The information on this section is being currently transferred from our legacy system to this repository. We thank you for your patience as the process will take us some time.
The following is the statement read by The IO Foundation on the occasion of Indo-Pacific Economic Framework (IPEF)'s Stakeholders Listening Session that took place in Kuala Lumpur, on the 19th October of 2023. The session was held at the Kuala Lumpur Convention Centre (KLCC).
My name is Jean F. Queralt and I am here representing my organization, The IO Foundation.
I wish to start my statement by thanking you for the opportunity to present our comments and concerns on the Indo-Pacific Economic Framework for Prosperity (IPEF).
The IO Foundation is a tech NGO operating globally although with a focus on the SEA region, very specially Malaysia as many of our members reside in the country.
TIOF’s advocacy is Data-Centric Digital Rights, which can be summarized in the work towards ensuring that technology does not do certain things by design.
We aspire to technology, especially in the domains of software and data, that provides protections to citizens in the same fashion as other properly regulated industries. That is, as occupants of this building, we do not care (nor should we) as to why it is not collapsing on us. In a similar way, citizens should not concern themselves as to whether their data is being extracted or improperly used.
In this address, The IO Foundation wishes to raise concerns upon provisions in Pillar I of the IPEF, Trade, and in particular to those referring to cross-border data flows and source code.
Please note that as the time is limited, I will not be able to get into all the level of details that I’d wish and that we echo the concerns from my colleagues from previous statements which have raised concerns in the same provisions that we will.
The first thing that disturbed us, although this is not a new circumstance by any means, is the lack of technical definition of the text. And by this I am referring to the technologies that will be involved in its implementation.
If IPEF is proposing to achieve “prosperous” data flows then it comes to reason that there should be the necessary mechanisms in place to realize this vision and enforce it.
When speaking about cross-border data exchange, we tend to project the image that it’s a magical potion that produces magical results. Nothing further from the truth.
The fact that data exchanges are considered under Pillar I is telling: it sends the message that data is “a good”. However, let’s not get confused: data IS NOT a good, or an IP or any of the other 11 available definitions across jurisdictions. Data is ourselves. I am my data. Saya Data Saya.
In that spirit, we need to start taking seriously what happens with our citizens' data and how it is used and potentially weaponized.
This is yet not possible as there is no technical way to achieve 2 things:
Attach a manifesto indicating clearly what can and cannot be done upon the exchanged data
Ensure objective remote attestation of the platforms that will make use of that data
This gets further exacerbated when considering concepts such as “ethical technology” or “ethical AI”. I keep asking, to a deafening silence “Whose Ethics?”.
What are the elements that IPEF is missing? A few ones:
A taxonomy of data use cases
A standardized definition for data manifestos (in reference to cross-border data flows)
A proven mechanism for remote attestations (in reference to source code concerns)
In other words, there is an urgent need to establish a methodology to run unit tests that show their compliance with the protections that are provided to our citizens.
This lack of technical sound approaches are precipitating the rise of more closed down networks, further fragmenting the Internet. We will soon witness, I fear, the creation of single point data exchange gateways, much like we have borders for people.
Furthermore, let it be pointed out that self-regulations imply the outsourcing of compliance verification from the government to its citizens, which requires frameworks and tools that are not currently available and are not considered in the IPEF.
In a period of time where we are observing an increasing neglect towards the technical community, I must emphasize the importance of their participation in policy making and Free Trade Agreements. They are not mere observers, they are the actual builders of the technology that fuels our international commerce and as such they need to be more involved in any negotiations that will shape their work.
To conclude, I wish to express that the IPEF could be a good opportunity to take steps towards technology that observes the principle of Rights by Design.
May we also raise our concerns towards the difficulty to manifest any meaningful feedback when negotiations are not open to the public and the texts are not made easily available.
Thank you.