The writer is international policy director at Stanford University’s Cyber Policy Center
Last week, Google and Facebook stepped up their row with the Australian government, over a new law that would make the online platforms pay for sharing news content. Google warned that the move would force it to stop offering its web search function, which is used by 95 per cent of Australians — prompting the nation’s prime minister to say: “We don’t respond to threats.”
At the same time, Facebook announced that its decision to ban former US president Donald Trump from posting messages would be reviewed by its own oversight board of handpicked experts. They will now decide whether the social media group was correct in its judgment of different users’ rights and interests.
Both events demonstrate an ever-growing trend: technology companies think they should be deciding public policy, not governments.
It is not just social media platforms, either. These days, all kinds of businesses set rules for how technology affects people’s lives. Encryption standards, for example, determine the extent of national security. Facial recognition systems deny the right to privacy.
Since all of society is touched by such digitisation, this puts companies in the position of policymakers — but without the governance mandate, independent oversight or checks and balances deemed vital in a democratic process.
In fact, tech groups’ governance powers are encroaching on the role of the state at ever greater speed. Minting digital currencies, verifying digital identities, even building cyberweapons — it is all under the direction of boardrooms, not parliaments.
One consequence of this private sector digitisation is that governments have, in effect, outsourced cyber security and personal data protection to companies — companies that do not always have duties of disclosure.
We witnessed as much in the hacking of SolarWinds’ networking software, to distribute malware. Had it not been for cyber security firm FireEye, we may never have learnt of the intrusions on companies and many US institutions. Software made by the likes of SolarWinds and Microsoft forms the backbone of digital operations globally, yet a decision to forgo proper security safeguards by SolarWinds was taken without anyone noticing. There are too few processes to ensure the public interest is systematically safeguarded.
That is why laws need to be updated fast. This is not about “regulating the internet” but rather about upholding existing principles, such as democracy — online or offline. And it is surely an erosion of democracy when the agency of an elected government is reduced proportionately to the pace with which private companies are empowered.
For technology groups wondering how they can avoid being accused of failing to protect democracy — as social media platforms have of late — there is a simple solution. Before the ink is dry on new rules granting regulatory oversight of digitised processes, such as search algorithms, companies can embrace the rule of law today.
Aligning with democratic and human rights principles can be done now.
The world over, the power of technology companies is becoming ever more apparent. That is why we must not limit our assessment of potential harms to democracy to just social media platforms or search firms. They may be the services that are most visible to internet users, but they are not the only ones in need of scrutiny. The privatisation of governance in the digital world is now a systems problem.
After the US Capitol riots of January 6, there is a growing awareness of the power of companies in providing a platform for the stagers of a coup. It should make us even more wary of that other coup: the privatisation of governance across the digital world.