Chipping Away at the Gray Zone: Is Responsible Information and Communication Technology Possible?
Dr. Serge Droz | November 26, 2019
Dr. Serge Droz is a Cybersecurity Expert at Open Systems
Last summer, the U.S. Federal Trade Commission (FTC) agreed to end its latest probe into Facebook’s privacy issues with a $5 billion payout. This was after several privacy debacles for the tech giant, including the revelation that the company mishandled the private data of millions of users during the run-up to the 2016 U.S. presidential election.
Few technologies have been as powerful as information and communication technology (ICT) — the infrastructure that enables all modern computing. It has reshaped economies, societies, and international relations. It touches every aspect of our lives. While the benefits are enormous, they do not come without risks.
Until recently, many information and communication technology companies have asserted that technology is neutral and not open to ethical debate. Technology doesn't make ethical assumptions and judgments; it responds as it's programmed to respond.
But as more people are affected by the unintended consequences of ICT — from fake news and election hacking to discriminatory AI and misuse of personal data — society is recognizing that ICT is ultimately programmed and used by people and has ethical consequences. Indeed, engineers and programmers make ethical assumptions and judgments that drive ICT. Users can use or abuse technology. This is nothing new. But ICT amplifies bad decisions, as well as good ones, at an often unimaginable scale.
This recognition has ignited a debate among legislators, educators, tech companies, and civil society organizations about the ethical responsibility to teach and expect engineers and programmers to consider deeply what users want and need, as well as the unintended consequences of their work.
Tackling One Piece of the Pie: Data Security
One particular focus for improvement through oversight and laws is data privacy. When cyber criminals, or even technology companies themselves, can access and manipulate sensitive data, it increases the risk of unethical behavior that can lead to misinformation, theft, character defamation, or other acts that can have societal ramifications.
The tech industry has opened the discussion through initiatives such as the Cybersecurity Tech Accord and Charter of Trust that call for binding rules and standards designed to build trust in cybersecurity and serve as a starting point for dialogue and action among stakeholders.
The European Union (EU) has also made great strides with the recent passage of the General Data Protection Regulation (GDPR) act that harmonizes data privacy laws across Europe, protects and empowers EU citizens in regard to data privacy, and reshapes the way organizations across the region approach data privacy.
The United Nations: Developing New Norms
On a larger scale, nation states are faced with broader challenges concerning security in the use of ICT. Cyberspace and who has the right to control it is still murky, much like the early days of maritime law when the world’s oceans offered seemingly limitless opportunity but were fraught with criminals — then called pirates — and competing national interests.
The United Nations (UN) has attempted to address how to apply international laws through the creation of the UN Group of Governmental Experts (UN GGE) and the UN-mandated working group called the Opened-Ended Working Group (OEWG).
The UN GGE was originally founded in 2004 to examine the impact of ICT on national security and military affairs but since has become the main organizational platform for discussing the many challenges new technologies raise. Made up of a smaller number of member states, the process had a slow start with the first group of experts unable to reach agreement on a consensus report. Subsequent groups were more successful and did agree that cyberspace should be governed by the same international legal principles that govern physical spaces. Since then, the question of exactly how those principles apply to ICT has proved much harder to answer. As of 2017, the fifth group of experts was unable to reach consensus. Currently, a new group is taking up discussions in Geneva.
Subsequently, a UN OEWG was created to address the challenge. An OEWG is a larger group of member states — any of the 193 UN members can participate in its deliberations — and is often considered more democratic simply because it includes more participating members. However, as of yet, no demonstrable progress has been made and splitting the UN groups in two may have made the debate even messier. The OEWG is supposed to include voices from non-state actors — in particular, civil society — but has so far failed to open hearings to include these groups.
Questions about who should own collected data, how it should be used, when consent is required, and who is accountable are yet to be answered.
Although many groups and nation states are attempting to answer these important challenges, enforcement will still prove difficult and many poorer countries may be unable to comply as data may be stored and managed outside the regulating country.
What the Future Looks Like — Making it Personal
ICT is now the critical infrastructure of our times. It is helping create opportunities in areas as diverse as human development, healthcare, education, and economic development.
To take advantage of its many benefits, we must also take responsibility to protect ourselves against its disadvantages. We must all exercise personal responsibility and good security hygiene to protect our networks and devices. Simple measures include password etiquette; securing social media and email accounts; storing data securely with proper backup procedures; updating our computers, devices, and applications; and being on guard for phishing and spear-phishing emails.
While these practices may not address some of the thornier ethical dilemmas facing ICT today, like unconscious bias or political malfeasance, they can provide empowerment and increased security for the average individual and company.
Technology doesn’t stand still and neither does civilization. We must all participate in addressing the broader norms, educational and regulatory expectations, and individual measures that will help keep ICT a valuable tool in our hyperconnected world.