The year 2023 was a notable one in digital governance. A retrograde tendency by nation-states to pursue “digital sovereignty” peaked in Europe, China and the U.S., leading to numerous governmental barriers and restrictions on data, networks, computing devices and software applications. Meanwhile, breakthroughs in natural language AI applications convinced the world that chatbots were harbingers of human extinction, prompting many of the world’s governance institutions – UN agencies, the EU, Congress and the Biden administration and the Communist Party of China – to rush to “regulate” AI. Since both trends were based on faulty premises and are producing policies with conflicting or destructive effects, we can confidently predict that both the digital sovereignty and the AI regulation trends will abate in 2024 and beyond, as we dial down the hype and observe the results of these interventions.
IGP began 2023 with the release, on January 9, of its high-impact report, “TikTok and U.S. national security” – the first serious challenge to the portrayal of foreign-owned digital services as threats to national security. The report led to coverage by CBS and CNBC, a debate sponsored by the Intelligence Squared podcast, and a citation in U.S. Senate debates. IGP also helped to expose the problematic nature of CFIUS’s attempt to put a US government-run corporation in charge of all TikTok user data, ironically giving Americans’ own government the very same powers of surveillance and content control U.S. politicians accused the Chinese government of having over ByteDance’s non-Chinese operations. While several states have moved to remove the app from government facilities, it’s clear now from court decisions that an outright ban on TikTok is not constitutional. The U.S. government, however, still has Executive Orders in place claiming that: “The unrestricted acquisition or use” of ICTs “designed, developed, manufactured, or supplied by persons owned or controlled” by foreign companies “constitutes an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.” Few seemed to notice that this was a complete reversal of 4 decades of US policy promoting trade liberalization and free markets in ICTs. Indeed, the RESTRICT Act, which would give the federal government sweeping and arbitrary powers over the use of ICTs, still hovers in the antechamber of the US Congress. Our 8th Annual Workshop took up this topic in its broadest sense, convening a diverse group of experts to consider the question, “What is ‘national’ security in a globally connected economy?”
Perhaps the most egregious demonstration of the pathologies of digital sovereignty was the EU’s e-IDAS regulation. Article 45 is intended to force global browser and software vendors to trust the digital certificates that meet European regulations, creating risks of jurisdictional fragmentation of the Web’s trust architecture and the risk that this power will be abused by state actors looking to spy on web users. Those concerns were heightened by legislative proposals in the UK, India, the EU and the US that would break or limit the use of end-to-end encryption. The EU e-IDAS action came near the end of IGP’s research work on Web PKI as a private sector-led global governance regime; our work illuminated the ways e-IDAS would rob the actual operators of the Web of the ability to decide for themselves what certification authorities are trustworthy and act rapidly to mitigate threats from those who are not.
The CHIPS and Science Act, also motivated mainly by US-China rivalry, was passed in late 2022, but its effects only began to be felt in 2023. The Act’s subsidies for building or expanding domestic fabrication facilities did attract many (promises of) new investments, but the success of these hothouse promotions in the real-world market remains to be seen. Further, the political “guardrails” designed to limit the ability of companies receiving CHIPS Act incentives to trade with “countries of concern” (i.e. China, one of the biggest markets for chips) has deterred many potential investors. The digital sovereignty trend also took hold in India, with the government throwing its weight behind a “digital public infrastructure” integrating biometric identification, payment systems and data governance. Our detailed report on this, “India Stack: The Public-Private Roads to Digital Sovereignty” was released in August.
2023 was also the year that everyone and anyone became experts on the social impact of Artificial Intelligence (AI). Few realized that AI is not actually “a technology” but an umbrella term for thousands of different data-driven software applications based on machine learning. Fears of “human extinction” from AI peaked around the time the film “Oppenheimer” was released, yet despite that fortuitous timing, no one seemed to heed its implicit message. Oppenheimer’s powerful demonstration of a truly destructive new technology, and its dramatization of how and why technological capabilities capable of threatening humanity really do come about (hint: it has something to do with nation-states and military competition) could have provided valuable perspective on the AI debate. But it didn’t. Be that as it may, IGP is cooperating with the IAEA on research exploring the (alleged) use of AI in influence operations about nuclear emergencies. Next year we will also be doing research on property rights in AI models and data, and a paper debunking the myth of an artificial general intelligence (AGI).
The rise of digital money was also a feature of 2023, but here again the story was largely one of regulators and central banks intervening to preserve the sovereigntist status quo, either by restricting and regulating cryptocurrencies, or by developing and promoting Central Bank Digital Currencies (CBDCs). In May, July and December, IGP published a 3-part series on digital assets, covering regulatory developments in the U.S. and the progress of CBDCs. Our work in this area will continue in 2024 and beyond.
And we’ll continue to resist the de-globalization and militarization of cyberspace.