Good Governance in Cyberspace: Digital Freedom Policy Framework

What is “Policies for the People?”

Policies for the People is a fascinating project aimed to help the public “open source” policies for a better future. They have several main categories such as Health, Food, Liberty, Economy & Peace. I would encourage you (but especially Americans) to get involved in either writing your own proposals, or at least giving constructive feedback to ones written about issues that are near and dear to you.

As somebody who is a HUGE FAN of bottom-up strategies, I believe this is a golden opportunity to recognize the potential of elected representatives having organized, genuine bottom-up feedback. The platform is running Discourse which is the go-to choice for many open source projects & communities. The platform itself is available as fully Free and Open source, so it’s even possible to setup your own independent instance. I would highly recommend considering how you could adopt this model for your own region or priorities.

I am thrilled to take a stab at building a better technological future by presenting my vision on what the United States Federal Government can do to improve. My hope is that you find my submission a worthwhile conversation-starter. If you have feedback, I would highly encourage you signing up to Policies for the People, and then replying to the post.

Executive Summary

Primary Concerns

• Allowing Foreign governments to dictate free expression online
• Big Tech & Government stifling innovation
• Mass surveillance and privacy risks to citizens

Overview

There is an immense amount of opportunity in building conditions for a more free cyberspace. By adopting a strong stance on digital freedoms and protections, Americans can transform the digital landscape. This opportunity represents a chance to truly resolve many pressing concerns, and brings huge economic and cultural benefits.

When many think of grand-sweeping changes in technology, often they think of the European Union. As a leader pushing for ambitious reforms, the EU is very much in the driver’s seat of deciding the future of cyberspace. While there are many benefits to this, the EU does not prioritize classic American values such as free speech. This is quite apparent in many projects and initiatives.

In this proposal, I share a vision on how the United States can replicate many of the successes from the European Union’s strong digital vision, without conceding cyberspace to be dictated by the EU or foreign adversaries. This proposal is a vision for a future of cyberspace where Americans are free to maximize innovation, creativity, and security.

At a high level the following reforms are required:

• A strategic vision to exceed the European Union’s Next Generation Internet initiative
• Institutional Safety
• A Digital Bill of Rights
• Creating opportunity for a better cyberspace

Strategic Vision

Protecting the interests of Americans in cyberspace requires a bold new departure from the status quo. For too long, the web has largely stagnated as cyber threats and online harms escalate. Instead of trying to address concerns on a reactionary per-issue basis, a new direction is needed to confront the foundations of these troubles. The goal must be to transform the technological landscape to represent one of innovation, collaboration, and strong security practices.

First and foremost, there must be recognition of the fact that online freedom issues quickly become national security concerns. If Americans don’t feel they can safely and effectively engage online, they become vulnerable to being exploited, undermining their own security. Transformative change is required to adapt to the realities of cyberspace in our time. As the Crowdstrike Global IT outage has shown, top-down security efforts have their own risks. Instead of developing a plan to centrally manage digital affairs, Americans deserve a properly decentralized technological landscape.

A variety of EU projects are aimed specifically at granting the European Union digital sovereignty, but falls short of reclaiming it for the citizenry as well. A cyber strategy for the United States has to recognize the importance of it’s own digital sovereignty as well as that of individual Americans. If this opportunity is forsaken, the entire infrastructure of our online interactions can be dictated by the European Union, or even foreign adversaries.

Thus, the United States Cyber Strategy must pivot away from consolidating power through Big Tech, and towards empowering citizens, families, communities, and businesses to be truly resilient from modern cyber threats. This will require a long-term plan that includes necessary components like right to repair, privacy protections, strong privacy guarantees, and above all transparency and accountability. Americans are not lacking in skills, knowledge, or creativity, what is lacking is a solid foundation to build a modern and free cyberspace.

The benefits of a bottom-up effort to transform our digital landscape are immense. This taps into vast swaths of under-utilized labor and skills and create the conditions for multi-disciplinary collaboration and innovation. Open Source has proven to be a highly effective and highly resilient model for not only innovation, but also collaboration with throughput vastly superior to constrained models. The future of work is here, it’s just about making it economic.

The purpose of the strategic vision is to realign priorities towards Civilian-based cyber defense. This principle recognizes the reality that every person has a role to play in keeping digital threats at bay. Therefore radical new approaches are required to foster an environment of education, collaboration, and competition. By creating fertile ground for innovation and bottom-up feedback, many of our present challenges can be transformed into opportunities.

Civilian-based Cyber Defense

The principle of Civilian-based cyber defense is so effective that it has already been partly implemented out of necessity. Organizations like CISA run programs to raise cybersecurity awareness and digital education. This is something that needs to be explored to it’s fullest, and brought to the forefront of many cyber & education initiatives. Instead of relying on massive entities to safeguard everyone, a radical new approach is required to tackle modern digital threats. This new approach is equipping every individual to be an active participant in a more safe and secure future.

Understanding the threats

These risks are outlined to demonstrate that many of these threats and their components are inseparably intertwined. For too long our institutions are modeled with a vision that cyberspace is entirely separate from the real world and people’s lives. Cyber threats very often include planning, preparation, or even methods that impact real-world infrastructure and people’s personal vulnerabilities. The idea that these threats can be mitigated, much less eliminated without a holistic, bottom-up approach is madness at best and arrogance at worst.

• Cyber warfare

  • Software / Hardware supply chain attacks
  • Mass surveillance (foreign and domestic)
  • Ransomware
  • System disruption

• Cybersecurity & IT

  • Malware
  • Breaches
  • Outages
  • Social engineering attacks

• Online Harms

  • Harassment
  • Cyber-stalking
  • Exploitation

• Privacy Risks

  • Identity theft
  • Personal safety / Extortion
  • Undermines trust
  • Chills speech and participation

• Fragility

  • Single-points of failure
  • Dependence
  • Censorship
  • Lack of competition

Civilian-Based Cyber Defense in Action

• Education

  Our technological future is always going to be in the hands of our youngest. Their decisions on what to use, how to use it, and what to build on fundamentally reshapes our collective digital experience in real-time. At the very least, it is crucial that this is an informed decision. At the bare minimum, “computer literacy” should be tracked, fostered, and improved just like actual literacy.

  Beyond schooling, public awareness is crucial. Education and outreach must be a life-long experience. Just as online threats and harms have evolved over the last two decades, we can be quite sure they will continue to evolve at a rapid rate. This can only be ameliorated with an environment where Americans are able to have a meaningful impact on their own digital experience.

  A wide range of initiatives are on the table when one recognizes that the first-line of cyber defense isn’t powerful tech giants, but rather individuals themselves.

• Research

  Information is the most precious resource. Initiatives that can acquire vital information about pressing concerns are invaluable. America’s highly skilled and creative workforce can take advantage of opportunities to leave no stone un-turned when it comes to investigating digital threats, and their solutions. Agencies should be leveraging their unique insight to provide information to the public on ground that needs to be covered.

  Building a national defense strategy around bottom-up innovation requires exhausting lines of inquiry that many technical minds are eager to explore. With properly aligned goals, the digital sovereignty of individuals and national security can lead to powerful strengthening of both. By relying on the same methods to secure both, citizens can have a direct impact on not only improving their lives, but the very fate of the nation.

• Collaboration

  Leveraging powerful models, like Open Source development (for both hardware and software) offers huge benefits for innovation. There are many ways to include people with varied expertise to gain multi-disciplinary benefits from broader collaboration. With open and transparent methods of governance, and even tools and techniques, feedback from the front-line can make an even bigger impact.

  Transparent sharing of insights, but also including public feedback into the equation, allows for much more rapid iteration on crucial concepts.

• Innovation

  With the benefits of hardware and software freedom, technologies can be safely used in both public and private contexts. Optimizations can be widely deployed and many can reap the benefits. By building the foundation for a truly free technological landscape, the USA can become the home for boundless innovation. Realigning strategies and goals for a free digital future has immense opportunities for both individuals and institutions.

Institutional Safety

While all of the above sounds wonderful and amazing, very little of it is truly possible without trust. This is very much where the European Union fails to deliver on what they intend in their digital strategy. With some reform, the United States is in the unique, enviable position to be a world leader in not just technological innovation, but also digital freedom and security. Improving the relationship between institutions and people, trust can be built towards genuine cooperation and shared interests.

De-FANGing the Surveillance Apparatus

The very fact that the European Union has spent so much trying to break free from American companies tells us all we need to know about how much Americans can trust public-private collaboration with these entities. As such, not only do Americans require stronger privacy and security guarantees, but they also deserve a government that doesn’t leverage private entities against their interests. Public, short, medium and long term plans must be made to entirely dismantle domestic surveillance.

Cooperation, subsidy, and information sharing with for-profit entities must be phased out. These institutions seize and pacify a huge amount of America’s top minds and puts them to work building things that are incompatible with a free digital future. Maintaining proper boundaries between private and public institutions is a vital reform in building meaningful trust in the future. When law enforcement requires information, it must be obtained with a valid court order, both requests and receipts must be properly and transparently disclosed.

Digital Bill of Rights

The White House currently has a Blueprint for an AI Bill of Rights. Some of the concerns raised are excellent, others are unnecessary barriers to innovation. Even worse however, the AI Bill of Rights is far too narrow, and possibly wastes the opportunity to develop a truly comprehensive Digital Bill of Rights. A Digital Bill of Rights must not only apply to government departments, but where possible, to publicly traded and regulated entities. Some of these exist already in some form or another, but a comprehensive (Federal) act is required.

Digital Bill of Rights (Shortlist)

• Access
  • Non-discrimination on protected status, politics, or even a wider range of criteria
  • Prior notice to disruptions to access with proper due-process
• Data Sovereignty
  • Right to refuse data collection
  • Control over how information is used and shared
  • Right to request, and delete personal data
• Transparency & Accountability
  • Clear and transparent disclosure of information sharing and breaches of personal information
  • Liability for data misuse
• Freedom of Choice
  • The right to refuse particular devices, services, and systems

Regulate digital public infrastructure providers as “common carriers”

Not only as a means to strengthen the Digital Bill of Rights, but also to protect good-faith providers of digital infrastructure. With a broad conception of public digital infrastructure, more Americans can feel they can equitably participate in the digital economy.

This would include:

• ISPs
• Domain Registrars & Public DNS Providers
• Cloud & Web Hosting Providers
• Payment Providers
• Financial institutions

Protecting Innovation & Security

To compete in the modern digital environment, new approaches are required to stay adaptable. Beyond sustaining various rackets, the goal is to allow American innovation to thrive in an environment that makes people and cyberspace more free. There is significant demand for secure, verifiable systems that put the person first. Instead of falling behind foreign competitors, the USA can reclaim it’s status as not only the land of the free, but also free cyberspace.

Right to Repair

Right to repair involves various reforms that are essential to long-term innovation and security. Of crucial importance is the ability for users to have the capacity to modify potentially defective firmware. Very often digital products fall behind in security, so much so that the EU is considering harsh import restrictions under the Cyber Resilience Act.

By encouraging an environment where devices are more free and open by default, users can have the control to obtain the highest security guarantees needed for the situation. This alone has the potential to resolve security issues faster than any single initiative could, by allowing almost everyone to take a role in thwarting cyber threats.

Prioritize Free & Open Source Software & Hardware

Software & hardware freedom is a very important public good. Open source is a very effective way to put bottom-up feedback and contributions to use. By harnessing these goals, America’s technological economy can be radically transformed in a way that provides a great deal of jobs and opportunities. By using Free & Open Source Software, government agencies and departments can not only reclaim their own digital sovereignty, but individuals as well. The technological landscape moves very quickly, and is only poised to accelerate as enthusiasm for decentralized open cooperation improves. It’s crucial not to miss the opportunity to embrace this change.

Related Proposals:

• Digital Privacy Bill of Rights
• Digital Privacy Act of 202X
• Right to Repair Legislation
• NIL Law attached to your cyber footprint
• The Digital Privacy and Anti-Surveillance Act
• Enhanced Privacy Protection for U.S. Citizens
• How to Restore Free Speech Through Simple Legislation
• Rural Broadband Infrastructure