Thursday, May 18, 2023

[Diplomat] Facing Pressure From China, Can the US Recreate Silicon Valley?

 Facing Pressure From China, Can the US Recreate Silicon Valley?

The Biden administration’s plan to establish tech hubs across the U.S. can only succeed with effective private-public-academic partnership.

For decades, metropolitan regions all over the world and their respective governments have unleashed numerous initiatives to remake themselves to be the “next Silicon Valley.” Within the U.S., labels such as Silicon Alley, Silicon Beach, Silicon Bayou, Silicon Desert, Silicon Hills, Silicon Holler, Silicon Peach, Silicon Prairie, Silicon Shire, Silicon Slopes and so on have come, and gone. Overseas, there are Silicon Wadi (Israel) and Silicon Roundabout (East London), as well as frequent questions about whether Singapore, Taiwan, or India is the real Silicon Valley of Asia. In China, Zhongguancun in Beijing, as well as the southern city of Shenzhen, vying to be the equivalents of Silicon Valley.

For many years, those who have been studying how Silicon Valley came about in the San Francisco Bay Area would point to a wide range of success factors: the role of universities, early pioneering entrepreneurs and venture capital investors in the region, and propitious timing, from the transformation from the defense industry in the 1930s to the emergence of the semiconductor industry in the 1950s, followed by the computer industry and then the internet. Even the weather and the culture in the area are identified as favorable factors that became magnets for talents from across the country and the world.

In other words, Silicon Valley did not happen because of a top-down government policy design, but because of natural and even coincidental convergences of people, capital, research, and, yes, public policy.

So, it may not come as a big surprise that none of the other wannabes from all over the world have been able to truly rival Silicon Valley, although some countries or regions may have gained significant leadership and success in certain areas, such as semiconductors for Taiwan.

For China in particular, the second largest technology producer and market in the world, its main tech centers of Beijing, Shenzhen, and Shanghai, and other hubs such as Hangzhou and Chengdu, are very much the creation of government policies, directives and financial support. This of course can be expected as the norm in a country like China, with the planned economy nature of its government. While these Chinese tech hubs have been able to take advantage of China’s enormous domestic market in the last few decades, they simply cannot come close to the international reach and global influence of Silicon Valley. Their fates continue to be highly susceptible to manipulation from government policies, such as the Chinese government’s crackdown on the tech sector in the last two years, directly leading to the severe downturn for the entire tech sector in China.

In recent years, with soaring costs in California, other tech hubs have indeed gained grounds in the United States, such as the Austin, Texas, and Seattle, Washington, areas. But so far, no other location has been able to match Silicon Valley’s eminence in terms of scale, depth, breadth, or scope – whether in the U.S. or abroad.

Despite that history, last week, the Biden administration announced a $500 million tech hub funding scheme (formally known as the Regional Technology and Innovation Hub Program). As part of the $10 billion CHIPS and Science Act, the program sets a goal of identifying about 20 U.S. cities or regions as prospective tech hubs, and eventually selecting 10 for funding. The obvious question is: Can the U.S. succeed where so many have largely failed? Indeed, the broader question that has been asked and debated by many since the passage of the CHIPS and Science Act is how to make sure that a return to government industrial policy provides the right answers to the global challenges faced by the U.S. in terms of geopolitics and competition, particularly with China.

To support the new tech hubs, the Biden administration’s scheme aims to bring together “industry, higher education institutions, state and local governments, economic development organizations, and labor and workforce partners to supercharge ecosystems of innovation for technologies that are essential to our economic and national security.” Each applicant region must focus on one of the 10 key tech areas identified in the tech hub statute: artificial intelligence, high performance computing and semiconductors, quantum technology, robotics, natural and anthropogenic disaster handling, advanced communications, biotechnology, data management and cybersecurity, energy technology, and advanced materials science.

The $500 million authorization of this fund is actually relatively small, even though the administration has committed to seeking further appropriation from Congress in the next two years. But the modest financial incentive may be a blessing in disguise. While sustained and long-term policy consistency is crucial, on the other hand, no local or state governments, private companies or even universities should be lured to the scheme just because they see a big check being handed out. Every participant – private or public – in the partnership must be committed to invest with its own resources.

Compared with other countries, the United States enjoys one particularly important advantage – having many outstanding teaching and research universities across the nation that can serve as anchors for tech hubs in conducting research, training talents, and acting as the bases for technology transfer and incubating new startups. Already, several recent examples showcase the viability and vibrancy of even the existing regional private-public-academic collaboration. In Arizona, TSMC’s new facility has a partnership with Arizona State University. In Ohio, Intel’s “Silicon Heartland” project includes a role played by The Ohio State University. In Indiana, U.S. foundry SkyWater Technology moved to an industrial park affiliated with Purdue University.

In addition, community colleges are increasingly enlisted in an effort to train an even broader base of skilled workers, with the support from tech enterprises, to supply them with skilled manpower to fill the new jobs created, which of course will be also welcomed by state and local governments.

So, whether the United States can duplicate Silicon Valley in one or more new locations may be the wrong question to ask. There are some success stories that market and natural forces can create through sheer luck, and others fostered by dedicated, targeted nationwide efforts, with the right mix of ingredients of policy, innovation, investment, and resources. Each tech hub will not need to do everything, but must do enough to maintain and extend U.S. global tech competitiveness in its focus area, meanwhile fostering more regional economic equity.

As U.S. Commerce Secretary Gina Raimondo said, “You shouldn’t have to move to Silicon Valley if you’re a scientist with a great idea.”

Published: The Diplomat, May 18, 2023

Tuesday, May 09, 2023

[Diplomat] G7 Digital Ministers Preview Summit’s Focus on Tech Competition With China

G7 Digital Ministers Preview Summit’s Focus on Tech Competition With China

The G-7 digital and tech ministers’ gathering in Takasaki, Japan, offers hints as to the group’s priorities.

The leaders of the G-7 nations and the European Union gather in Hiroshima, Japan, starting on May 19. But their summit is being preceded by a series of ministerial meetings in various picturesque cities in Japan to lay the groundwork on a number of important topical issues. As the current cold war atmosphere between the U.S.-led Western allies and China centers around technology competition, the G-7 digital and tech ministers’ gathering in Takasaki, Gunma Prefecture, in late April took on special importance.

With relatively little fanfare, a Ministerial Declaration was issued with six sections, identifying the areas where these leading Western democratic nations are focusing their efforts as they try to sustain technological leadership. That leadership is widely considered to be under threat from global geopolitical tensions and in particular, competition from China.

The first of these six points, “facilitation of cross-border data flows and data free flow with trust,” reaffirms the importance of building and realizing trust “through various legal and voluntary frameworks, guidelines, standards, technologies and other means that are transparent and protect data.” The ministers recognized the need to accelerate progress in this regard by establishing and launching the Institutional Arrangement for Partnership (IAP), “to bring governments and stakeholders together to operationalize ‘data free flow with trust’ (DFFT) through principles-based, solutions-oriented, evidence-based, multistakeholder and cross-sectoral cooperation.” The declaration set a goal of launching the IAP “in the coming months.”

The second point, “secure and resilient digital infrastructure,” is also clearly an area that has been drawing heightened concern recently, with growing geopolitical concerns over redundancy in face of potential disruptions. The digital ministers affirmed the important need to “develop, deploy and maintain various multi-layered networks consisting of terrestrial networks, submarine cable networks, and non-terrestrial networks.” The declaration calls for extending “secure and resilient digital infrastructure to like-minded partners, including developing and emerging economies.”

The ministers paid particular attention to the need to extend secure routes of submarine cables. In particular, the G-7 governments will work with the World Bank and the private sector telecom operators to undertake submarine cable projects with subsidies from G-7 nations and other international institutions. The goal is to support the critical infrastructure development of underserved regions in the world that have not received sufficient private investment. Specifically, Japan has committed to host “an event and identify concrete areas of cooperation with the World Bank in 2023 to accelerate the strengthening of synergies between the G-7 and the Bank.”`

Recent media investigative reports have pointed out that China’s Belt and Road Initiative (BRI) has been pivoting from large-scale infrastructure projects to less capital-intensive areas], particularly in the field of digital infrastructure. Examples includes constructing a new government data center for Senegal, supported by Huawei, which also spearheaded another undersea cable project for Senegal with the island nation of Cape Verde, making Senegal an African regional cable hub. Previously commonly labeled as the “Digital Silk Road” strategy, such investments in information and communications technology (ICT) and electronic components reached $17.6 billion in 2022, six times the amount in 2013, when the BRI was launched, according to reports from Nikkei Asia and the Financial Times’s fDi Markets foreign direct investment monitor. The United States and its partners will have a lot of catching up to do.

The third point in the G-7 declaration, “internet governance,” echoes the expressed endorsement in the U.S.-led Declaration for the Future of the Internet for the multistakeholder model, which is seen as being challenged by China, Russia and other autocratic nations that hope to steerinternet governance toward a government-driven, top-down model. The forth point, “emerging and disruptive technologies in innovating society and economy,” is, however, just a pledge of support for cooperation in policy setting for a mixed bag of different technologies, from Internet of Things to digital identity, and from semiconductor supply chain to the metaverse.

The fifth point specifically focused on “responsible AI and global AI governance,” reaffirming that AI policies and regulations should be “human centric and based on democratic values, including protection of human rights and fundamental freedoms and the protection of privacy and personal data.” However, the meeting only concluded with an “action plan for promoting global interoperability between tools for trustworthy AI,” with little concrete agreement on how to deal with the growing concerns over the untamed development and proliferation of generative AI.

Interestingly, the final point, “digital competition,” is an acknowledgement of the tensions between G-7 nations, particularly across the Atlantic, between the United States and Europe, over the wide gap in regulatory principles and laws overseeing the competition in digital markets. The meeting agreed to convene a summit on digital competition for regulators and policymakers in the fall of 2023 to facilitate promotion of competition and enforcement.

Further to these discussions, on May 12-14, the G-7 science ministers will gather in Sendai, Japan, to discuss cooperation on scientific research, funding transparency, research data sharing on sensitive technologies, etc.

All in all, as the United States has unveiled international economic policy, through cooperation with its partners, with its centerpiece focusing on technological competition with China, it can be expected that the G-7 will play a crucial role in establishing and pursuing a more coherent strategy on multiple fronts. The G-7 digital and tech ministers’ declaration offers hints to the priorities and approaches of the allies, as well as how it may engage the other advanced as well as emerging economies, such as those outside of the G-7 that are strategically invited to the upcoming summit like Australia, Brazil, India, South Korea, and Vietnam. It should not surprise anyone that technology competition will be a key center of attention and actions in Hiroshima.

Published: The Diplomat, May 9, 2023

Friday, February 24, 2023

[East Asian Forum] Hong Kong risks an irreversible tech brain drain

Hong Kong risks an irreversible tech brain drain

Author: Charles Mok, Hong Kong

Hong Kong’s latest census data paints a grim picture of the territory’s demographic trends. In 2022, Hong Kong recorded its highest net population loss and lowest birth rate since 1991, pushing the median age from 31.6 to 46.3 over this 30 year period.

A view of Hong Kong's skyline, Hong Kong, China, 13 July 2021 (Photo: Reuters/Tyrone Siu).

Another census report on employment and job vacancies paints an even grimmer picture. Comparing data from September 2022 with January 2022, the number of jobs in the information and communications and financing and insurance sectors declined by 2.9 per cent and 3.2 per cent respectively. But at the same time, the number of job vacancies in these two sectors jumped by a whopping 31.9 per cent and 19.1 per cent respectively.

Although government officials reject any talk of a ‘brain drain’, the reality is that of the 142,000 Hongkongers who have applied for the United Kingdom’s British National (Overseas) visa scheme so far, 38,600 are under 1832,600 areaged 35 to 44 and 27,800 were aged 45 to 54. On 31 January 2022, the two year anniversary of the visa scheme, the United Kingdom’s Home Office announced that the country had welcomed 144,500 immigrants from Hong Kong.

The vast majority of emigrating Hongkongers are highly educated, with 37.3 per cent holding undergraduate degrees and 32.2 per cent holding masters degrees according to a recent survey. Other countries, such as Australia and Canada, are also attracting a smaller but significant number of Hong Kong’s young and educated top earners.

It is no coincidence that this mass exodus comes amid the July 2020 enactment of the National Security Law. Disillusioned with the end of Hong Kong’s autonomy, electoral democracy and rule of law, Hongkongers with the means to do so have voted with their feet — especially parents who are worried about a new nationalist school curriculum.

Hong Kong’s tech sector provides few reasons for homegrown talent to remain. The government has struggled over the last two decades to develop its tech strategy — publishing blueprint after blueprint, but consistently failing to train or attract local and outside talent or build up Hong Kong’s appeal for global or mainland Chinese tech firms.

Despite the sector consistently falling short of finding talent to fill local jobs, the government still urges citizens to head to mainland China to seek opportunities. But despite such efforts, in a recent survey 79 per cent of respondents said that they were not interested in working or living in mainland China.

Instead of supporting the struggling local tech sector, the government has made things worse. A subsidiary of the China Aerospace Science and Industry Corporation has garnered over HK$1.6 billion (US$220 million) worth of government contracts, undercutting local information technology services firms in favour of mainland state-owned players.

Government tech policies favour spending billions on mega-infrastructure projects. Decades in the making, the Hong Kong–Shenzhen Innovation and Technology Park in the Lok Ma Chau Loop cost over HK$52.5 billion (US$6.7 billion) just for its planning and the construction of the first eight buildings. It will not be operational until late 2024.

Hong Kong has followed other Asian economies such as Singapore in trying to lure elite talent, setting up an ‘online service window for high-income earners or graduates from the world’s top 100 universities. The government claims that within a week of its launch, it received 2600 applications, approved 1400 of those and aims to land 35,000 of these workers over the next three years.

But what Hong Kong needs the most are the mid-level engineers and managers it has lost rather than elites. In the recent Expat City Ranking 2022, Hong Kong ranked 46th out of 50 cities — it is where expats are unhappiest, scoring among the lowest in quality of life and dead last in political stability. Hong Kong’s attractiveness is now limited to workers from mainland China, where the unemployment rate for young people, including university graduates, is as high as 20 per cent.

Even Hong Kong’s role as one of Asia’s leading telecommunications and internet hubs may be a thing of the past. Since 2020, US authorities have suspended any approval for new undersea cable connections to Hong Kong, stifling growth in internet capacity. Hong Kong-based Chinese tech firms now frequently find themselves on US sanction lists. On the other hand, legislative proposals underway will put further legal burdens and liabilities on global tech platforms, especially for matters related to national security.

The inconvenient truth is that the only way to stop Hong Kong’s talent exodus and set its technology sector policy on the right track is to reverse its political course. Government bureaucrats who are politically loyal but lack a strong vision and competency must be replaced.

But this will not happen. Hong Kong thrived on its differentiation from China, but its current political, economic and social integration has made it just like China. China no longer believes it needs Hong Kong’s golden eggs and merely wants to prevent it from being a political thorn in its side.

Published by East Asian Forum, Feb 23. 2023

Friday, January 06, 2023

[Diplomat] Hong Kong’s Crowdfunding Regulations Could Have Global Ramifications

Hong Kong’s Crowdfunding Regulations Could Have Global Ramifications

Regulating crowdfunding in Hong Kong is all about political vetting – extended around the world.

The Financial Services and the Treasury Bureau of the Hong Kong government initiated a three-month consultation on the regulation of crowdfunding activities in mid-December and proposed to establish a dedicated Crowdfunding Affairs Office to oversee these activities. This could have far-reaching effects on future of the territory as a financial hub and innovation center.

Over the last decade, aided by the internet, social media, and other technology platforms, the concept of crowdfunding has empowered millions to raise capital for their concepts, projects, or products, typically at the early stage of development, all while overcoming obstacles erected by financial intermediaries, such as banks, and other forms of bureaucracy. It also enabled and facilitated individuals to support innovative product development, niche cultural activities, as well as popular (or not so popular) social causes.

The borderless nature of the internet and the activities carried out on it indeed present new challenges to regulations previously designed for more traditional forms of solicitations for donations, investments, loans, or product sales. But that does not mean that crowdfunding activities are unregulated. Indeed, the consultation paper pointed out various existing laws and regulations in Hong Kong, such as the Securities and Futures Ordinance and the Money Lenders Ordinance, that would provide jurisdiction over such activities, particularly crowdfunding for equity, debt, or peer-to-peer lending.

The paper even states that, in general, anyone engaging in any online or offline fundraising to “engage in unlawful acts (such as money laundering, fraud, theft, acts and activities endangering national security, or inciting, aiding, abetting or providing pecuniary or other financial assistance or property for other persons to commit offenses that endanger national security)” is already subject to prosecution under criminal laws in Hong Kong. So why is there such an urgent need for erecting further safeguards?

That obviously has to do with the flurry of crowdfunding initiatives in Hong Kong during the 2019 protests, with the most notable case being the 612 Humanitarian Relief Fund. The fund was originally set up to provide financial support for those injured or arrested during the unrest. Cardinal Joseph Zen and ex-lawmakers Margaret Ng and Cyd Ho were among the high-profile fund trustees who were later arrested, prosecuted, and recently convicted. Indeed, the consultation makes reference to individuals who claimed “they would use the funds raised to help people in need, but they turned out to be using the funds for purposes which were unlawful and jeopardized public interests, public safety, as well as national security.”

Political Vetting, Extended Globally 

The proposed Crowdfunding Affairs Office (CAO) will require prior applications for any crowdfunding activity that “raises funds from individuals or entities of Hong Kong, or individuals or entities located in Hong Kong.” That condition is further explained in the paper to include not only those located or registered in Hong Kong: “the location of publicizing such activities can be any places, including Hong Kong and other places, and with declared purposes that are related to Hong Kong or not.” In other words, the regulation applies to anyone, anywhere, for anything, as solely determined by the CAO. The government also proposes to further specify the police’s power to request financial information; enter, search, and detain properties including financial assets; and cut off or halt electronic messages.

While the paper acknowledges that “crowdfunding activities are already subject to the regulation of various authorities and existing legislation,” and so, duplication of efforts should be avoided, that may be exactly what the CAO ends up being. The new office is not about enforcing new legislation, but only serves to ensure that there is a centralized mechanism to vet against certain undesirable political activities that are practically non-existent since the imposition of the National Security Law in July 2020. Indeed, the paper made repeated mentions of “public interests, public safety, and national security” as the justification for the proposed regulations.

On the other hand, ironically, it actually states clearly that the CAO’s decision to approve any activity or not has nothing to do with its outcome or success, and contributors to even an approved fundraising activity must themselves “carefully examine the credibility and success rate of the activity to be supported to avoid unnecessary losses” — a disclaimer by the government that what the CAO does is not about donor or investor rights protection. It’s just political vetting, extended globally.

Everyone Will Have Something to Lose

So what should crowdfunding platforms, financial institutions, internet platforms, those seeking funding support, and potential donors or contributors to projects be worried about? A lot.

The paper proposes the introduction of a “real name” system for donors, and fundraisers will have to keep that register of donors along with other details of their activities for auditing as well as inspection by the CAO and other law enforcement agencies. The additional bureaucracy and potential liabilities will turn off fundraisers, and the required disclosure of identities will cause a chilling effect, deterring donors and contributors from giving.

It is also still unclear whether income-generating creator activities by so-called key opinion leaders, journalists, or former political figures on platforms such as YouTube and Patreon will fall under the definition of “crowdfunding” in the proposed regulation. The paper cites “commercial activities on online media and the like that involve income from subscriptions or online rewards” as among some activities that will be exempted from the regulation. But it may still depend on whether the CAO in the end subjectively classifies such activities as purely “commercial” or not. Even though many of these creators are no longer in Hong Kong, the borderless nature of the proposed regulation means pressure can still be applied first to the Hong Kong offices of the platforms, such as Google for YouTube, followed by contacting those companies without a Hong Kong presence.

For the first time, the paper also proposes targeted regulations for “online platforms specifically designed for crowdfunding purpose” to register with the CAO, including providing “at least one person with a physical address in Hong Kong” as the designated representative of the platform. This would be the first instance of such “local designated representative” requirements for internet-related regulations in Hong Kong, and it bears a disturbing resemblance to the provision under India’s controversial IT Rules 2021. The so-called “hostage-taking law” that mandates platforms to register local representatives in India to be held liable if the platforms do not perform according to the government’s censorship requests. Sadly, this first for Hong Kong may not be the last.

This pressure may be felt by more than just the crowdfunding platforms often used by Hong Kong individuals, organizations, or entrepreneurs, such as GoFundMe, Indiegogo, and Kickstarter, but also subscription or advertising based content platforms such as Patreon, Medium, and YouTube, as well as payment platforms like PayPal and Square. Social media platforms such as Facebook, Instagram, or Twitter will also face more enforcement notices to remove contents or links. Fundraisers and platforms alike will have to re-evaluate the growing liabilities of their presence in Hong Kong.

For those services without a Hong Kong presence, it is unlikely that they will register with the CAO: They may simply choose not to provide services to Hong Kong-related entities and causes. This would be similar what happened when the National Security Law was enacted in 2020; shortly afterwards some virtual private network (VPN) providers simply chose to shut down their Hong Kong servers.

Unlike other consultation papers in the past, this one provides no comparison with similar practices in other jurisdictions, especially common law ones. Very likely there are none. By disregarding the need to balance ease of access, openness, convenience, and the rights of the fundraisers, contributors, and platforms in favor of the so-called “public interests, public safety and national security,” all in the subjective eyes of the authority, Hong Kong is again making itself a harder place to do business for firms local and overseas. This proposal from its financial services policy bureau doesn’t bode well for all the areas that Hong Kong says it strives to succeed in: innovation, technology, and even financial services itself.

Published: The Diplomat, January 5, 2023

Saturday, November 19, 2022

[Directions/EU Cyber Direct] Multi-stakeholder Governance of the Cyberspace -- Merely a Myth?

Multi-stakeholder Governance of the Cyberspace -- Merely a Myth?

Blocking non-state stakeholders' participation in discussions about the information and communication technology environment may set a dangerous precedent for the future

By Anna-Maria Osula and Charles Mok 

Different approaches to governing the internet and engaging stakeholders in agreeing on what is responsible behaviour in cyberspace has been a source of disagreement since the beginning of the wider spread of information and communication technologies (ICTs). John Perry Barlow famously called for keeping governments (‘weary giants of flesh and steel’) away from controlling cyberspace. Yet, today, states have assumed a central role in governing the development, implementation and employment of ICTs worldwide.

While non-state stakeholders’ role in running the internet (such as providing infrastructure, storing data, designing apps and services) is largely uncontested, fierce discussions over the engagement of these stakeholders in governing ICTs, or cyberspace in general, are ongoing. In addition to heated debates over the rights and obligations of these stakeholders (see, e.g. measures aimed at curbing the increasing power of some stakeholders, such as Big Tech companies), there is much broader disagreement on the substantial engagement of stakeholders in multilateral discussions. Should deliberations on governing ICTs be narrowly state-to-state and closed to other interested parties, or should they follow a truly multi-stakeholder approach and be based on openness and diversity?

Revisiting past discussions

There are plenty of examples of international consultations adopting ‘multi-stakeholderism’ as the most appropriate way forward. Importantly, in 2005, as part of the World Summit on the Information Society, the Working Group in Internet Governance established the core role of the multi-stakeholder approach in governing the internet by defining internet governance as ‘development and application by Governments, the private sector and civil society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and programs that shape the evolution and use of the Internet’. This reflects a general agreement that the involvement of relevant stakeholders in collectively shaping the development and use of ICTs has multiple benefits. These stakeholders’ diverse views and expertise make discussions better informed. Taking into account the opinions of various interest groups also adds to the legitimacy and quality of agreements and enhances their implementation.

Ideally, a multi-stakeholder governance framework should consist of an open-ended and innovative infrastructure, a decentralised governance institution and open, inclusive and bottom-up processes involving all participants. Participants should represent the private and public sector; industry and government; technical, academic and civil society; and users. It is the antithesis of a top-down policymaking model dictated by governments and others in positions of authority.

However, trends are emerging suggesting that the multi-stakeholder approach to governing ICTs is weakening. Two recent examples related to internet governance and peace and security in cyberspace merit further analysis.

Internet governance

One of the principle commitments of the high-profile Declaration for the Future of the Internet adopted by the U.S. and more than 60 partners, including the European Commission, in April 2022 was ‘multistakeholder Internet Governance’. That means protecting and strengthening ‘the multistakeholder approach to governance that keeps the Internet running for the benefit of all’, including the management of the internet’s technical standards and protocols, and refraining from undermining its technical infrastructure.

Indeed, the internet has almost always been run and governed by a multi-stakeholder policymaking model. The most notable example is the Internet Corporation for Assigned Names and Numbers (ICANN), the global organisation responsible for coordinating and maintaining the names and numbering assignments and databases critical to the running of the single, unified internet. 

Other key internet organisations or processes formed and run under the multi-stakeholder model include the Internet Engineering Task Force (IETF), the internet’s main standards-setting body, and the Internet Governance Forum (IGF), a global platform to facilitate the discussion of internet public policies convened by the UN. These bodies face increasing pressure from nations and authorities trying to usurp their mandates or assert greater government control and influence. 

For instance, the Chinese government, working through Chinese companies such as Huawei, is seeking to establish an alternative to current multi-stakeholder standards-setting procedures by proposing its ‘New IP’ standards through the UN’s International Telecommunications Union (ITU) rather than the IETF. This approach also seeks to avoid criticism of the new standards’ flawed technical foundation, surveillance-by-design capabilities and incompatibility with the existing internet. 

Even the UN’s own multi-stakeholder IGF recently appointed a 12-member ‘Leadership Panel’ in a process lacking transparency and provoking significant concern from civil society. Efforts by governments and intergovernmental organisations to embrace multi-stakeholderism are often held back by worries over inefficiency and the misplaced bureaucratic belief that categories of stakeholders can simply be represented by a few ‘leading figures’. Multi-stakeholderism is all about direct participation and not just a representative system. When such representations are chosen by authorities through an opaque process, the imitation pales further. 

But that is not all. In response to the U.S.-led Declaration for the Future of the Internet, China ‘transformed’ an annual event it has held since 2014, the World Internet Conference, into an ‘international organisation’ made up of an undisclosed list of ‘founding members including “institutions, organisations, businesses and individuals” from nearly 20 countries’. China has long used this forum to establish its vision for an alternative internet governance model, arguing for ‘respect for cyber sovereignty’ and that a new ‘international cyberspace governance’ should not be ‘unilateral’ or have ‘one party calling all the shots’. 

Stakeholders’ role in the discussions on norms of state behaviour in cyberspace
The UN Open-Ended Working Group (OEWG) was proposed as an inclusive setting for discussing international peace and security in cyberspace where ‘effective international cooperation would benefit from identifying mechanisms for the participation, as appropriate, of the private sector, academia and civil society organisations’. Yet, despite stakeholders being widely believed to enrich the discussion on international peace and security in a rapidly changing ICT environment, debates over how these stakeholders should participate in formal meetings have been fierce. At the first meetings, all the eighteen stakeholders that applied for the OEWG 2019-2021 were vetoed from formally joining the discussions. Such a ‘broad and categorical denial of access’ was seen as a dangerous precedent and viewed as extremely rare in UN disarmament and arms control fora. 

States have faced challenges in agreeing on the involvement of multi-stakeholders ever since, despite numerous calls during OEWG discussions to deepen multi-stakeholder engagement (e.g. High Representative for Disarmament Affairs Izumi Nakamitsu’s speech and the December 2021 letter to the Chair).

On one side are voices supporting the continuation of the previous OEWG practice allowing substantial input from stakeholders with official UN observer status or existing ECOSOC accreditation, as well as those invited to participate based on no-objection from other Member States. The issue was widely discussed during the UN OEWG first and second substantial sessions (for great overviews, see here and here). Some states believed that attending informal consultations held by the Chair and accessing the formal discussions via online broadcasting provided the stakeholders enough time and opportunity to express their views. Several countries argued that the OEWG sessions should retain the intergovernmental nature of the formal sessions, allowing all the UN Member States to interact, and that further engagement with stakeholders should not tilt this balance. Furthermore, some states expressed concern that spending too much time arguing about the modalities of stakeholder participation was distracting the OEWG from its mandate and blocking its work.

The opposing viewpoint argued for:

extended stakeholder participation which would also allow for non-accredited participation (with references to the long and cumbersome process for ECOSOC accreditation),
a transparent process for objections regarding stakeholder participation (especially for those already officially recognised by the UN in other contexts, and referring to other UN processes),
sufficient time to review documents and prepare input,
a hybrid format (allowing for more flexible use of resources by non-state stakeholders)
and ways for stakeholders who couldn’t formally join the discussions to express their views (see the letter here).

Stakeholders have expressed on several occasions that they want to be involved and heard in the process and are not arguing for the ability to vote during decision-making. Further, it was pointed out that the informal consultations implemented during the last OEWG are not a substitute for formal participation of stakeholders in the OEWG, which is crucial for the transparency, credibility and effectiveness of the process. Several countries supported giving stakeholders the opportunity to present views and contributions in the official meetings and substantive sessions, as well as during the intersession periods. 

After long discussions, and based on the Chair’s April 2022 proposal, countries finally managed to agree upon the modalities for non-state stakeholder engagement (involving a transparent non-objection mechanism) and to move on with formal discussions. However, despite the Chair’s encouragement that Member States ‘utilize the non-objection mechanism judiciously, bearing in mind the spirit of inclusivity’, over 30 non-state stakeholders were still vetoed from joining the OEWG formal discussions. They included the 150 technology companies represented by the Cybersecurity Tech Accord and the incident responders and security professionals represented by the Forum of Incident Response and Security Teams (FIRST).

The OEWG illustrates an example of an opportunity to benefit from the multi-layered expertise and experience of stakeholders interested in contributing to the discussions being turned into a political contest between states. It could be argued that this contest was fuelled by geopolitical complexities including Russia’s aggression in Ukraine. However, it should be acknowledged that efforts to limit the participation of non-state stakeholders may affect these stakeholders’ future investment in the implementation of the agreements put forward by the OEWG. It is clear that the private sector, academia, and NGOs are crucial for following through with the agreements and their implementation on the national, regional and international levels. Extended disagreements on engaging these stakeholders will also contribute to the substance of the OEWG discussions, eventually decreasing the relevance of the discussions in the global arena.

Muddy future ahead
That is why this is both the best of times and the worst of times for multi-stakeholderism. The enhanced levels of support and attention it receives from national governments may allow for its further adoption in various aspects of ICTs, cybersecurity and technical standards processes and policymaking systems. Yet, in an increasingly polarised global political environment, what some governments label multi-stakeholderism may not be the genuine item at all, but something else that suits their own political agenda. 

As can be seen from the OEWG example, compromises between states are often made at the expense of the non-state stakeholders. Even though the stakeholder engagement modalities included a step towards greater transparency by sharing which states objected to the participation of which stakeholders, such objections may still be employed as the basis for eliminating selected stakeholders based on political decisions. Yet, the efforts of some states to keep certain stakeholders from formally engaging with the OEWG have not decreased the civil societies’ appetite to partake in these discussions. On the contrary, despite their different views on some topics, their motivation to contribute has stayed strong and they stand unified in believing in the importance of diplomacy and of ensuring that member states benefit from relevant perspectives in their deliberations. Calls for robust civil society participation have also been made on other occasions, such as in the format of the UN Ad Hoc Committee on Cybercrime.

Multi-stakeholderism is not perfect and many aspects of its functioning need refinement. It can be inefficient, expensive and slow. In some countries, true multi-stakeholderism may not even be possible because autonomous stakeholders such as civil society may not be allowed to exist. But it is still by far the most open and participatory model that allows for accommodation and consensus building for the widest possible range of views and perspectives. It would be a mistake to criticise its shortcomings and then move in the opposite direction, towards less participation and more top-down power for the authorities. 

Therefore, avoiding the devaluation of the concept of multi-stakeholderism should be seen as a priority. Instead of it becoming an empty buzzword thrown around in official documents, states should find ways to meaningfully engage with stakeholders on international fora. In addition to increasing engagement in multilateral platforms, states should work on substantiating multi-stakeholderism on national and regional levels by encouraging discussions between domestic actors and drawing on their input in states’ official statements.

The civil society, research, technical and industry stakeholder groups must guard against political influence from state actors to revise or reject multi-stakeholderism. This would only lead to the splinternet, where the open, globally connected internet is divided into fragmented networks controlled by governments or, to a lesser extent, major corporations. If that happens, everyone will get less of what the internet has promised, and what each of us deserves.

Any views or opinions expressed in this blog are personal and do not represent those of institutions or organisations that the authors are associated with in their professional capacity.

Published Directions, an inititative by the EU Cyber Direct project coordinated by the EU Institute for Security Studies, November 18, 2022

Thursday, November 10, 2022

[Diplomat] Why Elon Musk’s Twitter Purchase Is a National Security Concern

Why Elon Musk’s Twitter Purchase Is a National Security Concern
Elon Musk’s Twitter deal reveals loopholes in U.S. national security oversight.

Two days before Elon Musk closed the deal to acquire Twitter on the court mandated deadline of October 28, he posted a short videoclip of himself cheerfully carrying a sink into the company’s headquarters in San Francisco, saying, “let that sink in.” He certainly did not waste any time making sure his presence sank in to the company, its staff, its advertisers, and its users.

Besides quickly laying off roughly half of Twitter’s global staff within a week of the takeover, Musk also changed his Twitter bio twice in recent weeks, first declaring himself as the “Chief Twit,” then Twitter’s “Complaint Hotline Operator.” These are hardly just random playful titles he lavishes on himself. Musk dissolved the company’s board and named himself sole director of Twitter just before the acquisition was completed, as disclosed in a securities filing on October 31, and fired the company’s executive team, including its chief executive officer and chief financial officer. In effect, Musk is not only the Chief Twit, but the Only Twit. The company will also be delisted from the New York Stock Exchange on November 8, according to its filing with the U.S. Securities and Exchange Commission, leaving Musk with total control over the privately-held company afterward.

Regarding Twitter’s content moderation policies, Musk said in his tweets on takeover day that he had “not yet made any changes to Twitter’s content moderation policies.” He added that the company would be “forming a content moderation council with widely diverse viewpoints,” and “no major content decisions or account reinstatements will happen before that council convenes.” But with Musk as the sole director and only person in charge of Twitter, he might as well also be the sole “complaint hotline operator” cum content decision-maker, with or without advice from people he will select later. Musk already fired the company’s entire human rights team, the entire “ethical AI” team, and almost the entire communications team.

National Security Implications

Yet, such chaos at Twitter after the Musk takeover pales in comparison to the serious national security alarms that were sounded in the weeks prior the closing of the deal. In a Financial Times interview published in early October, Musk disclosed that Chinese authorities made clear their disapproval of his Starlink rollout in Ukraine and sought assurances that he would not sell Starlink in China (read Taiwan).

Indeed, Musk has maintained a close relationship with senior Chinese government officials, having invited the Chinese ambassador in the U.S. to a test drive in an auto-piloted Tesla vehicle with him. Meanwhile, his Shanghai “Gigafactory” aim to churn out 1 million electric vehicles a year for Tesla, and last year already made up half of the company’s total global output. Moreover, China is already Tesla’s second largest market in the world, after the United States.

China can use its importance to Tesla to leverage influence on Musk’s other businesses, exemplified by the request made to Musk about Starlink, a system supported by SpaceX, another company with Musk as its chairman and CEO. The national security implications of SpaceX and its Starlink platform are obvious, direct, and significant, on top of its deployment in Ukraine and other countries such as Iran, in support of U.S. military or Internet freedom policy goals. But what about Twitter?

Although it is blocked by China’s Great Firewall and is not accessible inside the country, Twitter remains a major target for Beijing’s apparatus of online propaganda and coercion. As recently as in December, 2021, Twitter removed 2,048 accounts that were said to have “amplified Chinese Communist Party narratives related to the treatment of the Uyghur population.” Since the Musk takeover of Twitter and his decision to fire the company’s human rights team, users and civil society organizations have voiced many concerns, including over the possibility of Twitter turning over users’ personal details to China. Chinese authorities already have a track record of detaining people over things they tweeted, including while living overseas.

All these issues combined with a downsized workforce may result in weaker cybersecurity, much higher risk levels and potentially disastrous outcomes for Twitter and all its users.

And there is more to worry about than China. Also in early October, Ian Bremmer, head of political risk consultancy Eurasia Group, wrote to his clients that Musk informed him about a recent conversation he had with Russia’s president Vladimir Putin, just before Musk tweeted to urge Ukrainians to accept a negotiated solution with Russia by ceding Crimea to its enemy. Musk denied Bremmer’s allegation but Bremmer stood by his “honest” reporting.

Despite all these potentially explosive self-disclosures, and others’ allegations, over Musk’s connections and possible vulnerabilities to foreign powers, no action was taken by Washington to scrutinize any national security concerns associated with the Twitter deal. On the contrary, the White House actually came out to emphatically deny any security review. The silence was deafening.

Not Enough Tools for Timely Actions

After Musk completed his deal and released his list of equity co-investors, Senator Chris Murphy called on the government’s Committee on Foreign Investment in the U.S. (CFIUS) to conduct an investigation into the “national security implications” of the involvement of Saudi Arabian investors, who will become the second largest owner of Twitter behind Musk.

However, the scope of CFIUS is limited to foreign investments that may result in the control of U.S. businesses, with evidence that the transaction may threaten national security. Although its investigative power is not time-limited, in the case of Twitter, it may be limited only to the scrutiny of interests from countries such as Saudi Arabia and Qatar, rather than the more critical risks imposed by Musk himself – his own possible conflicts stemming from his business empire, with potential vulnerabilities exposed to China and Russia.

If the Biden administration can be so resolute on U.S. technological competitiveness in areas such as semiconductors and artificial intelligence, to the extent of restricting sales and investments to China for not only U.S. firms but also those from allies such as South Korea, Japan, Taiwan, and Europe, the way it treats Musk’s growing technology empire is grossly inadequate and inconsistent. Consider this: one man, who openly admits his close ties to Chinese government officials, now owns the largest electric vehicle maker in the world, with huge leverage in technologies such as AI, autonomous driving, batteries, robotics, and advanced manufacturing, all areas where China strives to excel; the largest low Earth orbit satellite company in the world, with leading space and communications technologies for both military and civilian use; and one of the largest and most influential global social media platforms in the world. The national security implications here should be clear to see — standalone or combined.

Maybe too much effort has been spent and wasted in Washington on regulating social media and enforcing content moderation by mistakenly focusing on reforming provisions such as Section 230 of the Communications Decency Act. There are obvious loopholes in the U.S. regulatory regimes as far as technology and national security oversights are concerned. In this case, multiple companies in different sectors, with interlocking interests in a global market, are involved, yet there is simply no avenue to demand timely actions. As the Twitter deal demonstrates, national security matters must be looked at in a more holistic way. Changes are urgently needed.

Published: The Diplomat, November 9, 2022

Friday, October 21, 2022

[OPTF] The Next Chapter for Hong Kong’s digital repression: Total judicial cooperation

The Next Chapter for Hong Kong’s digital repression: Total judicial cooperation

In a bizarre case of government censorship aided by the court in Hong Kong, five speech therapists were sentenced to 19 months in jail for “conspiracy to print, publish, distribute, display and/or reproduce seditious publications.” The evidence? A set of illustrated print children’s storybooks depicting a village of sheep resisting wolves invading their village. The judge found that the books were part of “a brainwashing exercise with a view to guiding the very young children to accept their views and values,” and the authors intended to “bring into hatred or contempt or to excite disaffection” against the local and central government.

The case did not involve online content, but it clearly showed that the red line for the freedom of expression in Hong Kong has been lowered to an extremely perilous level, with full corroboration of the court in censoring expression, and indeed, thought, in Hong Kong. Regardless of what they say and how it is said, no expression is truly safe for residents of Hong Kong. The court seems to have determined to guarantee that government prosecution will score a perfect record of convictions. Yet, some activists appear to be determined to keep on going, as one of the defendants in the children’s storybook case said in court, that her “only regret was that she had not published more picture books before her arrest.”

Such will and resolve from civil defenders may be one reason why the Hong Kong government is still planning for a further series of legislative proposals, to be nominally consulted and then most likely speedily passed in what is currently a rubber-stamp legislature, designed to rein in online expression in Hong Kong.

Case in point is the recent consultation for a new cyber-crime law, which has sparked much concern from both the Internet sector and users. For instance, under the category of illegal access to program or data, Hong Kong’s law reform commission recommended that “mere unauthorized access should be criminalized as a summary offense, which does not require malice to be an element of the offense, subject to the statutory defense of reasonable excuse.” The commission also recommended raising sentencing for many offenses from two years to fourteen years. The maximum sentence for the aggravated offense for illegal interference with computer data and a computer system may even be life imprisonment. In short, these proposed changes are about easier prosecution and harsher punishment. 

And a series of other new laws are slated to be proposed, too: a new cybersecurity law “to protect critical infrastructure,” a new anti-misinformation law, and another new law to regulate online and offline crowdfunding activities, an amendment for the local rules for the national security law imposed by the central government, and the preparatory work for yet another new local version of national security law. There are several reasons for the rush for new laws. Such laws targeting cybersecurity, misinformation and also cyber and data sovereignty have already been established in many other parts of the world. In Asia alone, similar laws have appeared in Vietnam, Singapore, Indonesia, India and, of course, China itself, are becoming the norm, putting pressure on freedom of expression for both the users as well as the social media or messaging platforms. Even western democracies are doing the same, and it has become very easy for autocratic regimes to justify their digital repression by claiming to be, first, targeting cyber-crimes and protecting cybersecurity, and, second, that they are only following the examples of western democracies.

The laws can be similar, but it is the level of democratic oversight, judicial independence and the rule of law that will make the difference. In the self-proclaimed “perfected” political system in Hong Kong, with “full cooperation” of the executive, legislative and judicial branches of government, these laws will be passed quickly by the legislature, and once enacted, the court will also likely cooperate with the administration in way of their judgment. 

Under such an atmosphere, those who still choose not to self-censor will face increasingly perilous situations. Another recent case saw the administrators of the Facebook group “Civil Servants Secrets” – who were themselves government workers –  arrested by national security police on possible charges relating to “acts with seditious intention.” What made some of these postings in the group — mostly gossip or grievances about the government as a workplace — seditious? Some messages were said to “promote feelings of ill-will and enmity between different classes of the population of Hong Kong.”

One of the hallmarks of political arrests in Hong Kong is that these cases almost invariably involve the police confiscating the suspects’ mobile phones and personal computers, sometimes both personal and work, to “search for evidence.” In the “Civil Servants Secrets” case, national security police actually raided the government office of the suspect, taking away all their personal and work phones and computers. While the public often asks whether the social media platform, such as Facebook in this case, may have provided information and data to the police, the reality is that the police may not bother with getting such data from social media platforms. Everything is already sitting on the phones and computers of those arrested for the police to harvest.  In this regard, the users’ devices remain the weakest link when it comes to law enforcement abuse. Meanwhile, a number of other Facebook “secrets” pages were “voluntarily” removed to avoid getting their administrators into trouble.

Are these laws, arrests, charges and court convictions silencing activists, civil defenders and journalists? Yes, particularly when the courts are no longer seen to be independent and respect the rule of law. Unfortunately, what happens in Hong Kong is not unique, as digital authoritarian trends are rapidly expanding in Asia and many other parts of the world. What stands out for Hong Kong is only how far it has fallen in such a short period of time, from a relatively free society with a vibrant press and civil society, to a highly repressive regime. May this be a reminder for the rest of the world of the fragility of online freedom of expression, how easily it can be lost. 

Charles Mok is an internet entrepreneur and IT advocate. He was formerly a member of the Hong Kong Legislative Council and founded the Hong Kong chapter of the Internet Society. He is currently a Visiting Scholar at the Global Digital Policy Incubator at Stanford University. 

Published: OPTF, October 20, 2022