-
Minister Tang, I wanted to yield the floor over to my colleague, Igor, whom we’ve charged with leading the delegation. I just want to quickly thank you for taking the time to meet with us. We’re here in town at this critical time for an exchange with the Prospect Foundation, just with the transitions going on in Taiwan as well as, of course, in the United States coming this fall.
-
We thought that this was a good opportunity for us to get a better sense in terms of the dynamics occurring in Taiwan as well as how other global geopolitical events will shape the trajectory to come. We’ve assembled this excellent delegation to engage in exchange with experts as well as government offices. Really delighted with the opportunity to be able to meet with you, given your leadership of this new agency and this critical work. I wanted to just have a chance to talk with yourself. I’m here with my colleague, Igor, who will lead our conversation here in this meeting.
-
Well, thank you, Russell, and thank you, Minister. As Russell mentioned, I’m pleased to be part of this delegation. First of all, I wanted to thank you for speaking to our joint event with Russell at the third week of January on Capitol Hill, celebrating Taiwan’s democracy, which is really why we’re here. It’s a big part of what my current employer does, which is the George W. Bush Institute, which is part of the George W. Bush presidential Center in Dallas, Texas.
-
In your speech, you outlined some of the themes that I’m hoping that we can discuss with you all, which are really pioneering, I think, in many ways. But digital democracy, what it means not just for Taiwan, but for democracies globally, how we can build a network of democracies that are both accessible, as your leadership demonstrated during COVID, to its citizenry, but also resilient. Cyber resiliency is a big theme of your work, which is, again, something of a pioneering concept. During my previous time on Capitol Hill, I worked on a subcommittee that was at least notionally charged with cybersecurity, global cybersecurity. I very quickly realized that there’s no such thing because every country interprets it differently.
-
But also, I realized that very shockingly, we’re not very good at, I think, the United States at coordinating cyber policy or even understanding where various parts of the US government, not even mentioning, Capitol Hill, which is the Wild West of cyber policy, lies.
-
I’d love to hear your thoughts on coordination, intergovernment coordination of what are some very significant threats you face from, with both your friendly neighbor to the West, but also just globally.
-
Maybe I’ll open it up. I know we have some colleagues here with incredible depth and breadth of experience on other issues such as AI and other things. I’m sure we can take the conversation from there, but thank you for your time.
-
AI is very much part of this landscape. In our January election, we saw not just the traditional denial of service attacks, which increased by 33 times compared to the previous year in the same quarter. But also information manipulation for the first time, convincing voice claims, convincing social media profiles, and information manipulation attempts to crowd out conversations with toxic injections. All these are already AI-powered, so to speak.
-
The main metric we measure is affective polarization. That is to say, whether people love each other or hate each other when they belong to different political parties. We are happy to report that polarization, when measured this way, decreased after the election, which is quite unusual, if I say so myself. We credit this mostly to two things.
-
First is pre-bunking. That is to say, we make sure that the information manipulations, even before they go viral, we make sure that the parties are in the process in the discovery of such manipulations. It’s not a partisan thing, but rather it’s a civil society thing. When people learn the basic tools of the trade for journalism, basically, then they become more immune to those viral toxicity diseases first.
-
I’ve also filmed a deep fake of myself to pre-bunk such manipulations. There’s many tactics that you use here. We pioneered that during the pandemic where we turned this vax/anti-vax information manipulation — which you may be familiar with — into a friendly competition between the four brands of vaccines.
-
Instead of an anti-vax faction, which we don’t have in Taiwan, we have people who vehemently believe that Medigen is just water, and only BNT has value or Moderna or AstraZeneca. I got four different brands of vaccine myself just to make a point. Anyway, so that’s pre-bunking.
-
The other thing is requiring KYC for political advertisements. We’ve had an agreement in 2019 with Facebook’s civic integrity team, that said on political advertisements need to carry KYC and foreign funding sourced are prohibited, just like campaign funding.
-
Starting this year, we’re going to roll it out to all advertisements, not just political ones, because we’ve seen that convincing AI chat bots imitating celebrities, they can start with a very wide-ranging advertisement and then lure people into one-on-one conversation with certain celebrity in real time. And armed with only 15 seconds of voice recording, it can now duplicate a convincing real-time conversation.
-
So this is not just a scam factor, but also a precision persuasion factor. We’ve worked, now that we’re about to become a competent authority for our online advertising platforms, we’re now working closely with platforms such as Facebook and Google to make sure that we switch to a new default, where a digital signature can prove an advertiser is a person, but otherwise it’s a bot.
-
I think it’s also very helpful in inoculating people against this shapeshifting doppelganger attacks. These two are my main suggestions for US or any other jurisdiction looking to defend an election. That and also paper-ballot only and participatory monitoring of the counting process, but you already know that.
-
Somewhat a controversial topic in the United States by the ballots and the counting.
-
Well, thank you for that, Minister. Let me just start with a question and again, turn over. How much does this type of manipulation, digital manipulation, deep fakes, your assessment of the threat to democratic governance, I mean, of course, in your position, this is your job. Do you think this is a manageable threat or is technology just really going to a swamp, so to speak, the established democratic procedures that we’re all coming to rely on?
-
That’s a great question. I think it’s manageable if and only if we fully ask the largest platforms to internalize the negative externalities and harm it caused. Without this liability arrangement, there’s no amount of watermark that can work alone. That doesn’t work. The only way it works is just like a pollution control. You need to identify the ozone depleting freon chemicals and fully assigned a liability to the producers and amplifier of such.
-
This is also why our investment scam law is the way it is. There’s no fine on Facebook, but if somebody get conned for 1 million after Facebook knowingly caused that advertisement of defake, Facebook is liable for that 1 million. We’ve not fined Facebook yet, but they actually complied magically. We need to do that for each and every harm, and we’re running a civic deliberation. We send to hundreds of thousands of random SMS numbers using our official number, 111, which means it’s our official communication.
-
This is also something that is very helpful. Instead of asking people to look at content or behavior of communication, just have short codes, easily memorable, and say everything else that purports to be official is a scam.
-
We sent these to hundreds of thousands of people. We use a sortition method, chose a representative sample of 450 people, and asked them to go online this Saturday, on a series of deliberations about the red lines of the platforms and how much state control is warranted for which measures.
-
So think of it like a radar scanning of what people across all parties feel as the most immediate mark and what is considered proportionate for us to assign a liability scheme. And once that is collected, we send it to the department and say, there’s this is special anti-scam law or anti-fraud law or whatever — “This is what the people across parties already want, so please pass it as ASAP.”
-
So with this rapid coordination and rapid legislation, I think we’re still in a phase where it’s manageable because we took action before it got to community spread, so to speak. But if it’s already widely community spread, then maybe some lockdown or takedown will be filled as justified. But just as in front of a pandemic, we try not to go there because we challenge our libertarian-ish internet regime.
-
I wonder if I can turn the topic to critical infrastructure. Clearly, this is on everybody’s minds. How do we defend our critical infrastructure, especially in an age of AI with digitization affecting everything? I think in the last 6-12 months or so, more and more information has come out in the public domain about China’s attacks on US critical infrastructure.
-
Volt Typhoon, all sorts of typhoons.
-
Yes. It’s a challenge, and the US government, frankly, hasn’t gotten its hands fully around problem. I’ve also heard that in the last few years, the manufacturing sector is the most under attack. As the US is attempting to rebuild our manufacturing base, at the same time as we want to harness AI and automation technologies to make that efficient, we’re also inadvertently adding threat vectors because there’s sensors embedded in everything.
-
I’m just wondering where Taiwan is on this issue of defending critical infrastructure, in particular as it pertains to the manufacturing sector and what advice you have and how far along are you in getting a handle on that problem
-
Yeah. We have a very special manufacturing sector located within a critical infrastructure domain called Science Park, which is a very Taiwanese thing, and that is the TSMC and its supply chain.
-
They are a high-value target. Since we’re going to co-edit the transcript, I’m going to say that it’s even more valuable than government’s data for cyber attacks.
-
The TSMC did learn from the cyber attack attempts on it that it is not just TSMC proper, but if any weak point in the supply chain gets exploited, the entire supply chain is at risk. They adopted a what’s called assume breach mentality, assuming that the adversary has already breached one of those supply chain anyway. The focus should be on zero trust, meaning that the no lateral movement between affected parts, compartmentalisation of damage.
-
Working with TSMC and Friends, we published an international standard, SEMI E187, applied zero trust principle in manufacturing, especially around semiconductives. That actually rolled out even before we fully secure our government’s Class A, meaning holding the national person data, competent authorities, all the ministries, 47-ish, is already rolling out ZTA for government competent authorities, that’s slated for end of this year.
-
But the idea is that when I sign official documents, there’s no password anymore. Biometric is verified by this on device final implementation, the device integrity verified by crowdstrike, the behavioral pattern analyzed by a cloud layer, and we never go to the same vendor for two adjacent layers, not only to avoid vendor lock-in, but also to avoid the Microsoft hack thing, the vertical integration, just sabotage the whole zero trust architecture idea because the root, the active directory was hacked.
-
Anyway, so by insisting on interoperable protocols, transparently procured, we are making it a part of the procurement process. We are prototyping it with the TSMC and semiconductor manufacturing sector, and this year spreading to the rest of the OT sectors, including energy and water and electricity and so on. We are reasonably sure that we can, in a short period of time, like one or two years, move to a full “assume breach” mentality for critical infrastructure, which I think is one of the fastest.
-
But also we started later. People who started earlier have to pay more for this kind of thing. But now, like FIDO implementations, interoperable protocols around zero knowledge verification, what the EU calls digital identity wallets, and so on. These are now mature technology, thanks to blockchain. Now, when we start doing it, we can afford to roll it out nationwide instead of proof of concepts like people who tried to do this 10 years ago.
-
Do you offer training to other countries? Is this something you offer?
-
Yeah, we just met people from Paraguay last night. With their technology minister.
-
Frankly, most of the private sector, especially the three large cloud vendors, already do some part of it as part of their work. One of the lessons we learned from Ukraine is that if the cloud providers is willing to set up their stuff in a locally resilient way, including working with satellites, including working with local routing for emergency communications with a higher quality service level and so on.
-
If we are locally resilient and we convince the three public cloud providers to set up data centers in Taiwan, which they all are committed to for this year, and for them to work with OneWeb and SES, and other resilient networks, then we have a pretty really good backup plan when or if our subsea cables are affected by earthquakes, some natural, some non-natural ones. That is another part of resilience, which is the availability part of cybersecurity because confidentiality and integrity are easy to imagine.
-
But actually, we found a lot of attacks are those very attrition-type-like denial of service attacks on availability, like the lines between Mazu and Taiwan were physically cut by fishing cargo vessels flying the PRC flag.
-
They don’t even deny it. They just say it’s an accident. I think with the gray zone operations, that is going to be the norm. We have to assume breach for our physical infrastructures that are location-transparent to the entire society.
-
That’s very interesting. You’re working with the three US cloud providers on those?
-
Yeah, Microsoft, Google, and Amazon.
-
Since you mentioned one lesson from Ukraine, what are some other lessons that you’ve drawn from the Russia/Ukraine war?
-
Open Source really works. They open sourced the Diia app recently, their super app. It’s really flipped the default because many people in national security or defense and so on, they see open source and they think the adversary can send pull request, which is scary. But when coupled with a good software build of a material on regime, the spawn regime, free software or open source can be every bit as secure because it also means that independent security analysis can run on the code base, which at least theoretically should make it more secure if the red team and pentesters have even higher technical expertise than the attackers.
-
We very consciously push not “open source” but “public code” which means that it’s not just open source, but comes with a set of code regulations and code of adoption within the government. It’s either greenfield government code or government vetted code with full software-built materials. For something qualifying as public code, it can receive public infrastructure budget in Taiwan, which is a new plan starting this year. It used the same pocket of money as highways and bridges and so on, which means it’s both more plentiful and also that people feel it’s okay to invest more upfront.
-
Because previously, many jurisdictions said, open source is a cost-saving measure, which doesn’t make sense, actually. It is a resilience measure. It means that more people can reuse the components and improve their resilience and their adaptability, but it’s going to cost more, actually.
-
Now that the budget comes from the highway and bridges, pockets, people generally think, Yeah, of course, we should invest more because investment of public construction that’s going to be reused across jurisdictional boundaries, of course, should cost more. This is another thing that we push for procurement. Really revolution, we rewrote the full procurement thing. It also is taking effect, I think this month, with the system integrators in procurement rules, to have SLA and resilience and so on as value-added items in their procurement conscience.
-
Just a quick side off of the policy. A number of the things that are going on in Taiwan are quite innovative. They’re quite distinct, and they haven’t been done anywhere else. You would have been one of the thought leaders and driving some of this. I’ve heard since you were a student long ago.
-
I’m just being curious, what in your experience do you think has helped you see things in a different way? Because the way you talk about this is a thing I feel very distinct from a lot of people. I’m just curious if you thought about how you ended up with your view. Where would you were able to take part in that.
-
Yeah, that is a great question. I wrote a whole book with the community to answer that question. It’s at plurality. Net. I think in Taiwan, it’s free of charge, so anyone can take a copy, change it, and say it’s their book. But anyway, in Taiwan, 數位 means both digital but also plural. 數位部長 is literally “ministers (plural).” I think of digital and pluralism as deeply connected.
-
I think I’ve always thought of things this way, but if you have to trace back, I think it’s because I’m an autodidact. I dropped out of junior high when I was 14. I’ve always, ever since I was 14, identified as non-binary, meaning that I take all the sides. Whenever I feel that a group of people is closer to me, another group is farther away from me, I don’t think it’s their problem. I think it’s my problem, so that I go and stay with them more for a while until I can see things from their perspective.
-
So non-binary applies not just to partisanship or gender, but rather everything. I think this idea of plurality or collaborative diversity is really part of the original internet as it is.
-
That is to say, see the different networks, heterogeneous ones, not as a drawback, but rather as something that we should design. This is the entire part of the internet to interact with. It sees diversity as a fuel that could, of course, cause explosion, but we harness that explosion and make it into creative energy.
-
I often use a method for that. In Taiwan, the Eurasian plate and plate of Philippine Sea bump into each other, causing three felt earthquakes every day in Taiwan somewhere. But it also made Yushan grow by half a centimeter every year. This is the constant earthquake that causes this unique view that says any conflict is a good thing, and we turn it into a limitation for appropriation.
-
Maybe I could ask one more question. When I was working in Congress in Capitol Hill, there was a serious conversation, and the US government was engaged in this effort in creating international cyber norms, where just…
-
…packages of cyber norms.
-
Yes. Given that our adversaries, in the US, are very deeply embedded, a lot of this is public now in our infrastructure. Is such a thing possible? That’s the first question where, again, through your own process you described trying to see things from others’ perspective. Is it possible to come to some a consensus where, because I’m not an expert, I would say, we will not destroy the universe, oppenheimer style, through the tools that we’ve developed that we have?
-
Or has the Ukraine war, on the other hand, rendered that impossible because it demonstrated, obviously, the capability of some of these tools, but also the deterrent effect of them. Maybe you should have some thoughts on that.
-
I think norms around scaling down probability, like asking the frontier AI labs to burn some GPUs or something like that, that probably doesn’t work in the long term, frankly speaking. Even if we physically cap GPUs or things like that, one algorithmic innovation can just equate several years of GPU production. And people are going to continue innovating algorithmically.
-
Saying “stop working on transformer architecture” — stopping the car — won’t work. What does work is that we can create a norm around the steering wheel, so where it’s still as fast as before. At least it’s not pointing toward a cliff. This steering wheel requires two things. One is scoping for imminent and longer term risks. This is critical.
-
Currently, as a democratic society, we are limited by our election and referendum and parliamentary debate process so that very few bits of horizon scanning can propagate to the entire society. This is partly why we’re doing this sending hundreds of thousands of random people’s SMS. It’s just to create a citizens’ assembly so that people feel it’s normal to talk about emerging threats to their jobs, to their mental health or whatever, and also learn to assemble by themselves like small juries locally and so on, and have a reliable way to synthesize those collective discoveries.
-
Just like in the pandemic, anyone can pick up the phone and call 192 and say, you’re rationing out a mask. My God, it was a pink one, but I’m a boy, I don’t want to wear it to a class. Maybe I would affect people. Then for the 2:00 PM on the last during conference, everybody wore pink mask to make it normal. Basically, shorten the response cycle when a crisis, according to that boy, it’s a crisis, is discovered, and for the state to take competent action to create a new norm to address that.
-
If we can shorten this loop to a matter of days, then this steering will become very fluid and can actually let us see an accident just in a foggy situation, but still, a steer away. This is the first. Second, I think we need to, and I already mentioned that, to make sure the top-labs assume full liability for the damage that it caused. There’s going to be scapegoat each scenarios or there’s going to be small disasters, especially around information manipulation.
-
But when that happens, we will need full attribution and full liability so that it can serve as a warning to the even more doomsday scenario in the future, instead of succumbing to the authoritarian narrative, which is democracy only leads to chaos and people are hating each other.
-
If across small crisis, we can say democracy doesn’t lead to chaos and people don’t hate each other after such small crisis, then it just actually includes more people into decision making and increases societal resilience.
-
If I may just on… You’ve always been very forward-looking and able to utilize your deep expertise in cybersecurity and digital issues to foresee what are the challenges and threats ahead. As you are looking at the next generation of cyber digital threats, what keeps you up at night these days in terms of…
-
Yeah, I think this shapeshifting voice and video cloning impersonation, impersonation that defeats all existing KYC techniques except for fully biometric digital signature. This is not a future threat. This is what we already see. This is what causes a huge amount of scam and fraud losses in both the US and in Taiwan. The thing is that it’s still funding. The more the scammers and fraudsters tend to gain, the more they have the ability to invest in even more convincing technology.
-
These technologies are not unseen. People can look at the product and see it’s possible. I saw a paper by an esteemed AI Lab about inference-time alignment, meaning that any app, conjecturally, I don’t know if they makes any apps, but some app in the future that they may make, can use your mobile phone’s GPU to tune a single video to your reward model.
-
That is to say to make it maximally appealing to you. Super stimulus. Where it used to require pre-training time, alignment, and inference, and so on, which is very costly. It doesn’t have to be so. According to that paper, people can just film a vote for this candidate or whatever, a very regular video.
-
But across the 5 million devices that view the video using their own GPU, it’s turned into a super stimulus that impersonates the people they trust more or are speaking an accent that they trust more, which they already have the reward model anyway, based on their viewing capability. Again, this is not secret. They publish it.
-
What’s the proper countermeasures?
-
I hear there’s a bill in the Senate?
-
We don’t have jurisdiction over Taiwan.
-
Well, we also have a Cyber Security Management Act, currently in the cabinet, that takes the same definition as the bill in the Senate, which means any source, any entity that is de facto controlled by a foreign adversary is subject to the Cyber Security Management Act, and any product or service that is controlled by this entity — which means the foreign adversary only has indirect control — is considered harmful.
-
It doesn’t matter where its company is registered. It doesn’t matter which shareholder structure it takes, as long as there is any indication from our natsec or from ministries of economy or trade or whatever that indicates this indirect control. It can be two evidences, one on this and one on this, then it’s classified as a harmful product.
-
Not only it’s banned within the government as where you already are, but also in government-operated places and the internet access service provided there. Where neccessary, we can also extend it to specific critical infrastructure providers, as well as places operated by them.
-
Minister, how does the authorities that you have in this ministry? I’m curious. You’re a relatively new entity.
-
Yeah, we’re a startup.
-
Exactly. How do you work with the other national security agencies and the authorities that you have to do your mission? Can you just kind of describe that a little bit and how that fits into the broader government context?
-
Yeah, sure. Moda, the Ministry, was really a rag tag band of people who have to design counter-epidemic applications since 2020. In 2021, I was made Captain CIO. The contact tracing, the vaccine registration, the mask, PPE dispensing, you name it. Everything is done by a very tight coordination between the Ministry of Economic Affairs, which is in charge of platform economy, e-commerce, and things like that, and AI, the National Development Council, in charge of e-services, open data, data pipelines, you name it, the National Communication Commission, in charge of spectrums and infrastructure level cybersecurity, and the Department of Cybersecurity, which is in charge of government cybersecurity, as well as the National ISAC/SOC/CERT.
-
Because all pandemic measures are, by definition, situational applications. They will change literally every day. If it, for example, increases safety health-wise, but decreases privacy and so on, we don’t have time to go through this full DPA process. We work as a very tightly integrated band during the three years on the pandemic. Basically, whomever that was part of that team is now in the ministry. It’s a pandemic cost ministry. Frankly speaking, I think the Ukraine experience really changed the primary duty of my ministry.
-
The “發展” in our name literally means “development”, meaning that we’re here to improve services and to drive the economy. But after Ukraine, safety is now the top of the triangle. Progress supports safety. Participation supports safety. Our slogan becomes “digital resilience for all.”
-
To your question, because of this shift, we’re now closer to the all-out mobilization of the Department of Defense, the MND. We’re now closer to the National Security Council. We’re now closer to the Disaster Emergency and Disaster Relief Team from the Minister of Interior. Anything relating to the Typhoons or Earthquakes, we are closer to them now compared to two years ago. That gave us a really good view on the actual need of satellite communication, like emergency broadband across different three telecoms, across, for example, so-called emergency roaming first responders and so on. We keep getting those requests.
-
Then using what I just mentioned, the digital public infrastructure budget, we combine the request that makes sense to deliver with the same infrastructure into a large scale, highway-like project to deliver that. It’s both more efficient and also it solves more problems at once. So increases our report around our mutual support between the different needs.
-
We all know that if a natural earthquake happens one day, the commands of cyber and so on, will take the keys from us. We’re okay with that. But meanwhile, we have a lot of typhoons or whether or not, and also cybersecurity typhoons and physical typhoons to exercise this joint defense.
-
Has the LY given you new authorities as this has evolved? Has it been a continual process?
-
Definitely. For example, we already have authority over e-commerce vendors. We already have authority over those online merchants and so on. But we weren’t a competent authority for online advertisement platforms, namely Facebook and Google and TikTok. But to do this resilience against impersonation, attacks on precision persuasion by AI, we need to apply our privacy law as a competent authority to those advertisement platform.
-
We cannot just regulate the e-commerce vendors using that platform. We have to regulate the platform itself. We asked the Ministry of Economy for them to invent a new trade called online advertisement platform and assign that competent authority to us. That process will take a month or so. In the next few weeks, we should become the competent authority for Facebook and Google and TikTok.
-
That’s great.
-
Can I maybe turn a little bit more towards the democracy and the freedom part of your remit? One of the things across the US government that we’ve had as goals for a global democracy promotion program is circumvention tools to get around authoritarian regime’s control of the information environment for their citizens, most probably one being, of course, the great firewall of China, but also repressive governments like Iran, North Korea, increasingly so Russia.
-
Not to be flippant about this, but I never understood the metrics of success in that. Of course, we’ve had events like the Green Revolution and then Iran and others where technology may have played a role in connecting people through these apps. But as a government, I don’t know if we moved the needle on that or others did. What are your thoughts on that as an effect strategy of democratization, trying to develop these tools more to be in this race against the bad guys to beat their technology.
-
Is that something you find advisable for the US government, for instance, to be doing as a way to promote democracy, human rights, accountability, and all these things that we do? Two, do we have the tools to do it or the bad guy is always going to be ahead of the game?
-
I think, overarchingly, we need to counter, to pre-bunk this narrative of democracy never delivers and only leads to chaos. Because if we succumb to that narrative, then there is very little we can do to shape the cyber norms we just talked about. At least we have to maintain our ground that says across the board for emergencies like the pandemic, infodemic, you name it and AI, democracy not only delivers, but points to better longer term solutions. This is the narrative we have to hold no matter what. As for concrete measurements, as I mentioned in the beginning, I always measure diversity and how much people hate each other across diversity. If we both foster more diversity and also people hate each other less after each emergency, election counts as one, then we know that democracy is well on its way to deliver.
-
Now, for the US, it’s very easy to improve because you’re at peak polarization. It cannot get much worse, actually. I’ve read a paper that says there’s no correlation between Democrats and Republicans on any particular presidential measure. These two are maximally polarized now. There’s nowhere to go on that metric. I would sincerely suggest to measure that and invest in technologies that build bridges and nuance and so on, and create new lines of division that are not just simple repetitions of the old lines.
-
I always think that it could get worse. But maybe just to describe, do you think the US should keep pursuing the policy of trying to find tools, digital tools, to promote democracy abroad, to get information to the Iranians, to the North Koreans, to the Chinese. Has that been successful in your view? Is that something we should continue to be doing? Is there tools to do that?
-
Well, you mentioned the foundational tools for democracy. These are not tools for democracy. This is tools for free communication, freedom of assembly, freedom of speech, but not necessarily democracy.
-
To support fundamental freedoms online, this is worthwhile. But if you stop at only this level, it’s not very effective. People can have free communication tools and association tools and so on. But if they do not organize using those tools, if they do not shape the public beliefs with these discussions, then it’s just a bunch of solo games that people play in virtual reality, maybe having a lot of fun, but a lot of freedom, but no democracy. I think for democracy affirming tools, it’s not just rights or freedom preserving tools. Tools like GitHub is also important.
-
My main investment as the digital minister, since 2016, is on the tools that actually enhances the bandwidth of democracy. It can range from the very simple E-Petition, Participatory Budget, Citizens Assembly, Citizens Jury, you name it, Deliberative Polls, and so on, but all the way to self-organizing tools that people can use to make decisions together.
-
For any community that use these tools as part of their work, they are automatically inoculated against polarization attacks because they have, like our primary schoolers, they have the experience of measuring air quality and contributing to a distributed ledger to get a sense of where the air pollution comes from.
-
Or our high schoolers have the experience of fact-checking the presidential candidates, not just relying on polarized news sources, but relying on their colleague network for fact-checking. The more they’re immersed in this practical democracy before they turn 18, the more empathy they will feel towards the democratic institutions.
-
Are you sharing these tools with Democrats in the Chinese democratic communities?
-
Republicans, too. [laughs]
-
Yeah, all right. But to the extent that I’m quite building off the question, though, maybe not to break down the firewall, but then to share these important tools that you talk about of democracy affirming technology to communities within these totalitarian regimes that you can then better utilize it. Are you- Yes.
-
I mean, these tools are what we call defense tools. It’s not your use, like the emotion manipulation we just talked about, which is definitely an offensive tool. It cannot be used primarily defensively. But these defensive tools, like masks, if you If you can automatically make a magic plant that is the size of a cup and can make lots of masks out of recycled paper, still, it cannot be used as a weapon. The more we invest in these defense-oriented tools, the better.
-
Like our websites, we use something called the Interplanetary File System, or IPFS. It’s commonly known as the Network to Host Bored Ape Pictures or NFTs, where everyone can contribute part of their artist and bandwidth to help pin something to distribute. It’s like bit torrent, but more crypto-ish. But we use that for our website so that when we’re under the DDoS attack, anyone can help us to stay afloat.
-
But the exact same technology is the one that is used to distribute information during the white paper or A4 revolution because it cannot be tampered, it cannot be taken down. The same defensive-oriented nature of this IPFS technology makes it also offensive to If you care about democracy-affirming technologies.
-
But it’s not a weapon. It cannot be weaponized. It’s very difficult actually for the PRC to sanction its use because their enterprise also want backups that are resilient. More tools like this would be a very wise investment. But if some tool is seen as primarily offensive, then it gives PRC the best reason to weave the conspiracy theory of foreign interference and manipulation. I would encourage more investment in defensive-oriented tools.
-
What do you need or want more of from the United States?
-
I need you to survive your election and love each other more.
-
Good answer.
-
Wish us luck.
-
Taiwan can help.
-
I think that’s it. Just to add, that’s an important point. I think this is where the Taiwan can help model is a great one because of the innovative work that’s done here that we in the US could use more of to apply to our domestic, even though we don’t like to admit it a lot because the US views itself as a leader in everything. But sometimes you really lag behind on certain things. This is definitely not even being an expert. This is definitely one of them. I really hope you can share your experiences more widely, including with US audiences. Liza has got some events coming up.
-
Yeah.
-
Well, I know that you just attended the summit of democracy. Yes. And so there, what’s your main takeaway from the summit? It’s the process of it and the major takeaway that you think is important to share with the broader community, for people who are concerned about the state of democracy and the importance of democratic solidarity in the current geopolitical landscape?
-
Yeah, I think AI has been a great motivation for people who want to talk about the topics we just talked about to be under the umbrella that needs urgent clarity. For many of people who’ve been working in the information manipulation space, and so they know conceptually that Taiwan is the highest inbound information manipulation.
-
But we somehow magically made people counter these threats by inoculating people so they actually love each other more when we see that there’s a foreign information manipulation, so people feel a sense of solidarity across parties. I mean, intellectually, researchers know about it, but it’s not until truly amazing deepfake AI, Sora or whatever, start capturing people’s attention, do people start to say, Okay, maybe we should really invest in these things because the threat level is not the same compared to from our previous ones because if we play attrition with advanced AI, humans always lose.
-
We need to invest in defense-oriented technologies that are preventative instead of attrition-like. This is the general sense that I got I think Secretary Blinken also talked about how Taiwan equip people in rural places across age, for older people to work with younger people to increase their information resilience and things like that.
-
Things that sounds good but didn’t receive a lot of public infrastructure budget suddenly become highlighted, and so people are much more willing to invest in democracy as a technology. This is my first takeaway.
-
Of course, PRC condemned our attendance. When journalists asked me a couple of days ago, I said, “If they also want to attend, they can choose to democratize too.” It’s their choice. I think it also helps to counter their narrative this way by affirming Taiwan as a bed of democracy. We were much more comfortable with that compared to a, I don’t know, self- governing island or jurisdiction or whatever other terms that diplomats use, because we were a full democracy, and nobody denies that.
-
We’re an equal partner among democracies. Diplomacy-wise, I think this is very good. The Korean handling of this is very commendable. They’re a democracy, of course. Along with Japan, we’re the top three democracies in this region. Of course, we should talk to each other about democracy.
-
Anybody else with a question or comments? We’re going to go back to something you said earlier.
-
You said, find new lines of division, don’t mirror the old ones.
-
Exactly.
-
Everything that you said was in a much more positive way, and that seems like very strange.
-
I understand your point, but I would be curious if you could explain it a little bit more and how you come up that in a positive way rather than creating a new form of polarization that we keep struggling with.
-
Yeah, we need differences to co-create things, so we need conflicts. But we don’t need those conflicts that reinforces the existing social differences. For each new social topic, preferably, like people from the… Half of the people from the blue camp would agree and half would disagree, and half from the green camp would agree and half would disagree. That would be an ideal new line of division because it’s strength and solidarity across two parties.
-
This is what I have learned during our referendums following the constitutional court ruling on marriage equality, is that it all depends on how you frame the division. If you frame it as a right for homosexuals to marry and have a family, then you reinforce existing lines. But if you frame it so that it doesn’t touch the kinship relationship that the Confucian believe in people so dearly public, then you can say, No, they don’t form extended families; it’s just a set of rights and responsibilities that two individuals have.
-
Then it becomes whether people value commitments to each other and state enterprise and things like that. But it doesn’t touch kinship at all. The way we legalize marriage equality is exactly that. We leave out the kinship part from the civil code. It’s a new type of relationship.
-
If we frame things this way as an individual, it’s the same. It doesn’t create divisions across religions anymore. It only creates divisions on people who, for example, feel that the homosexuals actually have an advantage here because they don’t have as much obligations to extended families… It becomes a very different conversation is what I mean. I think we can always find this overlapping consensus and reframe the conflict based on that overlapping consensus.
-
Perhaps, I don’t know if there are any questions, but perhaps we can end with what your vision is for this ministry going forward now. I know it’s just a startup, as you say, but where do you see it going?
-
We’re just one and a half years old.
-
Yeah, one and a half year old but where do you see it going in the near term?
-
I think I’ve always tried for this Ministry to be seen as a credibly neutral party in everything, which is why, although by law, we can use political appointees for our directors in our departments. There are six of them. I’ve used exactly zero. All of them are career public servants. We strive for political neutrality as if we’re an independent commission but we’re not. We’re a Ministry.
-
Meanwhile, I don’t belong to any political party, really. But for issues like cybersecurity, if there’s a partisanship around this, if the municipalities are against national policies, there’s no way anythings to be done. We can only be effective on cyber resilience if we are throughly politically neutral. I think this is part of the legacy that I want to pass on to whomever the next minister will be, so that they don’t have to rebuild this credible neutrality.
-
Across the board, I have talked with my counterparts, either cyber ambassadors or fellow ministers that have a similar incredibly neutral view, not necessarily a partisanship, but just on being a nexus of trust across political parties.
-
I think in the US, one good example is the National Institute of Standards and Technology, the NIST. I think the AI Safety Institute is now also hosted under NIST, partly because it’s not seen as partisan.
-
I think it’s something like that, extending its purview to make sure that it can address the incoming threats which requires ethnographic, anthropologic, and all social science expertise, but still rapid within a credibly politically neutral term instead of, pardon the example, but this information over the sideboard. It is strictly necessary if you are going to counter the emerging threats.
-
Out of curiosity, as you were staffing your six directorships, do you want to draw those folks from specific agencies, or how do you think about where they should come from within the broader government?
-
That’s a great question. As I mentioned, the two Director Generals of the two administrations on industries and cybersecurity, they already held from the Ministry of Economy and Foreign Service in particular. They have longtime connections with 呂正華, the Director General for the Industry Administration, who was head of the Industry Development Bureau.
-
He has deep connection with the hardware side of things. He has been a member of Cyber Security, have deep connection with our diplomatic allies and friendly countries when it comes to cyber defense, generally. I want to continue that tradition. I don’t want to build a silo. Moda is lowercase. We’re the only lowercase Ministry in the central climate because we want to be a motor, which is renewable energy rather than an engine which is non-renewable.
-
Anyway, we want to be a electric motor that drives digital transformation, but we never take the credit. We want those upper industries to take the credit. The same applies to the directors of our departments.
-
Can I just one more thing? Because you mentioned something that is very important, and that is, I think, in the US, we have a deficit of, which is credible non-partisan arbitors of the most precious currency we have, I think, which is free speech. Whether we need them or not, and you mentioned the disinformation board became such a partisan issue, partially where it was housed, which was DHS.
-
I don’t know if that was the best place to out, but also because there was no trust on either side, that that would be a credible non-partisan arbiter, and the person or people running that would play that role. This is maybe one example. But this is it’s not necessarily a question other than it’s an observation, but you created something here which I think is very unique, and I really hope we can replicate it in our system so that we can have these conversations and not think, Hey, I’m conservative, and you’re trying to shut down my speech by telling me what I should think, how I should act, or on the other side.
-
That’s, again, not a question, but I think it’s a very important observation. I hope we can draw from your experience, again, and find ways in our system to have these conversations.
-
Yeah, we need a conservative progress towards social markets. We need to bridge everything that’s bridgeable. That’s what it looks like.
-
Thank you so much. Really appreciate your time.
-
Thank you.