April 15, 2021

Microsoft president Brad Smith visited SIPA on March 31 for a conversation about his latest book, Tools and Weapons: The Promise and the Peril of the Digital Age.

The “fireside chat” with Dean Merit E. Janow was the second event of the 2021 Niejelow Rodin Global Digital Futures Policy Forum. Now in its seventh year, the annual forum hosted by Columbia SIPA’s Tech and Policy Initiative convenes cross-sector experts from around the world to address policy responses to the emerging challenges of digital transformation. With its focus on the theme of “Saving Cyberspace,” the 2021 forum is specifically considering the disruptive potential of our increased digital dependence in the context of the global pandemic.

As Smith’s book title suggests, most technologies are created as tools to enhance productivity and efficiency, or to simply make life easier. Yet the same tools can also be used as weapons, making us consider crucial balances in our technological use such as that between privacy and security.

Alexander Niejelow, senior vice president for cybersecurity coordination and advocacy at Mastercard, gave the welcoming remarks for the event—emphasizing the importance of technology for national security, the future of work, and for building a more secure and resilient digital economy. Niejelow said that companies like Microsoft are at the forefront of these issues, not only helping to craft the technologies, but also contributing to a robust policy making and regulatory process.

Janow began the discussion by asking Smith about his assessment of user privacy laws in the United States. Smith, who said he believes privacy is a fundamental human right, suggested that technology’s rapid progress has put privacy at greater risk. Furthermore, he said, while some states like California and Virginia have adopted strong laws to protect privacy, the absence of a national law has meant that the United States has lagged behind on this vital issue.

Janow then asked Smith to describe what a U.S. national privacy law should look like. He said that Europe’s General Data Protection Regulation (GDPR) provides a useful framework, but the law will have to be adopted to American ideals and the Constitution. Any law, he said, should give users the “right to access their data” and mandate businesses to use user data “fairly, lawfully and transparently.”

The discussion then shifted to the relationship between privacy and security, the two building blocks for trust and confidence in a secure digital future. “You can’t have one without the other,” said Smith, who observed that while the relationship is complex, those creating technologies should always focus on achieving both.

There is sometimes tension between the protection of privacy and national security. The encryption debate is fierce and expansive. On one side, law enforcement agencies seek access to technologies in order to investigate crimes and enhance security, as when the FBI asked Apple to “unlock” the iPhones of gunmen in San Bernardino, California, and Pensacola, Florida, for example.

On the other side of the debate are privacy advocates, who in some cases are making technology companies give people greater access to their personal data through legislation such as the GDPR and California’s Consumer Privacy Act (CCPA). At the same time—after suffering from several significant terrorist attacks since 2015—some countries in Europe including France and Great Britain have considered and passed legislation that could force tech companies to bypass encryption protections in the name of national security. The debate on the balance between privacy and national security has only intensified in the digital age and citizens must monitor the decisions of governments to ensure their preferred equilibrium is struck.

To further security, Smith highlighted a simple yet vital solution: a modern IT infrastructure. Such a message was clearly conveyed to the Biden administration, as its $2 trillion American Jobs Plan makes significant infrastructure investments in broadband, automation, and energy efficiency. However, the US should similarly pursue the modernization of the transatlantic framework for IT, data migration, and interoperability by replacing the EU-US Privacy Shield, which EU courts struck down in July 2020. Moreover, Smith said that the follow-up on the CLOUD Act of 2018, which created a framework for international agreements that would establish a process for when a government needs search warrants regarding data, for example, has been slow and that commerce and innovation are hindered when there is regulatory uncertainty.

To consider the impact of such delays, Dean Janow shifted the conversation to the topic of technological competition between the United States and China. Smith said the view in Washington is broadly correct: China is a competitor, a rival, and a partner all at once. Yet, he emphasized, the rivalry is far different than that with the Soviet Union in the Cold War; China’s intellectual and engineering power is far superior to that of the USSR. Although sanctions and restrictions on investment through the Committee on Foreign Investment in the United States (CFIUS) are important, the United States must focus not on slowing China down, but on moving faster itself. The US, Smith said, needs to maintain its position as an intellectual and technological frontier through increased STEM and R&D funding as well as through skilled workforce development for the entire population.

The discussion then moved to the impact of social media misinformation on democracies around the world, a disturbing way in which technology has been weaponized, as Smith describes in his book. The riots in the U.S. Capitol on January 6 were a consequence of this issue, which is in part due to the digital advertising dominance of Internet platforms and the ensuing asymmetric relationship between news publishers and those platforms. News publishers have become reliant on companies such as Facebook and Google to disseminate content. To do so, the platforms rely on algorithms that rank content based on internal metrics, which can have drastic effects on traffic to news publishers’ websites. Reduced traffic means reduced advertising revenue, which leads to a decrease in both content and quality as publishers operate with strained resources. Such an environment is an incubator for mis/disinformation because publishers are forced to compete for traffic by gaming platform algorithms; these algorithms are composed to increase usage, which is most effectively accomplished by feeding users extreme content.

There have been several state efforts to remedy the problem, including having tech companies pay news organizations for their content. Australia’s News Media Code does just that, and Columbia SIPA Professor Anya Schiffrin and the Technology, Media and Communication Specialization hosted an event on the topic on April 15, 2021. 

Outlining Microsoft’s stance on the standoff in Australia, Smith commented that the legislation was fair to all stakeholders involved and had Microsoft’s support. In his view, this flashpoint will serve as a precedent for similar legislation in the United States, which may be passed soon considering growing consensus amongst lawmakers. This unequal balance of power between tech companies and media organizations is more of a competition issue, one that Smith foresees will attract significant antitrust and regulatory scrutiny against them in this decade. In fact, he said that “the 2020s will be for the tech industry what the 1930s were for the financial services industry.”  Yet Smith believes the incoming regulation will be similarly beneficial to the industry in the long run. Clearly defined rules of operation for the tech sector are key for maintaining a healthy market, which is fundamental to the preservation of US innovation and democratic leadership. 

— Nate Low MPA ’22 and Parth Arora MPA ’23