Time to think about our tech dependencies
Governments are looking at the fragility of their supply chains but have yet to focus on their tech supply chain dependencies. COVID19 exposes both.
We are living humbling times which have definitely exposed fragilities in our socio-economic models and dependencies.
While we are increasingly becoming aware that we should rethink our supply chains and move towards more distributed supply networks with regards to manufacturing the thinking has not yet reached technology. It seems that the tech backlash has subsided and yet from infodemics to tech giants controlling 99.29% or so of the operating systems of mobile phone announcing a partnership on Bluetooth contact-tracing, nothing has been solved. Quite the opposite.
It is not hard to see how the “surveillance” needed to test, trace and isolate is a heavenly match for the surveillance at scale capability of technology. As I have argued before though, technology is not good or bad, but scale technology funded by advertising revenues possesses some inevitable and worrisome traits. Apple being predominantly a hardware company has been able and willing to take a stronger stance on privacy and it should be lauded for doing so. It is partly this stance which undoubtedly motivated Apple to announce its partnership with Google on COVID-19 contact-tracing technology. When tech based contact-tracing re-emerged as an important solution with COVID19 (epidemiologist Larry Brilliant first suggested its use in 2006 and Bill Gates in 2015), I had two questions: 1) will Big Tech launch their own contact-tracing apps and 2) should governments be the right entity to launch such apps.
Even though (or maybe because) the tech backlash was subsiding, I believed then that a Big Tech company launching its own app would be a double edged sword as in itself it could re-ignite the techlash by ostensibly exposing the power of their surveillance machinery. They definitely had the scale and ability but it was better not to expose it publicly. This was however only one of the issue for them to consider. If one of them would have launched its own global app, how would it interface with governments? How would it treat data requests or feature request from a government wanting to better control the epidemic for public health reasons? What stance would the Big Tech app owner take when these requests inevitably surface.
The second question was one which did not have a global answer. As we can already see, from China to the U.K. there is a whole spectrum when it comes to centralised identities in a broad sense of the term. Identities as in the aggregate attributes that constitute who you are, with the humanist view that not all of them and their interplay can fit into a smart chip. The U.K. and the U.S. for example have both resisted centralised national identities whilst China has gone as far as giving its citizens a social credit score. The US and the UK have nonetheless both instituted credit bureaus assigning credit score to all their citizens. Even though France has a national identity card, the constitutional court blocked the establishment of a limited credit bureau in 2015 So identity is a cultural and national matter with a lot of idiosyncrasies. Even though we live in an interconnected world and the virus knows no border, it is not difficult to understand why COVID19 tracing apps have been deemed rightly or wrongly a national matter. It did not need to be, but the State always feel that surveillance is their business and Google/Apple have acquiesced and supported that prerogative by making its Bluetooth technology only available to governments and governmental health agencies. It is easy to see why as they are regulated by these same governments that they are now so willingly serving. A perfect example of the surveillance nexus Shoshana Zuboff described in her book “The age of surveillance capitalism”.
So Apple and Google did not do their own app, but decided instead to be the servient technology enablers of government epidemiology surveillance. It is a Faustian pact and it is actually not clear who is on what side in this. What will Apple or Google decide to do when a government or governmental health agency decides to submit an app on their app store with an embedded backdoor to the government or a privacy design which does not hold up to Apple’s standard. Will Apple or Google block it or acquiesce? How transparent will the app code base be? Will governments claim for security reasons that they cannot fully open source it? What if a government decides not not use the Privacy by Design standard which Apple and Google so generously provided? Will citizens be told or will Apple as the supranational privacy enforcer (the newly created but not elected World Privacy Organisation) disclose it or block the app.
This contact tracing example just serves to show the enormous power that two firms owning the OS space wield on governments and citizens around the world. And if it is deemed benevolent now there is no guarantee that the CEO or Board of directors of these companies will act as such in the future. As I wrote above, identity and surveillance are shaped by the culture and history of countries. Europe with its experience of the Holocaust has a deeply different take on privacy than the US. Historically and more recently with GDPR, Europe has been and continues to be a leader in privacy and data protection. Its subordination (and that of its Member States) in implementing contact-tracing to two American headquartered firms is problematic. The mobile operating system supply chain (or 99.29% of it) is in the hands of two American providers. The same way we are rethinking our manufacturing supply chains, and looking to diversify them into a more diverse and fragmented supply network, countries should do the same for their tech supply chains. The chains appear bigger but the skillset to do another operating system exist in Europe.
You can be sure that after the Huawei controversy, Chinese engineers are working hard on an alternative to Android. Why wouldn’t Europe and its engineers do the same. France has recently announced €4 billion aid to support its startups, and in doing so allow France to retain an important skillset for its future. Questions on deployment of those funds need to be asked as it is taxpayer money. Should it fund bailing out another adtech, gig-economy platform or a business soon to be bankrupt, or rather help to build a tech infrastructure of strategic importance for the nation? Should it be contributed instead to a pan-European project which would motivate and attract the best tech talent and help regain tech sovereignty? Should European governments satisfy themselves with American companies creating jobs in Europe or should they actually look to create jobs by supporting the creation and staffing of non-American champions powering a new tech paradigm more aligned with they values. Why could Europe create EADS to rival Boeing and now appear only able to sell out its talent and its tech sovereignty to foreign champions? Is COVID19 the last nail in the coffin or the opportunity to water the nascent and promising sprout?
We are now also hearing that immunity certificates are coming in a number of European countries. This is an even more sensitive topic. Should we start the debate now that we have time or wait for Apple ID to power a future immunity certificates around the world?
Time to think technological dependencies.