-
All right, let’s get started.
-
Fantastic. First of all, let me just thank you for this opportunity to meet with you. I think you already have a sense of what we’re trying to do here in collaboration with Jason, and in particular with 安碁 and Maverick…
-
I don’t know if I’m pronouncing that correctly.
-
That’s fine.
-
Maybe, Audrey, it would help because it’s been a while since we spoke, maybe I just give a broad overview again of the project topic and objectives.
-
I understand the motivation and where you’re coming from, basically. Where you’re at now?
-
Exactly. One of the foundational premises of the project that we’re trying to set up here with Taiwanese support in Oxford is this understanding that we have that cybersecurity issues have a fundamentally political and geopolitical set of motivations among many of them.
-
I know that this is the kind of argument that for someone like you is very self-evident. What’s striking is that there are few, if any, systematic research and teaching programs at a global recognized university like Oxford that is dedicated to these issues.
-
It’s something that I find especially striking as a political scientist and international relations specialist who has been working on cyber issues, in my case, for 15 years. It’s striking because when you look at the way that technological threats are now affecting the integrity of democratic elections…
-
Tell me about it. [laughs]
-
…including, of course, in this country…
-
Yup.
-
…the way that these threats are affecting basic infrastructure, economic infrastructures, transportation infrastructures.
-
The way that – this is now my own particular view – geopolitical contenders, like China and Russia in particular, that are challenging the liberal international order, are increasingly using the vulnerabilities of cyberspace to pursue their political and geopolitical purposes.
-
In this regard, it’s especially notable to emphasize the evolution in the Chinese threat, as I see it. China has long been the world master at stealing intellectual and military secrets online, but that threat evolution is changing. What we can observe, and again, you guys are at the front lines of this observation in some ways, is that China is increasingly using cyberspace in a way that Russia has been doing for quite a while now.
-
They’re sharing their playbooks, basically?
-
Exactly. They’re taking some pages from the Russian playbook in ways that I think are very worrisome. We see this, for example, illustrated in various social media information campaigns conducted in this very country in election context.
-
It’s a very opportunistic strategy. They go in and they try to exacerbate preexisting social and political divisions in order to weaken countries from within. This is quite striking to me, because some skeptics would say, well, you can’t use cyberspace to conquer territory or to even coerce state behavior.
-
That might actually be true, but as I say, those are the right answers to the wrong questions, because what we should really be looking at is how this digital activity is weakening countries from within in order to debilitate their foreign policy positions.
-
Surely, how some countries use cyberspace to defend their territory very successfully as well? [laughs]
-
As well, exactly. That’s where countries like Taiwan and Estonia is a very prominent example, the United Kingdom to a great extent is another example, come to the fore.
-
It’s also important to emphasize that what we’re really interested in investigating is not just the security and defense aspects of these issues, but also what I like to call the sunny side of cyberspace, which is, of course, all the benefits, social, political, economic that come from the increasing digitization of the government and society. Of course, that brings vulnerabilities. The two go hand in hand.
-
That’s another one of the foundational premises of the world that we’re trying to establish in Oxford is this notion that if you’re going to have the benefits of a digital society, you better really prepare and think seriously about the vulnerabilities that that invites and what you’re going to do about them.
-
That requires a close and deep understanding of the political and geopolitical motivations of the threats and how those threats are evolving in response to those motivations.
-
I’d say you’re actually talking about democratic resilience.
-
That is to say, the threats are going to come from both inside and outside, and if we can design the systems, meaning the political systems and all the systems related to that right, then the system becomes resilient or even anti-fragile.
-
Your core argument is that if we do nothing, the status quo – the business as usual – isn’t like that.
-
Exactly. This is where again it becomes really striking to me as a political scientist. I have to say one of the very few political scientists and international relations specialists focusing on cyber and digital affairs, it’s actually quite rare.
-
There isn’t really even a field of cyber studies that is firmly established within the academic literature and within educational programs at the university level. This is something that I and a few others who work in the field have been trying to change for many years.
-
What I think we lack is precisely what, in collaboration with Jason, Acer, the Acer community, and we very much hope, as well, you Audrey, is this kind of systematic foundational initiative.
-
Maybe, Lucas, you can talk a little about the policy lab that…
-
Indeed. Another of the foundational premises of this work is that the research that we do shouldn’t just end up in esoteric academic journals that only scholars read. We think and strongly believe this should be work that should be influential in the world of policy making.
-
One of the ways that we’re trying to set up an environment for that to happen is what in Oxford we call knowledge exchange, which in the case of this specific project involves setting up what we’re calling a policy lab.
-
We’re proposing to hold at least one big, yearly workshop where we gather not just academic specialists, but also crucially, practitioners, leading practitioners in both government and private industry, put everyone together, and run panel discussions, simulation experiments, testing ideas and evolving policies in response to major crises and challenges in a realistic setting.
-
That would generate data that can actually be valuable for the research, and then to produce scholarly works that try to engage directly with that world of practice. For example, in these policy labs, what we hope to do is create reports that summarize some of the main findings and propose policy recommendations.
-
If that kind of an effort is to succeed, then we clearly and absolutely need the support and participation of some of the leading people such as yourself working in government in a country like Taiwan that is doing so many innovative and interesting things.
-
I understand you’re in the midst of a change yourself here in terms of setting up…
-
For a while now, but yeah.
-
I’ve said quite a bit…
-
Maybe one more thing that, Lucas, you can mention. Talk to Audrey a little bit about what you have been observing in NATO and also the conferences that you’ve been to, especially with the ones that address cybersecurity threats, and how you envision…
-
As you know that Audrey will be setting up the new digital…
-
Let me give you some “moda” stickers.
-
Maybe you can share with Audrey what you have been observing and learning from this.
-
Sure.
-
Just a second.
-
Maybe after that, Audrey, you can share with us about your current status and progress.
-
I’m going to take more than one sticker, if that’s OK.
-
Take more for Nick and…
-
Spread the message. Nick.
-
We’ve got a souvenir for you.
-
The new ministry.
-
“Digital” and “Plural” is the same word here, 數位.
-
You probably know this – “moda” means style in Spanish.
-
I know – “Taiwan Moda” sounds stylish.
-
It’s a great play on words.
-
I just returned from Bellagio. It also means that in Italy, like fashionable.
-
OK, fantastic. This is great brand building. It’s actually the experience that you’re undergoing and overseeing in this country, is actually now become quite a regular experience. There have been a number of countries that have attempted to do what you’re doing in one way or another.
-
One of the interesting aspects also of the work that we’re proposing to do is to look at how different countries have organized their national cyber establishments.
-
One of the things that I’ve noticed in my preliminary research and also working with others and understanding what the emerging literature on this question is, is that different countries have come up with different models for how they do that, unsurprisingly, and so we can already begin to differentiate some models.
-
Some of the basic differences that I have observed, to address Jason’s question, is the difference between large countries like, say, the United States and Britain, and smaller nations like Estonia, for example.
-
What we’ve seen is that large countries tend to have a diffusion of competencies for cyber and digital affairs across various government departments and agencies, which perhaps makes sense in a national context involving a diversity of interests and demographics and a sprawling government administration.
-
This is very clearly the case in the United States, where you have these competencies for policy making distributed broadly across the Department of State, Department of Defense, Homeland Security, National Security Council, and so forth.
-
The States, too.
-
In the United States.
-
Yeah, and also, devolution.
-
Certainly, when it comes to the protection of the election infrastructure, because in the United States, you have a state-based, highly fragmented environment, that means that indeed…
-
And the data regulations are different state by state.
-
Exactly. There isn’t an overarching policy framework for the digital economy.
-
There’s no equivalent of the EU Data Acts.
-
Exactly. Yet what we see in the experience of small innovative countries like Estonia – and you’ll have to answer this for me, but my sense is that Taiwan is clearly moving in that direction, and in a sense is already there – is you see that there’s been more of a centralized approach.
-
What I mean by that, I mean that there has tended to be a single personality or institution that has the competence in the government to oversee the organization of the data economy and cybersecurity efforts.
-
That in itself is interesting, because those two broad sets of policy activity are often apart. They’re set apart.
-
They speak different languages, like literally.
-
They speak different languages, exactly. They speak different languages. Often, the people who work on digital economy don’t like to even use, in my experience, the word cyber, because it has the security and defense connotations.
-
And the word “crypto” means two different things. [laughs]
-
Exactly. To a computer scientist, it’s the cryptographic protocols to protect data integrity, and then for…
-
For the digital economy folks, it means just digital signatures.
-
It’s totally different, yeah.
-
Jason surely knows about this…
-
…as the crypto congressman.
-
(laughter)
-
Yeah, exactly.
-
Just the signature part, not the encryption part. Bitcoin never encrypts anything. [laughs]
-
Right. Returning again to the case study, because personally, it’s a fascinating case study, you have, for example, a person that I know very well, Luukas Ilves, the son of the longtime president, Toomas Hendrik Ilves, who serves as the government CIO.
-
You have someone who has the policy responsibility to be the Chief Information Officer of the republic.
-
I have discussed at length, both with Toomas and with Luukas.
-
What’s also interesting about the Estonian case, which illustrates the differentiation that I’m making here, is that that’s the same ministry that oversees not just the digital economy, but also cybersecurity.
-
Of course, there’s also an important set of competencies that reside in the Ministry of Defense and even in the paramilitary Defense League, but it’s all overseen and orchestrated from the Ministry of Economy and Communication.
-
There’s a single architect, basically?
-
There’s a single architect and there’s also a fusional approach. What they insist, it’s kind of like a design principle, that we’re building a new software for government, and they said there’s the digital economy and there’s cybersecurity and defense.
-
What they learned very clearly from the 2007 cyber attack experience is that you cannot separate the two sides of policy and the two sets of interest no matter how differently people in each set might view things. That’s why they’ve had this overarching approach.
-
A small country like Estonia can really pull it off in a successful way, but in the United States, you go to the Cyber Command people at the Pentagon and ask them about the digital economy, they will have a very different understanding, if any understanding, about what that might entail.
-
We’re at a point in the development of what I call cyber studies from a research perspective where we can really start differentiate some different national models for how to do this organization.
-
That has to do with a number of variables, differences in political culture, demographics, geopolitical situation, the extent and type of digitization of the economy, and also various institutional path dependencies.
-
This strikes me as an area that is amenable for serious and systematic analysis. Again, so few people and projects, if any, really do that, which is why we consider that what we’re proposing to do in Oxford is really quite path-breaking and innovating.
-
Yes, of course. [laughs]
-
I think this isn’t a message that comes across to you with any difficulty, right?
-
No difficulties at all.
-
(laughter)
-
It’s “moda”. Fashionable.
-
Indeed. I feel I really have to emphasize this point, Audrey. This is fashionable and self-evident for people like us in this room to discuss it, but then…
-
Outside.
-
Outside…
-
I usually show them Diia, the Ukrainian app, which has been turned into a crowdsourcing, or crowd intelligence, for lack of better term, and it also serves the displaced persons internally, externally, like aid, vouchers, and so on.
-
It’s evident that it’s the same infrastructure. The cyber for e-government and the cyber for defense is exactly the same infrastructure, and Diia is a living proof.
-
I think many different scholars are paying attention to the Ukrainian example, which is this living example that the case you just made, which is the previously disjoined departments of cybersecurity, of counter-disinformation and countering information manipulation, and of e-government infrastructure in general, as evidenced by Diia.
-
If they don’t get divided, they don’t get conquered. [laughs] That is, I think, a little…
-
What does Diia stand for?
-
D-I-I-A is the Ukrainian…
-
Like digital ministry or something?
-
It’s an app.
-
Oh, it’s an app.
-
It provides digital signatures, here you can blink or smile to sign an electronic document.
-
You can do e-participation too. There is a very much a portal like our Join.gov.tw. The Ukrainians also do transparent procurements, public access and analysis, and so on.
-
The app is in the form factor of a mobile wallet that can hold your driver’s license and all sorts of different licenses. This is something Jason tried to advocate for, in his draft of digital economy basic act. Right?
-
Yeah.
-
It is to make something like that possible.
-
The Ukrainian example shows that it is actually useful in war in countering disinformation in broadcasting Eurovision to people to boost their morale. I’d say it’s an all-in-one evidence. Whenever I want to talk to people about the importance of an interdisciplinary service studies program, I would point to something like Diia.
-
It’s very interesting, Audrey, that you’re saying this because I was recently just a few weeks ago in Tallinn. There was a big NATO conference, the CyCon. It’s a yearly event. As a prelude to that conference, we had a smaller workshop involving various European and international cyber scholars.
-
We had Victor Zhora join us from Ukraine. It’s straight from the frontlines of the cyber conflict there and, of course, the tragic war going on in his country. He made some very similar points to what you just said, where he’s saying, “Look, actually, we’re having some success in fending off the Russian information campaigns.”
-
I think the point that you’re making is very much a valid one. What’s going on in Ukraine will help to, I hope, spur some interest in further studies.
-
But, this is a disconnect in a way I’m getting at here. There’s a lot of demand from below. Certainly, if you look at the student level, students that are applying to Oxford to look at cyber and digital affairs from a political and international societal perspective. There’s a lot happening on the ground in terms of case studies and data to analyze. What’s really missing is the supply.
-
Yeah, I know.
-
That’s the problem.
-
They’ll have to join the Ukrainian IT Army, and learn from the battlefield?
-
Basically.
-
(laughter)
-
They’re basically… Let’s imagine you are an aspiring PhD student in political science and international affairs and economics. Take your pick of a social science discipline. You want to spend four years or so writing a thesis in this area. Where are you going to go, and who are you going to study under in the absence of any systematic research initiative?
-
Might as well fight a war instead?
-
You might as well go and join the frontlines in Ukraine to get that training.
-
To get that experience, yeah?
-
We’re being facetious, [laughs] but there’s almost a certain element of truth in that statement. Again, what we’re trying to do, and we regard this as very much part of our mission statement, is we’re trying to provide those networks of support and those resources.
-
Audrey, tell us a little bit about the current status of the modalities. We’d love to learn, or at least Lucas and maybe Nick on the line would love to see how they can be of help and support to you as well. I, obviously, very supportive all the time .
-
It’s very transparent. We have already written about our overarching goals. There are three of them:
-
- 建構數位服務跨域協力典範,增進政府效能與韌性運作;
- 完備數據公益生態制度及應用,拓展個人資料自主運用範疇;
- 促進跨國公民科技與資料民主化的共同發展,落實智慧國家願景。
-
They are in the policy direction guidelines for next year’s administration.
-
There’s basically three things that we’re focusing on as Moda’s work beginning later this year, certainly, once the parliamentary session starts in September, but also throughout next year. To translate very quickly, there are three main targets.
-
Now, the first is indeed democratic resilience, to make sure that we work across sectors to not just secure our digital services, but also make more effective refactoring, I think that’s the English word, so that it can work on, for example, the common basis of public code and so to make it much more resilient. It also encompasses the communication layer as well.
-
You can imagine, fiber, satellite, microwave, and so on. A plurality of ways to communicate. This is directly inspired by Diia and the Ukrainian experience.
-
Democratic resilience is the first thing.
-
Then second thing is I think the EU term for that would be data altruism, like data for public good. Because in Taiwan, and Jason knows this very well, we have one of the largest and longest going data altruism project, the national health insurance database.
-
The NHI database powers a lot of, not just medical research or academic pursuits, but actually is served directly to an app, the NHI Express App enjoying 10 million active users now. A lot. During the pandemic, where people used that to pre-order mask, to get vaccination, to procure rapid testing, to donate excess mask quotas to international humanitarian aid, and to do a lot of things.
-
There’s a lot of civic tech people collaborating with the national health insurance people to make sure that there’s all sort of prosocial uses. As part of our national health mandate, it must never be used for, for example, targeted advertising, or really any commercial uses. This must be for public good only.
-
This fits perfectly with the data altruism idea advocated by MyData Global and many other folks in the EU. We would like to see our NHI model, or nowadays called the Taiwan model, extended to more places around the world, but also within Taiwan, more sectors.
-
For example, the cabinet just yesterday passed this 運動 x 科技行動計畫 with 數據公益平台 for sport activity – including recreational sport – but also competitive sport’s data altruism platform project.
-
The national health insurance platform is mostly medical and public health. For sport, that’s already other sets of data being collected and reused, and the ethical use of those data in a way that doesn’t hurt privacy, but that fosters co-creation of better exercise habits. I personally can really use that.
-
That’s the data for good, our data altruism pillar. That’s the second thing we’re focusing on.
-
The third thing is more ambitious. It’s called “international civic tech and data democratization.” That refers broadly like the EU data governance and market acts, toward nowadays we call it plurality, but we have this idea of community-bound tokens – Ethereum and other participating distributed ledgers – where it can shape proof of participation, of affiliation, and things like that in a way to build a decentralized identity and authorization scheme.
-
The short term result would be that, for example, I think in Jason’s phone, there’s maybe like 5 or 10 different instant message apps, simply because unlike email or podcasts, those don’t interoperate.
-
Moda is composed of four different agencies, large ones. Each have their own internal communication habits. It’s not just instant message, but also video conferencing and many other things, groupware and so forth. If we advocate for plurality, we must make a future aware all of these things interoperate with each other like emails do.
-
So the third goal is data democratization, and I think the shared common knowledge substrates, like the distributed ledgers, serve to power these kind of things. This is more ambitious. That’s the three things.
-
Indeed. That’s more…There are echoes in what you are saying with the X-Road system, which I’m pretty…
-
Yeah. It’s called T-Road here.
-
There we go. My understanding correctly, that what you’re essentially envisaging is to put T-Road on blockchain.
-
T-Road is already providing the basis for interoperating across backend systems. Not necessarily just blockchain, because in a sense, the entire decentralized version control system Git, is also a distributed ledger. Basically, anything that gives the data sovereignty back to the actual people who provides the data, instead of controlled by intermediaries, basically no lock-ins. The end result will be no lock-ins.
-
I see. As you know by now, I have in some respects very much a security mindset. When I hear something like what you are describing that is innovative and ambitious, I like to think what are the security benefits of this? I hear distributed ledgers and I immediately think, of course, of data integrity, increased data integrity.
-
I think what could be interesting here as experimental case study for analysis, is precisely this question of how the integration of distributed ledgers to improve interoperability of government data collection and exchange can support the goal of data integrity.
-
Also, if you adopt that as a substrate, you kind of always have to go back to the first principles of zero-knowledge and zero-trust authentication.
-
If your personal data is on chain, it’s there forever on the publishing. That is to say, instead of just de-identify it a little bit, control the privacy budget, that simply doesn’t work if you want to interoperate or federate. You have to simply store no personal data to begin with, and to adopt an entirely zero-knowledge idea, where not just the data, even the metadata, the operator doesn’t know a thing about, so they become just the intermediaries without any lock-in power.
-
I understand that the French and the German governments are also already working with the Matrix organization to build their internal communication platforms, just to use one example, based on such end-to-end encrypted principles, which is quite revolutionary.
-
In many cyber command mindset, they really want a full audit of what people send to each other in business hours. [laughs] For the end-to-end principle and encryption to win that conversation, that’s not easy for them, but they managed to do that as a proof of concept, and hopefully, some proof of business.
-
Their success made the Digital Markets Act and its forced interoperability clause possible. That’s something also we want to emulate.
-
Need I say again that there’s a lot of interesting things happening already on the ground in this country and other countries like France, Germany, Estonia, and others, that requires some real serious study and analysis.
-
Serious scholarship, and also events where we gather people and have very much conversations like these, but broader gathered field with some leading experts and practitioners such as yourself. I think this is everything that you’re saying, from my perspective, clearly resonates with what we’re trying to do.
-
These experiments, these case studies are clearly going to be ongoing, as is the other side, the side of the threats and the vulnerabilities.
-
Sure.
-
Especially, we already spoke about Ukraine, and we know, of course, in the regional context here…
-
Audrey, can you share with us a little bit about on the organizational design, how is the cyber unit fitting with your vision of moda? What exactly is it in charge and responsible for?
-
I did share that back in March, there will be an administration for cyber security, ACS, under the ministry of digital affairs, and there will be another administration for digital industries, the ADI. These are the two administrations under the Moda.
-
Each will have an organization to interface easier with researchers and practitioners. For the ADI side, that’s called the Institute for Information Industry, or III, which Jason knows about. on the ACS side, the cybersecurity side, it will be called NICS, the National Institute of Cyber Security.
-
Has that already been set up?
-
None of this is set up. We’re setting it up.
-
NICS. Is the NICS already operating?
-
I think it will be established around end of this year.
-
But III has already been…
-
III is currently still under the MOEA.
-
Oh, you are bringing the III under Moda.
-
Yes.
-
That’s brilliant idea, but NICS will be its own unit?
-
NICS will be its own unit. In a sense, NICS already exists in the form of the 技服 team, the National Center for Cyber Security Technology, NCCST.
-
I think I did mention that this March, that if you search for CCoE, the Cybersecurity Center of Excellence, and the NCCST, you will see the the two units that will merge to become NICS.
-
OK.
-
It’s interesting. What I’m hearing you say, and I really got a sense of this in our earlier conversation, which was very informative, is that you are also very much adopting this fusional approach, where you’re integrating the digital economy interests and activities as well as the cybersecurity ones.
-
Mm-hmm.
-
Again, there are many reasons why I think that’s a compelling, and prudent, and smart approach. I think this is what the advantages of not being a huge country with a sprawling administration .
-
I think there needs to be an overarching value, in our case, Plurality – collaboration across diversity – as the 社發 prosocial incentives to lead both the 產發 economic incentives, and the 突發 resilience incentives.
-
The social development 社發 implies prosocial co-creation. That’s the overarching goal that unites the economic and the resilience perspectives together.
-
If anyone asks you 數發部 is 幾發 exactly, now you know the answer…
-
三發. I get that.
-
(laughter)
-
So I usually say 數位部 instead of 數發部 now, because 數位部 corresponds better to Digital Affairs.
-
I see.
-
Do you say 數位部, like 數位部長有幾位?
-
數千萬位 certainly. [laughs]
-
Is all of this spelled out in any strategy paper? Not to put you on the spot, but there’s clearly a guiding vision behind all of this.
-
Yes. I was working on a book…
-
Fantastic.
-
…with an economist on that. The name’s Glen Weyl and we’re part of this RadicalxChange Foundation, like a second diplomacy unit of Taiwan that helps spread the Taiwan model. If you’d like to read about Plurality, if you search for “Why Am I a Pluralist,” you can see the position paper from the Glen Weyl’s site. If you search for decentralized society or DeSoc, you can see the same position with another board member, Vitalik Buterin, who knows something about crypto…
-
Of course, the Ethereum Foundation.
-
…from his side. It’s not like my position paper. I’m just one of the tentacles from these pluralist folks.
-
Clearly, what you’re doing in your role is, in a way, translating that vision, that approach into the context of the Taiwanese setting.
-
Yes. It’s about connecting network plural goods to the institutions, basically designing the institution so it reflects existing community networks.
-
This is not easy because, in neoliberal societies, institutions are shaped the economic, market impetus very easily. There’s already all sorts of bridges between the market style of organization and institution style of organization.
-
Taiwan is very good on that. The Science Parks are pinnacles of the institutional design of this market-institution bridge.
-
The blockchain community, for example, is a great community-network bridge, but to bridge the network with the institution, this is new.
-
That’s the real innovation, right?
-
That’s the real innovation, which is why we have a dedicated department for Democracy Networks, dedicated for that.
-
That’s where the technology meets the politics and the institutions, right?
-
That’s right.
-
That’s the nexus, the meeting point, which is precisely the meeting point that really interests us from a research perspective.
-
Because in Westphalian models where you think about territories, Taiwan is not a neighbor of Tuvalu. If you’re talking about Internet domain names, we are the neighbor of Tuvalu.
-
Right, yeah.
-
.tv and .tw, right?
-
Yeah, we’re literally neighbors… That’s the shape of democracy networks.
-
Does that mean that different departments’ CIO would pretty much report to you? How do you set up the new structure?
-
There’s already a CIO structure in Taiwan. In terms of open data policies, it’s already…
-
The different Taiwan departments. OK, they are already reporting, OK.
-
Yeah, the ministerial CIOs are already reporting to me for the cabinet-level open data consultation meeting.
-
Officially. I take that.
-
When I think of what I understand your responsibilities to be, I think essentially of a government CIO with some actually more stuff as well.
-
I don’t emphasize that structure because, to be very frank, during the last couple years of pandemic, the institutional power has been overarching and quite centralized. We managed to evade the worst through opting-in… Otherwise, you would have to scan a QR code to enter here…
-
(laughter)
-
On the other hand, that beats getting your QR code being scanned to enter here, which would be the PRC model. The Overton window has shifted drastically because of the pandemic.
-
In some jurisdictions, we see the narrow corridor becoming even more narrow. I mean Acemoglu’s idea of a very narrow corridor where the civic capacity and the state capacity co-evolve and creates the possibility for liberal democracies.
-
If the Overton window for the state power increases like in the time of pandemic or war, the state might use this power or abuse this power to remove civic agency. For example, anytime we can impose a lockdown or a takedown, it’s a direct assault on civic capacity. Then you have narrowed the corridor because then the legitimacy of the governments will be decoupled from the civic support.
-
In Taiwan, my role in the past couple of years has always been this kind of figurehead to take the best idea from the civic networks, and then to make it into institutionally adopted protocols that are more privacy-preserving, for example, for contact tracing, as opposed to the PRC style.
-
Yeah, exactly. This is a…
-
That’s why I don’t say I’m chief anything. Because we’re already very chief during the past two years.
-
In other words. What you’re saying is something I know that you and I have also been able to discuss in another context, is that, is this notion that technology, when you think about it, is politically and values neutral. It can be used for authoritarian purposes or it can be used for democratic and civic purposes.
-
Because there used to be this understanding in some quarters that the expansion of the Internet. If you look at the early Internet pioneers, the utopian…
-
J.C.R. Licklider…
-
Vint Cerf, these hundred people. If you go back to the debates, their thinking, and their manifestos in the 1980s, I just…
-
Today I just published this conversation with Jun Murai, the father of Internet in Japan.
-
There you go. There was this foundational vision that the expansion of the Internet was going to be this portal through which a sovereign individual citizen could escape the state’s clutches.
-
Then associated with that view, there was this notion that as authoritarian regimes, like China’s, began to expand the Internet within their own border, that there’s going to be this impetus towards democratization and more free flowing exchange of ideas.
-
What we saw happen, of course, was quite the reverse, right? Where you saw…
-
Well, in the beginning of the Internet, the IETF didn’t get around to make RFCs for the freedoms to assemble, to associate, and to basically form political movements…
-
In fact, what we have seen in countries like China, and increasing even now with the greater state controls arising from the Ukraine war in Russia, is that these technologies have in fact been used as levers of state surveillance and control.
-
Quite the opposite of what the utopian libertarians originally expected. Proving, yet again, if that technology is politically neutral, and it will adapt, or political agents will adapt it to their own purposes and ideologies.
-
That is certainly because, as I mentioned, the civic tech people and the gov tech people in large established liberal democracies, simply do not work alongside each other very closely, compared to Taiwan.
-
There are people working on very innovative things, Bittorrent, Bitcoin, and so on. There are people expanding state capacity and building more and more state capacity in response to, I don’t know, climate change or some other threats. It’s very rare that these two people say, “Oh, we share the same substrate. It’s the same technology. The technology to advance democracy is the technology to advance freedom.”
-
Instead, the contemporary libertarians are not especially pro check-and-balances in traditional sense, like the Supreme Court, and the US Federal system. Then you have brilliant political scientists who are designing the Ostromian commons, systems of community governance and so on, respecting and amplifying the norms, traditions, which is all well and good…
-
It’s like in many Occupy movements, you see those people in the middle of things, their social activists and political workers, however not all of them are well-versed in collaborative documents, let alone decentralized technologies. The people who surround them, the civic tech people, often end up becoming just part of the communications team.
-
However, what we are looking for is actually “be the change we’re looking in the world”. Namely, to actually adopt new governance methods. To get those two people, like the people who want to reform the state and people who want to reform the civics, to adopt shared technologies, that’s the vision.
-
What you’re saying reminds me of a comment by Toomas Hendrik Ilves from not too long ago, where he says that the…Because what’s really distinctive about someone like him, and this comes across very forcefully in your own background, is that he was learning to code when he was a teenager, and then to become the president of a small country, and before that, foreign minister diplomat.
-
He’s bilingual.
-
Yeah. He’s bilingual in this fundamental way that you are saying is very rare. He likes to say this joke. I don’t know if I can say this on the record, where he says that he remembers when he was president, where he says he’d go to attend these European summits with other heads of state and government.
-
He would say that there’s this one head of state of a European country, which I will not name, who assures me and others that his email will never get hacked, because he doesn’t use email.
-
(laughter)
-
You’re thinking, hold on a second, there’s something wrong with that.
-
(laughter)
-
Doesn’t use email. Why? Because he doesn’t understand the technology.
-
“Zero knowledge.”
-
(laughter)
-
I bet he uses a mobile phone. That’s not hackable? We’re being humorous, but there’s an underlying truth here, which is that disconnect between the world of politics and institutions and the study of it on the one side, and then the side of technology development and innovation on the other.
-
This is at the root of the problem, where people in government, in policy making, and in academia in those fields lack this basic familiarity and understanding, as you aptly put it, bilingualism.
-
Yeah. When people hear “public code”, do they think code of regulation and law or code of source code and data?
-
I just joined as a strategic advisor for the Public Code Foundation. The foundation specifically mean public code to be bilingual; that these two should work together.
-
Audrey, I’m also curious on the national security level. Is the NSC and their efforts on monitoring the cyber threats and cyber intrusion somehow coordinate with Moda and what you are also focusing on? Will you be taking on part of their work as well?
-
That, I don’t know yet.
-
That would be an interesting overlap or crossroads…
-
I understand that. Institutionally speaking, NSC reports to the President, not to the Premier, not to the cabinet ministers.
-
It’s more independent.
-
Right. It all depends on how broad do we define resilience and how soon the threshold before a cyber incident becomes a national security incident.
-
Of course, NICS and ACS, and Moda in general will be in charge of most of firefighting day-to-day situations, but there must be some sort of threshold when crossed, this escalates into a national security incident, in which case NSC must intervene and take charge.
-
This is not unlike any territorial disputes, or disputes on the ocean, or things like that. There are plenty of precedents.
-
We would like to see if we can get a chance to meet some of the NSC advisors to discuss this issue. Lucas also been interacting with the Five Eyes, the Quad, and, obviously, the NATO security CyCon.
-
I just came back from the CyCon.
-
I know 徐斯儉 has now been the appointed vice secretary, right?
-
I think so, yes.
-
Also, 李漢銘 is still in charge of the cyber affairs there?
-
They’re all part of NSC.
-
All part of that.
-
All part of that.
-
I lost contact info with them. Would you mind passing something to them that we would like to maybe have a chat?
-
This week?
-
Next week.
-
I think they’re…
-
I know the Secretary-General, 顧立雄, he is in quarantine.
-
Yes, he is.
-
Or you could give me the number I can call them together.
-
I don’t have the number here though. I think it’s a bit too early, mostly because there’s no Moda yet.
-
As I explained in March, currently, they interface with the Department of Cybersecurity within the cabinet office. I am not the minister with a portfolio directing cybersecurity affairs, so the DOC is not within my purview.
-
I’m technically just setting up the ACS, which will include people from the DOC, but as of this moment, I don’t command the DOC, and hence, I don’t know their relationship with the NSC.
-
You see, we don’t know who will be the minister. The future minister of Moda will have better visibility.
-
太謙虛了吧. I’m just saying that she is being way too humble.
-
I thought that was announced. Was it not announced?
-
No, it was not announced.
-
It was announced by newspaper but not announced officially.
-
It was 報派, reported by newspapers.
-
That was not official?
-
It’s not official official, but I believe it’s…
-
It’s not official.
-
At least on record.
-
She said 報派.
-
Anyway, all this would officially enter into picture this September when the parliament convenes and ratifies next year’s budget and organizations’ budgets.
-
I see. There’s kind of an unofficial version and the official version.
-
If the parliament cuts the budget for NICS, then we won’t have a nice NICS. I don’t think that will happen though…
-
I’ll make sure I make some calls to my colleagues not to block it, be nice to you.
-
Be nice to NICS?
-
Be nice to NICS.
-
NICS is too important to cut.
-
Yeah.
-
I have a question. It’s very clear when I hear the vision that you bring, Audrey, and that you’ve been implementing in your government work, and the aspirations and plans that you have for Moda.
-
It’s very clear, compellingly so, from my perspective as a researcher when I think about the activities and success of the project, that you are clearly someone that we will want to involve. Your insights, your networks, any data that you could facilitate that’s in the public domain, of course.
-
I’m wondering if I could reverse the tables and direct a question to you, when you think of the project that we are in the process we very much hope of setting up very soon, what kinds of advantages and benefits might you see from a practitioner’s perspective to this kind of research, if I may ask?
-
I think some shared vocabulary across, as I mentioned, the three developmental studies, that would help. Currently, I’m basically playing the role of the cultural interpreter between the three cultures.
-
The earlier, almost… I think the English word is halcyon, the dreamy, utopian sense… That’s the social development. It’s the inclusive co-creation potential imagined by the early Internet pioneers, which is still the overarching value that drives the Moda, but nowadays, much weaker in academic and international circles compared to the economic and the resilience communities.
-
By setting up the Moda so that all its departments are pro social development, civic development. With names like Democracy Networks and so on, we want to restore that vision and to make it a shared vocabulary for both economic and security development.
-
To make that work, it’s not enough to just present case studies. Taiwan has produced a lot of case studies. We can point to how civic sector successfully fought off disinformation circa 2018-‘19. Of course, the pandemic prevention, countering it without any takedown or lockdowns.
-
We also have example like the Civil IoT, which is collectively guaranteeing the cleanliness of the air, the water, and so on by citizen scientists, which is very important. Responsible assistive intelligence, AI, collaborative development with the civil society through privacy-enhancing technologies.
-
These are all very good cases studies, but they mostly talk to the academic within those fields. They can look at it and then translate to their own understanding, like, “Oh, this is collective intelligence.” “This is participatory democracy,” things like that.
-
It would be nice to build an overarching narrative of the future of the Internet being one that’s focused on plurality, inclusive co-creation. Otherwise, it would mean that democracy is an instrumental value and security is the deontological value, and…
-
It should be the other way around.
-
(laughter)
-
It took quite a bit of multi-stakeholder conversaion for the Declaration for the Future of the Internet to clearly spell out the democratic values in which resilience, security, and so on is in service of human rights. I think an established Cyber Studies field could help spreading that message.
-
As I’m listening to this, this is, in a way, it’s music to my ears because it’s precisely the sort of thing we want to do. What you are saying is valuable to us because it gives credence. The fact that someone in your position with your vision and aspirations, resurgence, gives credence to what we’re trying to do in Oxford.
-
I can easily envisage some high-caliber events where we convene people in the university. Maybe we do it here under the banner of the university. There are various formats that we could explore, where we gather people, hopefully benefiting from not just Oxford’s galvanizing power, but also your own. Putting together some top minds to discuss these issues.
-
Putting the issues prominently on the agenda and then generating some scholarship. Tied to the scholarship, policy briefs that help to influence the broader world of practice.
-
I think it’s very good and important to hear this from you.
-
On the record, too, so you can cite it.
-
I know. Fantastic.
-
It’s very important for us to have your support as we envision this to be a public/private partnership. We’re also talking with 安碁. Maverick, 施宣輝, he emphasizes that he would really like to see this benefit to our country, and also the vulnerability that we exposed. We’ll also be meeting him on Monday.
-
This meeting, for us, is really important as you understand the scope of our project. Having your support and backing and blessing means a lot to Lucas and also the project overall. This would be really good.
-
Maverick mentions that if there’s a way that 安碁 could be involved in setting up or serving as an execution agent for the project locally by working with the new ministry.
-
That’s for the future minister to decide.
-
I think would be a really good…
-
I cannot commit anything that’s in the next year in my current position.
-
Of course. Yeah, but just to let you know that what we envisioned is to also mobilize the private sector’s resources and helping what the new ministry’s agenda and objectives as well.
-
Yeah, I know.
-
That’s what we were hoping to achieve.
-
I think democratic resilience, in Taiwan, is pan-partisan. We just saw the KMT posting on Facebook very publicly against the PRC claim. In resilience and in democracy, I don’t think this is a politically-charged topic.
-
This is important because the Taiwanese private sector like pan-partisan topics very much. Once they detect, for example, net-zero stops being a politically controversial topic – internationally – now they’re all in on that.
-
It’s important that we make this topic as… I wouldn’t say neutral. It’s not neutral. It’s charged, but it’s not about partisan politics.
-
It’s not values-neutral, but, as you’re saying, it’s politically neutral.
-
It’s politically neutral internally, and hopefully, politically neutral within all the democratic jurisdictions that participate in this. The Future of the Internet Declaration is not about steering the Internet toward American values or European values, but rather recognizing the Internet values. Internet began with a set of values. Now, we’re just going back to those values, in a sense.
-
It’s important to phrase your communications this way so that you will not be asked, for example, oh, are we being colonized again by the UK, a foreign power? [laughs] Well, except that was Dutch…
-
(laughter)
-
That’s important in your narrative.
-
Sure.
-
Is the ministry – maybe I misunderstood something – not being set up this month?
-
No, it’s not going to launch this month. I think we’ve said now that the planning will probably be mostly finalized within this month. The actual day of operation, that depends on parliamentary negotiations. We’ll see how that happens.
-
It probably must happen before the session begin, which will be September.
-
What must happen?
-
The Moda must begin operation, otherwise, it would be very strange because there’s no ministry to defend a budget. Between now and September, Moda can start any day, theoretically, but there’s a month of spirits in Taiwan, which says that if we don’t open by July 28, we cannot open until August 27.
-
It’s like some traditional…
-
It’s to respect our ancestral spirits. It’s an important cultural consideration.
-
I’m confused. When parliament convene in September and you were…
-
Moda must open…
-
Before that?
-
Before that.
-
The Moda will then defend the budget in September session?
-
Yes.
-
It’s the budget for…?
-
Next year.
-
Next year. What about this year?
-
This year has already been approved.
-
Oh, so it’s been preapproved…?
-
At the previous budget session.
-
The preparational…?
-
The preparation office budget; it’s miniscule compared to next year’s budget.
-
Miniscule, but who will defend the budget? The new minister?
-
No. The preparatory budget is already approved…
-
I mean, the official…
-
Of course, the new minister will defend the new budget. We’re currently preparing next year’s budget.
-
It means that by the convening of the parliamentary session, the new minister will be announced?
-
Pretty much, yes.
-
Of course. I understand…
-
Yeah, the sequence, right.
-
…the sequence.
-
We’re now operating with a budget that has been already determined…
-
From the last legislative…
-
From last year’s legislative session. Which is why I say I cannot commit on anything now, except for the budget that’s pre-committed by the previous September session.
-
Yeah, I see.
-
I’m just trying to understand the mechanics on the ground. What determines whether the ministry starts in July versus in August or in September?
-
Aside from the very important spiritual tradition, it also depends on the MPs’ consensus. Because it’s customary for all the leading parties to receive beforehand the plan, the organizational and budgeting plan, and to share their ideas on it, set priorities together and so on.
-
It’s important to have the communication before decision. Jason knows all about that. I wouldn’t say that we’re at a point where all the four parties consider the Moda vision sufficiently elaborated. That’s the main thing that will happen during the spiritual month.
-
If the ministry suddenly opens today, many MPs will say, “But we haven’t received anything.”
-
Which committee will Moda be part of?
-
That’s for the Legislative Yuan to decide.
-
Still it has not been decided?
-
Jason is talking about the subcommittee…
-
Yes.
-
I guess there’s the committee for science, right?
-
Science, and culture.
-
Education, science and culture. Like a subcommittee for memes, anti-rival goods…
-
Anyway, there are many logical possibilities and it’s not for us in the administration to appoint a subcommittee.
-
It’s important that the ministry has the support from the MPs.
-
From all legislators, to feel that they have been sufficiently briefed.
-
I’ll help you call a few from my party just so that…
-
I mean, digital transformation, that was also your party’s vice presidency campaign promise, right?
-
Yeah. Better support it.
-
I think this should be pan-partisan.
-
Lucas, we’re talking about the 2020 campaign from Simon, previously the Premier…
-
Premier. Yeah, exactly. Simon.
-
We maybe give an opportunity to Nick…
-
That’s fine.
-
Sure. We want to be respectful for his time too…
-
A few things that I know he has some thoughts on his side.
-
Our friend from the great beyond.
-
Can I ask to be moved slightly to see better Audrey?
-
Yeah, of course.
-
A moment. There you go.
-
Sure. Hi.
-
No, I just think it is very interesting to have been part of this conversation to hear it. I think there is a lot of touch points. What was very interesting is to hear about the emphasis on democratic resilience, which is a real area of strength for the department of politics and international relations at the university more broadly.
-
It’s very interesting to hear that that’s been one of the main concerns and one of the main things that you’re trying to achieve within your remit. Then the broader questions around misinformation, which you’ve talked about a lot.
-
Again, that’s another area where the university has real strength, again, within the department, which would host the program that that Lucas talked about. There is the Reuters Institute for the study of journalism, which has done a lot on that front, and more broadly within the social sciences at the university we have work done at the Oxford Internet Institute that deals precisely with that.
-
It’s very interesting to hear how some of the core concerns that our academics are engaging with are ones that you are living and trying to act on presently. That’s something very, very interesting and positive to hear.
-
The other thing is the point that Lucas made about the touch points with policymakers. That is something that the university has been actively working very strongly with. Wherever possible, we try to translate our research into actionable intelligence and informing public debate, but beyond that also policy makers and trying to have the impact that as an institution we can.
-
This is all very, very interesting and positive to hear. There’s a lot of synergies there. That’s the sort of key point that I wanted to get across. I don’t know, Lucas probably will be able to say even more about that in due course. Hopefully, this is the first of many conversations that we can have.
-
Thank you, Nick, for that perspective. He’s put it very eloquently, that while what we are proposing as a research project is new in the sense that as I said, really, isn’t much like it at least at a large global university, like Oxfords.
-
There is nevertheless a whole research environment and culture in Oxford that has existed for quite a while now, that feeds into, and can support the research and the events that we’re proposing to carry out. That’s the important point that Nick is transmitting.
-
Very much so.
-
There’s the project and then there’s the whole environment that supports and feeds into it. There is indeed a very long history and successful track record in Oxford of doing that interface between research on the one side and then policymaking and practice on the other.
-
I used to visit Oxford for the dictionary. There was a project called Oxford Global Languages, it’s about crowd lexicography, from the dictionary department. The unit that connects people in languages, cultures, that are not recognized by Siri or Cortana, and to work with the civic people to make their own languages, dictionaries, and train the corpus.
-
I think, nowadays, Mozilla is also doing voice recording via Common Voice, and there’s a lot of new work now being done on cross-language translation.
-
I was, briefly, an interface between them and the Apple Mandarin dictionary project because I was also working with Apple. [laughs] I was in a very similar bridging situation between two vastly different thought trains, purely for profit and purely for purpose, and trying to make something that is inclusive co-creation.
-
I think Oxford, the branding, represents the bridge that is well-trusted both by the people on the ground that are in the under-resourced and indigenous communities and also by Apple. [laughs] That’s my one experience working with the Oxford brand.
-
It’s so reassuring to hear that. Academia and universities like Oxford have this power to bring civil society, government, and businesses all together to try and actually address globe-level challenges.
-
One other reflection, perhaps, it’s interesting, our concerns are truly global. With pertains to Taiwan, we’re currently advertising for a senior research fellow in Taiwanese studies, literally, it has just gone up, I think. Again, we see ourselves very much as a global university, very much engaged with issues that span, not just the UK, not just the US, but beyond that.
-
It’s very interesting to hear that. It’s all very positive. It’s lovely. Really exciting.
-
Hopefully this is, as I say, first of many conversations on the opportunities to bring you to Oxford, to get involved both with this program and with some of the other projects.
-
Awesome. Thank you.
-
Fantastic.
-
It’s great.
-
Thank you, Jason, for being the bridge.
-
No problem. Yeah. Thank you. Great, Nick. I think we…
-
…maybe will conclude here and let you maybe go back to sleep…
-
It’s lunchtime here.
-
…and maybe go…
-
…early breakfast for you, I’m sure.
-
That’s all right. I’ll be able to do some more work before the email on spot that kicks in at 9:00 AM…
-
Too early to be awake.
-
…about that.
-
We’ll make sure that Lucas bring one of these stickers back to you.
-
Thank you.
-
Yeah, this is quite cool.
-
Thank you very much.
-
Thanks so much for joining us, Nick, and for your insights.
-
No problem.
-
Bye.
-
Bye.
-
Take care.
-
Bye.
-
Bye-bye.