Category Archives: Comparative and international policy-making

Conclaves and contention

Michael Den Tandt suggested recently in a CIGI blog post that the international moment called for a high-level mobilization of the best minds in a multilateral venture aimed at guaranteeing a stable information regime at a global level. The parallel Den Tandt mentioned historically is the Bretton Woods conference that set up the postwar international economic order at the end of the Second World War. It is interesting, it should be observed in passing, that contemporary discussions of bold internationalist projects tend to use economic regime creation as an archetype, rather than the arguably more universalist political settlements that bracketed them (you rarely hear calls for a new Dumbarton Oaks…).

There are, prima facie, two fundamental problems with the proposal. The first is that the call for a new round of regime building fundamentally misinterprets the historical moment: Bretton Woods was made possible by the imminence of Allied victory in WWII, while our own time is seeing the rise, not (yet) the dénouement, of fundamental antagonisms and Great Power rivalries. The type of lasting settlement Den Tandt envisions will be up to the victor in these struggles. The second problem concerns the balance of power not among States but between the public and the private sector. The framework of international economic development that was set up by the Bretton Woods system –which has been described by John Gerard Ruggie as embedded liberalism– was decisively smashed by the currency crises of the early 1970s. Many see that passage as the birth of neoliberalism, a new paradigm of public policy that has become hegemonic in the past half century. Under this current dispensation, the State, even the internationally hegemonic State, does not possess the ability to guide macroeconomic development, or to steer technological innovation decisively. Even if the political will for an international consensus at the highest level could be found, it is highly improbable that it could be implemented on a recalcitrant global market.

The disfunctions in the information sphere that Den Tandt decries are undeniable; such problems, however, will not be resolved by simply conjuring into existence a global regulatory regime for which the historical preconditions do not currently exist.

VPN in the Subcontinent

A timely piece in Rest of World on the tightening of regulations on the use of VPNs by the Modi administration in India. In this instance, the enforcement of visibility is carried out at the business level, with a regulatory requirement of customer data retention placed on VPN providers. This new policy may precipitate the exit from the Indian market of certain foreign companies, such as Proton VPN (which is headquartered in Switzerland).

A blanket requirement of data collection on VPN use at the source, such as in the Indian case, strongly suggests that the underlying goals of the policy are the unfettered operation of mass surveillance and a chilling effect on stigmatized activity online, since more targeted and discriminating solutions exist technically to deal with specific forms of malfeasance and lawbreaking behind VPNs. In this case (as in the resort to prolonged internet shutdowns), Indian digital policies can be seen to inhabit a troubling hybrid zone, in which a democratic government acts in ways more readily associated with authoritarian regimes. In general, the hardening of India’s policymaking on IT, including a muscular assertion of its data sovereignty, cannot easily be disentangled from geopolitical considerations (specifically, concern over Chinese influence), but has also undeniably benefited the government’s domestic agenda and its electoral and interest coalition.

Jurisdictional shopping for data

Brexit begins to deliver on race-to-the-bottom deregulation: according to reports from UK-based NGO Open Rights Group, the recent free-trade deal with Japan will allow GDPR-level protections on Britons’ data to be circumvented. Specifically, US-based companies will be able to route UK users’ data through Japan, thereby defeating regulatory protections UK law inherited from the EU. It is interesting to see strategies and loopholes traditionally used for internationally produced goods now being applied to user data.

Enforcement as deflection

Technology policy is often characterized as an area in which governments play catch-up, both cognitively and resource-wise, with the private sector. In these two recent cases, otherwise quite far apart both spatially and thematically, law enforcement can be seen to flip this script by attempting to pin responsibility for social externalities on those it can reliably target: the victims and the small fry. Whether it is criminalizing those who pay to be rid of ransomware or rounding up the café owners who failed to participate in the State’s mass surveillance initiatives, the authorities signal the seriousness of their intentions with regards to combating social ills by targeting bystanders rather than the actual perpetrators. Politically, this is a myopic strategy, and I would not be surprised if it generated a significant amount of pushback.

Elizabeth Renieris

I am catching up on some background reading by (and listening to a podcast interviewing) Elizabeth Renieris, a fellow at Harvard’s BKC and consultant on law and policy engineering. It is rather fiery stuff on privacy as an inalienable right and the scourge of personal data commodification. I think she comes across better in the audio interview, which is also long-form. But, in any case, food for thought on where the bounds for current legal discourse on these topics fall.