Finding Australia’s asymmetric advantage in big data
30 Jun 2021|

It’s important to think beyond the cliché that data is the new oil. The dystopian dream of seamless data integration and the ability to ‘collect and know it all’ overlooks the complex politics of data. National borders and ambitions make for a landscape characterised by Balkanisation, conflict and contestation.

Countries know that strategic advantage is lurking somewhere in the data—the signal in the noise. However, a key question for all countries is whether that advantage lies in ensuring centralised control of data, in promoting openness and transparency, or in prioritising the use of data to serve the public interest.

It would be easy to pull up the drawbridge and regard increasing calls for digital sovereignty as calls for autarky. Mobilising Australia’s asymmetric advantage relies on our ability to lean into our democratic legacy to avoid perverse mirrors of the systems of data surveillance, or ‘dataveillance’, we frequently criticise. This means moving from a mindset of tech adoption and data dependence to one of strengthened interdependencies, international partnerships and civic engagement.

Nearly 10 years ago, CIA Chief Technology Officer Gus Hunt articulated the ‘collect it all’ theory of cybersecurity and mass dataveillance: ‘The value of any piece of information is only known when you can connect it with something else that arrives at a future point in time. Since you can’t connect dots you don’t have, it drives us into a mode of … try[ing] to collect everything and hang on to it forever.’

This collect-it-all ethos increasingly defines vast areas of national security and economic and social life. We are living in an age of big data where seamless integration is seen as a strategic necessity.  Much rests on our ability to convert the potential of data into a resource. This would extend the national conception of where and how we derive and trade economic value.

It’s easy to get swept up in a mindset that sees modernisation of data infrastructure as an essential good. Although corporate and government jargonistas would have us believe they’re scaling us into the stratosphere, many societal problems remain intractable.

A recent example of the tensions common to many corporate and government data projects is the pause of the ‘battle management system’ component of the Australian Army’s Land 200 project. The chief of army described the digital command and control of forces as the service’s highest priority project: ‘[W]hen we build a network and connect all the parts of that force to that network we are greater than the sum of the individual. It is the improved quality of command and control of all aspects of our operations, so it’s not about high-end warfare, not about counterterrorism. It’s about everything we do.’

The battlefield management system was intended to connect every vehicle and soldier to a secure tracking system so that commanders would know the exact location of all their personnel and equipment, and so that every soldier would see, through moving symbols on a personal or vehicle-mounted computer screen, where everyone else was.

The cost overruns, the significant governance issues identified in a scathing audit report and the pause of the program represent common vulnerabilities in data projects.

It’s tempting to buy equipment off the shelf to save money, but we have to think about how enterprise data projects are products of unique organisational cultures, human capital and infrastructure densities.

The great promise of 360-data systems is that they allow a busy executive or commander to determine problems and opportunities by glancing at an appealing dashboard without needing to understand the shape of the data.

However, this assumes that organisations have a solid governance and hygiene strategy for managing data that may be inconsistent, poorly integrated or from questionable sources. If the right questions aren’t asked of the data, what appears on a dashboard may be meaningless or deceptive. In the quest to rationalise and simplify, a dashboard may indicate that something is wrong, but not how bad it is.

Lack of data literacy from the top to the bottom of organisations is a widespread vulnerability. In an age defined by attention deficits, the promise of complex problems neatly solved on PowerPoint slides concedes too much to slick sales agents.

And all of our sophisticated tools for handling, searching, linking, sharing and analysing data in mind-numbing iterative and synergising processes may give us a misdirected sense that we’re on the path to change, when in fact we’re simply replicating the status quo.

Despite the claims of tech evangelists, the tendency towards indiscriminate corporate collection and monitoring of everything risks lowering the ability to understand complexity. Big data can construct new realities where ‘face-tuned’ algorithmic acceptability becomes the ideal.

The worst aspects of data analytics reduce diverse human lives and multidimensional social structures into data points. The functional and the mechanistic are preferred over the contradictory and paradoxical, and the critical value of weathered experience, good judgement, the obscure and the marginal can be lost.

The collect-it-all ethos, and the 360-degree view of human and ecological systems it might offer, could be endlessly exploited by the powerful. Citizens grouped into pseudo-scientific psychological profiles make rich fodder for microtargeting by rogue governments, foreign agents, charlatans and corporate executives.

There are inherent inequalities in data systems. A report commissioned by the Dutch Data Protection Authority 12 years ago estimated that the average Dutch citizen was included in 250–500 databases, and up to 1,000 for more socially active people. This can occur through over-monitoring of some groups and individuals (reinforcing over-policing, for example) and under-monitoring of those without access to data systems.

Data always presents a partial view, but even more pressing is the issue of data power asymmetry. The collection of our movement, health and demographic data is increasingly given over to global and national monopolies for control and profit extraction, rather than to further the national interest.

With fewer firms possessing the human capital and brute computer-processing power to handle complex data, we face a narrow world where rich and paradoxical human experience is nudged and reduced towards more ‘efficient’ and predictable choices. In the process, we lose a sense of a democratic data ideal—to use this resource to preserve the public good.

This translates to the setting of international norms about data, another highly contested area. When we assume that data is perfectly interchangeable, we miss the important ways that regulatory frameworks and international standards ensure the continuation of cross-border data trade.

Blockchain, for example, is meant to smooth the flow of information between jurisdictions, but when single countries insist on global compliance with their domestic cryptographic protocols, this can force the opening of backdoors that pose security risks. We should not lose sight of the importance of maintaining an international system that provides some form of common regulatory oversight over data transfers.

China has made data a matter of national security, and has placed strict limits on how it can be stored and taken beyond the ‘Great Firewall’. Although there’s an economic case for this form of data mercantilism, it’s a far cry from the early promises of a free and open internet. China has more to learn from the comparative openness of democratic systems as a source of innovation, which it has tried to gerrymander through strategic theft of intellectual property.

But within our own borders, we may not even know our own data network’s strengths and weaknesses. Many data systems function because they’ve been effectively patched over by temporary measures. Although there’s a lot of attention on modernisation of tech infrastructure, most of our tech spending is on operating and maintaining legacy systems, not on improvement.

A recent US Government Accountability Office report found that of the US$90 billion the federal government spent on information technology in 2019, nearly 80% went towards operation and maintenance of existing systems.

In Australia, a 2019 review of IT spending in the Australian public service concluded that ‘agency capital budgets are under-funded and there is strong evidence of a technology deficit across the APS, with some major legacy systems at or near end of life’. That review called for an audit of infrastructure, which might provide a strategic direction for a government otherwise relying on a passive approach to tech adoption.

A 2016 GAO report found that the US departments of commerce, defense, treasury, health and human services, and veterans affairs were still using 1980s and 1990s Microsoft operating systems that the vendor had stopped supporting more than a decade before. The same mix of Australian departments may be similarly vulnerable.

Frank assessment of Australian networks and infrastructure risks may evolve as the pivot to a risk-management approach in government information security becomes more widely understood.

It’s impossible to eliminate all data security risks. All organisations want to avoid a breach that adversely affects individuals or national revenues associated with intellectual property and collective surveillance. It is within our grasp to drive for a high standard of preventive risk reduction and to create a data regime that acts in the national public interest.

There are underexplored opportunities in Australia for genuine use of data that a top-down collect-it-all ethos might miss. There are examples of experimentation with data that build citizen engagement and participation into regulatory processes. One is the Taiwan process established by a civil-society movement at the invitation of Taiwan’s minister for digital affairs.

Australia needs to ensure that data benefits are more evenly distributed and that data harms are not socialised. If data frameworks don’t balance preservation of Australia’s democratic system and development of our skills ecosystem, we’ll end up with a digital and data dependence that compromises our sovereignty and doesn’t provide the strengthened digital interdependence we’ll need to navigate a period increasingly defined by digital geopolitics.