December 15, 2022

US-EU Data Privacy Framework Moves Forward

The European Commission published a “draft adequacy decision,” about the EU-US Data Privacy Framework. In a largely unheralded but highly consequential decision, the US committed itself to privacy protections for European citizens in an October Executive Order from the Biden administration. The European Commission concludes that the new U.S. protections provide comparable safeguards to those of the EU and ensures an adequate level of protection for personal data transferred from the EU to US companies. The opinion was published and transmitted to the European Data Protection Board (EDPB) for its opinion. The agreement still has a ways to go; it could be challenged to the European Court of Justice and may not be fully approved by the European side until the middle of 2023.

Musk Succumbs to Polarization

Elon Musk continues to roil the Twitterverse but his interventions have taken a sharp turn rightwards, raising concerns that his promise to make Twitter a freer and more even-handed space is being coopted by right wingers looking for payback against the “libs” who dominated its content moderation policies before Musk. On December 10, Musk maligned his former head of content moderation, Yoel Roth, by falsely suggesting that his PhD thesis about Grindr advocated “children being able to access adult Internet services.” Musk went even further off the deep end when he tweeted the next day “my pronouns are Prosecute/Fauci,” rallying a favorite (and increasingly irrelevant) trope of the 2020-vintage Trumpian right, which demonized the public health establishment as part of a control conspiracy. While it’s true (as we have argued extensively before) that Twitter’s previous editorial policy reflected a left-right power struggle in which the left had the upper hand, one doesn’t improve the situation by pushing the environment toward the other extreme. Musk is now just inflaming and rallying the rightwing outrage constituency that fueled demands to over-regulate content in the first place. Both left and right are now claiming that they are besieged by death threats.

Tiktok is Trending in Republican State Capitals

The idea that Tiktok is a danger to “national security” has no basis in a serious cybersecurity threat analysis, but Republican conservatives find it an increasingly useful way to establish their anti-China, anti-trade, nationalistic bona fides. Nearly 10 states, all led by conservative Republicans, have issued executive orders or proposed laws to ban the US-based app owned by a private company in China. Nebraska first banned its use by state workers and agencies in 2020. In a December 12, 2022 news release, Utah Governor Spencer Cox became the latest Republican to prohibit state employees from downloading or using the TikTok application on any state-owned devices. On December 7, Texas Gov. Greg Abbott banned TikTok from government-issued cell phones and computers. South Dakota, North Dakota, Maryland and Alabama have all banned the use of TikTok on some government devices. Georgia and South Carolina are also exploring similar measures.

Now a nationwide ban is brewing in Congress, even as the White House continues to iron out a security deal. On December 13, Senator Rubio (R-FL) and Congressman Gallagher (R-WI) introduced a bill that would require President Biden to use the International Emergency Economic Powers Act (à la Trump) to ban TikTok from US networks entirely. The consequences of transgression outlined in section 206 of the Emergency Economic Powers Act (50 U.S.C. 1705) are severe.

The Congressmen’s laundry list of risks is backed by no evidence. But China fearmongering in Washington seems to have reached unprecedented levels. In their Washington Post OpEd, Senator Rubio and Rep. Gallagher urge Congress to “act before it’s too late” as if TikTok was some kind of extinction event coming from outer space. What used to be a “tech cold war” only a couple of years ago is now described as a full-fledged Cold War that “could turn hot over Taiwan at any time.” Ironically, this kind of inflammatory rhetoric is, without a doubt, a bigger threat to national security than TikTok.

In the meantime, it is useful to recall this March 2022 story about how Facebook hired one of the biggest Republican consulting firms in the country to orchestrate a nationwide campaign against TikTok. It wasn’t the first time, and it won’t be the last, that private interests exploit national security fears to advance their agendas.

AI and Attribution

ChatGPT, the latest user-friendly OpenAI system based on a newer version of the GPT large language model, took the web by storm the past few weeks. In doing so, a technology increasingly important in the digital economy but long obscure suddenly is being experimented with by millions, raising accompanying delight, shock, and concern in the capabilities it enables. One such audience consists of academics who are wondering aloud if the death of the college essay is nigh. How will teachers know the student from the loop? Provenance of AI generated content and attribution of content to specific large language models is a hot topic beyond academia. Artists are concerned about their works being ingested by models as training data; states have long been worried about AI being used to easily create virally distributed misinformation. It would be easy to overreact just as generative artificial intelligence is expanding commercially. But there is plenty of private sector based governance in this area. For example, OpenAI is looking at techniques to statistically watermark content produced by their models. Moreover, platforms that might be used to create or propagate data are also developing standards and norms about content authenticity and provenance, and building tools to facilitate easier and cooperative content identification. Where there is value generated from data or its management, platforms are certain to identify it. How it is distributed among interested parties is an ongoing debate.

India’s e-Rupee experiment

The pilot on wholesale e-rupee is now expanded to a retail version as of December 1st. The wholesale version was being piloted with the help of nine banks for settlement of secondary market transactions in government securities. The pilot for the retail version will cover four cities – Mumbai, Delhi, Bhubaneswar, and Bangalore in four phases, where each phase will include more cities and add additional banks to the intermediary list. E-rupee is centralized. It will be handled by the Reserve Bank of India (RBI) and distributed via selected intermediaries – Banks, both state owned and private- using their digital wallets, in a closed user group. However, the RBI governor Shaktikanta Das, presented a conflicting statement in a press conference on December 7th, stating that “..[e-rupee] will move from one person’s wallet to the other person’s wallet without the intermediation of the bank.” It will be treated as a legal tender and will be exchangeable one-to-one with fiat. Both peer to peer (P2P) and peer to merchant (P2M) transactions will be feasible. The RBI highlighted that e-rupee will be for most parts, similar to physical cash. It will be issued in the same denominations and will not be interest- bearing. Though it can be converted to other forms, like bank deposits.

So far, the narrative used for the push has remained consistent. The motivation, as stated by RBI, is that of achieving systemic efficiency, financial inclusion, pushing innovations in payment space, and mitigating risks from private virtual currencies. However, the design doesn’t talk about anonymity, monitoring, tracking, or record keeping of these transactions. It has been made clear that the project will be centrally controlled by RBI but has no mentions of the data retention aspect of these transactions. Transactions using fiat currency are anonymous for most parts. Will the e-rupee maintain that? What’s also interesting is the service will be offered by intermediating banks which also offer services using Unified Payment Interface (UPI) which enables instantaneous bank to bank transfers. UPI transactions are done using bank deposits; e-rupee wallets will use digital currency. How different they will be is still not clear. Both these modes will be in competition and this will affect the adoption rate of e-rupee. Specially since parking money in a digital wallet will not earn interest and the convenience of payment will be similar, if not better. Several analysts have pointed out that UPI has a first-mover advantage. But both are state-backed services (or “public goods” as NPCI puts it) and not market products. The motivation listed for development of UPI were also to increase systemic efficiency, security, financial inclusion and innovation in the payments space. It has, to most extent, satisfied these expectations. There can be serious setbacks to the adoption of e-rupee. And it wouldn’t be dissimilar to adoption challenges being faced by other countries.