How Governance Can Restore Trust in Tech

Image

A huge swath of Americans worries about the effects of social media, from mental health to misinformation, even as people are increasingly getting their news from these sources. Americans are deeply worried about AI taking away jobs, despite one in five saying they use it for work. 

This uneasy relationship is an increasing challenge for tech companies, but one Daniel Dobrygowski, senior counsel at the cybersecurity firm Sophos, advisory board member for the Digital Trust Council, and an adjunct associate professor at SIPA, thinks it can be remedied through responsible technology governance. 

Technology Governance: Build Trust in Digital Innovation also just happens to be the name of Dobrygowski’s new book. Built on decades of research and his previous work at the intersection of technology, law, and politics, Dobrygowski offers a roadmap for technology companies and others deploying and using tech on how to build and preserve trust with the people using their services. He argues that a key to winning and preserving that trust is the rules and guardrails companies put in place, which should reflect the expectations and values of the public and society writ large. 

This approach may not sound as exciting as the “move fast and break things” ethos often associated with Silicon Valley, but Dobrygowski believes technology governance is the key to business success and innovation – and perhaps the best way to keep us all a bit more optimistic about the future of technology. 

In this SIPA News Q&A, Dobrygowski discusses his new book and where technology governance is failing and succeeding in today’s rapidly innovating world.

The interview below has been edited for length and clarity.

What is technology governance?

Technology governance is disciplined and strategic decision-making that ensures a company’s use of technology is aimed toward growth while supporting the values of the company, its employees, and the communities in which it is active.

To make it a little more complicated, there are multiple levels of governance, from global governance – think the United Nations and other international organizations – to national governance structures that rely heavily on regulation, to corporate governance, where companies make the rules for how technology fits their aims. There is also governance of specific technologies, like data and cyber security, and rules on how technologies work within a company. This book is mainly focused on that corporate-governance level. 

Why is corporate-level governance so important? 

There're two reasons. One, companies are the entities making and deploying new technologies like AI and while [government] regulation is part of governance, it's not the most active right now. It’s something corporate governance has to react to, and it's part of the scheme for how we decide what technology should and should not do. It's less specific to a company's industry or their activities. It's never going to be a perfect fit, and there's always going to be a compliance burden around regulation.

Corporate governance, in that respect, allows companies to take action that shows how they understand their customers, what their shareholders want, what their employees need, and build a program for themselves that makes sense in their own particular context. 

Second, in the world we live in today, [government] is unlikely to give companies the clarity they're looking for about what their responsibilities are. But a holiday from regulation isn't a holiday from responsibility. People still expect companies to uphold their end of the social bargain, and that means corporate governance of technology is much more important than it has been in the past.

In your book, that social bargain relies on this idea of “digital trust.” How does digital trust fit into technology governance? 

Digital trust is a term I've been using for about a decade. It refers to how trustworthy companies' decisions about technology appear to users, customers, workers, shareholders, regulators, and others..

Do people believe that companies use technology in a way that will fulfill people's expectations for what those technologies are going to do, and will respect people's values around those technologies? This is something that's in short supply right now, and I think you see that in the real concerns people have around technology, especially around what technology leaders are doing. 

That creates a trust gap. That creates significant mistrust in technology, but especially in the people using and deploying technology. Corporate governance is how you earn that trust in technology back. It's how you define what the values for a company or organization or even a society are around technology, and how you create a map or guardrails for how you're going to make sure you protect those values and meet people’s expectations.

People expect technology to improve their lives, to create opportunities for them, to make their lives easier, to give them better jobs. Technology governance is the way you get to those expectations.

There’s so much that fits under the broad umbrella of technology – social media, AI, data privacy, the list goes on. All would seem to have different governance demands or strain trust in distinct ways. How did you think about that while writing this book? 

I've been thinking about this for over 20 years. Technologies have been hyped up, and they've receded, from the internet itself to social media. Blockchain made its appearance, and AI was obviously a huge part of the conversation as I was finalizing this book. 

In all those hype cycles, it's been about, [first], people's expectations for what the technology is going to do, how well we meet those expectations, and how well we don't; and [second], how safe people feel with the technologies, how much they improve their lives versus how much they create harm for people, and how quickly we understand that.

Things like cybersecurity and privacy come up again and again. Ethical use of technology comes up again and again. All these are components of what becomes digital trust in this book, and they're all things that companies have to think about regardless of the specific technology.

If digital trust depends on people’s expectations of and values around technology, what happens to technology governance when there is debate on what those values or expectations are? 

There are a handful of folks, a lot of them in the VC world, driving some of these technologies – especially AI – forward. They have a minority opinion about what makes technology good or useful, and then you have the vast majority of other people – consumers, regular citizens, individuals, workers, even most companies – who are left holding the bag for the decisions of that small minority. 

That's where technology governance is strong because it allows this majority opinion to push back against the small minority of people who are really just out to deploy technologies as fast as possible so they get their immense returns.

Do you have any good examples of where a tech company responded to public pushback and changed course? 

This doesn't make it into the book, because it happened after it went to print, but the recent controversy between Anthropic and the Pentagon, about who gets to decide what the AI guardrails are. In that case, you have Anthropic [pushing for] safety guardrails, which is what the vast majority of people believe is necessary, and that stance builds more trust.

It could be because of marketing, or could be because of a deep-seated focus on certain values, but even marketing is a response to pressures that they feel from regular people or users. Just from a pure financial perspective, [Anthropic] had a lot more users moving from OpenAI to Anthropic because [those consumers] saw it as a more trustworthy company that fit their values.

A recent Gallup poll has 80 percent of Americans wanting the government to prioritize AI safety and rules. Another recent Ipsos poll has 65 percent of Americans using AI tools, even if they don’t trust them – and only 31 percent trust the government to responsibly regulate AI. How can the government meaningfully regulate certain sectors of tech if people don't believe it can do so effectively? 

That's ultimately the big trust question. We see this all over the place. People really want some sort of regulation around technology, and at least in the West, they really, really don't trust the governments that they live under to do that. But they also don't trust the companies. 

The first step is understanding what people want from technology, and then stopping decisions that are counter to that. It sounds simple in some ways. It is. You can change the way you make decisions. You need to have better inputs, and the better inputs are the expectations people have, the capacity the technology has, and the values in whatever society you're operating.

One of the big challenges in the US at the moment is the massive amount of capital and wealth concentrated in these Big Tech companies, and among some of their individual leaders. That has bought them power and influence, and at least a perception that they can use that power and influence to shape regulations – or the lack thereof. How do you apply the technology governance model in that case? 

There are a few big AI companies that will have this – right now, it's a pause in their regulation and responsibility. But most of the Fortune 500 companies, most medium businesses, most small businesses, they're trying to figure out how to operationally implement these technologies, and they need to build these guardrails so they fit their own business values first. 

They're really in the same boat as most individuals who are looking at these Big Tech monopolists and saying, I don't want that person making decisions for my life. The way to get out of it is to govern your own technology, to build your own guardrails and stick to them. Take the driving role in how technology impacts your company, your workers, your customers. 

And honestly, the pushback to technology overreach is real. Just recently, after the Super Bowl, [there was] a huge backlash against Amazon and their Ring cameras that scuttled the deal they had with Flock, the police surveillance company, because of people's distrust. No company is immune from distrust. It's just how much it has to bubble up before your company has to act. For most companies, you're better off thinking about this beforehand than having to unwind a deal or work your way backwards from a position of mistrust.

How do you assess this current moment in technology governance? 

It's a contentious moment in technology governance. We're deciding right now what technology governance looks like going forward. Is it hands off, where the only thing that matters is the return on VC investment? Or is it something that actually works for most people and most companies? Those are the two sides, and one side has a lot more people on it than the other. That’s where we're sitting right now.

What might shift us more to the pro-governance side? 

There's some inevitability to it. For the next part of the 21st century, the companies that are sustainable winners – sustainable from a business standpoint – are going to be the ones that have better technology governance, that are able to earn trust from most people. 

Right now we're in the nadir of regulation, but in the future, the pendulum will swing back. There'll be more regulation. Also, people's memories about what's trustworthy or not are long, and they're more likely to reward trustworthy companies going forward. That's why I'm confident that good technology governance is what's going to win the day over the long term.

Even as people may not trust technology, it’s so embedded in our everyday lives. How can individuals or society help push technology governance to a place where we might want it to be? 

In some ways this is similar to the climate change debate. You recycling your bottle of Coke is maybe not going to make much of a difference when giant companies are the biggest emitters.

But ultimately, all of these technological shifts are happening on the backs of people as users, people as data subjects, and people as consumers and even co-developers of these technologies. So you do have the ability, in little ways, in your use of technology, to choose the technologies that fit your values, and that sends a greater signal to the people deploying and building technology into companies. That makes a difference. 

Right now, the ball is in the court, not necessarily of only the big AI companies, but of the businesses who are their main customers. If those customers make better choices about their deployment of that technology, then their vendors are going to be forced to respect those and adhere to them. We can pressure those companies, too. There's the grassroots ability to make some change, but it depends on how we make our choices right now about how we're using technology and what we’re willing to accept.

What are some good examples of technology governance right now? 

Because technology is so widespread, there's interesting and useful government regulation coming from all sorts of places, some that you wouldn't even expect. The European Union probably does the best job of protecting people's privacy, and they've created the global standard for what privacy protection looks like. 

As far as protecting people from the harms of technologies, you'll see places as different as Arkansas banning cell phone use in schools, which is a definite positive step on protecting individuals from a potentially addictive technology. You'll see Australia putting a ban on under 16 social-media use because of the real harms we see. You'll see countries like Estonia having backups for essentially all of their citizens’ data to protect them from hostile adversaries. You have different countries and different jurisdictions experimenting with what they can do to protect citizens, to meet those expectations people have around technology.

There are a lot of good examples in the book of businesses who are governing technology well, whether it’s through cybersecurity or responsible behavior, but I’d have to say that the award for best governance of AI is still up for grabs.