Technological sovereignty as a concept
Why the TikTok saga is likely the first of many to come
The past few weeks were an interesting roller coaster ride in mediatech land, starring TikTok and the US government. Between the threat of closure and removal from app stores, the heavy national security cudgel, the rather high-profile resignation of TikTok USA’s CEO & ByteDance COO Kevin Mayer, a general sense of ‘wait, what?’, and finally a nothingburger of a resolution that amounts to a press release of a new cloud infrastructure contract: it feels like we’ve all been duped. Even with all that drama the deal is not technically done: the remaining (?) step requires formal approval from Beijing.
Chris’ thread below outlines some of the fun corporate structure here that’s letting basically everyone involved in this unnecessary fiasco publicly claim some type of victory:
No matter what the outcome of this one instance is, it seems we’ve crossed a new Rubicon from whose shores there’s no going back. This episode has opened the door to a potentially much more far-reaching re-evaluation of local vs global and what can be pulled off in the name/under the guise of security:
We’re used to global platforms originating in “our” neck of the woods -- if not in Silicon Valley outright then in adjacent locales (New York, Seattle, and LA are all welcome), and others like Sweden’s Spotify can squeak through on a case by case basis. To date there haven’t been many mainstream global platforms achieving true scale if they were built elsewhere: TikTok is the first truly global consumer app with an entirely different pedigree and likely different design paradigms, especially when it comes to data collection and subsequent use of that collected data.
Thanks in large part to the homogeneity of its origin BigTech to date has largely operated with a global purview, frequently treating local regulations as a nuisance that can be taken care of by paying a few fines rather than something to seriously adhere to. The internet isn’t meant to have borders - at least not the physical, show your passport, you may need a visa kind. Yet many countries exert their own authority on our virtual spaces by limiting what can be accessed and seen from their territories/IP addresses. There’s an inherent assumption that the internet is distributed, global, and borderless -- a first principle that’s being actively challenged by the more centrally controlled Chinese designs.
Precisely because of that global purview, tech behemoths command more power than many countries. Their market cap and revenue is quite literally the size of countries: Visual Capitalist helpfully tallies the combined 2019 revenues of Apple, Amazon, Alphabet, Microsoft, and Facebook as almost $900 billion, which is greater than the GDP of 4 G20 nations; if BigTech were a country, it would come in as the 18th largest GDP (slotting itself between the Netherlands and Saudi Arabia). Perhaps the best illustration here comes courtesy of Denmark who chose to look beyond the nation-state and appoint an ambassador to Silicon Valley. Their first ambassador and career diplomat Casper Klynge, who spent years of his career managing the world’s most volatile conflicts, summed up this new challenge so perfectly:
“What has the biggest impact on daily society? A country in southern Europe, or in Southeast Asia, or Latin America, or would it be the big technology platforms? Our values, our institutions, democracy, human rights, in my view, are being challenged right now because of the emergence of new technologies.”
What specifically could present a national security concern? To vastly simplify the challenge, consider the following three categories:
The infrastructure: The late Alaskan senator Ted Stevens infamously described the internet as a ‘series of tubes’. To make the apps on our phones work we do need a bunch of different tubes and doodads: cables, routers, switches, and assorted other network infrastructure (hello there, 5G). By virtue of global specialization there aren’t that many companies that make this kind of technology. For example, if you live in Nigeria (approx. 206MM people), Poland (approx. 38MM people), or Indonesia (approx. 273.5MM people) you don’t have a local, home-grown company to supply your cell and internet infrastructure. You’re likely buying from a handful of vendors like Ericsson (HQ-ed in Sweden), Qualcomm (HQ-ed in USA), and Huawei (HQ-ed in China). All telco equipment has certain backdoors provisioned for law enforcement use in individual jurisdictions: with Huawei in particular there are many rumors that those backdoors have even more backdoors and that nefarious business practices are afoot. Here’s a rather funny exploration of the complex topic of backdoors straight from the horse’s mouth:
Does the word “#backdoor” seem frightening? That’s because it’s often used incorrectly – sometimes to deliberately create fear. Watch to learn the truth about backdoors and other types of network access. #cybersecurityThe US has effectively banned Huawei from its territories including their ability to utilize chips or software (like Android OS) produced by US companies. Other countries have also instituted bans or limitations of their own. The first line of defense and ensuring security (in a rather amorphous, general concept kind of way) seems to be to ensure that the underlying hardware can’t easily be compromised by a variety of bad actors.
The data: We generate a lot of data exhaust with every internet interaction. From our machines’ IP addresses, through granular location information on our mobile devices, to data we volunteer by browsing and interacting on the internet there’s a lot there that can be mobilized maliciously. Yet, the practical applications of this vast data set veer more towards the mundane: user-level data has been the engine of digital advertising over the past decade, and personalizing experience for users to maximize attention is a widely accepted best practice. Where it gets murky is what happens when these types of data sets ‘leak’ out into other spheres of life (we dove into some examples in an earlier One).
The greater threat factor here in the context of national security really seems to be potential misuse of user-level data by and within one’s own country (rather than foreign agents, although espionage, propaganda, and election interference are ever popular dangers). Paradoxically this is the part that to many Western ears makes data collection by, say, Facebook entirely palatable and requiring fairly little scrutiny while a similar effort by, say, TikTok would be considered instantly suspect and insecure until thoroughly proven otherwise.
The algorithm: Ah, yes - the secret sauce. Mentioning algorithms today seems to take on an air of mysticism and overblown agency. This thread sums up the issue in one sentence:
And therein lies the rub -- like with data, unless apps originate with our own set of perceived values we are inherently inclined not to trust them or to find them suspicious whether that’s actually warranted or not. Can an algorithm be weaponized by a bad actor? Sure - consider content recommendations that increasingly lead down the path of radicalization for vulnerable populations (a tried and true recruiting tactic used by terrorist networks). Like with data, nefarious use of algorithms isn’t limited to foreign bad actors: the call is often coming from inside the house. Consider the opaque (excuse me: proprietary) algorithms that are used to determine whether or not you can get a mortgage (and at what rate). Like with data, the real issue here isn’t algorithms themselves but algorithmic transparency: understanding which inputs are considered and how an algorithm is trained to make decisions will go a long way to make these more equitable. That is a different conversation to have than ‘boo, algorithm scary!’.
In TikTok’s case (and in the case of advertising and media platforms in general), the concern usually rests with the latter two; when telcos enter the conversation then all three apply. This brings us to the concept of technological sovereignty: the idea that the way a nation (at least in theory) works to ensure the safety and wellbeing of its citizens should extend to the realm of the internet, too. This, in turn, begs the following question:
What is the minimum viable technology stack for a country?
When we consider one-sided bans or country-specific actions to limit certain technology vendors from participating, how deep should this go? Is open source software all of a sudden off limits because one can’t ensure who the maintainers are? While this point alone is worth a deeper exploration a picture here is definitely worth more than several thousand words and helpfully comes courtesy of the consistently genius xkcd:
(Replace Nebraska with, for example, Iran and feel the skin crawl on the back of your neck).
We’re entering a new phase of retrenchment on the internet -- very much a growing pain and reaction to the increasing maturity of the space. The smartphone era has been with us for a touch over a decade now and has proven deeply transformative across society, changing our relationship with how we find information, discover new interests, and interact with each other.
We’ve all been given the keys to the internet, to drive it freely, yet very few of us know how to drive, what’s inside the hood, or how the whole thing works. We require drivers to pass a basic test of knowledge to operate a car; we don’t require anything similar for the online world; with its increasing complexity and outsized influence on real-world events, perhaps we should reconsider.
On an individual level one glaring gap today is how much regular people understand (or consequently care about) any of these issues. For many users worldwide, their first exposure to the internet was through their Facebook feeds. Accustomed to more controlled, filtered, and vetted media landscapes in which publishing false information may carry repercussions, these users were unleashed on the internet where the ramblings of someone’s drunk uncle Larry stand side by side with actual, real, reported news. Where does one go today to learn media and data literacy? We’ll leave you with this example that Kate O’Neill often brings up: of how seemingly innocuous, fun things on the internet can have more sinister and far-reaching implications that we as users may not be aware of until it's too late:
Looking back at TikTok, while the root of the concerns around data use and algorithmic transparency may be valid, it’s certainly not applicable to just one platform but to all. Country-level decisions are in the hands of legislators who frequently operate in extreme catch-up mode. The EU has led the way in regulating user-level data use through the adoption of GDPR; other countries/states are following suit. Users can take up matters into their own hands in the interim (and we don’t mean it in the ‘disconnect from the world, grow a beard, and go live in the woods’ kind of way). Understanding how the platforms we spend our time on monetize and actually work is a necessary first step.
One question:
When thinking through examples of scary data and algorithm use, are better examples found closer to home? For example, the DOJ is preparing an antitrust case against Google; should the folks working on this case stop using Google’s products out of an abundance of caution? Can they use Google search or Google’s browser Chrome on devices that run Google’s Android OS to research information pertinent to the case? Is it even possible to entirely opt out?
Dig deeper:
A helpful breakdown and timeline of the TikTok case courtesy of ArsTechnica
An interview with Denmark’s first ambassador to Silicon Valley
BigTech’s footprints and impact beautifully visualized by Visual Capitalist (and great fodder for decks)
xkcd’s Dependency
Enjoyed this piece? Share it, like it, and send us comments (you can reply to this email).
Who we are: Sparrow Advisers
We’re a results oriented management consultancy bringing deep operational expertise to solve strategic and tactical objectives of companies in and around the ad tech and mar tech space.
Our unique perspective rooted deeply in AdTech, MarTech, SaaS, media, entertainment, commerce, software, technology, and services allows us to accelerate your business from strategy to day-to-day execution.
Founded in 2015 by Ana and Maja Milicevic, principals & industry veterans who combined their product, strategy, sales, marketing, and company scaling chops and built the type of consultancy they wish existed when they were in operational roles at industry-leading adtech, martech, and software companies. Now a global team, Sparrow Advisers help solve the most pressing commercial challenges and connect all the necessary dots across people, process, and technology to simplify paths to revenue from strategic vision down to execution. We believe that expertise with fast-changing, emerging technologies at the crossroads of media, technology, creativity, innovation, and commerce are a differentiator and that every company should have access to wise Sherpas who’ve solved complex cross-sectional problems before. Contact us here.