cybersecurity innovation regulation

Spanning the Chasm: The Missing Link in Tech Regulation – Part 1 of 2

Mark Zuckerberg was right when he wrote in his op-ed to the Washington Post that the internet needs new rules, though naturally, his view is limited as a CEO of a private company. For three decades, governments across the globe have created an enormous regulatory vacuum due to a profound misunderstanding of the magnitude of technology on society. As a result, they neglected their duty to protect society in the mixed reality of technology and humanity, where facebook is the scapegoat of this debate due to its enormous impact on the social fabric. Still, the chasm between governments, regulation and tech affects every other tech company, whether it is part of a supply chain of IT infrastructure or a consumer-facing service. The spring of initiatives to regulate Artificial Intelligence (AI) carry the same burden and that is why the driving force behind them is primarily fear, uncertainty and negative sentiment. I am involved in one of those initiatives, and I can’t escape the feeling it is a bandage for a severe illness, resulting in a short-sighted solution to a much bigger problem.

Human-driven processes governed our social fabric before technology became immersed in our reality. Methods that evolved over centuries to balance the power and responsibility among governments, citizens and companies resulted in a set of rules which are observable and enforceable by humans quite effectively. It is never a perfect solution but it is a steady approach for the democratic systems we know. Every system has a pace and rhythm where the government-societal system is bound to humans’ speed to create, understand, express and collaborate effectively with others. The rate of living we all got used to is measured in days, weeks, months and even years. Technology, on the other hand, works on a different time scale. Information technology is a multi-purpose Lego with a fast learning curve, creating the most significant impact in a shorter and shorter timeframe. In the world of technology, the pace has two facets: the creation/innovation span, optimized to achieve significant impact in a shorter period, and the run time aspect, which introduces a more profound complexity.

Running IT systems hides much complexity from users, obscuring highly volatile nanosecond dynamics with nice-looking UX. IT systems are made of source code used to describe to computers what should be done to achieve the system’s goal. The code is nothing more than a stream of electrons and, as such, can be changed many times a second to reflect ideas desired by the creator, where a change in the code leads to a different system. One of the most significant premises of AI, for example, is that it can create code on its own using only data and without human intervention. A change, for example, can carry an innocent error that reveals the personal details of millions of consumers to the public. This volatile system impacts privacy, consumer protection and human rights. The rapid pace of technological change is an order of magnitude faster than humans’ capability to perceive the complexity of a change in time to apply human decisions the way regulation works today effectively.

The mandate for and requirement of governments to protect citizens have not changed during the last 30 years besides supporting societal changes. What has changed is reality, where technological forces govern more and more parts of our lives and our way of living, and governments cannot fulfil their duty due to their inability to bridge these two disconnected worlds. Every suggestion of a human-driven regulatory framework will be blindsided and defensive by definition, with no real impact and eventually harmful to the technological revolution. Harm to technological innovation will directly affect our way of living as we have already passed the tipping point of dependency on technology in many critical aspects of life. The boundaries of what regulation suggests about right and wrong still make sense and have not changed as it applies to humans. The way to apply the regulation on the technological part of reality has to adapt to the rules of the game of the technology world to become practical and not counter-intuitive to the main benefits we rip from tech innovation.

The growing gap between humans and IT has much more significant ramifications. We already experienced some of them, such as cyber-attacks, uncontrolled AI capabilities and usage, robotics and automation as disruptors for complete economic ecosystems, autonomous weapons, the information gap, and others we don’t know yet. The lagging of governments has placed absurd de-facto privatization of regulation into the hands of private enterprises motivated by the economic forces of profitability and growth. Censorship, consumer protection, and human and civilian rights have been privatized without contemplating the consequences of this loose framework until over the last two years when scandals surprisingly surfaced. One of the implications of this privatization is the transformation of humans into a resource, being tapped for attention, eventually leading to spending. And it won’t stop here.

Another root cause which governs many of the conflicts we experience today is the global nature of technology vs. the local nature of legal frameworks. Technology as a fabric has no boundaries, and it can exist wherever electricity flows. This factor is one of the main reasons behind the remarkable economic value of IT companies. On the other hand, national or regional regulation is anchored to the local governing societal principles. A great divide lies between the subjective, human definition of regulation and technology’s objective nature. Adding to that complexity are countries that harness technology as a global competitive advantage without being willing to participate openly under the same shared rules.