to Action on State-Sponsored Disinformation in Ukraine,” Freedom Online Coalition, March 2, 2022, https://www.canada.ca/en/global-affairs/news/2022/03/statement-on-behalf-of-the-chair-of-the-freedom-online-coalition-a-call-to-action-on-state-sponsored-disinformation-in-ukraine.html.

15 “Recommendations for Human Rights Based Approaches to Cybersecurity,” Internet Free & Secure Initiative, last visited November 9, 2022, https://freeandsecure.online/recommendations/.

16 “Digital Defenders Partnership,” Hivos, last visited November 9, 2022, https://hivos.org/program/digital-defenders-partnership/#:~:text=Digital%20Defenders%20Partnership%20(DDP)%20was,harm%20and%20mentorship%20and%20partnership.

17 Ibid.

18 Freedom Online Coalition (FOC) Terms of Reference,” Freedom Online Coalition, September 6, 2012, https://freedomonlinecoalition.com/wp-content/uploads/2021/05/Nairobi-Terms-of-Reference.pdf.

19 “Ad Hoc Working Groups & Other Entities,” Freedom Online Coalition, last visited November 9, 2022, https://freedomonlinecoalition.com/ad-hoc-working-groups-task-forces.

20 Snowden Revelations,” Lawfare, last visited November 9, 2022, https://www.lawfareblog.com/snowden-revelations.

21 “Recommendations for Freedom Online,” Freedom Online Coalition, April 28, 2014, https://freedomonlinecoalition.com/wp-content/uploads/2021/05/FOC-recommendations-consensus.pdf.

22 Looking Back to Move Ahead: Freedom Online Coalition Strategic Review Outcome. Final Report and Recommendations of the FOC Strategic Review Working Group May 2015–October 16,” Freedom Online Coalition, October 17–18, 2016, https://freedomonlinecoalition.com/wp-content/uploads/2021/05/FOC-SRWG-Outcome-bundle_FINAL-1.pdf.

23 The San Jose Statement of the Freedom Online Coalition Regarding the Outcome of the 2016 Strategic Review,” Freedom Online Coalition, October 17–18, 2016.

24 “Stockholm Terms of Reference of the Freedom Online Coalition.”

25 The support unit remains housed at Global Digital Partners (GDP), with its most recent contract renewed in 2020.

26 “Ad Hoc Working Groups & Other Entities.”

27 Ibid.

28 “FOC 10th Anniversary Helsinki Declaration—Towards a Rules-based, Democratic and Digitally Inclusive World,” Freedom Online Coalition, December 2–3, 2021, https://freedomonlinecoalition.com/wp-content/uploads/2021/12/FOC-10th-Anniversary-Helsinki-Declaration-Towards-a-Rules-based-Democratic-and-Digitally-Inclusive-World.pdf.

29 Ibid.

30 Greg Miller and Joseph Menn, “Putin’s Prewar Moves Against U.S. Tech Giants Laid Groundwork for Crackdown on Free Expression,” Washington Post, March 12, 2022, https://www.washingtonpost.com/world/2022/03/12/russia-putin-google-apple-navalny.

The post An introduction to the Freedom Online Coalition appeared first on Atlantic Council.

CBDC Tracker cited in CoinDesk op-ed for Yahoo Finance on China’s development of a CBDC

rlopezirizarry — Mon, 05 Dec 2022 20:38:00 +0000

The post CBDC Tracker cited in CoinDesk op-ed for Yahoo Finance on China’s development of a CBDC appeared first on Atlantic Council.

House quoted in CoinDesk article for Yahoo Finance on coordinating government policy on crypto

rlopezirizarry — Mon, 05 Dec 2022 20:34:00 +0000

The post House quoted in CoinDesk article for Yahoo Finance on coordinating government policy on crypto appeared first on Atlantic Council.

India’s data localization pivot can revamp global digital diplomacy

Anand Raghuraman — Mon, 05 Dec 2022 19:05:00 +0000

With its latest draft data privacy bill, India has opened up intriguing possibilities for a shift in global digital diplomacy—a new alignment between New Delhi, Washington, and Brussels that could reinvigorate digital trade and reshape the rules of the road in the digital economy. The key to it all is India’s new approach to data localization, which would now permit cross-border data flow into “certain notified countries.”

The new approach marks a relaxation of India’s hardline stance on data localization, and it comes as New Delhi looks to streamline and pass national privacy legislation after nearly five years of exhaustive deliberations. Previous versions of the privacy bill—which restricted transfer and storage of sensitive and critical data outside Indian borders—were criticized by foreign governments and global technology companies as introducing unnecessary barriers to digital trade and promoting the rise of a splinternet. For their part, Indian officials maintained that data localization was necessary to defend national sovereignty, ensure timely law enforcement access to data, bolster local firms vis-à-vis Big Tech competitors, and spur investment in local cloud storage.

Setting aside the specific merits of these arguments, it’s clear that the tensions on data localization came with diplomatic costs—for India and for its strategic partners. For example, the tensions strained trade ties with the United States and the European Union (EU) and helped forestall any serious attempt to negotiate bilateral free trade agreements. In 2019, it resulted in India refusing to sign on to the G-20 Osaka Track declaration, in which host nation Japan pitched “data free flow with trust” (DFFT) as a model framework for secure cross-border data flows. More recently, Indian trade officials cited the country’s stance on data localization to explain, in part, why New Delhi would not join the trade pillar of the Biden administration’s Indo-Pacific Economic Framework (IPEF).

Indeed, India was the only nation participating in IPEF that would not agree to discuss all four pillars of the agreement.

The bottom line is this: India’s stance on data localization constrained its ability to engage in digital diplomacy. With a new privacy bill, however, it has outlined a compromise option. While it may not satisfy critics of the bill batting for more permissive cross-border data flow regimes or the hardened nationalists favoring sharper data localization restrictions, the Indian bill gives New Delhi flexibility to balance multiple national interests.

However, India’s data localization pivot also raises two obvious questions. Which countries will the Indian government deem safe for cross-border data flow? Moreover, what criteria will New Delhi use to make that determination? India’s draft bill is silent on both matters, stating only that “an assessment of relevant factors by [the] Central Government would precede such a notification.” Final legislation or subsequent implementing regulations will need to offer clarity.

This process puts India squarely in the driver’s seat. For example, India could choose to whitelist strategic partners like the United States or European Union on the basis of shared values and national security interests. It could require that whitelisted countries have a sound data protection framework that provides suitable protection to Indian data transferred overseas—just as the EU has adequacy standards under the General Data Protection Regulation regime. It could even leverage the whitelist as a bartering chip in bilateral trade talks with the European Union and the United States, securing reciprocal concessions in exchange for deeming both countries fit for cross-border data flow.

The possibilities are vast, but they do not eliminate the need to make choices and move swiftly. India will hold the G-20 presidency in 2023 and look to elevate digital cooperation as a centerpiece of its global agenda. While the Indian government is likely to prioritize efforts to export India’s model of digital public goods, there is a clear opportunity to forge a baseline consensus on cross-border data flows, perhaps through a reimagined “DFFT 2.0” framework or a flagship “New Delhi Digital Compact.” This would be a lasting achievement for India’s G-20 presidency and one that could help knit together the US, European, and Indian digital ecosystems in the years to come.

With these goals in mind, India should advance four key efforts over the course of the next year:

Move quickly to pass the data privacy bill in parliament early in the year. If there is space for more permissive cross-border data flow regimes—i.e., a “blacklist approach” where only nations deemed “untrustworthy” face cross-border flow restrictions—India should pursue it. At the very least, it should maintain the opening for cross-border data flow into trusted foreign countries.
Spell out the broad criteria they will use to whitelist countries safe for cross-border data flow. These should include countries’ geostrategic alignments, respect for democratic values, domestic data privacy frameworks, and trade and investment potential. Whitelisted countries should ideally satisfy criteria drawn from all four buckets, but India could opt to maintain leeway to select non-democratic countries in the Gulf with whom it enjoys strong geopolitical and economic ties.
For key strategic partners such as the United States and European Union, signal a willingness to allow cross-border data flow but use the opportunity to kickstart a broader negotiation on digital economy issues. India and the EU have already set up the EU-India Trade and Technology Council, but the United States and India lack a similar high-level forum to align policy frameworks for the digital economy. Filling this gap with a new “digital economy ministerial” is vital to driving US-India trade and technology cooperation forward and operationalizing the vision for a bilateral “digital handshake.” The United States and India should look to begin these conversations early next year when US Secretary of Commerce Gina Raimondo visits India for the US-India CEO Forum.
Finally, India and its partners within the Quadrilateral Security Dialogue (QUAD) should explore ways to strengthen interoperability between the four countries’ emerging privacy laws and cross-border data flow frameworks. This would help substantiate the existing “Quad Principles on Technology Design, Development, Governance, and Use” which remain a statement of ambition, not a basis for action. The QUAD can also begin to explore targeted areas for deeper law enforcement cooperation and evidence sharing. This will require tough conversations around the role of state surveillance in each country and institutional checks on government power. Yet, this is precisely the kind of frank discussion that trusted partners should drive.

Indeed, trust is increasingly the coin of the realm in the global digital ecosystem. It is vital to sustaining the cross-border data flows that underpin global commerce and connectivity in the twenty-first century. With its data localization pivot, India has opened space for more robust digital diplomacy that can bridge the gaps between the world’s largest digital democracies and help prevent the global digital ecosystem from splintering further.

This is an exciting project for an ambitious country—one that is ready to show the world that Digital India has arrived.

Anand Raghuraman is a non-resident fellow with the Atlantic Council’s South Asia Center and Director at the Mastercard Policy Center for the Digital Economy.

The South Asia Center serves as the Atlantic Council’s focal point for work on the region as well as relations between these countries, neighboring regions, Europe, and the United States.

SouthAsiaSource Nov 23, 2022

India’s new data bill is a mixed bag for privacy

By Justin Sherman

India’s parliament has released its Digital Personal Data Protection Bill, offering a mixed bag for privacy.

Digital Policy Economy & Business

New Atlanticist Oct 18, 2022

How India’s new digital rules can demonstrate a commitment to good regulatory practices

By Mark Linscott

India has a chance to lay a path toward a free trade agreement with the United States if it handles sensitive digital rules the right way.

Digital Policy India

Report Jun 20, 2022

The case for a US-India digital handshake

By Atlantic Council US-India Digital Economy Task Force

This report advocates for a US-India “digital handshake” to overcome substantive and institutional barriers in US-India digital economic cooperation.

Digital Currencies Digital Policy

Southasiasource Blog

The post India’s data localization pivot can revamp global digital diplomacy appeared first on Atlantic Council.

India’s new data bill is a mixed bag for privacy

Justin Sherman — Wed, 23 Nov 2022 16:51:57 +0000

India’s parliament has released its Digital Personal Data Protection Bill, the second pass at a comprehensive data privacy law after the government withdrew its Personal Data Protection Bill earlier this year. The current draft is shorter than the other bill, though it has many of the same components.

Indian policymakers have also circulated comments on the bill that have not been made publicly available, but which I discuss here. Importantly, the new bill offers a mixed bag for privacy—with some requirements for companies to receive individual “consent,” correct inaccurate personal data, and protect data rights alongside concerning provisions for government data access. This analysis is not comprehensive, but highlights some key points of note in the legislation which would constitute a major development in global data regulation.

As with the old bill, the Digital Personal Data Protection Bill requires organizations processing data (which it calls “data fiduciaries”) to obtain “consent” from individuals about whom they are processing data. When an individual gives their “consent,” the bill says, the organization must provide that person with “an itemized notice in clear and plain language” that describes the data collected and the purpose for which it is being processed, “as soon as it is reasonably practicable.” The bill also proposes that individuals be able to withdraw their “consent” for organizations to process their data, at which point the organization in question must stop doing so.

This notion of consent is broken, and it is not specific to India, either. US and European companies and policymakers push the same idea. People do not read terms of service agreements, and companies that flash a lengthy document with inaccessible legalese—waiting for individuals to just click “accept”—know that users neither read nor understand the document.

This defies the very notion of consent.

Likewise, people do not read privacy policies, yet many websites and applications will literally assert that viewing the website or opening the application in and of itself constitutes agreement with its privacy policy. Furthermore, consent is not fully and freely given in a world in which citizens—including Indian citizens—cannot access basic services without subjecting themselves to data collection. Nonetheless, the new bill’s language on consent puts India relatively in the same direction as “consent” provisions in US state privacy laws and the General Data Protection Regulation in the European Union.

Government data collection carve outs

The bill weakens this notion of consent even further by specifying numerous exceptions, including many exceptions for the Indian government. While some are arguably more reasonable, others create privacy risks to Indian citizens and generate complex legal questions for companies and organizations operating in India.

Individuals, in the most recent public bill draft, are deemed to have given consent if the data processing “is necessary” for “the performance of any function under law,” “for compliance with any judgment or order issued under any law,” “for responding to a medical emergency involving a threat to the life or immediate threat to the health of the [individual] or any other individual,” and “for taking measures to ensure safety of, or provide assistance or services to any individual during any disaster, or any breakdown of public order,” among others. It would also exempt situations in which it is “reasonably expected” that someone would provide their personal data to an organization voluntarily, the processing of “publicly available personal data,” and credit scoring.

While some of these exceptions may appear reasonable on their face (such as credit scoring), many are highly concerning from a privacy and civil rights perspective. The government of Indian Prime Minister Narendra Modi has frequently made bogus claims of threats to public safety and order to crack down on protest and dissent. Authorities have likewise drawn on similarly dubious, but public order-framed, claims to legally and rhetorically justify shutting down the internet more times than any other country on earth. In similar form, the bill’s current language would allow for data gathering based on the “public interest,” defined extremely broadly to include the interest of India’s sovereignty and integrity, state security, friendly relations with foreign states, maintenance of public order, preventing incitement of any of the aforementioned activities (like undermining public order), and preventing the dissemination of “false statements of fact.”

The Modi government is hardly the only government in a nominally democratic country engaged in outright undemocratic practices. Yet, the proposal for incredibly broad government data carve outs in the bill would empower state surveillance at the expense of Indian citizens’ privacy and civil rights. It would also force companies and organizations operating in India to constantly grapple with an even more complex set of legal questions around expanded government access to data.

Concerningly, this is just one component of the Modi government’s broader push to undermine encryption and increase its ability to coerce technology companies.

Data localization

The most contentious element of the old Personal Data Protection Bill was probably its data localization requirements. These stipulations would have required organizations with personal data on Indian citizens to keep that information stored in the country, in some cases merely a copy and in other cases preventing outbound transfer entirely. Different Indian policymakers wanted these requirements in place for a range of reasons, including to impose costs on foreign companies, boost India’s data storage industry, increase Indian government oversight over the storage of data related to Indian citizens, and, as some saw it, enable better Indian law enforcement access to crime-relevant data held by US companies, which is currently less than accessible through a broken mutual legal assistance treaty process.

The new bill steps away from that emphasis on localization. Instead of requiring local storage of data per se, it proposes to allow the Indian government to evaluate foreign countries’ data protection regimes and then certify those as sufficient to provide destinations for Indian citizens’ data. Specifically, it states, “The Central Government may, after an assessment of such factors as it may consider necessary, notify such countries or territories outside India to which a Data Fiduciary may transfer personal data, in accordance with such terms and conditions as may be specified.”

Foreign businesses will certainly be happy about this change. Most often, their complaints about data localization came back to costs—not wanting to pay for the technical changes and technical infrastructure to store data locally in India, as well as other legal and organizational costs. But there are also other concerns generated by data localization, including climate emissions costs for duplicate data storage infrastructure and the cybersecurity risks of storing another copy of information when there was previously one fewer.

These provide at least several reasons for the Indian government to move away from a highly controlled data localization regime.

Other ideas undergoing debate

The current version of the bill on the website for the Indian Ministry of Electronics and Information Technology does not apply to “non-automated processing of personal data,” “offline personal data,” “personal data processed by an individual for any personal or domestic purpose,” and “personal data about an individual that is contained in a record that has been in existence for at least 100 years.”

Interestingly, one marked-up version of the bill I reviewed—whose changes are not reflected in the current draft online—contained a suggestion to also exempt “anonymized personal data” that is “owned by the central or state government, depending on the subject matter to which the data pertains” from the bill. It also contained an edit to explicitly use the phrase “data free flow with trust” to describe the provisions on the Indian government’s approval for foreign data transfers and storage.

The Economic Times reports, in this vein, that the next iteration of the bill will have the Indian government define “trusted” geographies to which data fiduciaries can transfer and store data related to Indian citizens.

The former is (here, was) a bad suggestion. In the United States, federal and state legislators continue to exempt “anonymized” or “deidentified” data from privacy laws and bills under the false belief that such terms are technically meaningful. Numerous studies have shown how easy it is to link supposedly “deidentified” or “anonymized” data to real people, given advancements in statistical data analysis, the sheer volume of data in the world today, and companies’ access to data points that are remarkably unique to individuals, such as geolocation history or a device’s Wi-Fi connection patterns.

Yet, legislators continue to include these carve outs in laws, including because companies push the bogus line that “anonymization” is real. Hopefully, India’s parliament does not fall into the same trap. New techniques to better protect the confidentiality of data while still enabling organizations to process it, such as differential privacy, are valuable. The better path forward is to recognize that there is a spectrum of capabilities to link data to people by name or by another clear individual identifier—and that total “anonymization” is a myth.

The second suggestion in the unpublished bill markup I reviewed—the phrase “data free flow with trust”—is a reference to the Data Free Flow with Trust initiative spearheaded by the Japanese government at the 2019 G-20 in Osaka. At the time, it described a general belief that countries have an interest in allowing the free flow of data between one another, but with some safeguards in place. New Delhi refused to sign onto the initial Data Free Flow with Trust agreement in 2020—a vague proclamation to pursue cooperation for a “data free flow with trust” framework—because it saw the effort as too driven by high-resource countries. India’s minister of commerce and industry had then said that “in view of the huge digital divide among countries, there is a need for policy space for developing countries who still have to finalize laws around digital trade and data. Data is a potent tool for development and equitable access of data is a critical aspect for us.”

As governments expand their data flow regulations, India’s shift away from such an emphasis on localization and toward a focus on trusted geographies aligns India with some of these efforts—while still leaving space for policymakers to carve out a so-called fourth way of data governance aimed at global south countries. Significantly, India is also taking over the G-20 presidency, which means a data free flow with trust type approach could put the country in an influential position to drive global data conversations in the next year.

Conclusion

There was intense debate about the last attempt at comprehensive data regulation in India, including among Indian policymakers, US policymakers, US tech companies, and civil society stakeholders in India. Undoubtedly, those kinds of debates will continue happening around the new legislation.

There are also numerous other issues and questions raised by the proposal that merit deeper analysis and discussion—far more than is covered in this article. For now, though, it’s clear that India is intent on planting its flag on data regulation, and that where “trusted geographies” are concerned, there is plenty of space for the US government to productively engage.

Justin Sherman (@jshermcyber) is a fellow at the Atlantic Council’s Cyber Statecraft Initiative. He was also a member of the AC South Asia Center’s US-India Digital Economy Task Force and led its working group on US-India data policy.

The South Asia Center serves as the Atlantic Council’s focal point for work on the region as well as relations between these countries, neighboring regions, Europe, and the United States.

New Atlanticist Oct 18, 2022

How India’s new digital rules can demonstrate a commitment to good regulatory practices

By Mark Linscott

India has a chance to lay a path toward a free trade agreement with the United States if it handles sensitive digital rules the right way.

Digital Policy India

SouthAsiaSource Aug 8, 2022

Collaboration, not competition, is key to alleviating the global chip shortage

By Ridhika Batra

If the international community seeks to diversify chip manufacturing and create safety nets for future crises, then collaboration—as opposed to competition—seems a logical and prudent first step.

China Economy & Business

Report Jun 20, 2022

The case for a US-India digital handshake

By Atlantic Council US-India Digital Economy Task Force

This report advocates for a US-India “digital handshake” to overcome substantive and institutional barriers in US-India digital economic cooperation.

Digital Currencies Digital Policy

Explore the #AtlanticDEBRIEF series

SouthAsiaSource Blog

The post India’s new data bill is a mixed bag for privacy appeared first on Atlantic Council.

#AtlanticDebrief – What is the state of transatlantic trade & tech? | A Debrief from Tyson Barker and Ken Propp

nlawler — Tue, 22 Nov 2022 17:35:36 +0000

IN THIS EPISODE

What are the driving forces pushing cooperation in transatlantic trade and tech, and what are the issues pulling cooperation further apart? What can we expect from the upcoming third meeting of the US-EU Trade and Technology Council (TTC) in December? Established to support greater coordination of approaches in the global trade and technology space, will the TTC translate coordination into action? What will the impact of trade irritants and accusations of protectionism from both Brussels and Washington be on cooperation in the digital space? What role does European digital sovereignty play in this dynamic? What is the view of digital sovereignty in EU member states?

On this episode of #AtlanticDebrief, Europe Center Senior Director Jörn Fleck sits down with Tyson Barker, Head of the Technology and Foreign Policy Program at the German Council on Foreign Relations (DGAP), and Kenneth Propp a Nonresident Senior Fellow at the Atlantic Council’s Europe Center to discuss all things transatlantic trade and tech, European digital sovereignty, and its impacts for transatlantic cooperation.

You can watch #AtlanticDebrief on YouTube and as a podcast.

SUBSCRIBE TO #Atlanticdebrief

listen to #AtlanticDEBRIEF as a podcast

MEET THE #ATLANTICDEBRIEF HOST

Staff

Jörn Fleck

Senior Director

Europe Center Transform Europe Initiative

Digital Policy Economy & Business

Europe Center

Providing expertise and building communities to promote transatlantic leadership and a strong Europe in turbulent times.

The Europe Center promotes the transatlantic leadership and strategies required to ensure a strong Europe.

The post #AtlanticDebrief – What is the state of transatlantic trade & tech? | A Debrief from Tyson Barker and Ken Propp appeared first on Atlantic Council.

Ness in Centre for European Perspective’s “Strategic partnership for a secure and digital Europe” report: Is the Glass Half Empty or Half Full?

jbatchik — Tue, 22 Nov 2022 15:57:00 +0000

Original source

Europe Center nonresident senior fellow Susan Ness authored a section of the report Strategic partnership for a secure and digital Europe Forging a digitally advanced future with deepened transatlantic cooperation organized by the Centre for European Perspective, assessing the role of the EU-US Trade and Technology Council in aligning transatlantic democracies.

The war in Ukraine underscored on both sides of the Atlantic the urgency of achieving greater alignment on technology to demonstrate transatlantic unity and to promote democratic values as a bulwark against the malicious use of cyberspace by despotic regimes.
Susan Ness

About the author

Fellow

Susan Ness

Digital Policy Economy & Business

The post Ness in Centre for European Perspective’s “Strategic partnership for a secure and digital Europe” report: Is the Glass Half Empty or Half Full? appeared first on Atlantic Council.

How to prevent the next FTX

JP Schnapper-Casteras — Thu, 17 Nov 2022 22:04:00 +0000

The recent implosion of the major cryptocurrency exchange FTX has reignited debates about how—and how heavily—to regulate cryptocurrencies. While the fallout for all those connected to FTX will likely linger, there are steps that policymakers and the industry can take now to build transparency and trust—thereby protecting consumers and avoiding a repeat of this disaster.

Everyone is still trying to figure out precisely what went wrong and why. But the revelations thus far are stunning. For starters, FTX was not only the world’s third-largest crypto exchange—which is a website where customers deposit, buy, and sell various sorts of tokens and derivative products—but it also had close ties to an affiliated trading firm run by FTX’s CEO called Alameda Research. To make matters more complicated, FTX had also minted a token of its own called FTT.

That overlap is where the trouble began. At some point this year, FTX CEO Sam Bankman-Fried allegedly transferred ten billion dollars in customer funds to Alameda Research to make up for trading losses incurred there. On November 6, FTX’s major competitor, another exchange called Binance, announced that it owned a large amount of FTT tokens and was going to sell them all, which could crash the price and imperil the balance sheet of FTX. Customers became spooked and began withdrawing their funds from FTX by the billions. Binance briefly floated a plan to swoop in and acquire FTX, but promptly abandoned that. Things went downhill from there: FTX froze withdrawals and most of FTX’s legal and compliance teams quit. Other serious allegations came to light, including that there may be a secret backdoor in FTX software that eluded auditors and led to some $1.7 billion going missing. The drama was heightened by the persona at the heart of it, Bankman-Fried, who was once considered a wunderkind of crypto, testified before Congress, and was an active political donor. He has been live-tweeting the entire episode (sometimes enigmatically) and continues giving detailed and disconcerting interviews. All told, thousands of FTX customers have billions in funds that they cannot withdraw, and the crisis has spread to other companies.

The fallout has been swift. In a single day, FTX filed for bankruptcy, Bankman-Fried formally resigned, and someone (potentially a hacker) absconded with over three hundred million dollars in assets. Federal officials at the Securities and Exchange Commission (SEC), Commodity Futures Trading Commission, and Manhattan US Attorney’s Office are all reportedly investigating the matter. Congressional hearings are planned, and US Senator Elizabeth Warren, a leading Democrat on the banking committee, called for “stronger rules and stronger enforcement.” Commentators are suggesting that this is a death knell for crypto generally. Cryptocurrency proponents are reeling, and some partly blame regulators for failing to catch wind of irregularities earlier.

All of this litigation, investigation, and regulation will take several years to unfold. And it seems unlikely that Congress will pass a legislative fix anytime soon—particularly because a draft bill previously under consideration was supported by Bankman-Fried.

In the meantime, however, there are some steps that policymakers and industry can take to prevent a calamity like this from recurring.

First, financial regulators and industry leaders should move toward what is known as “proof of reserves,” meaning that large, centralized exchanges and custodians have to actually prove (and document) their assets and liabilities. In other words, they cannot baldly assert that they possess one billion dollars in customer funds while quietly using those funds to make other risky investments and loans. Already, a movement is afoot across the sector to adopt this measure voluntarily. Policymakers could strengthen it by encouraging periodic reporting, audit standards, and other guidelines to avoid gamesmanship (e.g., moving money around right before a report is due).

Second, the industry needs to step it up in terms of self-policing. In traditional finance, there are groups known as self-regulatory organizations that have the power to establish and enforce industry standards. No such body yet exists with respect to cryptocurrency, although several trade associations that have emerged in Washington are doing good work and might join forces on this. Recent crises also underscore why the sector needs to proactively blow the whistle on bad actors, not just advocate for favorable legislation.

Third, regulators should reaffirm—and where needed, clarify—that US regulations still apply to products and services that are regularly sold in the United States. Currently, some big, centralized cryptocurrency companies essentially argue that they are everywhere but nowhere. The CEO of the largest exchange, Binance, has repeatedly insisted that he has no headquarters whatsoever. It is hard to see how that position is legally sustainable for a centralized, for-profit entity—particularly now. Going forward, dizzying corporate structures and unsupported assertions about decentralization will not readily escape established principles about regulators’ jurisdiction. Already, we are likely to see agencies such as the SEC redouble their crypto enforcement activities. Existing federal laws might be adequate to pursue claims of outright fraud and extraordinary financial misconduct, and it is not yet clear that new legislation or new regulation would stem the root causes of FTX’s implosion.

In addition to the significant harms to customers, the sad irony of the FTX crisis is that some prominent cryptocurrency projects were born out of a true desire to avoid the excesses and errors of the 2008 financial collapse. Indeed, the first Bitcoin ever minted literally embedded a 2008 headline about the bailout of big banks. If the industry wants to preserve that vision, it must improve transparency, rebuild trust, and get its own house in order.

JP Schnapper-Casteras is a nonresident senior fellow at the Atlantic Council’s GeoEconomics Center and a practicing attorney.

Cryptocurrency Regulation Tracker

Cryptocurrencies may significantly alter financial structures and transform the next generation of money and payments. Governments around the world are looking to create regulations to prevent the harms caused by cryptocurrencies while encouraging the innovative capabilities of cryptocurrencies. We analyze how 45 countries have regulated cryptocurrency in their jurisdictions.

The post How to prevent the next FTX appeared first on Atlantic Council.

Graham cited in DevDiscourse on the impact of Xi’s third term on China’s economy

rlopezirizarry — Sun, 13 Nov 2022 20:21:50 +0000

The post Graham cited in DevDiscourse on the impact of Xi’s third term on China’s economy appeared first on Atlantic Council.

Mark and CBDC tracker cited in Wired on China’s leadership with digital currencies

avishwanath — Wed, 09 Nov 2022 15:17:52 +0000

The post Mark and CBDC tracker cited in Wired on China’s leadership with digital currencies appeared first on Atlantic Council.

Younus in Dawn: Debt trap: What the Pakistan govt can learn from the Jodia Bazar ecosystem

Atlantic Council — Tue, 08 Nov 2022 21:47:00 +0000

Original Source

The post Younus in Dawn: Debt trap: What the Pakistan govt can learn from the Jodia Bazar ecosystem appeared first on Atlantic Council.

CBDC Tracker cited by Forbes India on the Reserve Bank of India exploring CBDCs

rlopezirizarry — Tue, 08 Nov 2022 20:37:31 +0000

The post CBDC Tracker cited by Forbes India on the Reserve Bank of India exploring CBDCs appeared first on Atlantic Council.

CBDC Tracker cited by CoinTelegraph on the low adoption rate of Nigeria’s eNaira CBDC.

rlopezirizarry — Fri, 04 Nov 2022 18:56:16 +0000

The post CBDC Tracker cited by CoinTelegraph on the low adoption rate of Nigeria’s eNaira CBDC. appeared first on Atlantic Council.

CBDC Tracker cited by Reuters on the UAE’s CBDC pilot program

rlopezirizarry — Fri, 04 Nov 2022 18:55:27 +0000

The post CBDC Tracker cited by Reuters on the UAE’s CBDC pilot program appeared first on Atlantic Council.

CBDC tracker cited by Bitcoin.com on countries globally exploring central bank digital currencies.

rlopezirizarry — Fri, 04 Nov 2022 18:53:56 +0000

The post CBDC tracker cited by Bitcoin.com on countries globally exploring central bank digital currencies. appeared first on Atlantic Council.

Digital sovereignty in practice: The EU’s push to shape the new global economy

Frances Burwell, Kenneth Propp — Wed, 02 Nov 2022 18:00:00 +0000

As the digital landscape grows, the European Union (EU) is advancing its efforts to expand its indigenous technological capacities and establish global governance norms. This effort has significant implications for the economic and political underpinnings of the US-EU relationship.

Under the leadership of European Commission President Ursula von der Leyen, the idea of “digital sovereignty” has become a central—albeit nebulous and controversial—guiding principle for Europe’s engagement on digital and tech affairs.

Three years after von der Leyen first spoke of digital sovereignty, this Europe Center report explores what the concept has meant in practice, building on its 2020 report “The European Union and the search for digital sovereignty: Building “Fortress Europe” or preparing for a new world?”. The report identifies three common elements to digital sovereignty:

a greater commitment to supporting technology development within the EU;
an effort to elaborate global norms to govern data and the digital environment; and
greater restrictions on non-EU actors in the EU market.

This direction has outsized implications for the transatlantic relationship. By concentrating on digitizing the European economy and investing in technology capabilities, the EU hopes to make up for current shortfalls and to compete more robustly with digital powerhouses based in the United States and China. In areas such as artificial intelligence—where global norms and standards have yet to emerge—the EU sees its own regulatory efforts as a potential international “gold standard”, like the role that the General Data Protection Regulation has played across the globe.

These measures are not without controversy. For example, the Digital Markets Act, which imposes restrictions on the largest platform companies operating in Europe, is anticipated to affect US firms predominantly, and current proposals for a cybersecurity certification of cloud service providers would limit ownership by non-EU companies. These moves have led to tensions in the US-EU economic relationship—at a time where transatlantic unity is critical in an increasingly geopolitical world.

What is the future of EU digital sovereignty? The European Union will continue to insist that European technology and innovation respect its own concepts of fundamental rights. The report also sees opportunities for democracies to build coalitions to fight growing authoritarian challenges to the liberal order. The global digital realm remains unwieldy and difficult to govern. Yet through creative and determined collaboration in the US-EU Trade and Technology Council, among other fora, policymakers on both sides of the Atlantic can begin to craft a common democratic approach to digital governance, benefiting an open global economy.

Issue Brief Jun 22, 2020

The European Union and the search for digital sovereignty: Building “Fortress Europe” or preparing for a new world?

By Frances Burwell, Kenneth Propp

However the EU redefines sovereignty post-COVID-19—including technological or digital sovereignty—the impact will not be limited to Europe and European companies.

Digital Policy Economy & Business

New Atlanticist Feb 7, 2022

France’s new mantra: liberty, equality, digital sovereignty

By Kenneth Propp

Digital sovereignty is a driving force in European policy debates—and the ripple effect of decisions taken in Brussels will be felt across the pond.

Digital Policy European Union

Experts react Oct 7, 2022

The data privacy deal driving the future of the US-EU commercial relationship

By Atlantic Council experts

Biden’s executive order is the next step toward establishing a new EU-US Data Privacy Framework; but will the new agreement be viable? Our experts break down the details.

Digital Policy Economy & Business

The post Digital sovereignty in practice: The EU’s push to shape the new global economy appeared first on Atlantic Council.

Should Ukraine pursue closer ties with Taiwan?

Michael Druckman — Tue, 01 Nov 2022 23:49:02 +0000

The unintended consequences of Vladimir Putin’s disastrous war in Ukraine will be studied for years to come, with ongoing geopolitical repercussions already evident from North America to East Asia. Russia’s rapidly unraveling invasion has served as a warning to Putin’s ally, Chinese leader Xi Jinping, as he mulls a possible attempt to retake Taiwan.

Meanwhile, Taiwan is pursuing an ambitious global charm offensive to shore up its international relationships, including efforts to enhance bilateral ties with Ukraine. The Ukrainian government now has an opportunity to broaden and deepen the strategic relationship between these two embattled democracies.

Prior to Russia’s February 2022 offensive, Taiwan had almost zero visibility inside Ukraine. Its trade office presence in Kyiv was both intentionally minimized by Taipei and largely ignored by the Ukrainian authorities, who remained cautious about antagonizing China while welcoming strong Chinese trade links as a counterweight to Russia. Indeed, in the years prior to Putin’s full-scale invasion, China had emerged as Ukraine’s largest trade partner and a key market for Ukrainian exports.

The events of the past eight months have transformed the geopolitical climate, with Russia’s invasion also altering the dynamics of bilateral ties between Taipei and Kyiv. Given Xi Jinping’s open support for the Kremlin, the prospect of Ukraine resuming its earlier relationship with China is increasingly impractical, making the possibility of stronger economic and diplomatic ties with Taiwan potentially more attractive.

Subscribe to UkraineAlert

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Name
First Last
Email*
Phone
This field is for validation purposes and should be left unchanged.

Taiwan is currently playing a quiet but steady role in Ukraine, including support for rebuilding civilian infrastructure in cities like Kharkiv. Ukraine’s parliament has responded to these overtures with steps of its own to enhance ties with Taiwan, including a newly-formed multi-party group within parliament to promote “closer friendship, trade, and cultural ties.” The Ukrainian government could soon look to extend cooperation into practical areas where both countries can trade best practices and complement each other’s experience of resisting authoritarian aggression.

Closer ties with Taiwan could potentially bolster Ukraine’s efforts to pursue a competitive and diverse market for its goods, a requirement of the country’s association agreement with the EU. The European Parliament has been vocal in its support for enhanced economic relations between Ukraine and Taiwan. Advancements in this area would not only offer Ukraine economic benefits, but could also smooth the path toward further EU integration.

The e-governance and information space offers obvious opportunities for closer cooperation. Ukraine’s ability to maintain the functions of government at all levels since the full-scale Russian invasion began on February 24 is an area worthy of greater international study, particularly in terms of how Ukraine’s decentralized approach to local government has empowered city officials to be proactive in communications, planning, and coordination with citizens. The country’s postal service, tax revenue collection, online banking payments, and e-government services on Ukraine’s Diya app have all functioned smoothly despite the enormous challenges posed by Russia’s invasion.

The Ukrainian government’s masterly use of social media and other communications channels to not only convey important information and build morale inside Ukraine but also effectively communicate to the international community is of enormous interest to Taiwan. Plans are already being developed by Ukraine’s Ministry of Digital Transformation to send a delegation of Ukrainian MPs to Taipei later this year. Similar initiatives would likely be welcomed and met with considerable interest.

Eurasia Center events

After Vilnius: What’s next on Ukraine’s path to NATO?

Eastern Europe NATO Security & Defense Ukraine

Meetings between Ukrainian and Taiwanese representatives within the framework of larger EU gatherings to discuss the lessons already learned from Ukraine’s wartime experience would be beneficial for European and Taiwanese partners. Such gatherings would also provide an EU backdrop that could help Ukraine assess the challenges that European states and their municipalities currently face from Chinese influence.

Taiwan’s readiness to assist Ukrainian cities in addressing the damage wrought by Russia’s war and Taipei’s direct outreach to Ukrainian mayors during summer 2022 are strong arguments for a seat at the table in designing a post-war support package for Ukraine. Taiwanese involvement in reconstruction planning and the strategic rebuilding of Ukrainian cities could bring greater innovation and lead to expanded trade opportunities.

Ukraine could additionally benefit from Taiwan’s technological know-how, investment, innovation, and access to new markets in Asia. At the same time, strengthening public and diplomatic relations would potentially help both countries in their shared strategic goal of resisting authoritarian aggression.

As Ukraine moves closer to what would be an historic victory over Russia, the country will face a whole range of fresh challenges such as maintaining international interest in the post-war reconstruction process. There will also be new opportunities for Ukraine to assume an enhanced role among the world’s democracies. A fully-fledged partnership with Taiwan could deliver a range of important benefits to Ukraine as it begins this next chapter.

Michael Druckman is resident program director for Ukraine at the International Republican Institute.

Jonathan Panikoff — Thu, 27 Oct 2022 17:09:44 +0000

Elon Musk’s purchase of Twitter, likely to be completed by tomorrow and at the original price, comes at a time of increased public scrutiny for the world’s richest man over his closeness with Moscow, his threat—and quick backtracking—to end SpaceX’s provision of the Starlink internet service in Ukraine, and the public disclosure of his plan to cut 75 percent of Twitter’s workforce. Unsurprisingly, the US government is purportedly seeking to review the sale of Twitter. (On Monday, the White House denied that Musk’s purchase was under national security review.)

The potential that the Committee on Foreign Investment in the United States (CFIUS) could be used to review the transaction is slightly curious, given the company’s product isn’t in the same category as, say, semiconductors, artificial intelligence, or aircraft. CFIUS has a mandate to protect national security. But the laws under which CFIUS operates provide little specificity for what that means, and the presence of foreign investors as part of Musk’s consortium to purchase the company is probably enough for the government to seek a review.

But even if CFIUS does undertake a review, it would be extremely unlikely that the sale would be prohibited simply because of foreign investors. If not cleared outright, far more probable is that the transaction would require some sort of mitigation—neither an uncommon result nor a particularly challenging one to overcome—that may see the government and Musk needing to agree to terms that could, for example, prevent any of his foreign investors from accessing Twitter’s underlying data, but not impact their access to information related to the company’s finances or strategic direction.

However the matter is resolved, the takeaway from this episode has little to do with Twitter. Rather, the transaction is simply another example of how the United States views CFIUS, and related government tools, as the new pointy end of the spear when it comes to protecting US national security.

Few constants remain between the Trump and Biden administrations’ national security strategies, but one of them is the view that the United States is in a long-term and adversarial political, economic, and technological competition with China. The expectation for political leaders, investors, and financial markets should be that the US government will use all levers at its disposal to counter China’s pervasive efforts to become the world’s hegemon in the coming decades. And no levers are as accessible or as easily pulled by Washington as the ones in the economic and investment realms.

For the United States, China’s behavior is no longer simply a matter of taking competitive advantage and stealing intellectual property—which continues ad nauseam. Today, with artificial intelligence, quantum computing, and data set to be at the core of US national security in the future, Washington—by leveraging its economic and investment tools—is demonstrating just how far it will go to prevent Beijing from advancing China’s efforts across these domains at the same pace as the United States.

As a result, foreign investment in the United States, the export of advanced US technology to countries including China, controls on how data is used and disseminated, and US venture capital in China are all going to be much more heavily scrutinized.

Chinese quick-hit video app TikTok, which is currently under CFIUS review, is seeking to ensure continued operations in the United States; TikTok was reported last month to be close to finding a resolution with the US government. And yet, evidence that China’s ByteDance—the parent company of TikTok—planned to use the app to monitor the location of specific Americans perfectly demonstrates how US policymakers see no daylight between economic security and national security.

As a result of that perspective, most foreign investments should expect to come under more scrutiny in the future. In US President Joe Biden’s recent executive order, he directs CFIUS to consider a number of factors when reviewing a case: supply chains and their resilience, cybersecurity, data storage and security, protection of personal information, and technology. None of these are particularly novel for CFIUS reviews, but the fact the president has explicitly highlighted them is important because it demonstrates, for example, just how critical the United States views data as a matter of national security.

Moreover, the CFIUS office’s public announcement that it will place new penalties on companies that violate CFIUS agreements further emphasizes that US tolerance for noncompliance in this space is waning.

At the same time, US economic tools outside the Treasury Department are being more consistently leveraged to contest China as well, including a renewed focus on export controls. The Biden administration’s recent decision to have the US Department of Commerce propagate new rules designed to further diminish China’s ability to obtain the most advanced semiconductor chips reflects how the United States is viewing future technology competition with China as a zero-sum game.

The processes to produce the smallest semiconductors are incredibly complex and challenging to get right. Even if reverse engineered correctly, being able to duplicate the process to develop leading-edge chips is far from guaranteed. Thus, this month’s new rule would have had an impact even if it was limited to preventing US companies from exporting their high-end chips to China. But it goes even further and is slated to be most effective because it ultimately limits what amounts to knowledge transfers as well.

The rule—by prohibiting US persons from helping China develop the most advanced, leading-edge manufacturing capabilities—directly diminishes Chinese scientists’ ability to learn how to produce the chips themselves; thus, it is almost certain to be viewed as provocative in Beijing as it will slow China’s chip development and production.

And, just in case US efforts to undermine China’s technological development aren’t clear enough, recent reporting also indicates that the United States is looking at additional export controls to directly limit China’s ability to advance its quantum and artificial-intelligence efforts quickly.

Today, Elon Musk’s Twitter transaction might be in the crosshairs of the US government’s scrutiny. But the trend of the US government synchronizing and leveraging its economic tools for national-security purposes is only just beginning.

Jonathan Panikoff is a senior fellow at the Atlantic Council’s Geoeconomics Center and director of the Atlantic Council’s Scowcroft Middle East Security Initiative. He is also the former director of the Investment Security Group at the Office of the Director of National Intelligence, responsible for overseeing CFIUS and related foreign-investment issues.

The views expressed in this publication are the author’s and do not imply endorsement by the Office of the Director of National Intelligence, the Intelligence Community, or any other US government agency.

The post US economic tools: The frontline of protecting national security—maybe even from Twitter appeared first on Atlantic Council.

Lipsky quoted in Bloomberg on CBDCs

rlopezirizarry — Wed, 26 Oct 2022 21:09:20 +0000

The post Lipsky quoted in Bloomberg on CBDCs appeared first on Atlantic Council.

CBDC tracker cited in The Banker on solving CBDC interoperability for cross-border payments.

avishwanath — Fri, 21 Oct 2022 20:56:30 +0000

The post CBDC tracker cited in The Banker on solving CBDC interoperability for cross-border payments. appeared first on Atlantic Council.

Assistant Director Ananya Kumar cited in Computer World on the surveillance potential of a CBDC

avishwanath — Fri, 21 Oct 2022 20:39:03 +0000

The post Assistant Director Ananya Kumar cited in Computer World on the surveillance potential of a CBDC appeared first on Atlantic Council.

Ukraine’s growing tech sector offers hope amid wartime economic pain

Dathan Duplichen — Fri, 21 Oct 2022 16:05:15 +0000

The invasion unleashed by Vladimir Putin on February 24 has had a devastating impact on the Ukrainian economy, with the latest World Bank forecast predicting Ukrainian GDP will contract by an eye-watering 35% in 2022. Amid this wartime economic gloom, Ukraine’s tech sector is a rare source of optimism.

According to data from the National Bank of Ukraine, IT industry export revenues actually increased by 23% year-on-year during the first six months of 2022 to reach $3.74 billion. This remarkable performance is part of a far longer growth trend stretching back to the turn of the millennium that has seen the Ukrainian tech sector emerge as an engine of the national economy and an increasingly influential factor shaping the broader development of the country.

Ukraine’s tech potential first began to attract international attention around a decade ago with the emergence of Ukrainian-founded companies such as Grammarly, GitLab, airSlate, and Preply. These success stories sparked speculation over whether Ukraine was set to become the world’s next “unicorn factory.” By 2020, the Ukrainian IT sector accounted for 8.3% of total exports and was a key contributor to Ukrainian GDP.

The rise of the country’s tech sector is driving the digitization of Ukrainian society. In recent years, Ukraine has witnessed a dramatic increase in cashless payments and other FinTech innovations. Following his election in 2019, Ukrainian President Volodymyr Zelenskyy established the Ministry of Digital Transformation to facilitate what Zelenskyy has called the creation of “a state within a smartphone.”

Prior to this year’s Russian invasion, the ministry oversaw the launch of digital options to replace a range of bureaucratic processes and secured legal recognition for digital versions of state-issued documents such as passports and driving licenses. With the tech sector now demonstrating remarkable wartime resilience, many believe this ongoing digitalization holds the key to Ukraine’s future.

Subscribe to UkraineAlert

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Name
First Last
Email*
Name
This field is for validation purposes and should be left unchanged.

The IT industry has played a crucial role in expanding the Ukrainian middle class thanks to average salaries in the range of $3,000 per month compared to a national average of approximately $500. One continuing IT industry trend is the strong market share of IT outsourcing. At present, pure product development accounts for only 16% of the IT industry in Ukraine.

Efforts to find investors for new projects have long been complicated by security concerns related to Russian aggression. Eveline Buchatskiy, VP of Special Projects at Ukrainian IT company airSlate, recalls a time when investing in the next Ukrainian startup was a competitive affair. Unfortunately, she says, the venture capital investment climate deteriorated following the outbreak of hostilities with Russia in 2014. Today, airSlate focuses heavily on Ukrainian-based product development, with Buchatskiy confident that the appeal of Ukrainian tech creativity still outweighs the obvious threats created by Russia’s ongoing invasion.

DroneUA founder Valerii Iakovenko is a good example of this creativity. Iakovenko is a medical doctor, turned insurance banker, turned tech entrepreneur. Nine years ago, he and his business partner set out to create ecosystems that support the use of tech in the agricultural industry. According to his data, use of DroneUA’s agriculture drones helps farmers increase agricultural yield by 4% for corn and 2% for wheat. At scale, these percentages are significant, especially given Ukraine’s status as one of the world’s leading agricultural producers.

Last year, the DroneUA team set their sights on the task of providing additional reliable energy sources, with Iakovenko’s team working toward a sustainable marketplace for energy production. This is easier said than done. Not only are supply chains problematic, but increased production requires a growing network of installers and maintenance techs. Additionally, self-sufficient energy production systems are cost-prohibitive. Iakovenko sees the electric independence segment of the tech sector as ready for investment, “once we win the war.” In the meantime, he is focusing on his current priority of providing self-supporting power for Starlink systems.

In order to reach its true potential, Ukraine’s tech sector requires a suitable legal framework. Former US Ambassador to Ukraine Steven Pifer highlights the need for increased legislative stability moving forward. This is particularly salient in the IT sector where proprietary data protection is a key element of business success.

In 2020, Ukraine established the Ukrainian Intellectual Property Institute to address these concerns. The same year, Ukraine also launched the National Intellectual Property Authority (NIPA). More recently, the Ukraine IT Association formed an IT Law Committee to address IP protection concerns specifically in the tech space.

These efforts are needed for many reasons, but it is also important to acknowledge the risks they create in the current environment. Establishing extensive legal protections places potential limitations on innovation within the tech sector. This is particularly relevant for businesses that are trying to innovate and adapt rapidly to changing circumstances. Businesses are faced with the choice of holding on to the advantages of IP protections or sharing data to support Ukrainian innovation and accepting the risk therein.

Eurasia Center events

After Vilnius: What’s next on Ukraine’s path to NATO?

Eastern Europe NATO Security & Defense Ukraine

In recent years, there has been significant discussion over how to help the IT sector transition from IT outsourcing to IT service. Recommendations have centered on targeted taxation, sector integration, talent acquisition, and intellectual property protection. Ukraine looked to increase taxes on non-Ukrainian-owned companies in 2022 to promote local innovation. However, increasing taxes on foreign companies willing to accept the risk of operating in Ukraine could further stall progress. Meanwhile, the December 2021 launch of Ukrainian tech hub Diia City aims to offer further taxation incentives. Diia City significantly reduces the tax burden on IT sector businesses and employees. The project looks to create the largest innovation hub in Europe.

Sector integration continues to provide market growth opportunities. The drive for tech solutions is particularly palpable in the Ukrainian agriculture sector. According to Iakovenko, Ukrainian farmers are often young, eager for tech adoption, and unburdened by a bias for traditional practices. Ukrainian farmers are already utilizing satellite data to determine crop fertility and planting schedules. They also lead the world in terms of drone usage in agriculture.

One key problem facing Ukrainian IT companies is finding enough qualified recruits to maintain the tech sector’s robust growth rate. In order to overcome mounting personnel shortages, the sector has previously sought to attract international talent from nearby Poland, Romania, and elsewhere. However, this is currently unrealistic due to the ongoing Russian invasion.

The Ukrainian government can address shortages through scholarships, increased trade school-style education, and an expansion of the Ukrainian IT Creative Fund. These intermediate and long-term solutions make good sense but do not directly address the current situation. With the increase of Ukrainians moving abroad to escape the war, the government could offer tax waivers to Ukrainian workers outside the country continuing to work for Ukrainian companies remotely. While this will not grow the workforce, it will help diminish the talent drain.

The Ukrainian IT industry is moving forward while adapting to the extreme circumstances created by Russia’s invasion. Much still needs to be done in order to maximize the obvious potential of the country’s tech talent, but the mood within the sector remains overwhelmingly optimistic. This optimism is based on the many resourceful and committed people who are driving Ukraine’s digital progress and shaping the country’s future.

Dathan Duplichen is a graduate of the Ford Dorsey Master’s in International Policy program at Stanford University and a European Foreign Area Officer for the United States Department of Defense. Opinions expressed in this article are those of the author and do not represent the United States Department of Defense.

India’s draft Data Protection Bill (DPB) garnered unusual domestic and international attention. It promised a comprehensive regulatory regime for data and broader digital trade, covering privacy, cybersecurity, law enforcement, and industrial policy. However, it attracted significant criticism: Some viewed it as too heavy-handed in regulating social media platforms or as inadequate as it exempted government entities from protecting personal data; others, such as US tech titans, expressed concerns about it being highly protectionist, essentially curbing international data storage and data flows.

Granted, policymakers in any country can struggle to craft a mix of regulatory approaches for protecting personal data that makes sense in their societies. Too often, arguments from every side of the debate use a take-no-prisoners approach, making it difficult for the average person to understand what a balanced policy should be. Both extremes—laissez faire nonregulation versus a state-imposed “great firewall”—offer cold comfort. Approaches that are in between, such as the European Union’s General Data Protection Regulation and its offspring, may not endure as default examples of reasonable, responsible digital regulation, especially if there are long-term impacts that stifle innovation in digital technologies.

In this light, India’s decision to take a deep breath and continue deliberations and consultations by withdrawing the DPB draft is welcome: It had evolved into a mishmash of well-meaning privacy protections, questionable state interventions to favor domestic champions, and borderline-objectionable steps to extend state ownership of citizens’ data. It certainly could not be viewed as a model law for addressing legitimate public objectives in the digital space.

An opportunity for good regulatory practice

As such, the government’s going back to the drawing board in the face of criticisms may exemplify GRP in action. Ideally, interested stakeholders will have the opportunity to make their cases to the government and other stakeholders, and the Indian government will be better informed in weighing the costs and benefits of alternative approaches. Indian policymakers now have the opportunity to test-run the basics of GRP in developing a digital regulation and can use it as an example to inspire a model for good governance in other sectors.

Across the globe in the United States, the 1946 Administrative Procedures Act generally requires transparency, predictability, and accountability when policymakers write regulations—this legislation has since been fleshed out in much greater detail through executive orders under the authority of the president. The United States has encouraged trade partners to uphold the same transparency, predictability, and accountability through its trade agreements: Those agreements, in negotiating on tariffs, often include conditions that require governments to open their regulatory processes to greater scrutiny and accountability. And although the World Trade Organization has long had in place rules regarding technical barriers to trade, the Obama administration’s negotiation of the Trans-Pacific Partnership (TPP) inaugurated a new era for including provisions in trade agreements on how a country develops and implements its regulations. The United States ultimately left the TPP, but it later built on those provisions in the United States-Mexico-Canada Agreement and US-Japan Trade Agreement.

India and the United States can use their bilateral trade relationship to share perspectives on GRP in the upcoming Trade Policy Forum. There have been positive exchanges already, in which the two sides shared information on their domestic practices. GRP might be an opportune area for agreement, at least in the interim, that could encourage enthusiasm for an eventual US-India free trade agreement. The Biden administration has also included negotiations on GRP under the trade pillar of the Indo-Pacific Economic Framework (IPEF), although India declined in September to join the trade pillar, opting instead to focus on the other three pillars: supply chains, decarbonization, and taxation/anticorruption. US-India bilateral engagement on GRP could complement parallel IPEF negotiations on GRP.

India’s continuing saga of start-stop efforts to regulate the digital domain may soon be better informed by a real-life implementation of GRP. For that to be the case, it should include public notice of opportunities to comment, sufficient time for stakeholders to review any new drafts of legislation and provide responsive comments, and interministerial consultation on areas of shared responsibility. This deliberative process, which should also include a detailed explanation of the rationale for the chosen regulatory approaches, can inform new regulations that have weighed the costs and benefits of alternatives.

At this point, it may not seem likely that a new version of the DPB, whenever it might emerge, will be vastly less troublesome than the last. The stakes are high in terms of generating trust in India’s digital ecosystem, creating welcoming incentives for much-needed foreign investment, and promoting homegrown innovation that can compete fairly in global markets. It’s best to give the Modi administration the benefit of the doubt and hope that this delay will be well-utilized to follow the principles of GRP, leading to a framework that can be an example for the rest of the world.

Mark Linscott is a nonresident senior fellow at the Atlantic Council’s South Asia Center and the former assistant US trade representative for South and Central Asian affairs, and WTO and multilateral affairs.

The post How India’s new digital rules can demonstrate a commitment to good regulatory practices appeared first on Atlantic Council.

Propp in International Association of Privacy Professionals: The redress mechanism in the Privacy Shield successor: On the independence and effective powers of the DPRC

jbatchik — Mon, 17 Oct 2022 12:49:59 +0000

Original source

Europe Center nonresident senior fellow Kenneth Propp, with co-authors Peter Swire and Théodore Christakis, reacts to the details of the White House “Executive Order On Enhancing Safeguards For United States Signals Intelligence Activities” to implement changes to safeguard the free flow of data between the European Union and the United States, and the creation of a Data Protection Review Court.

The new U.S. regime will only pass muster in the Court of Justice of the European Union if it meets EU legal requirements. In this initial article, we focus on one key set of issues — would the decisions of the new Data Protection Review Court meet the relevant EU legal requirements for independence and effectiveness in deciding upon a complaint for redress by an EU person? We suggest that this could indeed be the case.
Kenneth Propp, Peter Swire, and Théodore Christakis

About the author

Fellow

Kenneth Propp

European Union Digital Policy

The post Propp in International Association of Privacy Professionals: The redress mechanism in the Privacy Shield successor: On the independence and effective powers of the DPRC appeared first on Atlantic Council.

Russian War Report: Russia escalates war by targeting cities across Ukraine

Digital Forensic Research Lab — Fri, 14 Oct 2022 18:53:15 +0000

As Russia continues its assault on Ukraine, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) is keeping a close eye on Russia’s movements across the military, cyber, and information domains. With more than seven years of experience monitoring the situation in Ukraine—as well as Russia’s use of propaganda and disinformation to undermine the United States, NATO, and the European Union—the DFRLab’s global team presents the latest installment of the Russian War Report.

Russia escalates war by targeting cities across Ukraine

Russia escalated its war against Ukraine this week with missile attacks and airstrikes on cities across the country, including the first serious attack in the capital Kyiv in months. The Russian army reportedly launched at least ten missile strikes, nineteen airstrikes, and ninety artillery attacks targeting more than thirty settlements across Ukraine, including Zaporizhzhia, Dnipro, Odesa, Sloviansk, Novobakhmutivka, Sieversk, Bilohorivka, Nikopol, and Blahodativka, according a Facebook post from the Ukrainian General Staff. Russia shelled twenty-five settlements in the direction of the Pivdennyi Buh river, across the frontline, they added. In the direction of Novopavlivka and Zaporizhzhia, the Russian army shelled twenty villages, including Vuhledar, Novopil, Shakhtarske, Mali Scherbaky, Velyka Novosilka, Malynivka, and Mala Tokmachka. As a direct result of the strikes, five regions were left without power for days, while elsewhere the power supply was partially damaged, according to the Ukrainian state emergency service. It specified that Lviv, Poltava, Sumy, Kharkiv, and Ternopil regions were completely deprived of electricity.

According to a United Nations assesment, “Explosions were reportedly heard, and missiles and drones were reportedly intercepted in the western Khmelnytskyi, Lviv, and Rivne regions, in the northern Kyiv region, and in the southern Mykolaiv and Odesa regions, as well as in the central Dnipropetrovsk region.”

In the central Vinnytsia region, the Ladyzhyn thermal power plant was reportedly hit with Iranian-made Shahed drones. Soon after, the Ukrainian energy ministry stated that it was halting its electricity exports in order to stabilize its energy systems. This halt has a significant impact on Moldova, which purchases approximately one-third of its electricity from Ukraine, including twenty percent from Ukrhydroenergo and ten percent from Energoatom.

According to Serhiy Bratchuk, spokesperson for the Odesa military administration, Russian forces brought Iranian instructors to Dzankoi in Crimea, as well as Zaliznyy and Lanivtsi in Kherson, to train Russian forces on how to use the Shahed-136 kamikaze drones. This claim has not been independently confirmed.

In yet another signal of a broader escalation by Russia, on October 8 the Ukrainian ambassador in Belarus received a note accusing Ukraine of “preparing an attack on Belarus.” The letter can be interpreted as providing a pretext for attacks on Ukraine from Belarusian territory. On October 10, Belarusian President Alyaksandr Lukashenka announced Russia and Belarus had agreed to deploy a “joint regional group of forces.” This raises concerns about whether the northern fronts in the regions of Chernihiv and Kyiv would be reactivated.

Meanwhile, Moldova said Russian missiles that targeted Ukraine crossed Moldovan airspace, prompting the Foreign Ministry of Moldova to summon the Russian ambassador. Moldova also announced that it is considering the possibility of declaring a partial mobilization. Moldovan Minister of Defense Anatolie Nosatîi said that Moldova would have to close its airspace due to the launch of Russian missiles. Later in the day, however, the Moldovan Ministry of Defense denied that a Russian missile had entered the country’s airspace.

The Russian army continues to experience difficulties with new recruits and the mobilization process. According to Radio Free Europe/Radio Liberty journalist Mark Krutov, more than one hundred Russian conscripts from Bryansk allegedly refused to go to Ukraine, stating that they lacked training and new equipment. “One of the soldiers reached out to journalists with his complaints,” Krutov reported. “He says commanders told them they will be sent in a few days ‘to retake Lyman’, while only one man from the previous group of 100 mobilized soldiers sent to Ukraine returned.”

According to a report by Middle East Eye, “Money and menace are being used to recruit Muslims in the Caucasus….Parents in the deprived region are encouraging their sons to fight out of fear that local authorities could retaliate if they refuse.” The report stated that around one thousand Chechen fighters have lost their lives in Ukraine.

—Ruslan Trad, Resident Fellow for Security Research, Sofia, Bulgaria

Russian deepfake attempt targeting Bayraktar drones CEO disrupted

The Ukrainian defense ministry’s intelligence department (GUR) has claimed that Russian operatives used deepfake technology in an attempt to discredit Ukraine’s partnership with Turkey.

According to a GUR Telegram post from October 9, Russian intelligence services attempted to use deepfake technology to call Haluk Bayraktar, CEO of of Baykar Defense, the Turkish defense company providing Bayraktar drones to Ukraine. The GUR claimed that Russian intelligence services tried to impersonate Ukraine’s Prime Minister Denys Shmyhal in the video call with Bayraktar. However, instead of speaking with the Bayraktar executive, GUR said the Russian intelligence service was connected to an “equally fake” individual impersonating a Bayraktar employee. The GUR added that the Russian intelligence service made pronunciation errors when speaking in the Ukrainian language. Specifically, the speaker used the Ukrainian expression babyne lito (бабине літо, “Grandmother’s summer” or “Indian summer”), but used the Russian pronunciation bab’ye lyeto (бабьє лєто) instead.

Footage of the deepfake incident, uploaded to YouTube by the GUR. (Source: Defense Intelligence of Ukraine/archive)

The GUR stated that the purpose of the operation was to discredit the cooperation between Ukraine and Turkey. “At the end of the conversation, the Russian operatives were informed that they had been exposed and would be prosecuted,” it said.

There have been several instances of deepfakes used since the beginning of the Russian invasion. In the early days of the war, Kremlin supporters circulated a deepfake of Zelenskyy urging the Ukrainian military to surrender. The latest incident demonstrates how pro-Russian deepfakes have moved beyond recorded footage to livestream deepfakes, in which a synthetic face can overlay an individual’s face in real time, creating an additional illusion of authenticity.

—Eto Buziashvili, Research Associate, Tbilisi, Georgia

Russia blames Ukrainian military intelligence for Kerch bridge explosion

Russia’s Federal Security Service (FSB) claimed that a truck with explosive materials caused the detonation on the Kerch bridge on October 8, and accused Ukrainian military intelligence of carrying out what it called a “terrorist attack.” The blast resulted in two road spans partially collapsing and seven fuel tanks catching fire. The FSB said that four people were killed as a result of the explosion. On October 12, the FSB said it had detained eight people in connection with the incident, including five Russian citizens as well as three Ukrainian and Armenian nationals.

According to the FSB, explosives weighing 22.7 tons were camouflaged in plastic film rolls and sent from the Ukrainian port of Odesa to Bulgaria’s Ryse port in early August. They allege the cargo was sent to a Georgian port in Poti; from there it traveled to Yerevan and cleared customs at the Trans Alliance terminal. According to Russia’s version of events, the cargo left Yerevan on a Georgian registered DAF truck and crossed the Russia-Georgia border via the Upper Lars checkpoint on October 4. The FSB claimed that the truck was unloaded at the Armavir wholesale base in the Krasnodar region of Russia on October 6. The next day, the cargo was allegedly loaded on to a different vehicle, owned by a Russian citizen, and left for Simferpol. The explosion took place at 6:03am Moscow time on October 8.

Map illustrating the Russian FSB’s claim that the explosive cargo moved from Odesa to Crimea, via Bulgaria, Georgia and Armenia. The yellow lines do not mark the exact route. (Source: GGigitashvili_/DFRLab via Google Earth)

On October 12, Kremlin-controlled media outlet Ria Novosti published a CCTV video on Telegram allegedly depicting Russian police inspecting the truck. The Telegram post included x-ray style photos from the customs checkpoint showing the contents of the truck. However, the truck seen in the CCTV video has at least two elements that are not visible in the x-ray image. The truck in the CCTV video has two front wheels, whereas the truck in the x-ray image does not. In addition, the truck seen on the CCTV camera has a spare wheel, and while the x-ray photo shows a holder for a spare wheel, it appears to be empty. This indicates that the CCTV video and x-ray photo depict different trucks, which Ria Novosti did not acknowledge.

On October 12, the Russian Telegram channel Baza published two x-ray photos of a truck, alongside another photo showing the contents of the truck. The photos were reportedly taken in Armenia. The DFRLab used Google reverse image search and found that both photos were first published in an article by Armenpress, which stated that according to Armenian customs control, the truck went through the customs clearance procedure “duly and legally and no risk factors were detected.” The article contained photos taken during the inspection, stating that the x-ray examination of the truck “did not reveal any risk factors”. The x-ray photos published by Ria Novosti and Baza appear to be similar, based on the placement of plastic rolls inside the truck. It is possible that Ria Novosti’s photo is also from Armenian customs control.

Screenshots at the top are from Ria Novosti’s Telegram post. The red and green rectangles mark the differences in the two trucks. The screenshots at the bottom are from an Armenpress article and show a truck during a customs inspection in Armenia. (Sources: Telegram/archive, top left and right; Armenpress/archive, bottom left and right).

On October 10, the Baza Telegram channel also published a photo of a DAF truck with a Georgian license plate. The post claimed that the pictured truck was used to transport the explosives to Russia. On a same day, the Russian Telegram channel Mash Gor published another photo of a similar truck and claimed that Russian police were searching red DAF trucks with Georgian license plates and found the vehicle in Vladikavkaz, Russia. The post said there was no driver in the vehicle when police arrived, but soon after a driver appeared and was arrested. According to Armenpress, the arrested driver is Artur Terjanyan, a dual citizen of Armenia and Georgia.

Photos show a truck with a Georgian license plate, which Moscow claims was used to export explosives to Russia. (Sources: Telegram/archive, top left; Telegram/archive, top right; Daily Mail/archive, bottom).

Georgian and Bulgarian authorities have denied Russia’s accusation that the truck traveled through their territories.

—Givi Gigitashvili, Research Associate, Warsaw, Poland

Bulgaria investigates claims of involvement in Kerch bridge blast

Russian media outlets claimed that Bulgaria was complicit in the October 8 explosion targeting the Kerch bridge. While many details about the explosion are still unknown, and speculation is rife, pro-Kremlin media exploited the incident to spread rumors about the role of Bulgaria, a NATO member, in the attack. Bulgaria’s main intelligence agency DANS launched an investigation into Russian claims that the truck that blew up on the bridge came from Bulgaria. Investigations began immediately after the Kremlin released the claim, following an order by acting Prime Minister Galab Donev. The agency has also notified the Bulgarian prosecutor’s office.

Ukrainian analysts previously proposed three possible explanations for what happened, including mines detonating on the bridge, a truck bomb, or a rocket attack. While the cause of the blast has not been confirmed, a truck bomb is believed to be the most likely explanation.

In a meeting with Russian President Vladimir Putin, Alexander Bastrykin, head of the Russian Investigative Committee, announced that the route of the truck that allegedly blew up the Crimean bridge started in Bulgaria and then passed through Georgia, Armenia, North Ossetia, and Krasnodar. The European Commission spokesperson Peter Stano said Bastrykin’s words were unreliable. Kiril Petkov, former Bulgarian prime minister and leader of the We Continue the Change party, called on the caretaker government to reject the Kremlin’s suggestion that there was a Bulgarian connection to the bridge bombing. Meanwhile, Bulgaria’s pro-Russian political parties insisted on an investigation, prompting angry reactions in the media. This is not the first attempt by Russia to discredit Bulgaria.

Sofia is in a difficult position because of political differences over the provision of military aid to Ukraine; there is already evidence of Bulgarian weapons in Ukraine. However, the topic has become a major dividing line between political parties in the country, as pro-Kremlin politicians insist that Bulgaria should not be drawn into a war with Russia by providing weapons to Ukraine. In this context, the pro-Kremlin military channel Rybar alleged that Bulgaria had delivered a new shipment of weapons to Ukraine. The channel shared blurry photos, reportedly taken on October 9, of an Antonov An-124 aircraft at an airfield in the city of Burgas. Just one day earlier, the far-right Russian paramilitary group Rusich, which is accused of carrying out executions and war crimes in Ukraine, shared on its Telegram channel a photo of a Bulgarian and Polish passport with the text, “Different people, different countries, one goal.”

—Ruslan Trad, Resident Fellow for Security Research, Sofia, Bulgaria

Russia adds Meta to its ‘terrorist’ organizations list, blocks EUvsDisinfo website

On October 11, Russia added Meta, the parent company of Facebook, Instagram, and WhatsApp, to its list of terrorist and extremist organizations. While Facebook and Instagram are blocked in Russia, WhatsApp remains available.

The latest designation by Russia’s financial monitoring agency means that Russian citizens and companies who buy advertisements on Facebook or Instagram could face imprisonment on charges of “sponsoring extremism” or “terrorism.” According to the pro-Kremlin outlet Interfax, Russian law requires banks to freeze funds and stop serving citizens and organizations on the list.

Russian human rights lawyer Pavel Chikov reported that a Russian prosecutor’s office is already sending letters to Facebook and Instagram users “threatening administrative and criminal liability for posting posts on social networks.”

Russia declared Meta an extremist organization in March 2022. Following the Kremlin’s crackdown on Western social media platforms, Russian citizens have been using virtual private networks (VPNs) to bypass official bans and access the platforms. In light of the latest designation, it is possible that Russian citizens could face criminal charges for accessing Meta’s products through a VPN.

In addition, on October 8, Russian internet censor Roskomnadzor blocked the website of EUvsDisinfo, a counter-disinformation project of the European Union. For years, EUvsDisinfo has exposed the Kremlin disinformation campaigns. Roskomnadzor’s move is a continuation of the Russian policy to restrict Western online media and social networks in an attempt to suppress factual information about Russia’s war in Ukraine.

—Eto Buziashvili, Research Associate, Tbilisi, Georgia

The post Russian War Report: Russia escalates war by targeting cities across Ukraine appeared first on Atlantic Council.

Lipsky interviewed by Control Risks The Global Insight podcast on CBDCs

rlopezirizarry — Wed, 12 Oct 2022 18:57:00 +0000

The post Lipsky interviewed by Control Risks The Global Insight podcast on CBDCs appeared first on Atlantic Council.

CBDC Tracker cited by The Global Treasurer on potential of CBDCs to change the global financial system

rlopezirizarry — Wed, 12 Oct 2022 18:31:00 +0000

The post CBDC Tracker cited by The Global Treasurer on potential of CBDCs to change the global financial system appeared first on Atlantic Council.

CBDC Tracker cited by The Crypto Briefing on the outlook of a Digital Dollar

rlopezirizarry — Sun, 09 Oct 2022 19:09:00 +0000

Kenneth Propp: Is the third time a charm for this dispute?

The post CBDC Tracker cited by The Crypto Briefing on the outlook of a Digital Dollar appeared first on Atlantic Council.

The data privacy deal driving the future of the US-EU commercial relationship

Atlantic Council experts — Fri, 07 Oct 2022 18:26:35 +0000

Today, the Biden administration issued an executive order to codify changes to privacy rules for transatlantic data transfers from the European Union (EU). A long-awaited announcement, the executive order is the next step toward establishing a new EU-US Data Privacy Framework (DPF), which will secure the free flow of personal data and thus underpins the US-EU commercial relationship.

The deal replaces the 2016 US-EU Privacy Shield agreement, which, according to the European Court of Justice’s (ECJ) 2020 ruling, failed to protect the EU citizens’ data from US government surveillance. It also left in jeopardy the future of transatlantic data transfers and the more than $250 billion worth of digital services trade that took place between the United States and the EU in 2020.

In practical terms, today’s executive order seeks to address the ECJ’s concerns with the previous data privacy framework by increasing transparency into the use of EU personal data by US authorities and national security justifications behind it. It also creates a mechanism for EU individuals to seek a review and redress if they feel their personal data was used in violation of established privacy protections.

Will the new agreement be viable? Our experts break down the details of the DPF and tell us what to expect next.

Jump to an expert reaction

Frances Burwell: Resolving a major irritant in US-EU ties

Cameron Kerry: Biden’s new protections for EU citizens are strong. Congress can finish the job.

Is the third time a charm for this dispute?

Nearly a decade after former US National Security Agency (NSA) contractor Edward Snowden revealed that the NSA was tapping then German Chancellor Angela Merkel’s mobile phone, the EU has forced the United States to make real changes in its surveillance of Europeans. In exchange for and expectation that the EU will grant companies a convenient and stable method for transferring personal data from Europe to the United States, the US government has agreed to limit electronic surveillance on the continent to only what is “necessary and proportionate,” a European privacy law standard. Europeans also have gained the right to challenge wrongful surveillance before a new and independent US administrative tribunal.

The EU did not secure a commitment from Washington to put these changes into the form of a statute—instead settling for US President Joe Biden’s executive order and a new Department of Justice regulation structuring the administrative tribunal. In addition, the agreement does not clearly identify the path for appealing an administrative decision to a US court, although it does not rule it out either. As a practical matter, administrative redress may well be the better approach.

European privacy activists, who twice previously overturned transatlantic data-transfer arrangements, are expected to seize on these points in a challenge to the DPF before the European Court of Justice. Neither the United States nor the European Commission can afford a third strike. But the details of the painstakingly negotiated accord offer a measure of hope that this thorny and long-lasting transatlantic digital dispute may finally be definitively resolved. Maybe the third time will be the charm.

—Kenneth Propp is a non-resident senior fellow at the Atlantic Council’s Europe Center.

Resolving a major irritant in US-EU ties

The Biden administration’s new executive order is an important step toward resolving one of the stickiest disputes between the United States and the European Union. The flow of data, including personal data, across the Atlantic is enormous and is an essential building block for the rapidly growing, data-driven transatlantic digital economy. But since July 2020, the legality of such transfers from the EU to the United States has been cast into doubt by the decision of the ECJ invalidating the Privacy Shield arrangement.

The Biden administration signaled the importance of this dispute by appointing its Commerce Department negotiator on its first day in office. Determined to improve relations with the EU, the Biden team realized that making a serious effort toward resolving this dispute was key to demonstrating its commitment to the US-EU partnership. Although the new DPF will inevitably be challenged before the ECJ, the agreement is still important on two levels.

First, it demonstrates a willingness and ability to resolve disputes—even very complicated matters based on differing regulatory approaches. This is good news for the valuable transatlantic digital economy, which faces disagreements over differing rules on non-personal data transfers, artificial intelligence risk assessments, cybersecurity criteria for cloud service providers, and many other issues. With the right approach and attitude, a solution can be found.

Second, this agreement removes a major US-EU irritant at a time when geopolitics requires as much transatlantic unity as possible. The issue of data transfers has not been one that grabbed headlines, but the lack of a solution would push the two biggest markets in the global democratic community toward forming two different blocs, creating divisions that would only multiply and harden as the digital element in our economies grows. The beneficiary of such a divide would be the other major power in the digital arena: China. This solution shows that the United States and EU understand the importance of finding a way forward together and is an essential step toward transatlantic leadership in the global digital economy.

—Frances Burwell is a distinguished fellow at the Europe Center.

Biden’s new protections for EU citizens are strong. Congress can finish the job.

Then President Barack Obama’s 2014 presidential policy directive 28 (PPD-28) set an international norm for foreign intelligence—and this new executive order builds on PPD-28 with clearer and more detailed protections for people outside the United States. It is a carefully thought-out response to the ECJ’s jurisprudence on government access tailored to American law and presidential powers, addressing specific safeguards and issues the ECJ has identified. Most notably, on necessity and proportionality—the EU legal standard for surveillance collection that the United States has agreed to abide by—as well as the use of bulk surveillance, Biden’s order spells out objective criteria for collection based in law that exclude simply being a foreign person; details procedures to ensure collection programs and individual queries are limited to what is necessary and take into account intrusion on privacy; and requires that dissemination and retention of information collected is also limited in the ways it is for “US persons.”

On redress for EU citizens who are the subjects of US surveillance, the package gives the new Article II court designed to solve these disputes judicial powers and independence, makes the court’s rulings as well as those of the Office of the Director of National Intelligence’s privacy and civil liberties officer and the Privacy and Civil Liberties Oversight Board binding on the intelligence community, and recognizes that EU citizens are entitled to these review procedures under federal law. Executive orders exercising presidential powers have been recognized as the law of the land throughout our history—the Emancipation Proclamation, for example—but Congress could emphasize the point for the ECJ by codifying key elements of this order when the Foreign Intelligence Surveillance Act comes up for reauthorization in 2023. That way, a future president could not simply undo Biden’s order with the stroke of a pen.

—Cameron Kerry is the Ann R. & Andrew H. Tisch Distinguished Visiting Fellow at the Brookings Institution and a former general counsel at the US Department of Commerce.

The post The data privacy deal driving the future of the US-EU commercial relationship appeared first on Atlantic Council.

CBDC Tracker cited by Reuters on the connection between SWIFT and CBDCs

rlopezirizarry — Wed, 05 Oct 2022 19:10:00 +0000

The post CBDC Tracker cited by Reuters on the connection between SWIFT and CBDCs appeared first on Atlantic Council.

Lipsky interviewed by CoinDesk.TV on wholesale CBDCs

rlopezirizarry — Tue, 04 Oct 2022 19:14:00 +0000

The post Lipsky interviewed by CoinDesk.TV on wholesale CBDCs appeared first on Atlantic Council.

Outbound investment screening event and issue brief covered by Reuters

rlopezirizarry — Mon, 03 Oct 2022 19:52:16 +0000

The post Outbound investment screening event and issue brief covered by Reuters appeared first on Atlantic Council.

CBDC Tracker referenced in the Associated Press on US Treasury recommendation to explore creating a digital dollar

rlopezirizarry — Mon, 03 Oct 2022 19:50:59 +0000

The post CBDC Tracker referenced in the Associated Press on US Treasury recommendation to explore creating a digital dollar appeared first on Atlantic Council.

Bhusari cited in Daily Maverick on why the G7 and China are unlikely to intervene in currency markets

rlopezirizarry — Mon, 03 Oct 2022 19:49:22 +0000

The post Bhusari cited in Daily Maverick on why the G7 and China are unlikely to intervene in currency markets appeared first on Atlantic Council.

CBDC tracker referenced by ABC News on Biden administration exploring creation of a digital dollar

rlopezirizarry — Mon, 03 Oct 2022 19:47:34 +0000

The post CBDC tracker referenced by ABC News on Biden administration exploring creation of a digital dollar appeared first on Atlantic Council.

CBDC tracker cited by USA Today on a fact-check of a source on the Biden administration’s digital currency research.

rlopezirizarry — Mon, 03 Oct 2022 19:24:42 +0000

The post CBDC tracker cited by USA Today on a fact-check of a source on the Biden administration’s digital currency research. appeared first on Atlantic Council.

Lipsky quoted by Politico on CBDCs in relation to stablecoins

rlopezirizarry — Thu, 29 Sep 2022 18:23:00 +0000

The post Lipsky quoted by Politico on CBDCs in relation to stablecoins appeared first on Atlantic Council.

CBDC tracker cited in CoinTelegraph on the Bank for International Settlements CBDC pilot program

rlopezirizarry — Wed, 28 Sep 2022 20:33:00 +0000

Read the publication here.

The post CBDC tracker cited in CoinTelegraph on the Bank for International Settlements CBDC pilot program appeared first on Atlantic Council.

CBDC Tracker cited by an International Monetary Fund publication on the outlook of CBDCs in Asia and the Pacific

rlopezirizarry — Wed, 28 Sep 2022 19:05:00 +0000

The post CBDC Tracker cited by an International Monetary Fund publication on the outlook of CBDCs in Asia and the Pacific appeared first on Atlantic Council.

Frankfurt Forum mentioned by Yahoo News on ECB President Christine Lagarde’s comments on digital currencies.

rlopezirizarry — Wed, 28 Sep 2022 18:45:00 +0000

The post Frankfurt Forum mentioned by Yahoo News on ECB President Christine Lagarde’s comments on digital currencies. appeared first on Atlantic Council.

CBDC tracker cited by Forkast on Australia Central Bank Digital Currency pilot

rlopezirizarry — Wed, 28 Sep 2022 18:16:00 +0000

The post CBDC tracker cited by Forkast on Australia Central Bank Digital Currency pilot appeared first on Atlantic Council.

Privacy in cross-border digital currency: A transatlantic approach

Giulia Fanti and Nadia Pocher — Wed, 28 Sep 2022 04:55:19 +0000

As a growing number of countries explore Central Bank Digital Currencies (CBDCs) for the domestic context, multi-country cross-border CBDCs pilots are also proliferating. Cross-border CBDCs could make cross-border payments faster, cheaper, and simpler. However, for any cross-border CBDC to unlock these benefits and be widely adopted, it must address key concerns, chief among them risks around privacy and transparency of data.

This article illustrates how various technical design choices can affect the privacy and transparency of cross-border CBDCs. For instance, architectural choices about the structure of a cross-border CBDC and representational choices about how transactions are encoded in the underlying software can have far-reaching implications for privacy and transparency—both in a domestic context and for cross-border transactions. Many of the cross-border CBDC pilot studies to date have (understandably) adopted the technical designs provided by enterprise distributed ledger platforms. However, some of these designs make tradeoffs regarding privacy, efficiency, and/or security. Whether these tradeoffs are acceptable is a matter of policy, and requires coordination between different regulators and central banks.

In view of these implications—and some of the corresponding tensions that arise—we argue that the US and the EU should work together alongside other partners to create the technological and regulatory environment to enable privacy-preserving cross-border CBDCs. The US and the EU should seize the emergence of CBDCs as an opportunity to finally establish a transatlantic privacy framework, and clarify its interplay with the prevention of money laundering and financing of terrorism (AML/CFT/CPF). More broadly, both should harness the clout of their combined financial systems to develop digital asset regulation and standards with a global reach and democratic values. These regulatory developments would not only streamline regulatory guidelines, but they could also directly impact and ease the technical development of a cross-border CBDC.

Report Jun 15, 2022

Missing Key: The challenge of cybersecurity and central bank digital currency

By Giulia Fanti, Kari Kostiainen, William Howlett, Josh Lipsky, Ole Moehr, John Paul Schnapper-Casteras, and Josephine Wolff

New research on the cybersecurity challenges posed by digital currencies and design models that can provide a more secure financial system.

Cybersecurity Digital Currencies

Dec 14, 2021

Central Bank Digital Currency Tracker

Our flagship Central Bank Digital Currency (CBDC) Tracker takes you inside the rapid evolution of money all over the world. The interactive database now features 130 countries— triple the number of countries we first identified as being active in CBDC development in 2020.

Markup Mar 11, 2022

What does Biden’s executive order on crypto actually mean? We gave it a close read.

By Atlantic Council experts

What signals does this order send about the Biden administration’s approach to cryptocurrency as well as a potential central bank digital currency?

Digital Currencies Economy & Business

At the intersection of economics, finance, and foreign policy, the GeoEconomics Center is a translation hub with the goal of helping shape a better global economic future.

The post Privacy in cross-border digital currency: A transatlantic approach appeared first on Atlantic Council.

The 5×5—The Internet of Things and national security

Simon Handler — Wed, 28 Sep 2022 04:01:00 +0000

This article is part of The 5×5, a monthly series by the Cyber Statecraft Initiative, in which five featured experts answer five questions on a common theme, trend, or current event in the world of cyber. Interested in the 5×5 and want to see a particular topic, event, or question covered? Contact Simon Handler with the Cyber Statecraft Initiative at SHandler@atlanticcouncil.org.

The connection of mundane household gadgets, industrial machinery, lifesaving healthcare technologies, vehicles, and more to the Internet has probably helped modern society to be more convenient and efficient. IoT devices worldwide number over 13 billion, a number that is estimated to balloon to over 29 billion by 2030. For all its benefits, the resultant web of connected devices, collectively known as the Internet of Things (IoT), has exposed everyday users, as well as entire economic sectors, to cybersecurity threats. For example, criminal groups have exploited IoT product insecurities to infect hundreds of thousands of devices around the world with malware in order to enlist them in distributed denial-of-service attacks against targets.

Inadequate cybersecurity across the IoT ecosystem is inherently a US national security issue due to IoT’s ubiquity, integration across all areas of life, and potential to put an incredible number of individuals’ data and physical safety at risk. We brought together five experts from various backgrounds to assess the national security challenges posed by IoT and discuss potential solutions.

#1 What isn’t the Internet of Things (IoT)?

Irina Brass, associate professor in regulation, innovation, and public policy, Department of Science, Technology, Engineering, and Public Policy (STEaPP), University College London:

“IoT is not just our everyday physical devices embedded with sensing (data capture) or actuation capabilities, like a smart lightbulb or a thermostat. ‘Smart’ devices are just the endpoint of a much more complex ‘infrastructure of interconnected entities, people, systems and information resources together with services, which processes and reacts to information from the physical world and virtual world’ (ISO/IEC 20924: 2021). This consensus-based definition, agreed in an international standard, is particularly telling of the highly dynamic and pervasive nature of IoT ecosystems which capture, transfer, analyze data, and take actions on our behalf. While IoT ecosystems are functional, poor device security specifications and practices in these highly dynamic environments create infrastructures that are not always secure, transparent, or trustworthy.”

Katerina Megas, program manager, Cybersecurity for the Internet of Things (IoT) Program, National Institute of Standards and Technology (NIST):

“Likely very little, which would explain why the US National Cyber Director, Chris Inglis, at a NIST public workshop [on August 17, 2022] referred to the ‘Internet of Everything.’ IoT is the product of the worlds of information technology (IT) and operational technology (OT) converging. The IoT is a system of interconnected components including devices that sense, actuate, collect/analyze/process data, and are connected to the Internet either directly or through some intermediary system. While a shrinking number of systems still fall outside of this definition, what we used to think of as traditional OT systems based on PLC architectures with no connectivity to the Internet are, in fact, more and more connected to the Internet and meet the above definition of IoT systems.”

Bruce Schneier, fellow, Berkman-Klein Center for Internet and Society, Harvard University; adjunct lecturer in public policy, Harvard Kennedy School:

“Ha! A salami sandwich is not the Internet of Things. A sense of comradeship towards your friends is not the Internet of Things. I am not the Internet of Things. Neither are you. The Internet of Things is the connected totality of computers that are not generally interacted with using traditional keyboards and screens. They’re ‘things’ first and computers second: cars, refrigerators, drones, thermostats, pacemakers.”

Justin Sherman, nonresident fellow, Cyber Statecraft Initiative, Digital Forensic Research Lab (DFRLab):

“There is no single definition of IoT, and how to scope IoT is a key policy and technical question. Regardless, basically every definition of IoT rightfully excludes the core underpinnings of the global Internet itself—internet service provider (ISP) networks that bring online connectivity to people’s homes and offices, submarine cables that haul internet traffic between continents, and so on.”

Sarah Zatko, chief scientist, Cyber ITL:

“IoT is not modern or state of the art. The hardware on the outside may look sleek and shiny, but under the hood there is old software built with out-of-date compilers running on old chip architectures. MIPS, a reduced instruction set computer (RISC) architecture, was used in the largest portion of the IoT products that we have tested.”

#2 Why should national security policymakers care about the cybersecurity of IoT products?

Brass: “Many IoT devices currently on the market have known security vulnerabilities, such as default passwords and unclear software update policies. Users are typically unaware of these vulnerabilities, purchase IoT devices, set and forget them. These practices do not occur just at the consumer level, although there are many examples of how insecure and unsafe our ‘smart homes’ have become. They take place in critical sectors of strategic national importance such as our healthcare system. For instance, the Internet of Medical Things (IoMT) is known to be especially vulnerable to cyberattacks, data leaks, and ransomware because a lot of IoMT devices, such as IV pumps, have known security vulnerabilities but continue to be purchased and remain in constant use for a long time, with limited user awareness of their potential exposure to serious compromise.”

Megas: “I think the combination of the nature and ubiquity of IoT technology are the perfect storm. IoT has taken existing concerns and put them on steroids by increasing both the attack surface and also impacts, if you think of risk as the product of likelihood (IoT is everywhere) and impact (automated interactions with the physical world). In traditional IT systems, a compromised system could produce faulty data to the end user, however, typically there was always a human in the loop that would take (or prevent) action on the physical world based on this data. With the actuating capabilities we are seeing in most IoT and the associated level of automation (which will only increase as IoT systems incorporate AI), the impact of a compromised IoT system is likely going to be higher. As more computing devices are put on the Internet, they become available for botnets to be installed, which can result in significant national economic damage as in the case of Mirai. Lastly, because this technology is so ubiquitous, the vast amount of data collected—from proprietary information from a factory to video footage from a recreational drone to sound sensors collected from around a smart city—can both be accessed through a breach, shared, and used by other nations without anyone’s knowledge, even without a cybersecurity failure.”

Schneier: “Because the security of the IoT affects the security of the nation. It’s all one big network, and everything is connected.”

Sherman: “IoT products are used in a number of critical sectors, ranging from healthcare to energy, and hacks of those products could be financially costly and disrupt those sectors’ operations. There are even IoT devices that can produce physical effects, like small internet-linked machines hooked into manufacturing lines, and hackers could exploit vulnerabilities in those devices to cause real-world damage. In general, securing IoT products is also part of securing the overall internet ecosystem: IoT devices plug into many other internet systems and increasingly constitute a greater percentage of all internet devices used in the world.”

Zatko: “IoT is ubiquitous. Even when a ‘smart’ device is not necessary, at this point it is often difficult or impossible to find a ‘dumb’ one. Their presence often punches holes in network environment security, so they are common access points for attacks.”

#3 What kinds of threats are there to the cybersecurity of IoT devices that differ from information technology (IT) or other forms of operational technology (OT)?

Brass: “The kinds of vulnerabilities per se might not differ—ultimately, you still have devices running software that can be exploited by malicious actors. What differs is the scale and, in some cases, the severity of the outcome. IoT ecosystems are highly interconnected. Compromising a single device is often sufficient to gain the foothold necessary to exploit other devices in the system and even the entire system. The transnational dimension of IoT cybersecurity should also not be neglected. The 2016 Mirai attack showed how compromised IoT devices with poor security specifications (default passwords), located around the world, can be very easily exploited to target internet infrastructure in different jurisdictions.”

Megas: “I am not sure whether there are different threats for IoT, OT, and IT systems. They are converging more and more, so it is not meaningful to try to create artificial lines of distinction. This might be one of those instances where I say the dreaded phrase ‘it depends.’ It is possible that there are some loosely coupled IoT systems in which the components that are IoT devices do not sit behind more security capable components, but are more directly accessing the Internet (and therefore more directly accessible by threat actors). This could mean that vulnerabilities in these IoT systems are more easily exploitable and thus easier targets. Also, the nature of IoT systems that can interact with the physical world could affect the motivations of threat actors. The focus on many risks to traditional IT systems is around the data and its potential theft, but attacks on IoT can impact the real world. For instance, modifying the sensors at a water treatment plant can throw off readings and lead the system to incorrectly adjust how much fluoride is added to the water.”

Schneier: “The IoT is where security meets safety. Insecure spreadsheets can compromise your data. Insecure IoT devices can compromise your life.”

Sherman: “Typically, IoT devices use less energy, have less memory, and have much less computing power than traditional IT devices such as laptops, or even smartphones. This can make it more difficult to integrate traditional IT cybersecurity features and processes into IoT devices. To boot, manufactures often produce IoT devices and products with terrible security—installing default, universal passwords and other bad features on the manufacturing line that end up undermining their cybersecurity once deployed. In part, this happens because smaller manufacturers are essentially pumping IoT devices off the manufacturing line.”

Zatko: “Users often forget to consider IoT devices when they think about their computing environment’s safety, but even if they did, IoT devices are not always able to be patched. Sometimes software bugs in IoT operating systems are hard-coded or otherwise inaccessible, as opposed to purely software products, where changes are much easier to affect. This makes getting the software as safe as possible from the get go particularly important.”

The reverse cascade: Enforcing security on the global IoT supply chain

Raising the colors: Signaling for cooperation on maritime cybersecurity

The 5×5—Reflections on trusting trust: Securing software supply chains

#4 What is the greatest challenge to improving the security of the IoT ecosystem?

Brass: “These days, we very often focus on behavioral change—what can individual users or organizations do to improve their cyber hygiene and general cybersecurity practices? While this is an important step in securing the IoT, it is not sufficient because it places the burden on a large, non-homogenous, distributed set of users. Let us turn the problem around to its origin. Then, the greatest challenge becomes how to ensure that IoT devices and systems produced and sold all over the world have baseline security specifications, that manufacturers have responsible lifecycle care for their products, and that distributors and retailers do not compromise on device security in favor of lower priced items. This is not an easy challenge, but it is not impossible either.”

Megas: “There is a role for everyone in the IoT ecosystem. Setting aside the few organizations developing their own IoT systems for their own use, the majority of IoT technologies are purchased or acquired. One of the challenges that I see is educating everyone that there are two critical roles in supporting cybersecurity of the IoT ecosystem: those of the producers of the IoT products and those of the customers, both enterprise and consumers. While this dynamic is not new between producer and buyers, the relationships in IoT lack maturity. While producers need to build securable products that meet the needs and expectations of their customers, the customers are responsible for securing the product that operates in the customer environment. Identifying cybersecurity baselines for IoT products is a start in defining the cybersecurity capabilities producers should build into a product to meet the needs and expectations of their customers. However, one size does not fit all. A baseline is a good start for minimal cybersecurity, but we want to encourage tailoring baselines commensurate to the risk for those products whose use carries greater higher risk.

Beyond the IoT product manufacturer’s role, there are network-based approaches that can contribute to better cybersecurity (such as using device intent signaling), that might be implemented by other ecosystem members. Vendors of IoT can ensure that their customers recognize the importance of cybersecurity. Enterprises should consider using risk management frameworks, such as the NIST Cybersecurity Framework, to manage their risks that arise out of the use of IoT technology. Formalizing and promoting recognition of the role in product organizations for a Chief Product Security Officer (CPSO) is also critical. Given that most C-suites and boards are starting to recognize the importance of the CISO towards securing their organizations’ operations, we need to also promote the visibility of the CPSO responsible for ensuring that the products that companies sell have the appropriate cybersecurity features that meet the companies’ strategic brand positioning and other factors.”

Schneier: “Economics. The buyers and sellers of the products don’t care, and no one wants to regulate the industry.”

Sherman: “As with many cybersecurity issues, the greatest challenge is getting companies that have been grossly underinvesting in security to do more, while also producing government regulations and guidance that are technically sound, roughly compatible with regulations and guidance in other countries, and that do not raise the barrier too much so as to cut out small players—though, if we want better security, some barrier-raising is necessary. It is a very boring answer, but there has been a lot of great work done already on IoT security by the National Institute of Standards and Technology, other governments, various industry groups, etc. The central challenge is better coordinating those efforts, fixing bad market incentives, and appropriately filling in the gaps.”

Zatko: “There are so many vendors, and many of them are not capable of producing secure products from scratch. It is currently too hard for even a well-meaning vendor to do the ‘right’ thing.”

#5 How can the United States and its allies promote security across the IoT ecosystem when a large portion of devices are manufactured outside their jurisdictions?

Brass: “Achieving an international baseline of responsible IoT security requires political and diplomatic will to adopt and align legislation that promotes the security of internet-connected devices and infrastructures. The good news is that we are seeing policy change in this direction in several jurisdictions, such as the IoT Cybersecurity Improvement Act in the United States, the Product Security and Telecommunications Infrastructure Bill in the United Kingdom, and several cybersecurity certification and labelling schemes such as CLS in Singapore. As IoT cybersecurity becomes a priority for several governments, the United States and its allies can be the driving force behind international cooperation and convergence towards an agreed set of responsible IoT security practices that underpin legislative initiatives around the world.”

Megas: “Continuing to share lessons learned with others. Educating customers, both consumers as well as enterprise customers, on the importance of seeking out products that support minimum cybersecurity.”

Schneier: “Regulation. It is the same that way we handle security and safety with any other product. You are not allowed to sell poisoned baby food or pajamas that catch on fire, even if those products are manufactured outside of the United States.”

Sherman: “US allies and partners are already doing important work on IoT cybersecurity—from security efforts led by the UK government to an emerging IoT labeling scheme in Singapore. The United States can work and collaborate with these other countries to help drive security progress on devices made and sold all around the world. Others have argued that the United States should exert regulatory leverage over whichever US-based companies it can to push progress internationally, too, such as with Nathaniel Kim, Trey Herr, and Bruce Schneier’s “reversing the cascade” idea.”

Zatko: “By open sourcing security-forward tools and secure operating systems for common architectures like MIPS and ARM, the United States could make it easier for vendors to make secure products. Vendors do not intentionally make bad, insecure products—they do it because making secure products is currently too difficult and thus too expensive. However, they often use open-source operating systems, tool kits, and libraries for the base of their products, and securing those resources will do a great deal to improve the whole security stance.”

Simon Handler is a fellow at the Atlantic Council’s Cyber Statecraft Initiative within the Digital Forensic Research Lab (DFRLab). He is also the editor-in-chief of The 5×5, a series on trends and themes in cyber policy. Follow him on Twitter @SimonPHandler.

The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

learn more

The post The 5×5—The Internet of Things and national security appeared first on Atlantic Council.

CBDC tracker cited by European Commissioner for Financial Services Mairead McGuinness in speech on role of central banks in tokenization of finance

rlopezirizarry — Tue, 27 Sep 2022 20:28:00 +0000

The post CBDC tracker cited by European Commissioner for Financial Services Mairead McGuinness in speech on role of central banks in tokenization of finance appeared first on Atlantic Council.

The international role of the euro and the dollar: Forever in the lead?

Martin Mühleisen — Tue, 27 Sep 2022 20:00:00 +0000

The international monetary system has been surprisingly resilient over the past two years, considering the size of pandemic and geopolitical shocks that hit markets during this period. Liquidity injections by the major central banks helped stabilize economic activity and avoid disruptions to capital flows or foreign exchange markets. Major exchange rates remained range-bound throughout most of the crisis, even if the dollar has appreciated sharply in recent months. Volatility is likely to pick up as monetary policy responds to high inflation, but there should be no doubt that the dollar-based monetary order has withstood a major test during the past two years.

This feat has been even more remarkable as the global security landscape has deteriorated in dramatic fashion, and Russia’s invasion of Ukraine has brought international tensions to a level not seen since the 1961 Cuban missile crisis. Moreover, while the dollar’s safe haven status remains firmly established, the center of global economic activity has been shifting east. Asia has become an economic powerhouse, and China is on course to become the world’s largest economy over the next few years. It is a natural question whether China will challenge the United States and Europe for global economic leadership, and whether the renminbi will appear as a leading, if not dominant, currency.

This paper argues that this is unlikely for the foreseeable future, in part because a larger global role for the renminbi would be inconsistent with the Chinese leadership’s current policy priorities. However, there is no room for complacency. With the post-World War II international order in gradual decline, the world could again reach a moment where unforeseen geopolitical events might lead to changes in long-held political and economic paradigms. The United States and Europe can reduce this risk by making their growth models more robust and sustainable. Moreover, keeping their global alliances intact could prevent a loss of influence that has heralded changes in the international monetary system in the past.

Econographics Jun 17, 2022

The Fed has regained the initiative, but at a cost

By Hung Tran

The Fed may well have been right in taking forceful actions now to fight inflation after failing to control it, but such actions add to the challenges experienced by economies around the world.

Economy & Business Financial Regulation

EconoGraphics May 9, 2022

Deploying QT – The Fed readies its new tool to fight inflation

By Ole Moehr

June 1 onwards, the Fed will begin to reduce the size of its balance sheet, i.e., conduct quantitative tightening. But how does QT work, what are its goals, and are there potential risks of the policy?

Economy & Business Europe & Eurasia

Econographics Apr 20, 2022

China to roll out its version of quantitative easing

By Hung Tran

China’s new Financial Stability Law creates a new framework for furthering financial stability in the country. This has implications for the United States, which is undergoing fiscal tightening, as well as emerging markets, where portfolio capital has begun flowing outward.

China East Asia

At the intersection of economics, finance, and foreign policy, the GeoEconomics Center is a translation hub with the goal of helping shape a better global economic future.

The post The international role of the euro and the dollar: Forever in the lead? appeared first on Atlantic Council.

CBDC tracker cited by Cryptoslate on the Reserve Bank of Australia whitepaper on its CBDC pilot program

rlopezirizarry — Mon, 26 Sep 2022 18:17:00 +0000

Watch the testimony here.

The post CBDC tracker cited by Cryptoslate on the Reserve Bank of Australia whitepaper on its CBDC pilot program appeared first on Atlantic Council.

Norrlöf testifies to Congress on alternative payment methods and national security

rlopezirizarry — Tue, 20 Sep 2022 20:19:00 +0000

The post Norrlöf testifies to Congress on alternative payment methods and national security appeared first on Atlantic Council.

Lipsky interviewed by Coin Desk: Money-Reimagined Podcast on think tank crypto research

avishwanath — Tue, 20 Sep 2022 02:54:24 +0000

The post Lipsky interviewed by Coin Desk: Money-Reimagined Podcast on think tank crypto research appeared first on Atlantic Council.

CBDC tracker cited in Politifact.com on Executive Order 14067

avishwanath — Tue, 20 Sep 2022 02:51:35 +0000