Good Governance in Cyberspace: Digital Freedom Policy Framework
Ideas for Policies for the People
What is Policies for the People?
Policies for the People is a fascinating project aimed to help the public “open source” policies for a better future. They have several main categories such as Health, Food, Liberty, Economy & Peace. I would encourage you (but especially Americans) to get involved in either writing your own proposals, or at least giving constructive feedback to ones written about issues that are near and dear to you.
As somebody who is a HUGE FAN of bottom-up strategies, I believe this is a golden opportunity to recognize the potential of elected representatives having organized, genuine bottom-up feedback. The platform is running Discourse which is the go-to choice for many open source projects & communities. The platform itself is available as fully Free and Open source, so it’s even possible to setup your own independent instance. I would highly recommend considering how you could adopt this model for your own region or priorities.
I am thrilled to take a stab at building a better technological future by presenting my vision on what the United States Federal Government can do to improve. My hope is that you find my submission a worthwhile conversation-starter. If you have feedback, I would highly encourage you signing up to Policies for the People, and then replying to the post. Of course, I’m happy to follow up with feedback I recieve here!
Executive Summary
Primary Concerns
Allowing Foreign governments to dictate free expression online
Big Tech & Government stifling innovation
Mass surveillance and privacy risks to citizens
Overview
There is an immense amount of opportunity in building conditions for a more free cyberspace. By adopting a strong stance on digital freedoms and protections, Americans can transform the digital landscape. This opportunity represents a chance to truly resolve many pressing concerns, and brings huge economic and cultural benefits.
When many think of grand-sweeping changes in technology, often they think of the European Union. As a leader pushing for ambitious reforms, the EU is very much in the driver’s seat of deciding the future of cyberspace. While there are many benefits to this, the EU does not prioritize classic American values such as free speech. This is quite apparent in many projects and initiatives.
In this proposal, I share a vision on how the United States can replicate many of the successes from the European Union’s strong digital vision, without conceding cyberspace to be dictated by the EU or foreign adversaries. This proposal is a vision for a future of cyberspace where Americans are free to maximize innovation, creativity, and security.
At a high level the following reforms are required:
A strategic vision to exceed the European Union’s Next Generation Internet initiative
Institutional Safety
A Digital Bill of Rights
Creating opportunity for a better cyberspace
Strategic Vision
Protecting the interests of Americans in cyberspace requires a bold new departure from the status quo. For too long, the web has largely stagnated as cyber threats and online harms escalate. Instead of trying to address concerns on a reactionary per-issue basis, a new direction is needed to confront the foundations of these troubles. The goal must be to transform the technological landscape to represent one of innovation, collaboration, and strong security practices.
First and foremost, there must be recognition of the fact that online freedom issues quickly become national security concerns. If Americans don’t feel they can safely and effectively engage online, they become vulnerable to being exploited, undermining their own security. Transformative change is required to adapt to the realities of cyberspace in our time. As the Crowdstrike Global IT outage has shown, top-down security efforts have their own risks. Instead of developing a plan to centrally manage digital affairs, Americans deserve a properly decentralized technological landscape.
A variety of EU projects are aimed specifically at granting the European Union digital sovereignty, but falls short of reclaiming it for the citizenry as well. A cyber strategy for the United States has to recognize the importance of it’s own digital sovereignty as well as that of individual Americans. If this opportunity is forsaken, the entire infrastructure of our online interactions can be dictated by the European Union, or even foreign adversaries.
Thus, the United States Cyber Strategy must pivot away from consolidating power through Big Tech, and towards empowering citizens, families, communities, and businesses to be truly resilient from modern cyber threats. This will require a long-term plan that includes necessary components like right to repair, privacy protections, strong privacy guarantees, and above all transparency and accountability. Americans are not lacking in skills, knowledge, or creativity, what is lacking is a solid foundation to build a modern and free cyberspace.
The benefits of a bottom-up effort to transform our digital landscape are immense. This taps into vast swaths of under-utilized labor and skills and create the conditions for multi-disciplinary collaboration and innovation. Open Source has proven to be a highly effective and highly resilient model for not only innovation, but also collaboration with throughput vastly superior to constrained models. The future of work is here, it’s just about making it economic.
The purpose of the strategic vision is to realign priorities towards Civilian-based cyber defense. This principle recognizes the reality that every person has a role to play in keeping digital threats at bay. Therefore radical new approaches are required to foster an environment of education, collaboration, and competition. By creating fertile ground for innovation and bottom-up feedback, many of our present challenges can be transformed into opportunities.
Civilian-based Cyber Defense
The principle of Civilian-based cyber defense is so effective that it has already been partly implemented out of necessity. Organizations like CISA run programs to raise cybersecurity awareness and digital education. This is something that needs to be explored to it’s fullest, and brought to the forefront of many cyber & education initiatives. Instead of relying on massive entities to safeguard everyone, a radical new approach is required to tackle modern digital threats. This new approach is equipping every individual to be an active participant in a more safe and secure future.
Understanding the threats
These risks are outlined to demonstrate that many of these threats and their components are inseparably intertwined. For too long our institutions are modeled with a vision that cyberspace is entirely separate from the real world and people’s lives. Cyber threats very often include planning, preparation, or even methods that impact real-world infrastructure and people’s personal vulnerabilities. The idea that these threats can be mitigated, much less eliminated without a holistic, bottom-up approach is madness at best and arrogance at worst.
Cyber warfare
Software / Hardware supply chain attacks
Mass surveillance (foreign and domestic)
Ransomware
System disruption
Cybersecurity & IT
Malware
Breaches
Outages
Social engineering attacks
Online Harms
Harassment
Cyber-stalking
Exploitation
Privacy Risks
Identity theft
Personal safety / Extortion
Undermines trust
Chills speech and participation
Fragility
Single-points of failure
Dependence
Censorship
Lack of competition
Civilian-Based Cyber Defense in Action
Education
Our technological future is always going to be in the hands of our youngest. Their decisions on what to use, how to use it, and what to build on fundamentally reshapes our collective digital experience in real-time. At the very least, it is crucial that this is an informed decision. At the bare minimum, “computer literacy” should be tracked, fostered, and improved just like actual literacy.
Beyond schooling, public awareness is crucial. Education and outreach must be a life-long experience. Just as online threats and harms have evolved over the last two decades, we can be quite sure they will continue to evolve at a rapid rate. This can only be ameliorated with an environment where Americans are able to have a meaningful impact on their own digital experience.
A wide range of initiatives are on the table when one recognizes that the first-line of cyber defense isn’t powerful tech giants, but rather individuals themselves.
Research
Information is the most precious resource. Initiatives that can acquire vital information about pressing concerns are invaluable. America’s highly skilled and creative workforce can take advantage of opportunities to leave no stone un-turned when it comes to investigating digital threats, and their solutions. Agencies should be leveraging their unique insight to provide information to the public on ground that needs to be covered.
Building a national defense strategy around bottom-up innovation requires exhausting lines of inquiry that many technical minds are eager to explore. With properly aligned goals, the digital sovereignty of individuals and national security can lead to powerful strengthening of both. By relying on the same methods to secure both, citizens can have a direct impact on not only improving their lives, but the very fate of the nation.
Collaboration
Leveraging powerful models, like Open Source development (for both hardware and software) offers huge benefits for innovation. There are many ways to include people with varied expertise to gain multi-disciplinary benefits from broader collaboration. With open and transparent methods of governance, and even tools and techniques, feedback from the front-line can make an even bigger impact.
Transparent sharing of insights, but also including public feedback into the equation, allows for much more rapid iteration on crucial concepts.
Innovation
With the benefits of hardware and software freedom, technologies can be safely used in both public and private contexts. Optimizations can be widely deployed and many can reap the benefits. By building the foundation for a truly free technological landscape, the USA can become the home for boundless innovation. Realigning strategies and goals for a free digital future has immense opportunities for both individuals and institutions.
Institutional Safety
While all of the above sounds wonderful and amazing, very little of it is truly possible without trust. This is very much where the European Union fails to deliver on what they intend in their digital strategy. With some reform, the United States is in the unique, enviable position to be a world leader in not just technological innovation, but also digital freedom and security. Improving the relationship between institutions and people, trust can be built towards genuine cooperation and shared interests.
De-FANGing the Surveillance Apparatus
The very fact that the European Union has spent so much trying to break free from American companies tells us all we need to know about how much Americans can trust public-private collaboration with these entities. As such, not only do Americans require stronger privacy and security guarantees, but they also deserve a government that doesn’t leverage private entities against their interests. Public, short, medium and long term plans must be made to entirely dismantle domestic surveillance.
Cooperation, subsidy, and information sharing with for-profit entities must be phased out. These institutions seize and pacify a huge amount of America’s top minds and puts them to work building things that are incompatible with a free digital future. Maintaining proper boundaries between private and public institutions is a vital reform in building meaningful trust in the future. When law enforcement requires information, it must be obtained with a valid court order, both requests and receipts must be properly and transparently disclosed.
Digital Bill of Rights
The White House currently has a Blueprint for an AI Bill of Rights. Some of the concerns raised are excellent, others are unnecessary barriers to innovation. Even worse however, the AI Bill of Rights is far too narrow, and possibly wastes the opportunity to develop a truly comprehensive Digital Bill of Rights. A Digital Bill of Rights must not only apply to government departments, but where possible, to publicly traded and regulated entities. Some of these exist already in some form or another, but a comprehensive (Federal) act is required.
Digital Bill of Rights (Shortlist)
Access
Non-discrimination on protected status, politics, or even a wider range of criteria
Prior notice to disruptions to access with proper due-process
Data Sovereignty
Right to refuse data collection
Control over how information is used and shared
Right to request, and delete personal data
Transparency & Accountability
Clear and transparent disclosure of information sharing and breaches of personal information
Liability for data misuse
Freedom of Choice
The right to refuse particular devices, services, and systems
Regulate digital public infrastructure providers as “common carriers”
Not only as a means to strengthen the Digital Bill of Rights, but also to protect good-faith providers of digital infrastructure. With a broad conception of public digital infrastructure, more Americans can feel they can equitably participate in the digital economy.
This would include:
ISPs
Domain Registrars & Public DNS Providers
Cloud & Web Hosting Providers
Payment Providers
Financial institutions
Protecting Innovation & Security
To compete in the modern digital environment, new approaches are required to stay adaptable. Beyond sustaining various rackets, the goal is to allow American innovation to thrive in an environment that makes people and cyberspace more free. There is significant demand for secure, verifiable systems that put the person first. Instead of falling behind foreign competitors, the USA can reclaim it’s status as not only the land of the free, but also free cyberspace.
Right to Repair
Right to repair involves various reforms that are essential to long-term innovation and security. Of crucial importance is the ability for users to have the capacity to modify potentially defective firmware. Very often digital products fall behind in security, so much so that the EU is considering harsh import restrictions under the Cyber Resilience Act.
By encouraging an environment where devices are more free and open by default, users can have the control to obtain the highest security guarantees needed for the situation. This alone has the potential to resolve security issues faster than any single initiative could, by allowing almost everyone to take a role in thwarting cyber threats.
Prioritize Free & Open Source Software & Hardware
Software & hardware freedom is a very important public good. Open source is a very effective way to put bottom-up feedback and contributions to use. By harnessing these goals, America’s technological economy can be radically transformed in a way that provides a great deal of jobs and opportunities. By using Free & Open Source Software, government agencies and departments can not only reclaim their own digital sovereignty, but individuals as well. The technological landscape moves very quickly, and is only poised to accelerate as enthusiasm for decentralized open cooperation improves. It’s crucial not to miss the opportunity to embrace this change.
Related Proposals:
Your Thoughts Welcome!
Policies for the people is all about getting YOUR feedback. I would encourage you to sign up and share your thoughts. Of course I would greatly appreciate it if you would then vote up / comment on my proposal, so that others on the platform can at least see it!
Incredible work, Gabe. Thank you so much for contributing your expertise!
A question I have is 'which comes first?' Do you decentralize and then decide policies, or decide policies at a centralized level that allow you to implement decentralized solutions? I tend towards the former economically, but it's good to think about what your alternatives would be. Thanks, Gabe!