That’s the camera, the one that’s shining green. Transparency for me is a instrument, it is not an end in itself. The end all of transparency, or radical transparency as you put it, is to rebuild trust between the civil society and the government, as well as between different stakeholders in a civil society.
What I’m hearing is, I guess if you were trying to define, 20 years from now, there’s been a revolution in how our democracies look, it sounds like you’re saying it’s really the values revolution is around trust , and the process revolution is around a much more iterative approach to making law?
At IDC we have been working on security for quite some time, but now we are getting into what we call digital trust . This is really about how, as a country, if you look at open data exchange now, a lot of countries, when they think about cybersecurity they think of it from a technical standpoint.
That was also one thing I learned through running a company with 200 people. If I do transparency, and I leave around the numbers, and I tell them about the strategy, only then people can follow the way I think and the way I want to solve problems. I see transparency as a foundation for trust .
Saying, “You don’t trust us to understand it because it’s too complicated, and cannot be explained in five minutes, but maybe the problem is the way you share your data. Maybe the problem is not with our brain, maybe the problem is with the way you show it, with 500 pages of PDF files.”
We also close the loop quickly. Citizen initiatives are guaranteed a response within 60 days; during the pandemic we sometimes responded in 24 hours. The faster you close the loop, the more trust you build — a flywheel. Once your petition is realized in 60 days, you are more likely to mobilize friends and neighbors to propose more.
So, which is why we consider privacy enhancing technologies a public infrastructure. Only by investing in the latest of encryption technologies, including homomorphic encryption and so on, can we ensure that the data storage is decoupled from computation. That is to say, computation, when we work with cloud provider, we should adopt this theory of trust principle.
So I was talking to Herming the other day. Maybe we should revamp our digital signature act. Maybe we should establish a trust system anchored on PKIs and DIDs to ensure — for example, unless online investment advertisements carry a proof that it’s from a financial institution, through signatures or verifiable credentials, everything else is considered scam.
The third thing that we are coming to this year is to adopt the zero trust network architecture, the ZTA, for especially the communication and authentication of all the, what we call Class A Service Security Management Act Cabinet Authorities, that is to say, the ministries and bureaus that hold the personal data of the entire population.
Here, our idea is very simple. We don’t use as default a single vendor for two interfaces that are next to each other. The fact that we’re using Cloudflare Zero Trust means that we do not use WARP. We’ll use CrowdStrike, or something. If we use Azure AD, then we don’t use Intune.
To build good cyber hygiene, so that we can design with zero- trust ideas in mind so that we do not lead ourselves into an overconfidence situation, where we thought we’ve bought the latest firewall equipment and so on, but maybe people don’t attack through those venues. They attack through social engineering and so on.
In Taiwan, we face millions of cyber attack every day. In 2021, there was around five millions a day which is more than double the year before. We are under a lot of attack from abroad to try to disrupt the systems to decimate people’s trust in the institutions, in the democratic process and so on.
Now in other authoritarian jurisdictions, that would be the time where the government starts saying, “Oh, these air qualities are low quality, low cost, therefore not to be trusted .” However, in Taiwan, the government allocated funding into the civil IoT project to first complete a puzzle to measuring industrial areas where the teachers and student cannot enter.
In addition to that, adopting a Zero Trust Architecture means, that there’s very limited damage you can do, even if you are in this office, because there’s no intranet. We don’t have an intranet, so every access is analyzed, and if you try something weird, before it actually causes damage, it would be detected.
This is precisely the point because open data or cybersecurity is not a partisan matter. At the end of the day, the authoritarian expansionism targets member of all parties. They want to decimate trust in the democratic process itself, not any particular party. It only is reasonable we take all hands on deck approach to counter it.
It will not be changed leading to an election and things like that. It’s a fabric that engenders trust . Because of the success of civil IoT and many other civil collaboratives, we finally instill this annual event called Presentation Hackathon that gives out five trophies as you can see here. Which is a micro projector underneath.
Importantly for this conversation, this is an effort that hopes to engage, not only with the US, EU, and the UK, but also with selected Asian companies. In particular, we are looking at some questions around health data sharing, trusted access to data, digital public infrastructures, and then obviously keeping track of policy efforts that are happening.
When they feel that this is less risk and more impact than yielding to the authoritarian politicians that they doesn’t trust , but doesn’t see any other alternatives [laughs] as in other jurisdictions that are turning more authoritarian, then, people will actually defend and advance the democratic institutions, because now it has their contributions in it.
I think open innovation really is key. If people can shape the world the way that they want in a way that feels comfortable with all the personal spaces, the communication norms, and things like that, then you can trust each and every citizen to come up with the kind of intimacy that they’re comfortable with.
First, decoupling referenda and election is a really good idea. In the previous mayor election, each of the referendum topic was a point of disagreement in the society. They automatically split the society in half, well-intentioned even. It’s not even disinformation. They provide natural opening for disinformation packages to sew discord and to decimate trust .
