By Roel van Rijsewijk
Inspiring conversations with Ton Wagemans- Considerati
My previous kitchen table discussion ended with Christiaan Alberdingk Thijm’s call to empower citizens to regulate technological developments. As a society, we struggle to set the boundaries within we can make optimal use of technology. How do we balance regulation and innovation?
Today I’m going to talk about this with Ton Wagemans, a lawyer, tech policy expert, professional balancer and a freethinker. He helps organisations to increase adoption of new technology with dialogue and experiments.
I meet Ton at my kitchen table in Landsmeer, where one of my children occasionally rushes by as Chase of Paw Patrol. He is the first guest to sit down at this table after I moved from Amsterdam. Originally a lawyer, but an entrepreneur at heart. Ton, founder and partner at Considerati, wants to make technology work for everyone and get the most value out of it. With his organisation, he advises leading international organisations on the policy, vision and communication needed to achieve this. He develops and bases his advice on research, talking to consumers and stakeholders and by testing new policies.
The internet’s regulatory holiday
With a big cup of tea, we start the conversation. I would like to know where his passion for this subject of technology regulation comes from.
Ton begins: “After law school, I started a webshop with some friends. The lawyer in me started looking for general conditions for doing business on the internet. After a lengthy search, I discovered that these just did not exist. I did find a code of conduct from the Electronic Commerce Platform (ECP). I approached them with the question: Why are you working on this? The director thought this was an interesting question and invited me over for coffee. This meeting led to a job as a lawyer at ECP, where I became secretary of the legal working group.” With a glint in his eye, he says, “I considered myself lucky to be offered this job, because the webshop would probably not have survived the dotcom bubble.”
“The ECP was set up to enable the Netherlands to rapidly develop in the field of digital business. The platform aims to develop codes of conduct and communication. In the more than four years at ECP, I represented the Netherlands as an expert in the United Nations and the European Commission. Here, I have seen a lot and also thought about the balance that is needed to achieve good legislation. You want to make the best use of technology and prevent abuse. Shortly after I started at ECP my friend and co-founder of Considerati, Bart Schermer, also started and since then we have been working together on this cool mission.” Smiling, Ton shows his mobile phone and adds: “Bart’s number won the top position in my favourites list on my phone: we have been talking and thinking about this for over 20 years now.”
“Nobody could explain to me what self-regulation of the internet actually meant.”
“After a few years I was ready for a new challenge. For years I had been working on internet policy and regulation, but nobody could explain to me what self-regulation of the internet actually meant. The internet started with a kind of ‘regulatory holiday’; it was small, nobody understood it and was unregulated. Now it has a huge impact on our daily lives. When technology becomes so vital, you need policies and regulations. So, I decided to research internet self-regulation at Oxford University.”
I wonder if anybody does anything at Oxford but dream and remember – William Butler Yeats
With some professional jealousy, I imagine being in Oxford to study and think about self-regulation of the internet. I ask Ton about his experiences.
The memory brings a big smile on his face: “The three months in this academic environment surrounded by the smartest people were magic. The rich history, the old libraries, the colleges, just the whole atmosphere certainly contributed to this. I had been living with my wife for years and here I was thrown back on my own. They were months of reflection and thinking about what’s next. I returned with an extra suitcase full of books I had read and many new insights. At Oxford, the idea was born that you have to make sure technology fits into society, so society as a whole can benefit from it. I firmly believe that technology can take us forward, but at the same time I also recognise that technology can have undesired consequences. That’s why we need to think carefully about regulations and frameworks that enable technological innovation with the right safeguards.”
“After Oxford, I helped some companies to develop their own vision, policy and communications to achieve this. That’s when I decided to start my own company to help organisations with this. And I phoned Bart to ask if he would like to join me. The aim was to support companies and governments not only in managing the legal aspects of technology, but also in their vision, policy and communications to have society accept new technologies without fear. We were very lucky that we immediately had a number of visionary clients who believed in our story. We have continued to grow ever since,” he says with pride.
“If you look at how essential information technology has become in our society, you have to make sure that technology benefits humanity.”
Technology is omnipresent
Digital technology is developing exponentially. So fast, that we as linear-thinking human beings can hardly keep up. If you look at how essential information technology has become in our society, you have to make sure that technology benefits humanity. I am curious how Ton sees this.
“Never before so much has happened in the field of technology as in the last 10 years. The absorption of so many new things at this speed is difficult. At the same time, quick adaptation of technology determines the success of a society. Also, hot topics such like the environment and migration have a technical dimension; solutions to these kinds of big issues are never easy, but we need smart technologies to make them manageable. It is therefore crucial for politicians and policymakers to gain more knowledge on technology and consult the experts. If you look at the current political programmes in the Netherlands, they are hardly about digital transformation at all. They talk about employment, healthcare and education. These are the important themes, but information technology is a dominant theme for all of them,” Ton states with determination.
Catch me if you can
What Ton says triggers me. Cees Verhoeven made the same statement at my kitchen table. If digital technology is everywhere, you cannot grasp it. Or regulate it as such. “Politics and regulation are territorial, while cyberspace knows no borders.”, I add another dimension.
Ton responds: “This makes it more difficult to draw up and enforce policy and global principle-based standards are needed. In addition, technology is constantly evolving. Restrictive legislation is not desirable. You do not want to hinder or stop the progress that technology brings by over-regulating it. At the moment, there is no global governance for setting standards for technology, such as the use of algorithms. The United Nations, for example, is global but also very political and cautious. In any case, it is necessary to take practical action and regulate global technological developments both ethically and legally.”
The digital ‘poldermodel’
Globally, we need to work together to make proper policies that ensure the benefits of technologies for everybody. The topic of collaboration leads me to an idea I’ve been toying with for a long time and I would love to hear Ton’s opinion. I briefly tell him my idea about an expansion of the mandatory data breach notification within GDPR. As far as I’m concerned, the mandatory data breach notification should be extended so that all information should be shared on breaches, threats and vulnerabilities so that others can learn to better protect themselves. Currently, the mandatory data breach notification seems to be mainly used for naming and shaming, or worse, issue fines, while knowledge about why things went wrong and what we have learned is not shared. Companies should in fact share this information with each other, without the risk of damaging their reputation. Security companies must also offer the information they have freely and no longer sell it to the highest bidder. Finally, this mandatory notification and information sharing should also apply for government and the intelligence services. In this way, our national digital infrastructure becomes more resilient so we can benefit from technology in a secure way.
“This is where Europe is particularly lagging behind; we are not known for our speed.”
“I think that would be very good,” Ton replies, nodding in agreement. “But the tricky thing is of course: who is going to process this information? It’s a lot of work to collect, analyse and distribute all that information. How we would organize this requires careful consideration.”
In my opinion, the Netherlands is a good environment to experiment with this. “We learned to work together to protect us from water, the same ‘poldermodel’ should work for cyberspace. We could set this up as a distributed network using smart encryption and blockchain-like concepts. That way, information can be shared anonymous without some central authority having to do all the work.”
Ton is not yet convinced: “It really does depend on the implementation. I think everyone is in favour of sharing such knowledge, but the question is how to organise it in a way it works. You don’t want everyone to put effort into sharing information with no follow up or anything in return. Besides, not all data breaches are worth reporting, so it requires some human editing. In addition, there are already some good structures in place. For example, many other countries would like to have an institution like ‘our’ NCSC and the Ministry of Justice has recently started a team that is fully focussed on AI. The field is continuously developing,” Ton continues.
The global technology arms race
But from another view we are far behind. In the media, China and the US are labelled as technology superpowers in competition. You often read about Europe’s challenge to keep up. I am curious what to hear Ton’s geo-political view of technology adoption and regulation.
Ton confirms the picture I paint: “America has of course marketed a lot of new technology and conquered the free world with Silicon Valley in a regulatory environment that fosters investments and innovation. China follows closely with many new developments in a more closed and highly regulated eco-system. The speed at which you implement technology is becoming increasingly important. Regulation is necessary in order to allow technology to take root. This is where Europe is particularly lagging behind; we are not known for our speed. We talk too long and lack pace. And yet that is necessary to maintain our position in relation to the other world powers. A good example is the introduction of the digital signature. It took us eight years to introduce it. In Singapore, it took only 1.5 years to implement. If that happens with every technology, at a certain point you fall too far behind. The countries that adopt technology faster will then also lead the discussion on its proper use.”
Facebook’s Supreme Court
I respond, “The GDPR is an example where Europe is leading the debate. We have set the standard on privacy for the rest of the world. What worries me is that most of the big tech companies are not from Europe and we are lagging behind. They determine what technology we use and their norms and values are programmed into it.”
I see some frustration in Ton. “There is a lot of criticism on the big tech companies, but I believe they also want to do the right thing. For example, social media is now being judged for spreading fake news, but they never wanted to edit or filter content. Governments told them to take action against fake news and hate speech. They have long resisted this enormous responsibility. After all, it puts them in an impossible position. How do you set universal norms and values in a multi-cultural context, who has the moral authority to judge right from wrong? It’s all new and nobody knows exactly how to do it.”
I agree that you can’t expect business leaders to make those decisions and Facebook is trying to solve this: “I read that Mark Zuckerberg wants to create some kind of independent Supreme Court, since they themselves do not want to determine what is or is not acceptable on their platform. Facebook is a global community of more than 2.5 billion global citizens, almost a country in itself with policies and regulations. Can this community, as a group, determine those norms collectively? The anarchist in me gets very enthusiastic about this form of community self-regulation. After all, the internet doesn’t belong to anyone,” I add to Ton.
Ton responds: “There is a lot of discussion about this amongst academics. The internet once belonged to no one, but we’re past that phase. The question is whether users should regulate themselves. In any case, good agreements must be made that are tenable and that take everyone’s interests into account. Don’t forget that your background often determines how you look at regulation. I notice this especially in my conversations with foreign students at Leiden University. They are all smart people, but they look at technology from their country’s perspective. They understand our individualism, but not everyone is a great supporter of it. Consensus is therefore difficult, if only within one country. And then you have to put it into practice.”
“If you start forbidding everything and don’t dare doing anything, it won’t work either.”
And then we often learn that these regulations don’t work in practice and have unintended consequences. “The cookie law is a good example of good intentions, but everyone suffers from it and it does not work as intended. The user experience is compromised as a result.” I mention.
“That’s right,” Ton replies, “We are discovering it together, so you have to test and try. If you start forbidding everything and don’t dare doing anything, it won’t work either. At Considerati, we use policy prototyping. Based on all regulatory initiatives from different countries, we make a “red line law”. We then test this for a group of users in the product environment, like A/B testing. This provides feedback from people who have to work with it in practice with which you can adjust and optimise the rules.”
I am excited by this. This is the way to let the people decide. And information technology makes this feedback loop possible. “I think this is a great concept. By A/B testing legislation, we can renew the way we make all policies and information technology gives us the tools to do this. I can see that.”
“Make your mistakes small, fast and cheap.”
Philosophising in the Twiske
Ton says he also belongs to the free thinkers. “It is important that everyone starts thinking and discussing technology and rules that work in practice. I notice that the choices are often simplified to yes or no, like you have to choose between for example privacy and security. But it is not a zero-sum game. It’s about learning to adopt technology with the safeguards you need so that it doesn’t harm anyone,” he argues passionately.
I fully agree with Ton, like the referendum on the ‘Sleepwet’ in 2018: “Yes or no is too simple, by presenting the problem in that way, you don’t get a good result. Few people fully understood it. It is not a yes or no choice, but about finding the right checks and balances. This also applies to the policies and legislation surrounding technology; finding the right balance is always a challenge. We have to keep discussing and learning here. By implementing and testing policies more quickly, you can learn and keep improving. Make your mistakes small, fast and cheap.”
Ton nods affirmatively: “We want to make the best use of the technology, but then there must be room for experimentation in terms of policy. Regulation is not easy. You have to find the balance to help society further. Testing policy helps us do this, which speeds up the adoption of technology.”
Ton doesn’t claim he has the answers, but the Considerati mission is to consider all the options. He calls for dialogue and experimentation to discover the answers. And on this Socratic ending, we agree to continue our philosophising on technology and ethics during a corona-proof walk in the Twiske.
About the author
Roel van Rijsewijk is a cyber security consultant and evangelist with over 20 years of experience helping organizations become cyber resilient. He is a key note speaker and author of ‘Cyberrisico als Kans’ (The Upside of Cyber Risk).