-
And since you’re not doing a video interview, we’re not going to publish a video either…
-
Okay.
-
We’re just going to do a transcript.
-
Great, great, great. That’s great.
-
I don’t know, are you getting my good side?
-
(laughter)
-
If you mind, they can just take me…
-
No, no, no, please don’t. The transcript is good.
-
That would be funny.
-
(laughter)
-
Yeah, so first of all, just like you said, we’re very interested about… We all know that Taiwan is facing increasing threat from China, and our President Tsai has stressed the importance of resilience, right? And also, you talked a lot about increasing the digital resilience.
-
Digital resilience for all.
-
Yeah. So, we are very curious. Can Audrey, Minister Tang, can you please first tell us about Taiwan’s plans to deal with the emergency, especially like wartime scenario? What is Taiwan’s plan to increase the digital resilience?
-
What are our concrete plans so far? And also, given the lesson from the Ukraine war that we see that in Ukraine, they have Starlink so that they can continue their communication with the outside world. Will Taiwan have Starlink or things like that?
-
Sure. So, I would say that we’re already in constant need for resilience. A decade or so ago, an earthquake did disrupt the submarine cables, leading to communication failure. And earlier this year, around the island of Matsu, there was a fishing vessel that accidentally cut one of the submarine cables, and a week later, another cargo vessel accidentally destroyed the backup submarine cable; they were flying the PRC flag.
-
So, in “accidents” like this, we see the need for communication resilience. In the Matsu example, we expanded microwave transmission. The TTC, Telecom Tech Center, made sure that they tested the non-geostationary satellite receiver in Matsu as well and the test was successful in terms of videos and so on. A week or so after the test was successful, the submarine cable was repaired. But we’re more prepared, I guess, now for the next time of accidents.
-
And then even more important than that is a plurality of providers. We did see that in Ukraine, for example, when you rely only on one non-terrestrial network provider, then that provider essentially sets the boundary… like the bandwidth, the geographic boundary, and so on, of the service that it can use.
-
So, this year and next, we’re going to work with as many as possible non-geostationary satellite providers to ensure that when there’s adversity, multiple constellations will have to be destroyed or disrupted to deny us communication with the outside.
-
Equally important is this idea of local resilience, meaning that even when all the submarine cables are cut and satellite communication is of limited bandwidth, for video conferencing with two people who are both domestic, they should actually still video conference normally because they would not need an extra round trip.
-
If you use some of the commercial video conferencing options at the moment, their metadata or their routing is in some other jurisdiction other than Taiwan. And so, in such a scenario, while we now work very well in video conferencing, when submarine cables are cut we cannot even initiate a call to each other.
-
So, it’s paramount that especially for disaster relief, for secure communication within the public sector and so on, we choose only the vendors that agree on two things. First, that they set up their data center domestically and their routing does not need to go somewhere else and back.
-
And second, that the local physical operation operators are citizens of our country. This is to ensure that when adversity presents itself, we can maintain both internal communication and a reasonable bandwidth for research, for example, for the international correspondents to work with the external world.
-
So, you talked about that we should rely on as many providers as possible.
-
Yes.
-
So, what’s wrong with just relying on one provider, for example, Starlink?
-
That would have a single point of failure issue. So, if that constellation is disrupted, jammed somehow, then we would have no other recourse, no other options. On the other hand, there are actually many providers in not just low Earth orbit, but also middle Earth orbit. The TTC Matsu test was with SES Global, a French Luxembourg middle Earth orbit company.
-
So, we already have some bandwidth in terms of FT2, that’s a geosynchronous satellite. So, it makes sense to have… Because the higher the altitude, the less likely for it to be jammed or destroyed. But of course, it means the latency is also slightly higher, so it pays to have multiple providers, ideally in each of the low, mid, and geosynchronous orbits.
-
So, what’s the focus for Taiwan now? Do we just target LEO or also MEO?
-
As many as possible.
-
So, in all the different altitudes?
-
Yeah, because for the receiver. And I did mention that we’re going to have 700 or so. Matsu is just the pilot, right? We’re going to have 700 or so receivers all around Taiwan, and three outside of our jurisdiction. In all those 700 places that can receive the sunlight communication, some mobile, some fixed, they can actually receive from multiple bands. So, the same receiving station can receive at once from the MEO and the LEO constellations.
-
MEO is high bandwidth, but also high latency; it requires fewer satellites to operate. Whereas LEO is very low latency, but the bandwidth may be limited if there’s only a limited number of satellites overhead or blocked by jamming or cloud or things like that. So, to have multiple providers means that we get to choose which one to use depending on the circumstances.
-
So, I understand that our strategy now is try to work with the external satellite providers.
-
Yeah, and a plurality of multiple satellite providers.
-
Is there any concrete progress, like any satellite provider that we have agreed to work with?
-
We already work with SES Global.
-
SES?
-
Yes. That’s the middle earth orbit already tested in Matsu.
-
Okay. Other than that, do we have any, like are we in talks with any other satellite providers?
-
I’d say we’re in talks with pretty much all of them. I cannot disclose which ones will be at which of the 700 points. Because this year until the end of next year, the plan is not to do commercial operation, but rather to make sure that we know the parameters, the actual testing and verification of their communication properties. And so, we’re not committing like after next year, which of the providers we will actually use for disaster relief and prevention until we get the actual test results from all those providers.
-
But are we going to see more like international providers, like providing service to Taiwan?
-
Oh yeah.
-
Maybe like OneWeb or…
-
Yeah, certainly. Basically, all the international providers who are willing to work with us on testing and verification, we’re going to work with them. So, including of course, OneWeb or in the next couple of years, maybe Kuiper as well.
-
Kuiper?
-
Yes, Kuiper. That’s K-u-i-p-e-r.
-
Is that Amazon?
-
That’s Amazon. And I already mentioned SES.
-
So, these are the possible… So, we’re in talk with OneWeb and Kuiper.
-
So, there are possible partners in Taiwan in the future, right?
-
Also, Telesat, I think. There are many providers now. And because we opened up our testing and verification program to all of them, so I’ll just say that they’re all aware of this program. As of how soon, that depends on their constellations, readiness, as well as ours.
-
So, can we say that there are possible or potential satellite providers?
-
Yeah, I think potential is the right word.
-
Potential providers to Taiwan in the future, right?
-
Yes.
-
Okay. So, there’s one way that we want to work with these external satellite providers. Do we also consider building our own Starlink?
-
That’s a TASA question… so you need to ask TASA.
-
Okay.
-
Yeah. But from our point of view, which is testing and verification for this year and next year, it’s far more likely that we’re going to work with external non-domestic providers in terms of testing and verification, simply because of the timeline.
-
So, when we are working with these external providers, we are still maintaining our current requirements for the foreign investment, right? We’re not going to ease rules?
-
No, no, no. The foreign investment, that’s for direct commercial operation, that is to say, like selling subscriptions to citizens.
-
Oh.
-
But that is not what the testing and verification is about. The testing and verification are to get the technological specification and testing. And even when we use it, it’s not selling subscription to citizens, but rather the local firefighters and things like that. And so, because these are not commercial operations to the citizens, they are not restricted by the investment percentage.
-
Oh, okay. So, these three that you just mentioned, they will join this testing and verification?
-
Potential, right? And Starlink is also potential.
-
Okay.
-
Yeah, I think this warrants more elaboration because people often confuse the commercial operating license, which does have an investment cost in it, and the testing and verification. In fact, we launched the testing and verification plan first, right? And then, we opened up for the bidding for the commercial operation. But these two are completely separate.
-
Okay, okay. So, these four, including Starlink, they will join the testing and verification?
-
They are potential partners. And if they partner with us, they are not restricted by the investment percentage.
-
Okay. Then, for the commercial license, we are still maintaining the investment rules?
-
And usually, the people who actually apply for the commercial operation, they work with a local company. So, Lung Hwa and Aerkomm are the first waves of such local companies.
-
Are we seeing any other providers, like those three or four you just mentioned, also joining the commercial license side?
-
Yeah, we announced the commercial licensing results as we received the applications, so there’s no time lag. If we issue the commercial license, then you learn about it immediately. So, at the moment, I’m not aware of, for example, Starlink or OneWeb applying now for the commercial license, but if they do and if we approve that, you’ll learn immediately.
-
Okay. So, yeah, so far none of these external or the international satellite providers apply for the commercial license yet?
-
As I mentioned, there’s already a commercial license that works with MEO. But of the LEO providers, we have not yet received the application.
-
Can we say we will focus more on LEO?
-
No. We’re focused on the plurality of providers. We need to have geosynchronous MEO and LEO capabilities because there’s a trade-off here. And if we choose only one, again, that creates a single point of failure.
-
Okay. Do we have any backup plan if, like, in the end we don’t have any satellite providers like Starlink?
-
That’s unlikely because we already work with SES.
-
Okay. But SES is only for MEO, right?
-
It is only for MEO. On the other hand, though, most of our video communication needs can be satisfied through MEO. Part of this testing verification is to find out which circumstances absolutely require LEO.
-
Is there any heavy, heavy…
-
We’re still running the testing verification.
-
But you think MEO can satisfy most of the…
-
Most of the emergency communication needs with the outside, yes.
-
Can you give an example, maybe?
-
Sure. So, for example, video conferencing. The difference between a MEO and a LEO is that with MEO, maybe I finish speaking a sentence, you wait for half a second or so, and then you see that sentence and you nod. And so, after a round trip, I see you nodding to the words I said around a second ago, right?
-
So, that is okay for most of the video conferencing needs, including real-time interviews and so on. Waiting for a second is not a big deal. But for LEO, then you can expect very low latency, meaning there’s almost no perceptible delay between us saying something and you nodding. But as I mentioned for the international correspondence, the MEO situation isn’t that bad either.
-
Have you calculated how many satellites that Taiwan needs for a LEO constellation or for a MEO constellation? Have we had a number like that or estimates like that?
-
Well, that depends on how much use do you expect. As I mentioned, if more of our video conferencing needs, even domestically, goes through data centers outside of Taiwan, then we’re going to need a lot of bandwidth.
-
Because even for internal communication, we’re going to need satellite uplink and downlink for the round trip to work. But as we shift more internal communication needs to locally resilient providers, then that reduces the bandwidth need. So, this is a dynamic thing.
-
Or how about an emergency? What’s the minimum number that we require?
-
As I mentioned, if the emergency disaster relief people communicate with each other, as some of them now do, through communication providers in the private sector that has the infrastructure outside of Taiwan, which is currently the case, then we’re going to need a lot of satellite bandwidth if our submarine cables are cut.
-
So, our main work now is to adopt local resilience and switch the critical communication channels and so on entirely to domestic network. And that will reduce a lot, by a huge factor, the burden on external communication. So, I cannot give you the number because we’re still working on reducing the need for external communication.
-
I don’t understand why…
-
So, without naming names, there are certain popular video conferencing platforms that are not part of our joint tender, meaning that we’re not buying it as part of public service. But nevertheless, they’re ubiquitous. And pretty much all international correspondents use one of those video conferencing platforms when communicating with their correspondents, if you cannot meet face to face.
-
But both of these very popular platforms have the metadata set up not in Taiwan. So, when you initiate a call through video conference to your correspondent, to your source, even if both of you are in Taiwan, they’re going to route you through some other jurisdiction and then back.
-
We normally don’t have a problem with that because the submarine cables are pretty good in bandwidth and low latency. But when the submarine cables are cut, you’re going to find that in all those video conferencing tools that you usually use, you cannot initiate a call anymore.
-
And if we do provide you with MEO or LEO bandwidth, you’re going to find that you’re going to share that very limited bandwidth with pretty much everybody using video conferencing at the same time. Which means that, well, if you’ve been to Matsu, you know the situation. So, you’re going to experience the Matsu experience.
-
So, the point I’m making is that, however, if you do use the locally resilient video conferencing platforms in our joint tender, for example, Google Meet is in Changhua and the routing is entirely domestic, then even when all our submarine cables are cut by an earthquake, then when you initiate a Google Meet call to me, it’s going to work perfectly.
-
Oh, so domestically, it’s okay.
-
Right, and it’s not going to cut into the satellite bandwidth. It’s not going to be satellite at all.
-
But, can you still have an estimate about how many satellites will be needed?
-
Well, currently far more than what we’re going to get because of the non-locally resilient video communication tools people use. So, to procure sufficient bandwidth is, of course, our goal but it’s not realistic if the correspondents all use those video conferencing tools that require external links, even for domestic communication.
-
Because when an earthquake or disaster happens, there’s going to be a lot of need for domestic communication and coordination. So, only when we shift most or all of these needs to locally resilient communication infrastructure can we sensibly talk about whether we have sufficient satellite bandwidth because at that point, the satellite bandwidth is going to be all used for actual international correspondents.
-
But at the moment, that’s going to be dwarfed by the domestic needs, and there’s no amount of satellite that can satisfy the communication needs if the domestic ones still use those external jurisdictional routes.
-
Or how many satellites are we able to get?
-
So, that depends on testing and verification. If all of the providers are willing to work with us, that still depends on whether their satellites actually work in the environment of Taiwan, which has never been tested. So, I cannot answer that question until we have the first batch, first round of testing and verification results.
-
Does that test start later this year?
-
Yes, it does. But in a sense, in terms of SES Global, there’s already pilot testing even before the program actually starts in Hsinchu and Matsu respectively.
-
SES Global, how many satellites do we have?
-
That depends on the time of the day, right? Like how many satellites are overhead.
-
You have two receivers for them?
-
Yes, we have two receivers for them for SES Global satellites. And as the program expands, we’re going to go from two to 700.
-
So, is that 700 we’re going to get by the end of next year, right?
-
Yes. You had a question?
-
I’m waiting for her to finish.
-
(laughter)
-
I actually have a whole lot of questions, but I wanted to ask… So, the 700 receivers, those are all going to be LEO and MEO and whoever the plurality of providers. These are all basically… so none of them are commercial and they’re all going to be working with the government for disaster relief, emergency, invasion.
-
Earthquakes, yes.
-
Earthquakes, is that what we call them here?
-
Yes, because we’re in the civilian world.
-
(laughter)
-
Right, okay. Israelis used to call violence “balagan”, which is like Hebrew for chaos. So, you know, they’re like tomorrow we’ll have balagan. And I’m like, okay, which meant that it was going to be like death and violence. So, here it’s earthquakes. Okay, I get it.
-
Because we don’t have typhoons anymore.
-
(laughter)
-
So, I guess the question that I have then, I have a couple of questions. Across the board with these providers, will they all have access to the same radio frequency band? Or is it the one that they’re all going to have or are they going to have several? And are you going to have control over that or are they going to have control over that?
-
Hm, I don’t understand the question. Because we have spectrum allocation purview. That’s our ministry’s purview. And we say that during the proof concept, which is testing and verification, they’re very relaxed, meaning that they get to use whichever band they want as long as, of course, it doesn’t cause major interference with other providers or other domestic users.
-
On the other hand, the commercial operation, of course, is much more like license process. But because we’re not talking about the commercial application, so we, of course, still have purview over the band they use. But part of the testing and verification is to try out all sorts of configurations, so we’re not going to arbitrarily limit the band they can use.
-
But are you going to limit their ability to control it, control access to it?
-
Of course, the 700 satellite receivers are going to be controlled by the people we partner with for testing and verification. It’s not open for the general population.
-
Right. But will they control it over the government?
-
Over the government?
-
I’m just trying to understand because I’m going to get to this point when we talk about Starlink. The commercial restrictions say that local partners must have like a 51% majority, right? What’s the breakdown going to be with the government sort of deals with these other providers on the disaster, earthquake, emergency side?
-
There’s no percentage requirement at all.
-
So, what does that look like?
-
Our main requirement is just that they cannot be, I think, PRC invested and PRC controlled. So, we’re not working with the PRC constellations. But as long as that is not a problem, then the kind of investment relations like where they get their funding from and so on, that does not matter.
-
We just want to ensure that when we do the testing and verification, the technical specifications fit our purpose. But at that point, we’re not saying that the PRC will graduate into commercial. It’s not like that. They’re completely separate.
-
Wait. But I was curious about the timeline. You said you have a timeline. Why do you have a timeline? Like what’s your expectation of things happening within this timeline?
-
That’s a great question. So, yes, based on our estimates, I think by the end of next year, most of our governmental agencies, especially ones that deal with national level, like personal data hosted in national level instruments, are going to switch to a much more secure way of communicating and backing up and so on.
-
So, we have this internal timeline of adopting the lessons we learned from the Kiev experience, Russia’s illegal and provoked attack to Kiev. And we saw that because they have the capability to switch to public cloud for backup and high availability for secure communication, even when the known locations of the local infrastructure are disrupted and so on.
-
So, our readiness plan says that by the end of next year, not only the communication resilience and the testing and verification, but also the local resilience part that we talked about, and also switching to a much more secure way to exchange data between the major governmental agencies, which will also include better backup practices and so on.
-
So essentially, by the end of 2024, I mean, you’re probably like unofficially on a war footing now, but like you’ll really be on a war footing by the end of next year.
-
We’ll be much more prepared than we had before.
-
Are you expecting like, I mean, there’s obviously everyone’s talking about windows and like, by, you know, that window will close by 2027. Is that sort of like the frame that you… Is that your reference or you’re just thinking, how soon can we be ready? And let’s just focus on that rather than all these other speculations.
-
As I mentioned, this is not some imagined scenario in the future.
-
Right.
-
Right. So, this year we have the Matsu accident. And last year, last August, the month when our ministry, the MODA, was founded, there was an actual missile, military drill stuff, and denial of service attack, the like of which has never been seen before.
-
23 times more in a single day’s peak compared to the previous peak, like 23 times. So, obviously we’re going to prepare ourselves for this scenario. Like if every day is like 23 times more than the previous peak, how would we still be resilient against that sort of scenario? Because that was peacetime, right? So, we need to prepare for that sort of adverse situation.
-
Have you been talking to Anduril?
-
Who?
-
Anduril is a defense tech contractor. And I met with the CEO in Sydney a few weeks ago, and he was talking about building comms, like machines that were autonomous and would talk to each other through a mesh in case all of those other comms were taken out.
-
It’s not ringing a bell, the name, but the idea of a kind of self-healing network is, of course, what we’re working on.
-
That’s so interesting. Can I ask about… So, I want to talk to you about Starlink because I want to verify what I’ve heard, and I want to sort of take you back to essentially like when did your conversations with Starlink begin?
-
Were they initiated on the Taiwanese side or were they initiated on the Starlink side? And if you can take me back to when that first happened, and what that was like, and what happened then?
-
Okay, but personally, I have not yet talked to the people directly from Starlink.
-
There were domestic people that are providing Starlink with their services or products; because many of the Starlink receivers are made in Taiwan or components of which are made in Taiwan.
-
And some of them did meet with me, even before the Ministry of Digital Affairs was founded. So, our press correspondents can find a public transcript of what we did talk about back then.
-
So, my understanding is they invited Taiwanese officials to Cape Canaveral to watch a SpaceX launch. And I think that was last January.
-
Yeah, and that’s the NSTC, right? What used to be MOST and now the NSTC.
-
Right. And then regarding the 700 receivers, my understanding is that Starlink agreed but wanted to establish 100% control over any kind of presence here to be able to provide those 700 terminals.
-
Yeah, so just on the side, this was what I was referring to. This is on public record, so if you check…
-
Okay. So, is it 2021?
-
Yeah, 2021, April 27.
-
So, you’re talking about Starlink.
-
Yeah, that’s when we talked about Starlink.
-
Okay.
-
Okay.
-
Yeah, so they already talked about the investment percentage and things like that. So, there are actually a lot of innovative ideas in the transcript that we explored back then. I’ll not spoil it; you can check the transcript yourself.
-
Okay.
-
Well, I’m not going to be able to read it, so why don’t you tell me what the headline is?
-
(laughter)
-
The headline?
-
No, no, no. What’s the takeaway?
-
They say that this is an idea worthy of an exclusive report…
-
It’s a scoop.
-
It’s a scoop. [laughter] Well, the takeaway is that we need to massively expand our gold card program where foreign talents, professionals can get an open work permit and healthcare and everything without going to Taiwan.
-
They can obtain that remotely. That was a very popular choice during the pandemic. And as MODA now offers the digital gold card, people who have been programming for eight years without any other qualifications, like the current salary or things like that, they can get such open permits for three years. And we’re going to invite a lot more people to Taiwan for that.
-
And if they come to Taiwan and they contribute to Taiwan significantly and renew their gold card by the fifth year, we’re going to offer them the possibility of naturalizing without giving out their own original passport due to citizenship. And in that conversation, I said that it may be a creative way out of the 51% restriction.
-
But so far, we don’t plan to ease the 51% rule, right?
-
So, for the POC, for the 700 points which you just asked, it is not relevant.
-
Yeah, it’s not relevant. But for the commercial license…
-
For the commercial operation, of course, it is relevant.
-
Yeah.
-
But what we’re designing is that we’re not saying that the POC must graduate to the commercial operation. The POC can continue to essentially just serve the disaster relief needs.
-
What is Starlink saying?
-
So, that’s like what Japan, I believe, offered as well.
-
So, Japan offered disaster with a road to commercial.
-
So, it’s like a special purpose license.
-
Which is 60% for Starlink.
-
For Japan?
-
Yeah.
-
Okay. Yeah. And for the disaster relief, as I mentioned, we’re not bound by whatever 51% domestic.
-
So, Starlink can have 100% if you like, so that’s fine?
-
Well, that depends on testing and verification.
-
Are they part of the testing and verification?
-
As I mentioned, they’re potential partners.
-
Okay. When you say testing and verification, can you explain what that means?
-
Yeah, sure. We’re going to set up satellite receivers as each constellation joins the program. We’re going to adjust the antenna and so on to receive from their satellites. We’re going to test in various scenarios, including the fixed ones over Taiwan on the bandwidth and latency.
-
And how it responds to weather, for example. And then we’re also going to test mobile vehicles and see how their satellites are receiving bandwidth and latency functions on a quickly moving vehicle and so on. So, there are all sorts of needs that we basically learned from our previous disaster prevention and relief work. And we want to put them to such scenarios to test.
-
Okay. I’m trying to get my head around what the sort of the issue is. Has there been issues with Starlink that you have found in this whole process?
-
For the testing and verification, no. For the commercial operation, of course, we understand they would like to do the commercial operation without the 51% domestic investment requirement. But because we’ve been focusing on… I personally have been focusing on the POC one, but that is not a factor here.
-
Have they tied the two together? Have they made it sort of conditional?
-
I’ve not heard of that.
-
Okay. So, one side of them is all in on the disaster relief and they’re ready to do the testing and verification. For how many receivers, do you know?
-
So, for this year, we have not yet received a committed number of receivers testing from any of the LEOs at this point, because we literally have not yet started the testing and verification.
-
The bid for the POC and for testing and verification was just closed, I think, for application a couple of weeks ago this week, so it’s too soon to tell.
-
Did they apply?
-
There’s no place for them to apply yet.
-
Oh.
-
We’re currently… So, we just closed the bid for the local partner, domestic partner for testing and verification. We’re working with research institutes and so on, like not for-profit telecom providers, because that creates a competition dynamic but rather with trusted labs and so on.
-
So, currently we must first choose the lab which to do the testing, and that lab will open up an application process for all the constellations to apply, to be tested. But that has not yet started. So, all of this is preliminary thought.
-
Okay. How much is it going to cost?
-
So, over the two years in total, it’s going to be half a billion, 550 million NT dollars.
-
That’s for the subsidy, right?
-
Yeah, for the subsidy for the testing and verification.
-
The model that will give those…
-
Yes.
-
Is that only give to the lab or give everyone, also the satellite providers as well?
-
Well, because it’s a full subsidy, right? It means that any cost that will incur on the testers and getting the equipment and so on are going to be paid by that pocket of number of money. And if it turns out that we require extra money to fully test the plurality of providers, we’ll ensure that they receive additional funding.
-
So far, just 550 million?
-
Yes.
-
I want to ask something different. I cover cyber in Asia and you were just mentioning the DDoS attack. I understand from some of the researchers who I met last week at Black Hat, some of your Taiwanese colleagues, they were saying that there’s been an uptick in Chinese APT ransomware attacks. But weirdly, they’re not asking for money. Is that something that you have seen?
-
What they’re asking for?
-
They’re not asking for money. They’re just locking stuff up. They’re just hacking and just encrypting and creating chaos. It’s not like there’s a financial… Because obviously, this is something that the Russian sort of affiliated hackers that do ransomware, it’s very financially driven.
-
Not so apparently on the Chinese APT side. And so apparently, the healthcare sector was impacted in this way. Is that something that you’ve kind of noticed?
-
We did see disruption of service being one of the main end goals for such operations. I mentioned last August the DDoS. The DDoS at the time was not DDoS for DDoS sake, but it’s a very coordinated DDoS that times its attempts with the hate message you see on the advertisement billboard outside of the Taiwan Rail Station, for example, or convenience stores. Maybe you remember that.
-
And so, the idea was they do a kind of posting a hate speech or visuals somewhere, and then the information manipulators will spread the scare message. For example, like Taiwan Rail Station has been taken over or the president’s office has been taken over or whatever. And then the correspondents like you try to check the official website and find you cannot connect to it or it’s very, very slow to respond. And so, the clarifications, the fact check and so on are delayed, whereas the information manipulation gets viral.
-
So, the foreign information manipulation and interference part, the FIMI part and APT part, the cyber-attack part, used to be uncoordinated. Like this part, as you said, maybe for a financial incentive or some other incentive, and this part more like, I don’t know, election meddling or whatever.
-
But last August we saw for the first time a very tight coordination between the two. And that means that it’s no longer looking for financial motivation when they’re working with the FIMI part.
-
What does that tell you? I mean, obviously, this is another factor in the digital resilience. But what does that signify to you?
-
It means the defense on our side and with international partners also need to be tightly integrated. There needs to be shared threat intelligence, not FIMI for counter FIMI, cyber-attack for counter cyber-attack. Like, as I mentioned, the resilience in infrastructure and communication and so on. We need an all-hazards and all-hands-on-deck approach to coordinate our defense because obviously the adversary is coordinating.
-
How would you sort of rate Taiwan’s cyber maturity though? Particularly, I mean, I would think that since you’re such a relentless target, that it would be a little more…
-
Battle-tested.
-
(laughter)
-
Yeah, exactly. When you sort of look at it, though, I mean, I guess this is more a question for the cyber authority or something. But like the preponderance of attacks and things that you have to encounter. How would you sort of rate the cyber resiliency of Taiwanese institutions and sort of corporations?
-
So, I think in terms of digital resilience for all, which is our ministry’s mission, you can objectively see that even at the height of FIMI and cyber-attack last August, the stock market does not crash, and people generally see through the FIMI, right, the disinformation.
-
And I even publicly said to the press at the time that because we use Web3 technology, our ministry’s website, which went online the same hour as the missile started firing, never suffered even one second of downtime. And when I said that, it serves a pedagogical purpose, basically telling people that keeping a line busy is not the same as taking over an office. And after that went to the press, we got a lot of free testing.
-
(laughter)
-
So, okay. But then we didn’t suffer a second of downtime. And this year, there were also cyber-attacks on the core infrastructure and so on during the president’s visit to the US.
-
However, again, the stock market did not crash. And most of the playbooks, the adversaries I used last August fizzled because we’ve had pretty good defense for all of them now. Right. So, I would say that…
-
Did we see 23 times the tech as well.
-
So, I can neither confirm or deny that.
-
(laughter)
-
I would just say that this time you don’t see, for example, the large ministry’s website being inaccessible. So, it means the defense was successful. Yeah. So, my point was that being resilient is to learn from adverse situations.
-
It’s not to be 100% perfect in defense, but rather it’s in the agility to very quickly adapt to the new situation and really grow as a result of the attack.
-
Do you see an increase in attacks this year, especially because we’re going to have election? What do you expect to see this year?
-
So, this year we’re going to see language models. And it’s a new thing.
-
You think AI is going to be…
-
Yeah, it’s a new thing. Previously, we know that there’s voice cloning software and so on. Video cloning software is not new, right? We’ve watched Lord of the Rings. Motion capture is not new.
-
I love Lord of the Rings. What are you talking about? Are you talking about Gollum?
-
Yes.
-
Awww. Please don’t drive Gollum into this…
-
Conversation.
-
… this earthquake.
-
(laughter)
-
Yes. Well, Gollum did suffer from an earthquake in the movie and in the books. A volcano actually. Anyways, so, my point being, we know the capability is there, but this year is different in two ways.
-
First, any good enough laptop can run what used to take a server render farm to run. So, this laptop, I can run entirely offline a language model that’s as good, even better, than GPT 3.5. And so, I don’t need an open AI internet connection to fully simulate interaction with me.
-
And it also can run voice cloning and face cloning in real time with non-perceptible latency. That’s to say less than half a second. So, if you video conference with my digital devil, it could be entirely automated. And you will not be able to tell the difference. And that was already possible for the most powerful actors.
-
But this year, the algorithm is powerful enough so that any laptop that’s good enough can run it. So, interactive deepfakes is going to be a thing.
-
What’s used to take creativity and what is cybersecurity, we will go social engineering, phishing attacks, spare phishing attacks, and so on, cannot be done on a mass scale, yet completely individualized.
-
Previously, FIMI relies on viral spread but it’s also self-limiting in a sense because it’s the same message, just slightly mutated, and people develop antibody to it. But this time around, it’s the same scale, however, completely individualized, and that’s going to be a very different attack vector.
-
What do you make of it? In the US, they’re having a completely different conversation. They want to slow AI down. They want people to be very careful about it. And when I was in the States recently, and I said, I promise you, Beijing is not having this conversation about slowing down AI.
-
What’s you’re feeling on like… I don’t want to use this, but I’ve heard it so much recently, the AI arms race. The idea that the voice capability is there, the video capability is there. One side of the world is like, we should slow down and be careful. And the other side of the world is like, we have an election coming up.
-
Yes.
-
Do you think it’s naive of the US to say, we can control this or we can find ways to put guardrails on it and make it safe?
-
Yeah, that’s a great question. It’s in fact a question of the century.
-
Wow. Guys, did you hear I asked the question of the century? Okay, you got that on video? Excellent! I’m so happy.
-
The answers to that collectively is going to determine a lot of the courses of the century. But just to set the ground, the current generation of language models, they basically create plausible sounding continuations of text, so it’s not great if you want to use it for fact checking.
-
It’s not great for that. However, if you’re going to use it for scamming, for the con art, and so on, it’s perfect because it creates fake intimacy, fake trustworthiness, and so on. So, by the very nature of the newer generation of language models, it’s going to empower the people who are in it for criminal purposes more than the journalists who want to use it for fact checking, just because of the nature of the technology. So, it’s already asymmetrical from the get go.
-
And I think Dr. Hinton made a point in that there’s a lot of investment in even increasing the capability of synthesizing human speech and human interaction. But an investment toward the safety part of the equation of how to steer it so that it fits the societal norms and can tell between norm-breaking and non-norm-breaking behavior.
-
It’s dwarfed by comparison, by the capacity investment. Ideally, in new technology, you want these two to be balanced for transformative technology at least. But at the moment, because there is an arms race competitively in the capitalist dynamic, this part receives a huge amount of investment, whereas the safety and alignment part receive a very low amount of investment. And that is not the best course for history.
-
So, I noticed in the hearing just yesterday, many people pointed out this fact. And so, the question now is whether we empower each and every one with this kind of laptop to participate in safety research, to collaboratively develop the way to align such language models. Or do we basically increase the safety research capability by democratizing it? Or do we slow things down by six months or something? Like slow the capability arm down.
-
So, in my opinion, it’s high time to democratize the safety research. And the nature of this model does have one thing to work in our favor, which is if you want to run an internet-scale search engine that rivals Google at home, it’s not possible. It requires a lot of hard disk and CPU and things like that.
-
But the even most advanced language models fit on a USB stick, so anyone with just a couple dozen gigabytes of hard disk can run a full-size language model. The whole internet is compressed is very, very small. So, that means that anyone with a personal computer with some GPU cards and so on can participate in alignment and safety research.
-
What we need is a way for the society to agree on how those language models should behave, and for those agreements to be directly applied to the language models so that they behave in such a way.
-
There’s a lot of research in this regard, like reinforcement learning by human feedback.
-
Except the human for open AI used to be people from Kenya and so on, that helps aligning it. But now there are new techniques like constitutional AI that if you have a clear set of constitutional principles, it automatically aligns the AI to that principle.
-
So, I think if the society can improve coordination, to produce very quickly this kind of principles and apply it to AI, then we have a real possibility of doing the defense in a democratic way. And I think that’s the way forward.
-
Yeah.
-
Sorry, I just want to go back very quickly. What’s the two things that you think we’re going to see this year? One is language model, another one is…
-
So, the language model is going to empower two things. One is interactive deepfakes. So, voice and video cloning that are very convincing and that can interact with you instead of being canned or pre-cooked. That’s one.
-
And the second, shift in behavior from a broadcast-oriented viral FIMI attack to highly individualized messages. So, these may not be interactive deepfakes, these may just be emails and so on. But the point is that it’s going to be very inexpensive to operate an individualized email campaign to tens of thousands of people and each one catering to just that person.
-
But these two, of course, may be working together, right? So, the email invites you on a video call with me and the synthetic me started to convince them to do some other things.
-
So maybe that would influence the election.
-
I think it’s going to influence the election.
-
Is it already started?
-
We already see in the terms of scams; the voice cloning scams are very rampant. And what used to take minutes or hours to pre-process now only takes a fraction of a second. And it’s only as a sample of you picking up and saying, hello, and then, hi, why are you not speaking, and hang up. And these few seconds of voice print is sufficient to deeply clone a voice clone of you that can convince your friends and family.
-
Are there any effective ways to counteract those?
-
In terms of ABC, Actor Behavior Content, it means that it’s no longer feasible to tell a fake from real by content alone, because the content is even more real than real. That’s what virtual means, actually.
-
And then, the behavior part may have some clues. For example, Twitter recently basically says that if you pay up and then use the financial institutions to do KYC, then this behavior is going to be more trustworthy than people who are not going to pay to get a blue tick. So that’s maybe possible.
-
But I think we can learn from the actor model from the Web3 community because even before we had all this generative AI stuff, the Web3 community is already saturated in scams. It’s a maximally scamming place. If you lose your wallet, some money, you’re not going to get it back often.
-
So, they evolved a set of norms of a strong reliance on digital signatures, on mutually verifiable credentials. Essentially the norm is if you don’t see the entire message, behavior and content digitally signed and notarized in a public way, then you assume it’s fake. So, it flips the default.
-
Whereas previously in online forums, we assumed the people we interact with are human until they exhibit bot-like behavior or content. Now, we probably have to shift to a different norm in that it’s assumed to be a bot unless it’s signed in a convincing way.
-
But then that, if implemented incorrectly, will take away pseudonymity on the Internet and that will create a lot of repercussions on civil liberty. So, we’re working on a set of research called Zero Knowledge, meaning that you’re going to be able to prove you’re a citizen or you’re 18 years old and so on without disclosing any information about you. That’s probably what’s going to be needed in the new norm going forward.
-
So, you mean the government will announce something for the citizens?
-
Yeah, we’re part of the World Wide Web Consortium, W3C, and the FIDO Alliance, Fast Identity Online. And because this is a global scale problem, it’s not going to be Taiwan only, so, we’re working on standard making to make decentralized identifiers, verifiable credentials, all those zero knowledge, new ways of signing things without revealing your private information and making that the norm.
-
Okay. I want to go back to our previous question. So, when you’re preparing for enhancing the digital resilience of Taiwan, what’s the worst-case scenario that you’re preparing Taiwan for? Is that the 14 undersea cables surrounding Taiwan being cut off?
-
That’s just the beginning.
-
So, tell us the worst-case scenario that you’re preparing.
-
The worst-case scenario is that any physical points of communication that’s fixed in space and known will be destroyed. That’s actually the assumption we’re working with. So, not just the landing sites of the cables, but also the core network of the three major telecommunication providers, also the power supply to such and so on.
-
Because all these locations are not secret and we can safely assume Shannon’s maxim: “the enemy knows the system.” Basically, all of these is public information, so we can assume that they’re going to be disrupted, jammed or destroyed in a huge earthquake.
-
And so, for the communication internally to nevertheless still work and for the international correspondence to nevertheless still have the way to reach to the global audience. Because otherwise, the deepfaked FIMI are going to win the day.
-
We are going to see a lot of live reports from Taiwan that are completely synthetic. So, for the international correspondence to still communicate to the world and for the domestic coordination to still function, even when all the physical known places are destroyed. That is what we’re preparing ourselves for by the end of next year.
-
So, you mean by setting up those 700 satellite receivers, that means we are fully prepared for the worst-case scenario.
-
That’s the beginning. And it only solves the international correspondence part. There’s at least two parts as important as that. The part that I keep talking about is the local resilience of the coordination for domestic users. And I will also add to that a good cloud-based backup and high availability as demonstrated by Kiev.
-
So, all three, the data resilience, the local infrastructure resilience and the communication resilience are going to be needed. And without any of the three, we’re not going to coordinate very effectively in terms of response to large earthquakes.
-
So, the three things, one is the 700 receivers.
-
Right, the communication resilience. And another is this local infrastructure resilience.
-
By…
-
By working with the public cloud providers that are domestic in Taiwan and physically operated by people without citizenship.
-
So, like Google.
-
Like Google, but also Microsoft, Amazon and so on, right? Cloudflare and so on. So, this is the local part. This is the international communication part. This is the local communication part. And also, our software systems, services, and platforms need to also work, regardless of which data centers they are in.
-
They need to be portable, because if they’re tied to one specific data center, one specific set of computers, and the location is known, then we can safely assume it’s going to be destroyed.
-
Is there a deadline for the local part or has it been already completed?
-
The local resilience?
-
Yes.
-
We currently use Google for our internal communication because it’s the first to satisfy such requirements. But it’s also on public transcript that we’re working with multiple providers, including Signal and so on, who are all quite willing to consider working with local resilience requirements.
-
Okay. And the third one is?
-
The third one is the data portability and backup system to be agnostic of the data centers of our core public services.
-
So many more questions.
-
How much have we completed that already or how much are we going to do that for the data backup system?
-
Yeah, so we’ve done quite a lot, at least for our ministry and the two administrations. We’re pretty ready for such a scenario. On the other hand, to coordinate is not just our ministry.
-
So, we need to work, as I mentioned, with all the ministries and agencies that hold similar-sized services that has the personal data of everyone, 23 million people.
-
So, these, like Class A agencies that hold the private information for all 23 million people, is going to switch to the security and communication, the T-Road and the Zero Trust architecture, and so on, by the end of next year also. So, the timelines are the same for all three components.
-
Is there any budget for the other two? Because we already know the budget for the first one.
-
Well, it’s on an as-needed basis.
-
Okay. That’s great.
-
Yes. We’re going to spend however much it takes to make it a reality.
-
So, can we say that by the end of next year, Taiwan is digitally resilient to any kind of, like, even the wars and the droughts?
-
Well, it’s not going to be perfect. We’re going to add even more providers as time goes by.
-
Even satellite providers?
-
Yes. And local cloud providers and service providers online. All of these are going to increase in number, especially LEO is going to increase in number over the next few years. So, I think many of our plans are actually multi-year, so like three years, four years, and so on.
-
By the end of next year, that’s like the minimally viable configuration, but we’re not going to be satisfied on that. And we’re going to do, for example, expand on disaster roaming, making sure that people who work on disaster relief can receive communication from any telecom provider, regardless of the SIM card they’re in, and so on.
-
So, even more redundancy, even more resilience. I think it’s safe to say over the next few years, we’ll spend tens of billions.
-
Tens of billions?
-
Tens of billions of NT dollars. Yeah, important distinction, not Bitcoin. Tens of billions of NT dollars to make it a reality.
-
To make what a reality?
-
To make the full digital resilience for all a reality. So, it’s a multi-year and interagency and, frankly speaking, cross-sectoral process.
-
So, we can say at least by the end of next year, we’ll be minimally viable.
-
Yeah, minimally viable.
-
Even wartime scenario.
-
In huge earthquakes. Yeah, in massive earthquake scenarios.
-
Can’t you just say wartime scenario?
-
(laughter)
-
I’m not part of that world.
-
An extreme scenario.
-
I don’t know what your schedule is like for the rest of the week. I’m here until Saturday. Do you think we could schedule some more time? Because I wanted to talk about just you, like interview you personally as well about your…
-
Well, the only time we have is now.
-
No!
-
Yeah, do you have…
-
This whole week?!
-
Do you have some other engagements after this?
-
Well, I don’t have anything until the afternoon. She’s being very…
-
(laughter)
-
Yeah, I think maybe we extend this to half past 11, meaning that you have 23 more minutes.
-
Excellent. Okay. Sorry, I’m sorry. She’s not happy with me.
-
No, no. She always tells me not to do that.
-
Right, so she’s going to be really unhappy with you.
-
I know, I know.
-
Okay, that’s fine. I’m in with that.
-
But we did make an exception for CNA, right?
-
Wow!
-
Well, she came from CNA.
-
Wow! That’s not biased. I’m joking.
-
(laughter)
-
No, no, no. CNA is our national communication agency.
-
Oh, okay. I thought it was Channel News Asia. You’re messing with me!
-
No, no, no. It’s a channel of our government.
-
Sorry, just very quickly, how long will the 700 receiver be there for? I mean, we know that it’s going to be completed by the end of next year, but how long will it be there?
-
How long will it be still there?
-
Yeah.
-
If the test and verification is successful, it’s probably going to be more than 700. It’s going to grow.
-
And you’re just going to extend those agreements with all those providers as long as necessary?
-
With the providers that pass the test and verification. If it doesn’t work, we’re not going to renew.
-
Is it possible that it won’t work?
-
I’m sorry?
-
Is it possible that it won’t work?
-
Well, there are some constellations that are currently not operating physically in Taiwan. They’re telling us by the end of this year or by the end of next year.
-
So, we’re going to wait until they say they’re actually operating, and then we’re going to test it. But if we test it and it’s not actually operating, then we’re going to wait a while before testing again but we’re always willing to retest.
-
What if you’re stuck with Starlink as your only option?
-
It’s unlikely, because we already work with SES.
-
But…
-
But for LEO?
-
Yeah, for LEO.
-
But possibly all our minimally viable needs are going to be met by MEO…
-
So, you won’t have to just yield to Starlink?
-
… If we manage to reroute all the domestic communication needs to the local resilience partners. If the local communication parts finish with a very good arrangement, then it means that the bandwidth requirement is actually quite low in terms of international communication. It’s basically just serving you, right? Serving international correspondents.
-
I was very curious about why there was such a big focus on video conferencing and all of this. Why does it matter that much?
-
Because if you compare Kiev and Crimea, that’s the main difference.
-
Yeah, the message is much stronger with the videos and pictures.
-
Yes. In the Kiev situation, I spent, in the beginning of the invasion, just spending all night refreshing Kiev’s independent website. And the local correspondents, basically, if they’re denied video communication bandwidth, if Zelensky doesn’t do his daily addresses, somebody else will do Zelensky’s daily addresses.
-
Have you been in touch with the Ukrainians about readiness at all? Have you talked to them about…
-
Yeah, so I signed the Declaration for the Future of the Internet with Fedorov and 60 other democratic partners, so we learned a lot with them. And the Diia application that they use, currently the Estonian people are helping them to open source the lessons they learned, and even the code that they used to the rest of the world to bolster resilience. So, we’re paying close attention and working with them on that.
-
Can we talk a little bit about when you first went into government, it was like 2017?
-
No, that was 2014.
-
2014?
-
Yeah.
-
And so, your appointment was pretty historic and pretty groundbreaking on a lot of different levels.
-
Yeah, well in 2014 was also pretty historic, but it was during the Ma Ying-jeou administration.
-
Okay. What was your position at that time?
-
I was a reverse mentor, a young mentor to the cabinet. So, I run at that time, the vTaiwan project, working closely with Minister Jaclyn Tsai, the minister was a portfolio in charge of cyber law. And we went into the cabinet because earlier that year was the Sunflower movement and we physically occupied the parliament. And it was a Matsu-like situation actually.
-
Me and the g0v friends helped with providing broadband communication to a place that was denying external communication, so that they can do video conferencing and live streaming so people know what’s actually going on in the occupied parliament and that this information does not run rampant.
-
In a sense, it’s a microcosm of many things. And after the successful occupy, we, the civic tech people, were invited by the then-new, as of end of 2014, Premier Mao Chi-kuo, because he said that open government is going to be the new approach.
-
They understand that the trust in governmental institutions that year was below 10%. So, like anything the core public service says, the people don’t believe. And to win back the trust, they need radical transparency, they need open government and so on. So, we were in the cabinet, but to work as a bridge to rebuild the trust, so to speak.
-
What was that like? Because you were against The Man and you were working with The Man.
-
Well, I’m working as a catalyst. So, I often say that I’m at the Lagrange point between the movements on one side and the government on the other, working with the government but not for the government, working with the people but not for the people.
-
I mean, it’s curious because you kind of put yourself in the middle there. Was there hostility from either side?
-
With an approval rating of 9%, that meant 90% of the people simply did not believe anything that the Ma Ying-jeou administration said.
-
Wow.
-
So, there was, of course, adversity and polarization and so on. And a lot of our work is to ensure a social media that is pro-social rather than anti-social, rather than amplifying just the extremes.
-
We want to amplify the bipartisanship, amplify the bridge-making narratives, so I’ve never campaigned with or for any political parties. I still remain non-partisan or all-partisan in the sense that I work with all the political parties to build such bridging narratives.
-
But what’s your journey been like since then? Because that was almost 10 years ago.
-
Yes.
-
Since then, you have really sort of… Tell me a little bit about what… Describe that journey to me a little.
-
Okay. So, 2014-15, I was a reverse mentor, almost an intern, right, in terms of how government works. A trusted advisor but not of an office, right, not running an office.
-
And in 2016, after Dr. Tsai Ing-wen won the election, there was this checkpoint handoff where a non-partisan… Well, he has a party now, but back then he had no party. Simon Zhang, Chang San-cheng, handed off to an equally non-partisan Lin Chuan in a public way.
-
So, the outgoing government published checkpoint documents to the Internet. So, I didn’t know I would be part of the next cabinet, but I read them anyway. And then Lin Chuan asked me to find essentially a successor to Jaclyn Tsai in the same physical office, also running cyber regulation stuff. And I asked my friends, and none of them want to work in the government. I don’t know why. So, I’m like, okay, maybe I’ll give it a try.
-
And so, at that time I chose three principles. Radical transparency, meaning that lobbyists’ and journalists’ visits are going to be published. The voluntary association, meaning that I work with all the ministries, but only if they want to work with me. I’m not coercing them to do anything. So, it’s an alliance with the core public service, essentially.
-
And then location independence, meaning that I get to tour around Taiwan. And that was before the pandemic, tour around the world as well, but still count as working. So, I have a completely cloud-based workspace. And Lin Chuan agreed on those three principles. And so, I become essentially an intern promoted to full-time on the same office I used to work in, in Jaclyn Tsai’s office.
-
And what was your title then?
-
I was a minister without portfolio in charge of open government, social innovation, and youth engagement.
-
So, when you brought in the transparency clause, was that just in your ministry or were there other people as well?
-
At the time I did not have a ministry.
-
I know, but it was in your department.
-
Yeah, my office.
-
And so, it was just you.
-
It was just me because of the second clause, voluntary association. I’m not going to coerce anyone.
-
So, you basically said, if you come and talk to me, I’m going to tell everyone about it.
-
Exactly, yes. And also, equally important, the people talking to me, usually, they always actually make pro-social, pro-future arguments. Because if it’s not radically transparent, many lobbyists make proposals that are good for them and maybe for me, but not for anyone else, right?
-
But with radical transparency, I’ve never had a single such instance. And I don’t “ying chou”, right? I don’t attend dinner parties. So, there’s literally no way other than this pro-social radical transparency.
-
Did you have a lot of visitors from lobbyists in the beginning?
-
Yeah.
-
They still came to see you even if they were going to be videotaped and recorded.
-
Videotaped, yes definitely. And I used to, when I was in the previous position, allocate every Wednesday all day for such visits. And because they’re social entrepreneurs, so they are lobbyists that run their business but they also are advocates for environmental and social and public good. So, basically only social entrepreneurs benefit from such an arrangement because it’s free advocacy for them.
-
Right.
-
Yeah.
-
(laughter)
-
So, we receive a lot of micro, medium, and small entrepreneurs that has their hearts in the right place in the public good. So, that was also my job, but not anymore because that post is now Minister Lee Yung-te, he took the social innovation role and the open government role went to NDC, Mr. Kung Ming-hsin, and youth engagement with Minister Lin Wan-yi. So, starting last August, I’m now just focused on cyber digital transformation.
-
And do you just, are you happy in government?
-
Yes.
-
Ten years.
-
Yeah, almost ten years now.
-
Do you think that you would be considering how you began?
-
Yes.
-
With like 9… like less than 10% trust in government?
-
Yeah, but I’m working with the government.
-
But like given that, given the sort of the skepticism and the cynicism of the moment when you first walked into that building and where you are today, would you ever think that that was ever going to be possible?
-
Yes.
-
Are you happy with the progress that you feel that institutions have made?
-
Yes, the progress, the participation and the safety that is a result of it. Before the pandemic, honestly speaking, only a small fraction of people in the world knows the kind of work we’re doing here in Taiwan.
-
But because of the pandemic and the so-called Taiwan model of democratized pandemic response, the same kind of democratized AI response I just described, right, that empowers the agency of each and every citizen without a need for top-down lockdowns, then we counter not just the pandemic but also the infodemic.
-
And that is quite rare. Like we don’t have an anti-vax political faction. Like everyone wear their mask and wash their hands without feeling that they’re forced to. I think that propelled this model of co-creation to international stage.
-
But back in 2014, I was always pretty sure that this model would work to solve essential polarization.
-
Did you ever sort of encounter any real prejudice?
-
On what?
-
On your identity.
-
My identity? So, yeah, being a non-partisan is not very easy because people insist on binary partisanship.
-
That’s true.
-
(laughter)
-
No, in the HR form when I entered the cabinet full-time in 2016, I wrote none on party affiliation and also none on gender next to party affiliation. I’m happy to say that I’m still none on both counts.
-
But what was that like for you, that journey, the personal journey through?
-
I think a lot of this when in 2016 we saw the previous wave of AI, the social media recommendation feed algorithm, that was like the most difficult challenge that I personally tackled when I first entered the cabinet.
-
There was a lot of push on one side for the state control on the large social media so that they don’t do extremism, polarization, addiction, surveillance capitalism, what have you. On the other hand, there’s a lot of push to say that Taiwan’s identity is civil liberty.
-
So, if we start taking down random things, we go the way of the PRC because PRC at the same time publicly said that they’re not tolerating civil society, even the worst civil society, on social media. So, they ended up spending more than their military budget on harmonizing the social media.
-
And so, it’s like they adopted a zero COVID approach when it comes to the retweet and share buttons. And so, because Xi Jinping at the time was so clear about it, which is markedly different from the PRC in 2013 or before, right, so people in Taiwan said that even inching toward that direction is not accessible, is not acceptable. But on the other hand, the polarization, the addiction, the extremism is very real.
-
So that I think is the defining struggle for my work starting late 2016 until say 2020 when the pandemic started.
-
But you didn’t have like, I’m asking because a lot of the challenges that you’re dealing with here, they’re so… I don’t want to say toxic, but they’re so visceral in the US right now with the gender politics. Like there’s a Montana lawmaker who’s transgender who isn’t allowed into the legislative council to speak.
-
I’m aware of it.
-
Yeah. Right. So, I mean, like, so it’s kind of amazing that you’ve, I just want to feel like if you could share what your experience was like compared to people who, and again, I just sort of, we could sort of have this conversation where this is a completely different conversation happening here versus what’s happening in the US and what they’re debating today.
-
Correct.
-
Because you lived in the States.
-
I did. I think there’s two things going on, right? First, in Taiwan, I’ve never been discriminated against since 2016 because of gender. Some age or partisanship, actually more than gender. And I think that’s, the first thing is because this is not a partisan issue in Taiwan, unlike in the US.
-
It used to be that marriage equality was somewhat a partisan issue, but because it’s resolved in a constitutional court way, right? So, it’s not… And after the two referenda, we settled on a bridging narrative that says two individuals of the same biological sex who want to formally get married, to wed, but not to not form an extended family.
-
And so, this is very nuanced. It has Taiwanese characteristics, which is learning from the 20 or so national languages and the different… because we have a matriarchy in Amis, the Taiwan nation doesn’t care about gender when choosing successors, and Dr. Tsai Ing-wen is at least partly Pai Wan, I heard, and so on.
-
So, we have many traditions, and when you work to collaborate across the diversity, then you always find those very nuanced, eclectic solutions that says, get married but not form an extended family, and people are generally happy with that.
-
So, I think this democratic process of seeing democracy not as a showdown between opposing ideologies, but rather as a conversation across many different ideologies, the plurality of ideologies. I think that is the main difference between the Taiwan experience and the US one.
-
What advice would you give for this Montana lawmaker?
-
So, I am actually writing a blog at plurality.net, on cooperating across diversity. And I think the plurality is not just a communication resilience, but rather an ideological resilience thing. If one can reliably take all the sides and see people’s actual fears, uncertainty, and doubts, then you are going to land on truly creative solutions.
-
Like when I first got the social innovation job and set up the Office Hours every Wednesday at the previous Air Force Headquarters, now it is the Contemporary Culture Lab. There was a redesign because it was an Air Force quarter, and everything needs redesigning.
-
And we intentionally designed the underground floor very accessible, the bathrooms for people who identify as women, as men, as gender-non-specific, including all genders, and accessible, like with wheelchairs, and very prominent with equal sizes, so that everyone can be comfortable with whichever choices they need. And if we need to repair when there is always a big mess somewhere, it is also very resilient.
-
Anyway, but then that is not like saying that there is only binary, and the binary choice needs to be done at a personal agency level, at a state level, at a federal level, and so on. This is more like let’s settle on something that we can all live with, just like the wed but not extended family, or marriage but not kinship situation that we agreed on.
-
So, yeah, I am not saying that the solution is the right solution for the U.S. or for Montana, but this process that involves everyone settling on something, we can all live with, is very important.
-
What is your biggest challenge nowadays?
-
Nowadays? Earthquakes.
-
Come on, Cindy. It’s quite obvious by now. Earthquakes!
-
(laughter)
-
How would you describe this situation with another word?
-
Um… Chaos.
-
OK. So, you think that is the biggest challenge now?
-
Yeah, definitely.
-
Do you feel like it is a constant, like you wake up every day and you are like, oh, here we go again, we still have to deal with this.
-
Yeah, like millions of attempts.
-
It is like how Taiwanese people get up every day and they are like, well, here we go, it is the cloud in the sky and it is looking at us and it is ready to strike us with lightning.
-
Well, in terms of cybersecurity, there is millions of attempts every day.
-
Every day?
-
Every day. Millions of attempts literally every day.
-
And can you sort of describe, like what does that look like? Like someone is trying to shut down a university, someone is trying to hack a university, someone is trying to send a spear phishing email, someone is trying to do this, someone is trying to do that. Like what does that look like?
-
If I said millions, like first of all, it is kind of amazing that they have the resources to devote millions for the type of team that we need.
-
It is automated, right? Like earthquakes. On average, there are three felt earthquakes some place in Taiwan every day.
-
Really?
-
Yes.
-
Just that we don’t feel that.
-
Exactly. It is just slightly felt.
-
Okay, I should be like on cyber-attack now. Can we please not talk in codes? I need you to talk like really, because I am a cyber reporter and I can’t say earthquakes in my story. You mean three failed cyber-attacks? Or three felt earthquakes?
-
No… Like, actual earthquakes.
-
Three felt earthquakes. He’s really talking about earthquakes.
-
Stop talking about earthquakes.
-
(laughter)
-
I was working with GIS systems a few years back and we used a US earthquake risk assessment system on Taiwan. And every place in Taiwan is maximum.
-
It is a nightmare, right? It is crazy.
-
So that system is not useful because it doesn’t tell us the degree of which this place is riskier than the other. Because from US perspective, every place is maximum.
-
It is crazy.
-
But that is why you have so many issues with cables, right?
-
I mean it is really hard to lay them out anywhere. Are you…
-
So, you really think that earthquakes are just like the cyber-attack from China?
-
It is a very apt analogy because earthquake is not going to give you a lot of warnings either. They are not like typhoons, but if you work on zero trust architecture, just like in earthquake, we deploy the detection machines as close to the actual centers as possible, then you do get actually a few seconds’ notice.
-
And after that, maybe half a minute’s notice at most. For cyber-attack, that is exactly the same. But during those few precious seconds, for earthquake, if you can stop the elevator, then that prevents a lot of damage.
-
And for cyber-attacks, if you can switch to a different defense posture, then the attacker doesn’t gain anything and you learn a new zero-day exploit. And then you… This is called defense in depth. So, advanced warnings, threat intelligence to cyber-attack is like those seismic detectors for earthquakes.
-
Interesting.
-
I feel that you and South Korea have a lot in common.
-
Yes.
-
And Ukraine.
-
And Ukraine.
-
Right? Crazy.
-
There is one difference though. Earthquake sometimes is unstoppable, right?
-
You’re like, yes, maybe we sign a peace accord with earthquake? No, this is not going to happen with the “地牛”, I’m sure…
-
(laughter)
-
But that’s quite similar to cyber-attacks as well because for many of those cyber-attacks, it’s not clearly attributable. So, when we say they’re of a foreign origin, we’re not being… like this is not a euphemism. We literally only know it’s of a foreign origin.
-
Is it constant or has there been… Like obviously during the Pelosi visit, there was like… You saw a spike and then during the president’s visit to the US, there was a spike. But is it year on year? Is it essentially the same or do you feel like it’s that level that you’re used to is getting higher and higher?
-
It was getting higher significantly in the past couple of years. So, like this. This year, we’ve not had a complete pail yet, so maybe we talk by the end of the year.
-
Can you talk about the end of last year?
-
Yeah, so as I mentioned, there was a spike last August. And last year and the year before that, we saw much more coordinated attacks and also higher degree of attempted attacks and so on compared with 2020. So, 2020 and every year before it was like one background level. And 2021, 2022 was a very different background level. And this year, it’s not going down, but whether it’s going way up or the same, maybe we talk at the end of the year.
-
Just one final thing on Matsu. So, do you really believe that’s accident or how intentional you think that’s causing these two undersea cables being caught? And what’s the lessons that we’ve learned from it?
-
Yeah, so the microwave transmitters by the end of this year will have this capacity to satisfy Matsu’s domestic needs. So, we learned, of course, that any place that is well known can be disrupted, so the investment on microwave is necessary. We also learned that SES Global’s MEO actually works in Matsu. That’s another important thing to learn.
-
But we are investing in another additional cable between Taiwan and Matsu just because plurality. So, I think the main lessons we learned is psychological, in how to manage the expectation on reduced bandwidth, how to prioritize the bandwidth use, which uses are OK to have a slightly higher latency, like asynchronously, and so on. So, these are very valuable lessons.
-
And we know for sure that both of those vessels had PRC flags.
-
Yes.
-
So, they’re definitely Chinese.
-
And they said it’s accident.
-
I mean, it’s such an accident to drop an anchor and just keep going, right? Did they both get cut by dropped anchors or…?
-
Well, the details, I think the NCC has more details than I do, but what I know is that they’re both flying PRC flags and they both say it’s an accident.
-
My understanding was that the Chinese fishing vessel dropped anchor but kept going and just dragged the anchor. Because it’s not very deep, right?
-
No, it’s not very deep.
-
So, if it happens again, it just won’t cause that big trouble because microwave is enough.
-
Currently, microwave is barely enough. But by the end of the year, microwave will be plenty.
-
How long would it take to repair the cable?
-
That depends on the repairing vessel’s schedule. Usually, it takes a couple of months or so.
-
And it was really slow, right? The microwave was super slow.
-
The microwave was supers slow.
-
Was, was, when it was cut. So, these people had to get by on MEO and really slow, like crazy slow.
-
Crazy slow. Because as I mentioned, they did not have a local cloud center. If they had a local data center and reroute the local to national domestic communication through that center, then it would not be slow.
-
Was it megabytes? I’m trying to remember if it was megabytes.
-
Yeah, it’s around… It’s like a MEO receiver. You can think of it as like your home broadband. So, if it’s just you and your family using it, that’s okay for video conferencing, maybe not for esports gaming because of the high latency. But if you start sharing with your neighbors, that’s going to stress. If you’re going to share with a town of hundreds of people, it’s not going to cut it.
-
How much do we invest in the microwave? What’s the budget?
-
The budgets of MODA and NCC combined…
-
Look, Ku Chuan — because she’s really looking at me now — I can get you the actual numbers after this interview.
-
Okay.
-
All right. We cannot overstay our welcome. If we have any more questions, can we just email them?
-
Yes. Of course.
-
Perfect. Thank you so much.
-
Thank you.
-
Thank you.