In part one of this 2-part article, three US CEOS - Salesforce’s Marc Benioff, Yahoo!’s Marissa Mayer and Liberty Global’s Mike Fries - tackled issues of trust in the age of the cloud and the internet of everything.
In a post-Snowden age when revelations of government snooping are now in the public domain, there are also increasing questions about the balance between the need for national and international security and attitudes towards personal privacy.
With that in mind, the In Tech We Trust panel at the World Economic Forum this week was fortunate to have the new Commissioner for the Digital Agenda Günther Oettinger participating in the debate.
It must be said that Oettinger has been widely criticised from all sides for not being on top of the brief for the role which he took over from Neelie Kroes late last year. (See Phil's forensic dissection here: New EU digital chief Oettinger shows how little he knows cloud.)
I'm afraid his performance here will do little to dispel further commentary alone the same lines as he cheerfully chose a global platform to cite lack of tech understanding among European citizens and trotted out the Brussels party line about the need for radically toughened up European data protection regulations:
In Europe we have not so many digital natives as in the US. We have an elder citizenship. Take Sony, take Snowden - there are some concerns. People don’t trust. So, transparency is a clear first advice.
We need a global understanding. We need a UN agency for data protection. What we are doing is to ‘European-ize’ data protection regulation and data security rules. We have 28 fragmented rules. That is not convincing.
He added that at the moment it was possible for non-European companies to avoid the more draconian data protection regimes - in countries such as Germany, for example - simply by choosing to set up elsewhere:
If anyone from outside of Europe wants to make businesses inside of Europe, they go to member state with a low level of data protection and then they can get data from all over Europe.
All that was missing from that last comment was a cry of “it’s not fair!”.
Despite the fact that arguments over the proposed changes to data protection rules in the European Union have rumbled on for years and that countries such as Ireland and the UK are still wildly out of synch with what the Eurocrats in Brussels demand, Oettinger publicly declares that everything is almost decided! He claimed:
In my expectation we are ready for a decision in council before the end of this year. The outcome will be that we have one level of data protection. It’s a balanced solution between privacy, citizens priorities, our businesses, our industries being able to work within the European Union.
My personal reaction to his boast was to snort with derision. The US CEOs, whose companies will be most impacted by the tougher nature of the current proposals should they ever pass in law, were more polite in their response although Fries didn't look as though he believed much of what he’d just heard.
Asked if he believed the Commissioner’s claims that a unified data protection and retention regime was imminent, he said:
Not in the near term. Despite the Commissioner’s objectives, everybody’s intentions are good but, working in Europe for as long as we have, 25 years now, we know that getting 28 countries to agree on one framework, one set of standards and policies, is not an easy thing. You’ll find local governments and parliaments taking a stab at it, which is not great, but something needs to happen.
Oettenger had referred to Europe’s plans as a public-private partnership, a phrase that resonated with Fries who noted:
The history of anyone in telco and cable and almost anyone in the infrastructure business is about a partnership with government. It’s not optional or voluntary, it’s obligatory. We do have lawful intercept relationships with every government with which we operate. We don’t have the right to say 'Sorry [David] Cameron you can’t put people here'.
But we have the obligation to our consumers that whatever the government is doing is abiding by the law. We have an obligation to give some sense to proportionality. Are they really doing what is necessary? We can protect our consumers. But in the end, there is a disconnect between data privacy and this issue of lawful intercept and data retention for the purposes of government.
Mayer picked up on the theme, highlighting the tensions in a post-Snowden world between the need for consumer privacy and the wider needs of national security:
In reaction to Snowden a lot of people got very concerned about their privacy. It became a lot more about encryption. But that makes things inherently a lot harder to keep things secure. If you’re a government and you want to monitor for cyber-crime or terrorist threats, you need to be able to see that data.
I see a pendulum swinging back and forth in public sentiment. You saw Snowden swing the pendulum very heavily towards privacy. Now due to recent issues, you’re going to see that pendulum swing back towards security.
This wasn’t an idea that pleased Sir Tim Berners-Lee, the creator of the world wide web, who is fed up of hearing this argument:
The shame about this is that it’s seen as pendulum. That it’s about more police power, less police power. In a lot of the discussions I’ve been in, it’s been talked of as a pendulum, as a one-dimensional thing. Instead of just pushing one way or another, more power or less power, let’s go in the direction of accountability and say if you want more power then let’s build a system where you’re accountable.
Berners-Lee overall was in splendidly maverick mode throughout, with his usual stream-of-consciousness delivery containing several darts flung in the direction of the tech industry. Particular scorn was reserved for developers of apps that ask to access other information, such as calendars:
You have all these apps that are just designed to steal your data and build a profile of you. These companies are nefarious in what they do. Their whole business model is stealing data, building profiles of people and not helping them in their lives at all.
In the old days I used to pay for apps running on my computer and they would be written by someone who wanted to do good for me. That business model has been almost completely lost. I think we will end up moving back to it. We’ll end up with a strong commitment to doing what the user wanted.
Back on the theme of government oversight over data protection and privacy, Mayer also came across as uneasy about the idea of state-enforced regulations, pitching for a free-market approach:
I prefer a marketplace where you make a trade-off around who you trust, how they handle your data, probably monetise your data yourself. That type of market-based force is likely to get us to a better, more forward-leaning solution that comes up with more advantages to end users more quickly.
But there was one voice of support for Oettinger’s basic ideas and that came from Salesforce’s Benioff who agreed:
We need a public-private partnership. We’ve already seen that the tech industry can get out of control. The entrepreneurs can get a little bit wild.
He cited the controversial Right to be Forgotten, the ruling by the European Court of Justice last year that European citizens can request to have unwanted or out-of-date facts removed from search results. It’s met with criticism from various European governments, most notably the British, as well as figures such as Berners-Lee. Despite this, there are attempts in Brussels now to have it enshrined in data pivacy law.
When I met Benioff in London last summer, he told me that he was supportive of Right to be Forgotten principle and in fact wanted to see it extended around the world. He returned to this theme yesterday:
That is not something that any entrepreneur back where I’m from in San Francisco is ready to implement, because they want to keep data in perpetuity, harvest it, do what they want with it and not be held accountable by any user, current or former.
That’s why for any government to come in, specifically the European government, and to say ‘No, this is something that we need’, that is the right role, where government needs to be looking out for our rights and provide a safety net to our industry. That can only happen through partnership.
At the end of the day, nothing was fully resolved or an overall consensus reached, but then it never was going to be, even though the likes of Benioff and Fries were articulate and persuasive in their arguments and observations.
Sadly in the current climate, it’s inevitable that the same themes around trust and security will be rehearsed and played out again next year in Davos. And as Oettinger’s boast about having a unified EU data protection plan in place by then is almost certainly politically-motived wishful thinking, we’ll also most likely be revising that as well.
But maybe there will be movement, as Berners-Lee was left to ponder wistfully:
I hope next year that we’re talking more positively. I hope that we’ve woken up to the exciting possibilities when it comes to our data.