Disclaimer: The views and opinions expressed by the author(s) do not represent the official position of Barbados TODAY.
By Pearson A Broome
Recent implementation of digital transformation projects in the Caribbean has gone from zero to 60 miles-per-hour and several major newspapers have conversations expressing awe and consternation at the efficacy of these e-initiatives.
Recent discussions in Barbados have rightfully called into question accepting the National ID cards, tags for drivers’ licences, and a range of e-government services. It is treasonous and treacherous these days to wade into policy debates as proffering any critical analysis of post-2018 policy arouses influencers, strategists, pollsters and bots against introspective analysis and professional credibility. Recent warnings by cyber-professionals wary of these initiatives have profound merit. This commentary is not intended as a dystopian affront to government attempts at digital transformation, but rather a signal to policy planners to be mindful of the vicissitudes of technology and development.
In real countries, digital government presents opportunities for improving public service and governance, reducing transaction costs, mutually saving time and money and limiting potential for government corruption. E-Government can range from communicating decisions and regulations to interactive online services where citizens can obtain licences and visas, pay taxes, and report service defects. The COVID-19 pandemic demonstrated the need for better access to services through digitizing with the citizen experience in mind. But risks to the right to privacy and other rights must be managed to ensure digitization does not result in breaches.
Niel Harper has been pointing out the challenges in cyber security and the larger technological issues. But there is a pall of vilification over his analysis of the need for a more reflective approach to digitization. This article supports his call for reflective analysis and the need to secure our information.
There is no debate that the current laminated national ID card has to be changed. Nor should we doubt the need for digital platforms to process basic government transactions to avoid some attitudes of civil servants. But policy planners should not see the call for a steady approach as an insult to their very being.
I intend to present policy planners driving the process of digitizing government with a normative value analysis (NVA) based on a set of value-related features of structural governance such as transparency, accountability, integrity, impartiality, efficiency that e-governance should promote. Structural governance is about how things are done, not about if they are done efficiently or honestly. An NVA reflects the underlying principles and values of the political system, and these may vary. Structures will normally be decided with norms in mind, but need not meet a normative concept of ‘good’ governance.
In this article, I consider a range of critical cyber challenges within this context of NVA. Digital government is not a plug ‘n’ play process. It is a complex socio-technical endeavour that presents to the undiscerning several cross-cutting contradictory and intractable issues. Policy planners often fail to recognize this and can attack the boy who reminds the emperor or empress that he or she is naked. One reason for caution and critical discussion in digital government is that information and communication technology for development (ICT4D) is still not universally defined or regulated.
There are larger philosophical and theoretical questions of how technology is [re] shaping capitalism, but it is easy for the public to see these issues as doctrinaire or grandiose. There can be a range of unintended consequences when human understanding and engagement does not keep pace with increasing technological sophistication. The most prominent common theme is the trade-off between reasonable goals.
The case with Edward Snowden is well documented. Over the years, a host of global data leaks occurred that show we need to be concerned in an age of well-developed surveillance capitalism where firms and governments are capturing and rendering data that can be used for political and commercial ends and for suppressing individual sovereignty. There is a naïve belief that such activities are far removed from Caribbean shores even after it was revealed that Cambridge Analytica employed illegal data and communication mining in Trinidad in 2013. Whistle-blower Christopher Wylie, Cambridge Analytica’s former Director of Research, told the House of Commons that the data acquisition in Trinidad and Tobago was illegal and that there was “total disregard for the law”.
The absence of comprehensive data protections in Trinidad and Tobago made it easier for Cambridge Analytica to harvest data and manipulate voter behavior. There was a Data Protection Act 2011, governing the use of personal information by public and private bodies, but only the general privacy principles and the sections establishing the Office of the Information Commissioner were in operation. Barbados, like several other Caribbean countries, has still not seen the need for meaningful Freedom of Information Acts, Data Protection Acts and integrity legislation.
When the Barbados voters’ list indiscreetly went viral, the indifferent official response was the groundless argument that the voters’ list would have been available in public spaces, anyway. How tort! Commercial enterprises would have seen this list as an information bonanza for refining their targeted social advertising, in a practice known as Real-Time Bidding (RTB). This clandestine approach has caught the attention of privacy in the OECD. Regulators pay attention to RTB as it involves collecting and sharing highly sensitive personal data with third parties.
We can say more about how simplistic it was to see the viral pdf as merely a technical glitch. In the voters’ list were the names of professionals who work in highly dangerous jobs such as investigating narco-trafficking and must maintain utmost discretion. Recently, major local dailies reported that the Queen Elizabeth Hospital (QEH) suffered a cybersecurity incident on its internet. The strategists communicated an ambiguous message to the public: “A number of areas appear to have been affected, and as a result, there will be disruptions and delays in services”. Barbadians were left with the glib message that the hospital was “taking all necessary precautions to protect the integrity of our systems and patient privacy”.
In essence, we were to believe “we got this!” Likewise, a recent “self-administered survey” (it must have been since to this date no one has claimed administration) by students at secondary schools breached every imaginable ethical value. The usual vociferous and opinionated advocates and officials remained silent and/or ambivalent and for sure no one will ever know how and why the information was collected.
These instances need repeating for those with selective memories, and for those who refuse to see network interoperability and what it means both for cybersecurity and for the more involved and complicated architecture of digital governance. There are viable reasons to highlight these challenges that call for an urgent change in approach.
And so, the public’s concern for cybersecurity is a top item on the risk agenda because of its uncertain effect on national economies.
For individuals, the proliferation of passwords, security-patch updates, and interdependency between devices makes hacks of personal data more and more likely. Across the globe, various institutions are committing substantial resources to developing solutions for enhanced data protection frameworks. Civil society experts and academia must more than ever engage if the region truly cares about a CARICOM Single Market and Economy. In this instance, market intelligence determined by access to information forms the bedrock of a well-functioning market. The need for a well-designed and securely encrypted national ID card, therefore, goes beyond the boundaries of Barbados.
Safety can be under pressure when people are not very careful. Or more often, when they do not pay attention, or design systems in flawed ways, or have bad intentions. Complete safety (and security) usually cannot be guaranteed, but the government and private actors should still strive for safety and security in the “abundance of caution”. It is egregious to decry civil society calls for dialogue on cybersecurity services as disruptive. After all, a pervading issue of the humans/technology interface is the human inability to understand and keep pace with the permutations of technological inventiveness.
Regrettably, rather than the head of the Democratic Labour Party advancing a socio-legal analysis of embedding complex digital information into a regulatory human rights environment, his plainchant, according to one newspaper, was: “Don’t get the national ID cards”. Why? In essence, the blind spots on the legal issues in the violations of rights resulting from new technologies were ignored. Nor did he comment on the extent to which risk profiling is potentially discriminatory. He also said nothing on matters relating to conflicting rights resulting from new technologies and the extent to which someone may be wiretapped for criminal investigation. Nor the extent to which someone may insult a religion. There was no discussion on the legal praxis around the ‘right to be forgotten’, sometimes referred to as the ‘right to oblivion’. It is not difficult, therefore, to imagine why he too shall pass.
Over-emphasising technical cybersecurity often leads policy makers to neglect protection of values and citizens’ trust in rolling out the digital infrastructure. Thus, it is equally important that cybersecurity supports the protection of values, which often carry complex relationships. Understanding this and other value dilemmas is imperative. If such issues are discussed, it is in isolation and without an integrated view on the ethics of digital governance. An NVA qualifies structural governance, which may, but does not have to, be designed to deliver or support norms.
We must focus very precisely on the tensions with accountability as governments try to improve digital governance capacity. The issue becomes how those working in digital governance genuinely understand the business of “governance.” Obsession with accountability through imposing rules can encourage public officials to avoid risk by creating more rules (Broome, 2021).
If their view of governance is centred on the state, then there is no future in promoting accountability to citizens. But if the government truly understands digital governance to be a many-layered process in which citizens and government officials argue, bargain, and sometimes agree, then citizens holding governments accountable will be seen as a fundamental part of their agenda. Promoting accountability of governments to their own citizens will then have a secure future with real development.
Pearson A Broome, Lecturer in Political Science
MSc. Coordinator eGovernance in Small Island Developing States
Author of: An Ethical Turn in Governance: The Call for a New Development Narrative
This article is an abridged version of the one carried in the Policy Brief of the Department of Government, Sociology, Social Work and Psychology, Faculty of Social Sciences Cave-Hill.