SHARE
SCB EIC ARTICLE
19 ตุลาคม 2016

National sovereignty in cyberspace

Recently, I was called upon to write a short memo for a policy-letter collection to the would-be 45th President of the United States; the piece would be framed as policy suggestion in response to shifts in strategic outlook and value of Asia’s rising generation. Clouded in harsh political rhetoric of personal characterization and domestic focus during year-long presidential campaigns, one issue with immense global impact in the age of connectivity has yet to receive sufficient spotlight: cyber-security.

Author: Sutapa Amornvivat, Ph.D.

Published in Bangkok Post newspaper / In Ponderland column 19 October 2016

ThinkstockPhotos-532872943.jpg

 

Recently, I was called upon to write a short memo for a policy-letter collection to the would-be 45th President of the United States; the piece would be framed as policy suggestion in response to shifts in strategic outlook and value of Asia’s rising generation. Clouded in harsh political rhetoric of personal characterization and domestic focus during year-long presidential campaigns, one issue with immense global impact in the age of connectivity has yet to receive sufficient spotlight: cyber-security.

 

Ongoing debates seem to point towards more prying eyes of the government on the people—American and global citizens alike—in the name of national security. This ought to raise alarm on individual privacy as well as national sovereignty in cyberspace.

 

Such issue becomes more of a threat given growing presence of American tech giants abroad and the huge amount of data which they have amassed. Regulations regarding the data security are in place, but hardly sufficient as evidenced in frequent breaches even at the high-level US government and business organizations. The trend has been rapidly prevalent beyond the US border. Notwithstanding privacy concerns repeatedly echoed by many Americans, the voice of other countries, especially smaller ones, on this issue has hardly been heard.

 

More worrisome is that our private information increasingly falls into the hands of so few corporates. Today, consumers voluntarily give up private information on mobile apps, social media platforms, cloud storage and computing on mobile devices in exchange of “free” services. Tech companies operating worldwide are keen on collecting these data, which allow them to analyze consumer behavior and apply that insight in various aspects ranging from marketing to fraud detection. The data collection is expeditiously more concentrated as larger companies swallow smaller ones—Google acquiring YouTube in 2006, Facebook acquiring WhatsApp in 2014. 

 

An enormous amount of data concentrated in one place could pose greater risks for the users, as leaks and hacks become common. In September, Yahoo officially admitted to a massive data breach of at least 500 million user accounts in 2014. In another case, a Security News website, CSO, reported that Hzone, a dating app for HIV-positive singles, leaked data of 5,000 users in 2015. Despite the small number of people who are affected, the app contained highly personal information that could potentially cause pain to involved individuals.

 

What’s worse is that data can be forced out of private companies’ hands by governments too. This could possibly threaten sovereignty of other countries. As the US presidential candidates put forth in their campaigns, a fight against terrorists means more intelligence gathering. In February 2016, the FBI asked Apple to help mine data from iPhone and build a backdoor to unlock iPhone used by the shooter in the terrorist attacks in San Bernardino. Although the case was eventually withdrawn from the court, it sparked a concern of future requests. What if the U.S. government finds a “legitimate” reason to look into an iPhone of key political figures in other countries?

 

More vulnerable are developing countries with weaker institutions and less capability of advanced cybersecurity. In Europe, the European Commission recently launched the EU-U.S. Privacy Shield Agreement that provides legal basis to force companies who transfer data across borders to uphold citizens’ right to privacy and data protection. China chose the extreme measure of shutting these foreign companies out altogether. Smaller nations, like Thailand and other ASEAN members, however do not enjoy such privilege. In these developing economies, data monopoly by a few foreign firms is even more pressing. Astounding growth of internet as well as social media users—more than 41 million Facebook users in Thailand and 241 in South East Asia according to International Data Corporation—means that cyber security in these countries should be treated with urgency.

 

This is where the US government could step in to help mitigating potential risks and demonstrate leadership.  Doing so can improve diplomatic ties and goodwill between the US and this region, as the balance of power has insidiously tipped towards China for years. With greater fear on cyber-attack, the US could help maintain the regional cyber stability by coordinating worldwide regulations on borderless data and cyber-espionage. The US presence and support can lend a hand to developing countries to be able to protect themselves from incoming cyber threats.

 

As for Thailand, the government too should do more to strengthen legal institutions regarding rights to data. This will ensure citizens’ rights to privacy and data protection especially when dealing with foreign data monopolists. The same framework will also help prepare for a transition towards Thailand 4.0. With many digitalization plans underway such as the upcoming PromptPay, more will be at stake.

 

Furthermore, there will be entries of new players beyond just US corporates as well. This month, Jack Ma, Alibaba’s executive chairman, just visited Thailand to discuss a collaborative project with the Thai government. The kind of risks we could face can be even more threatening over time as more data get linked together. Yet, concerns on security and privacy have not been adequately addressed.

 

Not only does this issue is less straightforward than addressing traditional security, but it also requires the government to strike the right balance between fostering innovation and protecting data privacy. I personally believe that premature regulations of the tech industry could cripple innovations and creativity. But cyber-security is important too. It is likely that the Thai authorities already have this in mind. Perhaps, what they need to do is to communicate louder and clearer of their game plan to raise public awareness of this potential danger.

 

With the unstoppable force of connectivity, regulations alone will not be enough. Private companies such as banks and telecom companies will have to do much more to improve their security systems. But the process for greater protection can be slow without strong demand from customers. More importantly, we should also ask ourselves whether, as an individual, we have done our part to protect our privacy in this oversharing world.

 

ธนาคารมีการใช้เทคโนโลยี เช่น คุกกี้ (cookies) และเทคโนโลยีที่คล้ายคลึงกันบนเว็บไซต์ของธนาคาร เพื่อสร้างประสบการณ์การใช้งานเว็บไซต์ของท่านให้ดียิ่งขึ้น โปรดอ่านรายละเอียดเพิ่มเติมที่ นโยบายการใช้คุกกี้ของธนาคาร
ยอมรับ