Humans now create an extraordinary amount of information every day. (1) Unique content, regardless of veracity, is distributed with unprecedented velocity to an ever-growing audience. Individual citizens' patterns of life are now collected by everyone from commercial organizations to malicious actors. Methods to collect, collate, and analyze data become more agile and widely available every day. Institutions in democracies must adapt to their citizens having more of a voice, and being more vulnerable, than ever before. This means that many organizations need to modify their behavior.
Governments need to assess and regulate an environment where they may no longer have the most data on individuals. Commercial organizations must accept some responsibility for the data and information they gather, and what it can be used for. The press must adapt to a new paradigm of information sharing and act to protect their audience. Finally, all these things must happen in concert, in an environment of public-private partnership that somehow protects personal freedoms, organizational integrity, and private revenue.
Data and Democratic Government
In governments, data management is usually subordinate to the larger information technology operation. In many cases, governments recognized the need for a concerted technology management offering in the 1990s, began delivering it in the early 2000s, and largely completed implementation by the 2010s. Over the course of that long timeline, the service architecture identified and created in the late 1990s and early 2000s became inadequate in a cloud and mobile-based world. Monolithic government IT departments, designed for the centralized physical management of the early 2000s, now scramble to modify their services in time for their customers to use them.
The Seattle Times recently highlighted an auditor's report that castigated the Washington state technology agency for poor service delivery and operating at a deficit. (2) However, the agency is shackled by the $300 million data center that the state built in 2009. The state's data, along with its technology services, are trapped in a massive capital artifact. This is not an isolated example, either in the United States or the larger democratic world.
The organizations that underpin democracy are unwieldy. Changing institutional and organizational processes takes a long time. Often it takes too long. Technology and even public sentiment moves on before changes are made. An issue or threat that requires vital attention becomes obsolete, but morphs into new requirements. An amusing report from the July 1922 United States Naval Institute proceedings bemoans how long it takes for a "minority that 'knows' to instruct the vast majority until sufficient public sentiment is created to force the change." (3) The Institute was talking about using Navy yards as industrial establishments--the 1922 version of requiring large government agencies to be nimble in their tech processes.
This is most apparent in the municipal and national governments of relatively established democracies. Elected legislatures with appointed functional officers, like most democracies, tend to be risk averse with what they buy and how they direct that it be used. Directing change in a democracy creates risk at a very personal level for those who administer it. Professional democratic officers tend to not be familiar or comfortable with the processes, education, or technologies that allow effective data sharing and security, and move slowly when acquiring or directing it. The Information Technology and Innovation Foundation described this slow and obstinate policy environment in a 2016 report advocating for digital infrastructure improvements. (4) They warn that "outdated and costly policies designed for the infrastructure of the 20th Century" put modern and effective policy at risk.
New Vulnerabilities and New Obligations
This sloth, however, is not acceptable in the current environment. The same report warns how cyberattacks on supervisory control and data acquisition (SCADA) systems have increased from 90,000 worldwide in 2012 to 675,000 in 2014. These are the systems that collect on and control industrial processes like air coordination, electric power generation and transmission, and wastewater management. In 2016, according to Security Week, attackers took control of a regional US water utility and acquired control of the flow of toxic chemicals. (5) Another group took control of the transit system in San Francisco. This year, unknown hackers released malware targeting systems in the Middle East and Europe. That software not only wiped systems, but it provided attackers access to systems and was used for "espionage against an unknown number of targets." (6) The 2017 Equifax breach compromised and distributed personal information from millions of people in at least three countries. (7)
Most information that used to reside in wallets and safe deposit boxes is now digital, and data that supports it grows every day. This is a good thing. More people than ever before have greater access to education, banking, legal services, and identity verification. However, the current regulatory environment lacks a global commitment to collection and protection standards. Most...