-
Thank you. Okay. I hope you can see me in the back. But good morning. I am so excited to be here today. Thank you, everyone, especially Audrey, for being here with us today. Before we start, I’d like to quickly introduce my wonderful colleagues to Minister Audrey Tang, as well as her colleagues joining us today.
-
The Harvard Kennedy School Taiwan Trek is a student-organized trip to deepen the students’ understanding of Taiwan’s values, achievements, and struggles in the international arena. There are 58 of us today who all flew into Taiwan over the weekend representing 17 different countries coming from institutions including the Harvard Kennedy School, the Business School, the Law School, the MIT Sloan School of Management, as well as a few other institutions.
-
On this trek, we will be speaking to Taiwan’s political, business leaders, as well as the visiting and cultural institutions and experiencing Taiwan’s natural heritage. Now it is my great honor to introduce our speaker today, Minister Audrey Tang. Audrey is Taiwan’s first digital minister, also the youngest and the first transgender cabinet member in Taiwan.
-
As Minister, Audrey leverages digital technology and regulation for social innovation, open government and youth engagement. Audrey is known for revitalizing the computer languages, Perl and Haskell, as well as building the online spreadsheet system, EtherCalc— I hope I pronounced that correctly, in collaboration with Dan Bricklin.
-
In the public sector, Audrey served on Taiwan’s National Development Council’s Open Data Committee, as well as the 12-year Basic Education Curriculum Committee, and led the country’s first e-rulemaking project. In the private sector, Audrey worked as a consultant with Apple on computational linguistics, with projects at the Oxford University Press, as well as with Socialtext on social interaction design.
-
In the social sector, because Audrey worked at all three sectors, Audrey actively contributed to GovZero, which is a project in Taiwan here, a vibrant community focusing on creating tools for the civil society to more actively engage with the government. Given the time limitations today, I’ll let Audrey make an opening statement, and then we have a brief presentation to follow, and we’ll open up directly to audience’s questions. Thank you.
-
Welcome, everyone, to our startup. This ministry, the Ministry of Digital Affairs, started last August. A couple of weeks after Speaker Nancy Pelosi’s visit, the hour that our website went online, missiles flew over our heads, and we suffered the most devastating DDOS attack that we successfully countered. Our slogan is digital resilience for all and free the future.
-
We have seen that many of you are interested in the cybersecurity arm, but I will first lay out a basic outline of our ministry. In the ministry proper, the Ministry of Digital Affairs, and 數位 in Mandarin means both digital but also plural, as in 數位部長 is like ministers (plural). I’m also a Minister of Plurality. I’m writing a book on that, at plurality.net.
-
The idea is to co-create from tension, to co-create from conflict, and working on systems that turns any conflict into co-creation. That’s the ministry proper. Under the Ministry, there are two administrations. We’re now in the building of the Administration for Digital Industries, which is for progress, AI deployment, platform economy, you name it. But there’s also an administration for safety, namely the Administration for Cyber Security.
-
Participation, progress, safety is a triangle. In other jurisdictions, these three belong to either three ministers or two ministers, one taking a side and one taking the other dot. But only in Taiwan – because it is that during the pandemic times, there are teams that work so closely together on universal participation, on progress, and on safety – that we just took the team that we interacted with the most during the pandemic and formed a ministry together.
-
When we say free the future, we mean not just advancing a particular value, but increasing the overlap between all the values of democratic participation progress and safety in order to widen the narrow corridor between the state power and the civic power. Now, without further ado, let’s just hear from the administration group, Cybersecurity, on the cybersecurity defense in Taiwan. Thank you.
-
Okay, everyone, minister and ladies and gentlemen.
-
My name is Jeff Chen, from the Administration for Cyber Security. In the last few minutes, I will introduce the cybersecurity in Taiwan. Yeah, everyone, you can see this slide. As you know that the highest executive authority in Taiwan is the Executive Yuan. So, in the Executive Yuan, we set up the NICST, National Information and Communication Security Task Force. That’s the NICST, consists of related cybersecurity ministry.
-
We included the related ministry and the experts from the cybersecurity field. Right now in Taiwan, we have three major authority to takes responsibility for cybersecurity. The highest is the Ministry of Digital Affairs that we call is Moda. This takes the cybersecurity policy load in Taiwan.
-
And the next is my mother agency that we administer for cybersecurity that we call is S, that we tax the strategy planning and the protection on cybersecurity. And then the last one is the National Institute of Cyber Security that we call it NICS.
-
That is a professor of cybersecurity from technical part and research. This is probably as organizational chart. That in this organization that we have divided the implementation unit and support unit.
-
In implementation units, we divide into five divisions. That includes planning, incident notification response, and the training, and the audit, and the recollection, and the national cooperation divisions. It’s all those five units. Just like everyone knows that in Taiwan, we are to fight the… We choose the eight fields at the critical infrastructure. And just like everybody knows that we act the related critical infrastructure to meet our requirements on cybersecurity, that we have to create the legal basis for those critical infrastructures.
-
Those critical infrastructure in Taiwan that we, for example, that we have transportation, financial, and high-tech park just like this. Since June 2018, we created the Cybersecurity Management Act. This act that we provide the… Who is the critical structure and their obligation to meet our standards on cybersecurity. In this cybersecurity management act that we have a specific government agency and governing agency that is the major two separates.
-
With the cybersecurity management act has been implemented since 2019, January. We also promulgated the associated regulations such as the cybersecurity incident report, information sharing regulations to deal with cybersecurity center report in terms of its report time limits, procedure, and sharing. In Taiwan, we asked those after critical infrastructure fields to set up the CERT, ISOC, and the SOC.
-
The CERT is a Community Emergency Response Team, and the ISOC is the Intelligent Sharing Analysis Center, and the SOC is the Sharing and Operation Center. Those three layers of defense systems that provides the sharing, monitoring, and analyze about the cybersecurity attacks.
-
Just like what I mentioned before that we asked the other fields, creative infrastructure fields, to meet our requirements and also asked them to set up the SOC, CERT, and the SOC. We also have the set up at the national labels, SOC, SOC, and the CERT. This is quite the structure that we have. And just everybody knows that we have a certain situation. Just due to the Taiwan special, political, and economic situation, according to the study, that we are the top 10 cyber-attack server areas in the world.
-
That everybody knows that the best way to communicate experience to dealing with cyber-attacks, to simulate the real cyber-attacks. Every two years that we will have the International Cyber Offensive and the Defense-Exercise that we show the code.
-
This exercise is a code exercise. This year, we just finished our 2023 code exercise. This year is that we choose a water field. But everybody knows that the cyber scenario exercise is just a system that is closed door and not open to the public. This year, start this year at the same time during the quarter exercise held the time that we also hold the ACE conference.
-
The ACE conference is the Advanced Cybersecurity Exploration Conference. In this conference that we include scholars and cybersecurity policymakers to attend this international conference. This ACE conference will held in the next year, 2024. This is our mother agency’s coin that symbolizes our cybersecurity field. Welcome and participate our conference, our ACE conference, 2024. Thank you, everyone. Great.
-
I would just add that anyone who has participated in digital-related competitions that we hold, including this one and the presidential hackathon and so on, are automatically eligible for Taiwanese residency. We have a Taiwan gold card program that you can get quite easily by not just winning the competition, but also by proving that you have 8 years of contributions to open source on GitHub, on web3, on really anything, internet commons, blogging, anything counts, communication on YouTube. We just gave two gold cards to AsapSCIENCE.
-
The idea is that after spending three years as a resident, you can, of course, come here and enjoy health care and so on. But we actually designed this with digital nomads in mind. Even if you just becoming a virtual Taiwanese, after five years, this gold card can be renewed once, you are eligible to get a Taiwanese passport without giving up your original one as to become also Taiwanese.
-
This is saying that we welcome people from the entire globe as long as we’re aligned in value, in the safeguarding, democracy, information, integrity, and we welcome diversity. We want to turn toward a very diverse place because we take pride in our ability to turn conflict into co-creation. Now, without further ado, let’s turn back to the moderator.
-
All right, I think we could directly open it up to questions. I know there are lots of interest. So once again, I ask that you to first identify yourself, your affiliation, as well as state your name, your affiliation, and then keep your questions brief and make sure that it’s a question. All right, the floor is open.
-
Hi, Minister Tang, thank you very much for your time. My name is Franklin. I’m a first-year student at the Kennedy School. I’ve read a lot about how your ministry has tried to make government more accessible to the people. I was wondering if you could talk a little bit about these efforts and how Taiwan can share with the rest of the world how government can work for its people and hear back from its citizens.
-
Thank you. Great question. All governments, I hope, work for its people, but we work with the people. In doing that, we practice radical transparency. All the visits, including this one, we make a public transcript, free of copyright in CC0 under public domain and publish it on our ministerial website.
-
If you search for Say It, you can see it actually since 2015 or so.
-
Everything that I participated in, including journalistic visits and so on, are online. This is because the nature of conversation changes when people know that the future generations are looking at it.
-
Many lobbyist visits turn into sustainability conversations just because they know that the future is watching. This is the first thing that we do. In addition to radical transparency, we also hold collaborative deliberations.
-
We sincerely believe that we can use digital technologies to extend the feeling of, say, 100 people in the same room to scale it so that tens of thousands of people can still feel that they’re in the same room and deliberating about, for example, how to work with AI, how generative AI should benefit humanity and things like that. It’s called alignment assemblies. This year, we’re experimenting with language models that can take those clusters of very newest conversations, basically video transcript and so on, and synthesize them into avatars.
-
It’s like an executive summary that talks back to you. You can just present scenarios and cases and so on, and also invest in bridge-finding systems so that when we have multiple such workshops, each can train a small AI, and those small AIs can deliver among each other to find the crux, the bridges between those communities.
-
Scalable delivery or compression without losing nuance. This is another thing that we do in Moda.
-
We’ve partnered with OpenAI and especially Anthropic so that they can tune their future AI systems using what’s called constitutional AI based on people’s wish. You can co-create something like the Declaration of Human Rights or whatever, a constitutional document, and for it to align AI this way. In addition to transparency and participation, we also work on accountability.
-
There’s a lot of systems in Taiwan that are continuously accountable to the people. During the pandemic, for example, the allocation of PPEs, the vaccination reservations, and so on. We take pride in not just providing a board, but continuously publishing open API so that people in the civil society can build even better ways to hold us accountable and also to disseminate information. I think that the point here is that the government should not have a monopoly on how information is interpreted.
-
Rather, we work with the very long tail of Taiwan. We have more than 20 national languages which is 16 indigenous nations, 42 language variations. There’s no way that we can be the canonical information source for all these different cultures. We need to work not just on bridge-making systems, but also under the idea of public code to open up the code and data so that these indigenous nations and other ethnicities can also build their own governance system based on the governmental systems.
-
Anna.
-
Hi, I’m Anna. I’m a student at the Harvard Kennedy School.
-
I’m wondering if you can talk about how you balance the fight against disinformation and information warfare while at the same time protecting the right to free speech?
-
This is like asking how do we counter the coronavirus while protecting the freedom of movement? In Taiwan, we managed to do both. During the three years of pandemic, there’s not a single day where we restricted across city movements of people. We’ve never had a lockdown internally. I think the keyword here is internally because we do have quite strict quarantine rules on the border.
-
One of the most important things that ACS does is to distinguish from the domestic sources, from the foreign sources. You will notice that we don’t say this information in the slides or really any public communication. We use the European word FEMI, Foreign Information, Manipulation, and interference, or just foreign interference. That is because Taiwan is an island or many islands, and we can easily distinguish domestic sources of attack or information versus foreign sources.
-
The foreign sources that want to manipulate, want to interfere, and so on, we need to clearly identify them as such. For example, the government communications, starting next week, actually, most of the communications will go through a single SMS number, 111. If you receive a SMS from a governmental source, chances are in a few weeks, everything will be from a very short identifiable number.
-
That if there’s a foreign source purporting to be the government, either for scam or information manipulation reasons, it will very easily just show its source. In terms of actor, behavior, and content, and distribution, we now focus on actor and behavior part because the content part is, frankly speaking, it’s hopeless now. Watermarking doesn’t work against the rephrasing attacks, deep fakes, you name it. The content layer is gone, which is why we ensure that we flip the default so that only 111 or essentially blue ticks across all the different platforms.
-
We also have a short GOV.TW URL, to ensure that we don’t use the foreign URL, the shorteners, and so on. At one glance, people can very easily see that this is a domestic source, this is a governmental source, and then everything else is just assumed to be a bot. I think our upcoming election in January will just be one of the first next year across all the democratic jurisdictions.
-
Half of them will have an election on the national level. I think flipping this default so that only the domestic confirmed sources are assumed to be human, everything else is assumed to be a robot, I think it’s going to be an important playbook to all Democratic jurisdictions. We’re encountering in the first, so to speak. Hope that answers your question.
-
Hi, my name is Nandini Thogarapalli, and also, a public policy student at the Kennedy School. I was curious what you thought of civic technology tools like vTaiwan, Polis, and what you think about the strength and limitations of those tools are, especially when it comes to the Uber case.
-
Sure. We’ve adopted the Polis tool. It’s now multilingual and so on. We use it in alignment assemblies this year. The tool for… People have been briefed of the tool before?
-
Not sure, Maybe.
-
Okay, very quick introduction then. It is like a survey, but we call it a wiki survey in the sense that it is the participants that write the survey ideas. It’s like a big brainstorming room where people can say, Oh, I feel that Uber is the future of sharing economy. I feel that Uber is the extractive gig economy, or whatever. Then in the beginning, you will see very polarized clusters.
-
There’s a visualization that shows via kinsman’s clustering what people are feeling. But it also visualizes the bridges. As soon as somebody proposed something that has wide appeal to all the different fractured, polarized populations, for example, that people thought that insurance is important in rides.
-
People thought that surge pricing is fine, but undercutting existing meters is not and so on.
-
As long as these breaching statements start to appear, the system automatically highlights. Actually, it’s exactly like the community notes on X.Com because the community notes team took the police algorithm and made it work on X.Com. It’s a little bit like a jury duty, really. When you sign up to community notes jury on X.Com, which just today appears in real time.
-
Previously, it was hourly batches. But this today is real time. People can then get a feeling of what is the overlapping consensus, what are the general feelings of the population without over-focusing our calories on the polarized parts which tend to dominate the click-based engagement conversations. I think this is what I call a pro-social social media rather than an anti-social social media. The research has always been how to scale this conversation.
-
The limitation was that a human brain simply cannot process more than, say, 1,000 statements from more than 150 people, Dunbar’s number. Beyond which we rely on hierarchies, abstractions, and so on.
-
It’s our wetware limitation, which is why the investment in the synthetic avatars is so important because it allows people to deliberate on a smaller community scale, but also effortlessly reflect this back to the wider community so that a synthetic avatar can speak not representing, re-presenting the core argument, the nuanced argument, it’s always full citation and so on.
-
We don’t have a hallucination to the people. Scaling this quite, I would say, even intimate experience of deliberation is the main challenge that we’re tackling now.
-
Thank you so much, Minister. I’m Chetan Aggarwal from India, I’m a second-year student at the Kennedy School. So I just wanted to speak about Femi and international cooperation regarding that. I think last week, Taiwan, India, and USA held a training conference in India. Would you like to speak a bit about that?
-
I think it is quite interesting that the interactive, deep fake precision persuasion and also India’s early actions against TikTok are all converging together on a shared common worry. I think this is quite good because previously, when the retweet and share buttons were invented, there was not such a collective waking up.
-
People thought it’s a good idea to flatten context, to reduce shared context into something that is globally shared with a URL and all that and with an addictive touch screen and so on. It’s a deadly combination.
-
I think this time, after what we have learned from the anti-social social media a decade ago, the democratic jurisdictions are now waking up much quicker to the threats posed by synthetic media and also by interactive deep fakes and precision persuasion. I would encourage you to look up the Global Declaration on protecting information integrity online.
-
I think that is one of the more forward-looking ways to, instead of just hammering on each individual, FEMI attacks, this is about building a new infrastructure of, as I mentioned, provenance, but not just provenance, but also cross country digital signature recognition and decentralized identities and things like that to ensure that we still keep some sort of international collaboration, even when each jurisdiction is highly motivated to distinguish domestic sources versus untrusted foreign sources. This rebuilding of the bridges across democratic jurisdictions I think is very important. I hope that answers your question. Thank you.
-
Hey, Minister Tang, thanks so much for being with us today. My name is Irving. I’m a joint degree student between the Harvard Kennedy School and the business school at Stanford. My question is, what do you see the role of Taiwan playing in terms of promoting responsible uses of AI to simultaneously increase public trust in AI technologies while at the same time maximizing its impact for businesses?
-
I guess I do feel responsible because without the advanced chips coming from Taiwan. There’s no this generation of AI. I think the responsible use of AI is contextually dependent on the cultural expectations. For example, when we run the alignment assemblies here in Taiwan, people expected the public sector to take a pioneering lead in using generative AI ourselves in our daily work.
-
I reply to my emails with a fine-tuned model on this laptop, fine-tuned on my public communications and my emails. But because the fine-tuning works in airplane mode, there is less of cybersecurity and privacy concerns. I always read all the drafts before I hit send, so that it’s not the AI taking over. But the use of AI in situations like this requires careful planning, guidelines, and so on.
-
It is the wish that we hear from the alignment assemblies here in Taiwan that the government should not just publish the source code, but also the code of conduct, the regulatory code, and so on, internally to the outside so that the citizens can learn what we have learned deploying our national model, the trustworthy AI dialog engine or TAIDE, trained by our science ministers’ team.
-
The digital minister’s team is for AI evaluation to ensure that it behaves responsibly.
-
The science ministers team trains AI to have more capabilities, essentially. We work quite closely together, but with an independent setup so that we’re not just evaluating TAIDE, but also all the participating, Llama and the other open source, open weight models, and also many of the cutting-edge labs are interested in also working with us to do what’s called collaborative red teaming.
-
Although they do not open up the weights generally, they’re happy to work with us so that we can find vulnerabilities. For example, exfiltration vulnerabilities, like convincing a large language model to steal its own model file, which is just 100 gigabytes or so, and to just go somewhere else. This is actually one vehicle of the red team that we’re testing.
-
We want to foster a culture where all the public model releases, either via API or Model weights, must undergo independent red teaming, not just top labs and the people they hire, but rather other top labs mediated, of course, by governmental institutions like our AISC, AI Evaluation Center, the US NIST, the National Institute of Science and Standards, and also the UK.
-
There’s a new institute called AC, AISI, the AI Safety Institute. As all the jurisdictions have the counterparts of AIEC, we expect that we will have a global collaborative red teaming, just like the responsible vulnerability disclosure. You saw the code, the red and the blue exercises, and that’s the 15 or more countries joining together to share the playbooks. We expect something like that happening on the AI team. We probably will begin with applying the meter attack, the sticks and so on to information manipulation attacks.
-
That is the natural extension to the arrangement we already have with those countries. But we will also extend it to more like biohazards, in addition to info hazards and many other hazards that AI can bring as to establish a collaborative red teaming regime before releasing any model weights. I hope that answers your question.
-
All right, well, have a question. I think to say your personal and professional journey is unique in the bureaucracy that is the Taiwan government is an understatement. How have you… Before being the first minister and the digital ministry, you’ve been part of the government for a number of years under the leadership of President Tsai Ying-Wen already.
-
And also, and before then, President, Ma Ying-Jeou. We’ve met with President, Ma Ying-Jeou yesterday, by the way. How do you operate in a sea of, I assume, colleagues that are very different from your background, from your knowledge base, and how do you effectively achieve the changes that you want to see in the bureaucracy?
-
Okay. Since 2014, our strategy has always been to build credible neutrality in alliance with the career public service. That is explicitly the goal of the movement. The reason why is that to work on bridging systems of the sort that I just described, if you’re seen as partisan, then you don’t get to a bridgemaking role at all.
-
I think by aligning ourselves explicitly with the institutions that have a reputation of being credibly neutral. For example, in Taiwan, the National Academy or Academia asymica reports just to the president, but not to any of the ministers, not even the ministers of science or education. And so the National Academy has always been for the past decades the place where the zero movement and other civic tech people hold their most important gatherings because it’s seen as a place that transcends academically, partisan divides. There’s many more examples. But in the interest of time, the career bureaucrats, they’re also here to increase the bandwidth of democracy.
-
It is not in their best interest if anything goes wrong can only be corrected four years down the road.
-
It’s not in their interest if the only way they communicate with the citizen to listen from citizens is just three bits every four years uploaded called voting. It is in the career public service best interest to let the citizens know what’s happening and also get high-quality feedback.
-
The problem was just that because of the principal-agent problem and also the challenges of the existing ways. For example, if you only have a telephone line where you call, then you have to allocate a huge amount of call center people in order to get aggregated lending volition from the people, which we actually did during the pandemic. Anyone just called 1922 and talk to speak their mind, but it’s very expensive and we cannot do that for every topic.
-
The investment that we do on these scalable, nuanced conversation systems is a fraction of the cost that the career public service is already standing on trying to know what people is thinking. For the career public service, the research that we do is a quick win and also a risk management, a continuous improvement of risk management, as the position says here, because if we know that this is what people are going to agree on, regardless of their party affiliations and so on, then there will be no protests or the last-minute cancelations or boycotting or things like that.
-
It works like a very reliable radar for the career public service, which is why we’ve been building this rapport, mutual support with career public service and the ministry, the moda at this time. Although the directors-general of all the departments and administrations, there are eight of them. By law, we can bring in outside people, but actually, all eight of them are career public service I appointed.
-
The reason why is that over the past 10 years, and especially during the pandemic, we now have teams from mid-level of career public service graduating to the senior leadership level that works in the civic tech mindset. We have no shortage of civic tech, frankly, director-general that we can appoint. We even have a department of democracy network dedicated for civic tech work. I think this long-term investment is now paying its dividends by saying, 10 years ago, we’re only working with the career of public service.
-
We don’t belong to any party, a non-partisan or all-partisan, depending, taking all the sides. We’re now building much more firm ground in terms of mutual trust. That nowadays, if you ask a random person in Taiwan, they would say that Audrey Tang truly is non-partisan or all-partisan.
-
Hope that answers your question.
-
Hi, my name is Annabel. I’m a first year at the business school. You mentioned at the beginning of this session that following the visit of Nancy Pelosi, that you successfully repelled a large-scale counter, a cyber-attack. I was wondering if you could talk a little bit about that and how you’re preparing for that in the future and just your efforts there.
-
It was a coordinated attack of not just propaganda and information manipulation, but also just cyber-attack, taking over signboards outside of the Taiwan radio station and so on, replacing them with anti-Pelosi messages. When journalists want to fact-check the rumor, for example, the Ministry of Transportation has been taken over, the Ministry of National Defense has been taken over, whatever.
-
They check the website and the website was suffering DDoS. It’s very slow. They can’t easily connect to it. I think the strategy of the Red Team, literally the Red Team, is trying to create a informational vacuum, a void, and then fill it with synthetic disinformation. I think it is to the credit of the Chinese society that the stock market did not crash that day, as hoped by the Red Team, it actually raised that day.
-
We deployed a very old tactic called humor-over-rumor, which… I interviewed with the press and said the Ministry of Digital Affairs website, which went online the very same hour, didn’t even suffer from one second of attack. That’s because we use IPFS, we use web3 infrastructure. We host our websites on the same blockchain infrastructure that everybody can participate and join.
-
If you take us down, you also take down the board apes or whatever, the NFTs. Making it actually a quite lighthearted conversation manner and while educating the public that it is actually not the same to denying service, which is like dialing to keep online busy, versus taking over a ministry, which is a more deeper attack. By using this tactic, it alleviates the panic.
-
Also, we got a lot of free testing on the web3 infrastructure and a lot of free help because IPFS has more than 200,000 notes, people volunteering their hard disk storage and network connectivity to help to pin us, to pick us up. We got a lot of free international help as well. All the CDNs, content distribution networks, and so on, volunteer to our support. Other ministries learned that actually our trick is very simple.
-
It’s just taking snapshots, hourly snapshots of our website and upload it to IPFS.
-
They very quickly changed their defense so that if you’re domestic, you can still see a full operating website. But if you’re foreign, connecting foreign as foreign source, you just see hourly snapshots of the administrator websites and the DDOS is gone. That is, I think, a very good demonstration of resilience.
-
Not 100% bulletproof, but when the bullet hits, just evolve the place that hits and then reconfigure it in such a way that the next time the same attack will no longer work to change the attack-defense symmetry. This March, when Dr. Tsai Ying-Wen our president visited the US, there was a wave of very similar attacks. But you don’t see on the news anymore because they simply don’t work.
-
Instead of playing attrition or to just counter, again, with a whack-a-mole way, our way is just to work with the people again and to look at the civic tech community, the web3 community, any community that have encountered this attack before and just through the practice of public codes to amplify their particular solution. It could be zero trust, it could be zero knowledge, proofs, and things like that across all ministries because they did not have the incentive for investment. But now that we’re attacked, they suddenly have, and we just take that opportunity and then reconfigure our infrastructure. I hope that answers your question.
-
Thank you so much, Minister. I was interested you talked about ride share and insurance. I’m interested in any other issues and topics that the civic survey tool has tested sentiments for. And if you guys have thought about cross-strait relations and saying, Can I have a sentiment among the population on that? And then a follow-up on that question.
-
I think with a lot of these digital civic engagement tools, I think the fear is to your point, allowing this productive debate, which is the pinnacle of democracy. Are people really changing opinions and learning from each other and things like that? And so how do you see for difficult topics like the cross-strait relations, how do you see digital playing a role?
-
Great question. Internationally, we’ve deployed the Polis tool twice. Once is in the AIT@40 Digital Dialogues, with the American Institute in Taiwan, the de facto embassy, worked with us to celebrate their 40th year. We talked about how to deepen the people-to-people relationship between how to deepen commerce and trade, how to deepen security cooperation, and so on and so forth in four different topics.
-
It’s inspired by vTaiwan, in the sense that after each polis conversation, we held a multistakeholder panel for people from AIT and from our cabinet and also civil society experts and so on, look at the people’s consensus together and find ways, pathways to realize the training to do it quickly. For example, one of the consensuses was the US should co-host international hackathons, the presidential hackathon with Taiwan. That was very quickly realized and they also sent their teams and so on.
-
I think this is about focusing on lower hanging fruits, focusing on things that doesn’t cost too much, but builds a lot of confidence across all the different parties that participated. In cold war parlance, I think it’s called confidence-building measure or CBM.
-
Polis is very good in finding those CBMs across mutually not very trusting parties, for example, Uber drivers and taxi drivers. Then the CBMs, for example, not undercutting existing meters, are realized first before we can even implement any laws to mandate top-down enforcement because each party do actually want to extend kind of an olive branch to each other. The other time that we’ve run this internationally is the co-hack hackathon.
-
It’s the counter coronavirus hackathon. Internationally, we debated on what is the trade-off between privacy on one side and public health concerns on the other, specifically around contact tracing, but many other measures as well. It is during those public conversations that people generally gravitated toward the idea of essentially two things.
-
One is privacy-enhancing technology that disables the governmental only view on where everybody is, but also reverse accountability in the sense that each citizen should be able to know how many times their contact tracing related data have been used by the municipal contact tracers and whether it’s responsibly deleted after 28 days and things like that. After establishing this norm, it is then no longer a trade-off because people basically said, Okay, this is a privacy norm that we are happy to endorse.
-
The Civic Tech people can then build novel contact tracing methods like the 1922 SMS based on that norm and to further public health. I think Taiwan is one of the, if not the, only jurisdiction with a very long-running contact tracing method that countered Alpha and the Delta and only gave way after the first wave of Omicron was successfully countered with that kind of contact tracing and it’s opt-in till the end. That is to say, at no time do we mandate that you have to use SMS-based contact tracing; one can always use paper-based methods instead. But still, the result speaks for itself. Hope that answered your question.
-
I’m very sorry to intervene, but we’re almost at time. Maybe if I see two more hands. Can we make the questions really brief? We’ll combine these two. Then if you have any final statements as well, Minister, please feel free.
-
Good morning. My name is Wayne. I’m a second-year at Harvard Kennedy School.
-
I’m very interested in your ministry’s relationship with the commercial sector, especially TSMC. I’m at a semiconductor startup. One of our biggest concerns was we got told by numerous sources once we submit our designs into TSMC, basically they’re going to get taken away to other places, right. And so, whether it’s IP theft or cyber-attacks on these, I’m just interested, very curious on your relationship with the commercial sector.
-
My name is Alvin, and I’m a first year in the student of the Harvard Kennedy School.
-
My question was in relation to, I believe you had mentioned TAIDE earlier, which I believe is the public option that Taiwan is looking for a model. My question was around twofold. One was, what were the considerations in building that as a Llama-based model as opposed to building it from scratch, particularly if it’s public option AI? Then second would be, what were some of the specific use cases that were storing in using that?
-
You mean in addition to replying emails to administrates? To the first question, the zero-trust network architecture is designed with this idea of assuming breach. That is to say, when I sign an official document, this phone verifies my fingerprint. Another piece of software, CrowdStrike, verifies my phone’s integrity. Another piece of software, CloudFlare, verifies that CrowdStrike is not misbehaving.
-
The biometric side, the device side, and the behavior side never goes to the same vendor. Actually, it always goes to three different vendors. We assume one of them will be breached.
-
It’s probably already breached. But then it doesn’t matter because the other two doors just will detect that and the attackers will have wasted a attack. Then we send threats, indicators, notifications, and so on, and strengthen the immune system of liberal democracies. The semiconductor industry is also very interested in this ZTA configuration.
-
Through the administration for digital industries, another subsidiary, we co-created the SEMI E-187, which is a zero-trust cybersecurity standard for not just the semiconductor industry, but across the entire supply chain. The question we asked is that assuming that one of them is across the supply chain, is probably already breached. How do we make sure that it cannot laterally move?
-
How to ensure that the contextual confidence is still retained, assuming a breach without a single point of failure? I encourage you to look up SEMI E187. It is the SEMI consortium work, so we don’t own the work, but we do provide the use cases and the experiences and so on, and also some of the certification work. For example, for the identity part, the FIDO, Compliance Identity Management and so on, we have an additional institute, the right on the triangle, the National Institute of Cyber Security that is arm’s length from our ministry and also arm’s length from the industry.
-
The industry can invest also into joint programs, certification programs, and so on. Once it’s certified, then both the public sector and the private sector and the social sector can all use the same FIDO compliant ways to implement zero trust and our architecture as to make sure that it remains interoperable across sectors and we don’t have to independently retrain or recertify or things like that. That’s the first question. In terms of TAIDE, I think TAIDE explicitly is designed not to answer open-ended questions. It is just designed for the use case where all the bits in the output can be found in the input prompt.
-
Think translation or summarization and so on, or replying to an email given a repertoire of publicly admissible answers that I have previously given, or things like that. Basically, TAIDE is designed for the cases where we’re not asking the language model to make things up; it just model the language. As I mentioned before, we have 20 or more national languages.
-
TAIDE was also designed with Taigi, the Taiwanese Holo in mind. I think it is now probably the best model if you’re wanting to converse in Holok. If you ask ChatGPT in Taigi, it will insist it is speaking in Taigi, but it’s actually speaking Cantonese. It’s a very peculiar thing about ChatGPT. But Llama from Meta doesn’t have this problem, which is why we can build upon Llama.
-
But of course, Llama 2 isn’t truly open source. It does still have some restrictions. As I understand, there are many research team in Taiwan looking at alternative foundation model to build upon. For example, recently, Mistral- or Mixtral-based models are faring pretty well. I think with the latest fine-tuning methods, DPO and all that, it now doesn’t take a supercomputer to align a large foundation model.
-
While pre-training is still quite expensive, to take a pre-trained model and heavily fine-tune it so that it fits your local culture or local expectations is no longer computationally prohibitive. Actually, with the vision of so-called AI PC, everybody can just do that on the personal computer. I think next year, we’re going to see really a camera explosion of really personal computers, of personalized model tuning.
-
TAIDE is more about working out how to do societal evaluation of the impacts in a privacy-preserving way and also how to tune in a community way, not just in an individual way. That’s the two research programs that we’re pursuing at the AIEC. I think TAIDE is one foundation of that, but it’s not the only foundation. If you check my hugging face profile, I’m also quantizing other models like the TaiwanL and from NTU and all that.
-
We think that the ecosystem of copyright-cleaned sources of input, trustworthy sources of input, sources of input that don’t contain data contamination and things like that are going to be more and more important. Llama or Mistral is a good stepping stone towards getting there. I hope that answers the question.
-
With that, please join me to thank Minister Tang and also the colleagues from the ministry. We will be following the guidance of our new colleagues here. We’re going to do a group photo outside. We are very late in general, so please make this as quick as possible. We have buses waiting outside. Thank you.