February 28, 2020

_LR_0140-optimized-web.jpg

Former Estonian president Toomas Ilves wears his signature bowtie
Toomas Ilves spoke on “Cybersecurity, the Digital State, and Democratic Governance.”

Every country, regardless of size or capability, wants to develop. Cyber resources can help governments support and expedite this process more efficiently. But how countries develop and scale technology raises a number of pressing policy questions around privacy, transparency, security, and digital identity—all of which were discussed when SIPA hosted the George W. Ball Lecture and Niejelow Rodin Global Digital Futures Policy Forum on February 21.

In this year’s lecture, Toomas Ilves—a former president of Estonia and SIPA’s George Ball Adjunct Professor for Spring 2020—spoke on “Cybersecurity, the Digital State, and Democratic Governance.” Ilves, who led his country from 2006 to 2016, discussed the challenges of digital transformation amid the Baltic nation’s embrace of independence in the post-Soviet era.

The relatively small country saw substantial, rapid change as the government worked to digitize every aspect of citizenship, from medical records to voting registration, propelling the economy into overdrive in the process. By contrast, Ilves said, the United States is home to the world's largest tech companies, yet has not been able to connect its citizens to their government in the same way.

“In my country there are only three instances when an individual interacting with the government or public services needs to show up in person,” Ilves explained. “To get married, to get divorced, or to transfer physical property.”

Ilves suggested that a government’s ability to competently perform civil functions will increase the trust its citizenry has in it. How governments and industry leverage this trust and shape policy around this transformation was the theme of the Digital Futures Forum that followed Ilves’s lecture.

Valeri Khan, a cofounder and vice president of the nonprofit organization Digital Equity, joined a panel on “Digital Identity: A Development Agenda” with speakers from FinEquity, USAID, and Columbia’s computer science department. Among other comments, Khan summed up the importance of digital identity in developing countries.

“Digital identity is the foundation to the digital economy and digital transformation and the foundation of all of our problems when it comes to our data,” she said. “This is the opportunity to lift people out of poverty with the digital economy.”

In his presentation on “Mapping Data Flows and Transparency,” SIPA research scholar John Battelle focused on privacy. Along with a group of student researchers from SIPA and Columbia Journalism School, Batelle recently launched a project with the same name that investigates the terms of service of the largest tech companies that collect data. Their work revealed that, through the many terms of service that typical users ignore with a click or swipe, a quasi-government is being formed.

“We are already under a default internet constitution,” Batelle said. “It has never been ratified. It is hard to read. It is the terms of service that you click through. This is the governance model.”

Digital transformation is often accompanied by new threats to security. Conflict in cyberspace primarily operates at a threshold just below physical war or complements war currently happening; that lack of continuity amongst allies who combat such attacks can leave relationships in peril.

With the exception of the “Five Eyes” [FVEY, the intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States], Ilves said in his lecture, “there is little communication and cooperation in the digital world and informational space.”

In a panel on “Pursuing Digital and Cyber Peace,” the SIPA scholar Jason Healey moderated a discussion among experts from the UN, International Committee of the Red Cross (ICRC), CyberPeace Institute, and government of Montenegro. They discussed why data must be protected not just against non-state hackers, but what Ilves had called “algorithmic authoritarian powers.”

“Is data an object?” asked Chris Harlan of ICRC. “If you are looking to protect things related to people [covered under the Geneva Convention] then things such as medical records are worth protecting in armed conflict.”

The most complex issue in cyber war is determining attribution and then a country’s response once it is determined. Naming and shaming in international affairs is a common approach, yet has some unintended consequences.

Healey, coining a new term for all but the final step of full attribution, said, “If you want to attribute but don’t want to go all the way to attribute, then you ‘attri-but.’”

As the epitome of dual-use technology, cyber has wide-ranging implications for developing and advanced countries alike. To balance the consequences, policy makers must be well informed and forward thinking.

— Daniel E. White MPA ’20

See the complete list of panelists at the 2020 Niejelow Rodin Global Digital Futures Policy Forum.

Watch Toomas Ilves's Ball Lecture

2020 Digital Futures George W. Ball Lecture - Toomas Ilves