Can digital disruption be governed?

We’re just beginning to grasp the full extent of digital disruption. As in the financial crisis of 2008, when top executives revealed they couldn’t really understand the inner workings of financial instruments they had sanctioned, leaders of Internet companies are overwriting yesterday’s statements as negative externalities of their businesses surface. From foreign intelligence services leveraging social networks to influence elections to digital identity theft, to rising social inequality, a nauseating sense of frustration has emerged.

These issues present challenges well beyond corporate governance, as many of them are rooted in global digital markets. Digital disruption is here to stay, with data and Internet intensive economic activity rising from 20% to 80% of the global economy in the next decades. So, it’s important to think about how to manage these challenges. That’s what Jonathan Aronson and Peter Cowhey do in “Digital DNA,” a new book published by Oxford University Press.

Aronson and Cowhey pick up two key issues to discuss digital global governance, cybersecurity and data privacy. Many have reacted to the serious challenges in global governance by calling on the United Nations. But, while the UN contributes to global governance in many areas, especially security, it falls short in addressing complex issues in which key world powers have very different preferences, making it impossible to achieve effective agreements. Instead, Aronson and Cowhey propose multi-stakeholder organizations and trade agreements as instruments for digital governance.

Among multi-stakeholder organizations, they identify SWIFT, an association of banks that manages international money transfers, to discuss the potential of a new type of arrangement. SWIFT engages all banks of the world. It assures confidentiality and cybersecurity of transactions and has been tested by crisis, from managing sanctions against Iranian banks to cybersecurity breaches. A committee of central banks oversees SWIFT; the Belgium central bank, since SWIFT’s HQ is in Brussels, supervises it closely on behalf of its peers. From this experience, Aronson and Cowhey extract the DNA of a successful multi-stakeholder entity: a civil society organization under the supervision of public authorities.

Trade agreements exert more influence over non-trade issues than they get credit for, argue the authors. The World Trade Organization’s 1999 Basic Telecommunications Agreement (BTA) enshrined pro-competition norms in last mile communications. Why did the WTO successfully forge the BTA, and not the International Telecommunications Union (ITU)? The reason is because Ministries of Communication, many of which at the time managed state-owned telecom monopolies, represent member states at the ITU, while Trade Ministries participate in global trade negotiations under a framework of competitive global markets.

Cybersecurity is hard to negotiate in inter-governmental forums. Cyberattacks have an “offensive edge,” Aronson and Cowhey note, which make countries with capabilities unlikely to constrain themselves, while companies hesitate to spend the upfront money required for protection. Most countries, however, are building public-private cyber-response emergency teams, which could potentially evolve into multi-stakeholder negotiating bodies. Because cybersecurity and market protection mix, especially in China, trade could also become a tool for such negotiations. Currently, Trans–Pacific Partnership (TPP), a 12-country trade agreement between U.S. and Pacific nations, prohibits a requirement for disclosure of software source code, something China has asked international software companies to do in exchange for access to the booming Chinese domestic market. By design, China was not part of TPP, but the Trump Administration withdrew the U.S. from the agreement, derailing a good attempt at digital governance.

Aronson and Cowhey are skeptical of any chance for a meaningful agreement if a very large number of countries are involved in the negotiations. They suggest the formation of a relatively small “club” of members of the Organization for Economic Cooperation and Development (OECD) plus TPP members to develop cybersecurity and data privacy norms. Those norms would govern cross-border data flows and cyber behavior, creating an international legal framework to attract other nations to observe. The authors of “Digital DNA” recommend that if the preferred instrument is a trade agreement, it should be a “plurilateral” one, without most-favored nation (MFN) status, meaning that only countries that enforce their commitments would benefit from other countries’ commitments, preventing “free riding.”

Clearly, both multi-stakeholder arrangements and trade agreements will be key tools to achieve global digital disruption governance in the future. But it is also clear that these instruments will not move ahead quickly at the global level, just as trade negotiations have dragged in recent years and incentives for multi-stakeholder governance are largely absent. Aronson and Cowhey, in any case, offer a number of good ideas and avenues to explore, making “Digital DNA” essential reading for corporations, policymakers, analysts and NGOs involved in digital policy.