Achieving some form of digital autonomy or sovereignty is a wicked problem, too large to handle in one go. Let’s start therefore with the main actors, and what is at stake for them. We can then talk about how digital autonomy allows these actors to collaborate and compete, and therefore impacts the risks they see. Elsewhere, I write about international actors, and this story builds on that.
All actors (e.g. governments, companies) perceive IT risk in their own way. Generally though, they include the standard IT risks (confidentiality, integrity, and availability). Beyond that, there is the risk of failing to capture the value of new technology, and failure to exercise governance and control over relevant other actors.
After we have looked at the actors, we can talk in more detail about these risks.
Nations
The story often starts with nation states, in particular their governments. These are the guardians of a country’s territorial integrity, and the prosperity and well-being of their population. At least, that is the theory, for now we assume this is a given.
The assets at risk include:
- the confidentiality of internal government communication
- military capability
- the capability to regulate businesses and individuals
- the ability to fulfill its responsibility towards its citizens, e.g. by implementing laws and respecting privacy rights
- defining and implementing economic policies on trade and industry, as a tool for economic development
Within governments, we can identify actors acting as regulators. Countries are also tied into multinational actors, such as the International Criminal Court (ICC), the EU and NATO. These in turn have many agencies, each with their own risk profile.
Companies
Next to countries, companies can be very powerful actors. The biggest companies have turnover and assets that exceed those of most countries in the world.
Of course, not all companies have equal power or role. The most influential companies when it comes to digital autonomy are the large technology providers: infrastructure companies, AI companies, and major manufacturers. They control large parts of the digital ecosystem, but are also fundamentally dependent on it.
Smaller companies are typically consumers of technology, with a lot less power than the suppliers.
Companies can be subject to regulation by states and other actors, which we will discuss a bit later.
Finally, interesting complications arise when companies (large or small) have international market presence or ownership, as this brings new types of conflicts that they can have with nations.
What is at risk for companies includes:
- the license to operate, including compliance and adherence to regulations
- assets and profits
- the capability to compete, innovate and develop
Regulators
We already mentioned government regulators, but industry associations can also regulate, an example being the Payment Card Industry Security Standards Council (PCI SSC) for credit card data.
Regulators issue, maintain, and enforce compliance rules.
Their main asset at risk is their capability to enforce rules, for which they are often critically dependent on other actors.
Individuals
The most diverse group of actors is formed by individuals, because there are so many ways in which they interact with the other actors.
Individuals can be:
- data subjects, whose privacy rights are at stake
- cloud consumers
- voters
- technologists
- engineers
- employees
- civil servants
While a single individual has very little power in comparison to a government or big company, when they organize they have the potential for significant counteraction. Democracy is an example, collective market action is another.
Non human actors
While it may sound unusual, it is useful to consider non-human actors. In his book “What Technology Wants”, Kevin Kelly popularizes the case that technology can be considered as a living organism. And scholars such as Bruno Latour helped develop Actor-Network Theory, which acknowledges ‘agency’ outside of humans.
An example of information technology to apply this to is open source.
An open source solution, maintained by an active community, empowers its users. It also significantly reduces the power of actors that are associated with a proprietary solution for a similar problem.
Linux is one of the most well-known examples. Before it existed, companies could charge for operating systems and updates. Linux made that a lot harder.
In the 1980s there was a commercial market for statistics packages, configuration management tools, compilers, integrated development environments, and much more. Most of that is open source now, and that same dynamic is playing out in new fields.
As a final example of non-human actors, look at AI: the models, the agents, the providers, the infrastructure, as well as how some of this is open source. That is a big area in itself, which we will dive into with more specific analyses later.
Once we have a clear overview of the relevant actors, we can look at their autonomy, interdependence, and the power plays they can get into.
Stay tuned.