Session Description:

American tech companies are deeply affected by the global government rethinking of what the Net means. Not only are they carriers of values many governments dislike, but a local tech industry is increasingly seen as a virtue. Some see the free flow of information at risk. But so is an astonishing history of global business success. How should the tech sector and U.S. government respond?

Boorstin: The panelists to my right: Erich Andersen, from Microsoft, Yael Weinman from the Information Technology Industry Council, and Andrea Glorioso, who is with the EU delegation here in Washington, and is their specialist on technology questions. So quite a good panel to discuss these questions.

We are going to start with Yael, and I’m going to ask you, when it comes to American technology companies overseas, what is keeping you awake at night?

Weinman: What keeps us up at night—and I want to actually shift your question a little bit because you said American technology companies or US technology companies, and the issues impacting American technology companies are issues that are going to be impacting any technology company, regardless of where it’s headquartered, regardless of where it’s based. And two issues that I want to start with, and I’m sure we’ll expand on these a little bit, are cross-border data flows, and data localization. And they’re really two sides of the same coin.

So data fuels today’s economy. We’ve all heard the metaphors. Data is the new oil. Data is what powers the Internet. And barriers to cross-border data flows make doing business today, for US tech companies, for European tech companies, for Asian tech companies, much more difficult. And we’ve seen these barriers in a variety of measures. One is data localization, which is an actual requirement for data to reside in the country in which it was “collected.” And I’m putting “collected” in air quotes, because in today’s technology, sometimes it is difficult to discern what is meant by where data is collected. So that’s a bit of regulatory uncertainty that companies are dealing with.

Second is your more traditional barriers to cross-barrier data flows, provisions that you might see in privacy and data protection laws. And that’s something that technology companies have been grappling with for quite some time. And we’re seeing increased barriers there, particularly in jurisdictions that may not have had privacy frameworks, and are now beginning to develop those. In many cases, looking to Europe as a model which has long had barriers to cross-border data flows in the form of their adequacy framework on privacy.

Another thing that I want to talk about, about keeping me and others up at night—perhaps others in this room—is kind of the distinction between there are problematic laws that you can actually understand and figure out what the requirements are. They’re bad, they’re cumbersome, they’re very expensive. But then there are also laws that seem very bad, and they’re very unclear. So those are the ones that really keep the compliance folks up at night. And one example that I’ll just give is the existing Russia data localization storage requirement that goes into effect in September of 2015. Everyone seems to be waiting for implementing guidelines from the data protection authority there, and they have not come out. So people are incredibly confused. The only folks that are probably happy are the law firms, because they’re trying to assist their clients in figuring out how to comply with this law.

So I think, you know, altogether, to answer your question succinctly, what keeps tech companies up at night are data localization requirements and cross-border data flow barriers.

Boorstin: And this idea of uncertainty.

Weinman: Uncertainty. Regulatory uncertainty, yes. Because you can have folks on the ground, back at headquarters, saying to the general counsel’s office, “Oh, don’t worry about this. The implementing guidelines aren’t out yet. We’re not going to see enforcement on this.” And you have the general counsel’s office saying, “Well, we don’t want to be not in compliance with the law. We need to better understand what these provisions are.”

Boorstin: Andrea, let me turn to you then, and specifically to Europe and the EU. There are some in this country, and I would say a few in Asia as well, who look to the EU and they’re simply baffled, baffled by things get done, and baffled by what Europe is trying to accomplish, with the new single market and with the many regulations that seem to be coming out as a part of it. What do you say to those who are baffled?

Glorioso: If I had to use an elevator pitch to describe what we’re doing with the digital single market initiative, I would focus on the second part, which is the single market. The digital single market is just a repurposing of what the European Union has been doing in the 1990s, by building—trying to build, and we’ve come a long way—a single market, internally to the European Union, to remove the barriers to the free cross-border transfer of goods, capital, people, etcetera. And what we’re doing now with the digital single market is simply adopting that concept to the twenty-first century and putting in place a number of measures, some of which will be of a legislative nature. Some of those will not be of a legislative nature. Some of those we still don’t know whether they should be of a legislative nature or not.

If you look at the DSM strategy which has been adopted on the sixth of May, which is composed of 16 key actions, I would say—of course I’m biased. I’m paid to say that the document is very clear. I will, however, admit, yes, there are some parts of the DSM strategy, the digital single market strategy, which certainly require more thinking. I think that the European Commission, with that document, has been actually quite honest in saying that there parts, for example, on whether anything should be done with online platforms, with certain online platforms, on which we are still not sure whether regulation is necessary, whether regulation no necessary and so on and so forth. On that, let me point out that I am sorry to hear that there are some people in the US or in Asia that are baffled, as you say, about what Europe is trying to do. But some of the questions that we are asking are very similar, if not the same questions that here in the US are being asked as well. Just today, on this very day, the Federal Trade Commission is organizing a workshop on the sharing economy, and the kind of questions that are being asked in that workshop are frankly not very dissimilar from the kind of question that the European Commission proposes to investigate and discuss on whether online platforms should be regulated, not regulated, what are their implications for consumer protection and transparency in the handling of data and so on and so forth.

So the point I’m trying to make here is that the kind of questions that new technologies pose for the economy of what is the best way to make sure that innovation is promoted, while at the same time, certain baseline protection in terms of protection of consumers, protection of privacy, are preserved, those questions are not very dissimilar between Europe and the US. I would say that we are grappling with very similar problems there.

Boorstin: So I guess the question that I would then follow that with is do you think it’s possible to come up with laws and regulations that keep up with technology or do you think that this is a losing battle in the long run?

Glorioso: In Brussels, we have a little saying when we don’t want to answer a question, which is, “That question is above my pay grade.”

Boorstin: We have that same saying here in Washington.

Glorioso: I will, however, share with you my personal opinion. I think that in Europe we have had—and I understand that this is video recorded, so I will choose my words very, very carefully. I understand, and I will be ready to admit, after seven or eight years in the European Commission, that sometimes we do have a tendency to overregulate stuff. And this is true not only for the tech sector, but for other sectors as well. I think this also has to be put into context of the culture which exists in Europe, which is certainly more risk averse than you can find here in the US, which means that there is a certain tendency to try and regulate things that perhaps cannot really be regulated. On the other hand, I don’t believe that—and this is my personal opinion, by the way. If you want the official position of the European Commission you will have to ask—

Boorstin: Did everybody get that? We’re on the record that this is a personal opinion.

Glorioso: Thank you, Bob.

Boorstin: No problem.

Glorioso: My personal view is that the fact that regulation should be flexible, which it should be—you know, the buzzword is “future-proof.” It’s difficult to do it. I think in the particular cases that we’re discussing, it’s very important to involve the technology sector as early on as possible. It doesn’t mean, however, that in each and every case you can, simply because regulating is difficult, you can simply not regulate and not put in place certain protections and certain basic safeguards.

Now, if I can share—it’s kind of a joke, but not really. When I deal with my friends in Silicon Valley, all the people that work in the tech industry, which is not only Silicon Valley here in the US as well—and by the way, I would say we have a very good tech industry in Europe as well. Perhaps not in the online services sector, but if you look at the IT sector as a whole, there are many subsectors of that overall industry that are still quite strong in Europe, robotics and embedded systems, for example. But be that as it may, when I talk to my friends in Silicon Valley, I tell them you have to be careful with this whole rhetorics about frictionless innovation. And arguably, the argument is that regulation is just friction. It’s something that doesn’t allow innovation to be as fast as possible because if you look at physics, you know, when you’re in a car, friction is a very good thing, because friction is what allows you to brake when you’re in front of an obstacle. A world without friction is a world in which you just go ahead and you can’t stop even if you want to. And sometimes it’s nice to stop, slow down a bit, look at the big picture, say where are we going and are we putting in place systems that actually provide the kind of social protections that we want as a society? And it doesn’t matter whether we are talking about information technology or biotech. Those kind of protections, I think, it is always worth it to at least discuss how we can ensure them. It doesn’t mean, to be clear, that regulation is the right answer each and every time. And again, if you look at the digital single market strategy, it’s very clear that in most of the actions that we envisage there, we are not—actually, it’s the European Commission, which is the entity I’m speaking on behalf of—is not proposing a regulation in each and every case. What our member states are proposing or not proposing, that’s something that should be asked of the member states.

Boorstin: Erich, let me turn to you and ask the same question, but obviously from a different perspective. From the perspective of someone who has worked for a large US-based company for a long time, multinational, do you see it as being possible to regulate or pass laws that can keep up with technology, specifically, the kind of technology that Microsoft has produced, software and so forth? And what’s keeping you up at night when you look around the world, from your perspective?

Andersen: Well, it’s clear that it’s very difficult to write laws that keep up with technology, so to speak. I think that every government will want to have frameworks in place that in a broad sense will be able to provide a framework for governance of technology. And then of course it’s up to the courts primarily to provide interpretations of the law over time, with regard to specific facts and circumstances. So that’s the way that, you know, traditionally all countries have sort of dealt with these issues and I expect that that will happen going forward as well.

I just want to say I do think that the European digital single market initiative is a good one. I think this is one that has the potential for breaking down national barriers that exist to things like data flow, as the privacy laws that apply to data flowing across borders, eliminating very expensive copyright levies, for instance, that exist at a national level. So I think these are the kind of initiatives that I think technologies companies, you know, are fundamentally interested in. Now, the details obviously involve some complexity, and there’s going to be challenges with specifics, but I think that these are the kind of things that technology companies like to see.

In terms of what keeps us up at night, you know, I think there’s a lot of things that could potentially keep us up at night. But I just want to comment briefly on Asia. I guess we’ve talked a lot about Europe so far. But I think in Asia right now—there was an interesting article a couple of weeks ago from Sue Decker, in “Bloomberg,” actually, that I thought did a very nice job of crystalizing a lot of the concerns right now for technologies companies such as mine about some of the policy initiatives that are happening in Asia. In the December timeframe, the Korean Fair Trade Association published some guidelines on the use of intellectual property and the intersection of intellectual property and antitrust law. And recently, the NDRC in China also announced that it would be publishing some guidelines with regard to intellectual property. And I think in both cases, what you’re seeing is the increasing alignment between antitrust and intellectual property law, and really both the Korean government, the Chinese government, and to a certain extent the Taiwanese government as well, are sort of taking a very Asian and very Asian policy and very Asian legal-focused look at these areas in sort of a fresh way. And I think that’s an area that’s going to be very ripe in the next few years and it’s one that’s going to be quite interesting for us to watch and we’ll certainly be engaged in this dialog.

Boorstin: You call it Asian. Isn’t it really a nationalistic policy? Because when you go to Korea and you look at their regulations and laws, and you go to Japan, you go to China and to India, you really see differences based on that. And some people call it protectionism.

Andersen: Well, I guess I don’t look at it that way. I think each sovereign nation obviously has the right to assert its own historical values through the way it expresses its laws and policies. I think that anytime a country does so, and does so in a thoughtful way, they’re going to want to have a dialog with other major countries in the world to understand how it is that they can make sure that their laws and their policies are at least thoughtful in terms of the way they’re thinking about the intersection between their laws and other countries. And certainly, in the case China, in the case of Korea, in the case of Taiwan, they are absolutely, absolutely doing that. And there are ongoing dialogs that are happening with industry such as ourselves, who are being given the opportunity to provide input. But the US Trade Department, the White House, Congress to a certain extent, all have a dialog with these countries and their agencies as well and so I think that’s a very rich and ongoing dialog that occurs and it absolutely does shape the legal and policy environment in those countries.

Boorstin: All right. Before we turn to the audience, and we’re going to do that in just a second, let me ask each of you very quickly, if you were to pick one country in the world where the tech laws and regulations are the best that they can be for the operation of your member companies, your company, or that you’re looking to, which country would that be? Yael?

Weinman: We’re sitting in it right here. The United States.

Boorstin: Okay, the United States.

Glorioso: That’s not a question you can ask to an EU representative.

Boorstin: I withdraw the question to our European allies.

Andersen: Well, I would jokingly say that the Cayman islands, I think, would probably be the place. But honestly, it’s probably a hard one for me to answer too, because I would have to sort of segment it by area. In some places, I would say China. In some places, I would say the EU. In some places, I would say the United States, depending upon what you are talking about.

Boorstin: Okay. I am an Estonia fan, personally. Questions from the audience. Please identify yourself and ask a question rather than give a lecture. David?

Kirkpatrick: I’m going to just quickly jump in. The fact that the dominant companies on the Internet are American right now, that’s a fact. I think it’s also a fact that they embody American values in a very fundamental way. And you now, it’s impressive to me that Microsoft is sitting up there, because as Bob knows, we were unable to get any other of those major companies to agree to participate in such a conversation. But that aside, given that especially Google, Facebook, Amazon and Apple and Microsoft do so completely embody American values and operate on a global scale, I’d like each of the three panelists to predict—one other factual thing: meanwhile, Chinese companies are the only ones of comparable scale on the global Internet and they all have global ambitions, none of which are fulfilled so far. But I would like all three of you to just opine, basically a yes or no, whether in ten years you believe that it will still be the case that American companies are the dominant players on the Internet.

Boorstin: Yes or no.

Andersen: No. I think not. I think a lot of people in this room probably are not aware of sort of the household names in China that have kind of grown up behind the Chinese firewall. You know, Ali Baba, Baidu, Qihoo. I mean, how many people have actually heard of Qihoo 360? Oh, actually, a few people. These are large companies, with grand scale. They are innovating. They are doing interesting things. And they are absolutely sort of like just ready to bust loose. They are starting to create R&D centers in my hometown, Seattle. They’re coming into Silicon Valley. They’re learning, they’re investing. And in my mind, there’s no question that they’re going to be international players in ten years.

Boorstin: Yael?

Weinman: Well, it’s very Washington to not answer a yes or no question with a yes or a no.

Kirkpatrick: Go ahead, then. Please.

Weinman: I would have to agree with Erich, and I think that that’s part of the reason why there is so much discomfort with some of the verbiage that we see coming out of the digital single market, and that is the examination of online platforms. Because we are seeing that this is not just a sector that is solely US companies now. We’re seeing competition everywhere. So that would be my answer.

Kirkpatrick: That would be a no.

Weinman: That would be a no.

Glorioso: I would also say no. I would say that if you look historically at the dynamics of any market—I think if you have a bit of perspective you see that every 10, 12 years, in any market, but especially in the IT sector, you have companies that grow very much and then they become more established and then they have difficulty in keeping their edge on the market. I will not elaborate on whether in the next ten years, you know, the globally dominant players—first of all, I would say that even looking at American companies, they are dominant or not dominant depending on the specific markets. They are not necessarily globally dominant. Certainly, the companies that you mentioned are not dominant in China, for example.

Kirkpatrick: They are dominant in your geo.

Glorioso: They are, yes. They are dominant in Europe. Actually, they claim they are not, but our assessment is different. But let me also, if I may, just quickly—I’m not entirely sure what you mean when you say that these companies embody American values. What does that mean? I mean, they are an innovative company. They are successful. That is not peculiar to the US. I mean, many other regions in the world value innovation. And I would say that, to the extent that these companies claim that they embody American values, that’s actually dangerous for them, because—you were mentioning before, Bob, the issue do we need to have global rules? We had to be a bit careful, because global rules cannot mean—and again, I would try to choose my words very carefully. Global rules does not mean American rules imposed on the rest of the world.

Boorstin: Of course.

Glorioso: Yeah, but if you talk to some of these companies—there was a very interesting interview a few months back. It was about the contents of the teams of these online companies that deal with the assessment of content that is published in these companies, whether the content should be taken down, etcetera. And one of the heads of these content assessment teams in one of these companies said on record—it was a very interesting expression—“It’s high time for a little bit of American first amendment imperialism.” That’s on record, by the way. I’m not making this up. That kind of language doesn’t go very well with the rest of the world, because in Europe we like to think that actually we also do fundamental rights, we also value freedom of expression. We might do it in a slightly different way than in the US.

Boorstin: And let me just counter that with a recent interview that was done with the head of Google Europe, who said, essentially, “Sorry, we blew it. And we’re going to correct for what we’ve done.” Let me again turn to the audience. In the back there? Again, identify, and a question, please.

DelBianco: Steve DelBianco with NetChoice. American company values might be difficult to articulate but American company valuations are much easier to understand, and they’re almost always based on a model of disseminating a service very quickly that’s free, with an opportunity of paying for it through advertising and building up an awful lot of eyeballs, which then can be monetized through targeted advertising and other kinds of services. So the question would be is that model, which does require targeted advertising based on information and behavior, is that model in trouble globally because of a blowback over privacy?

Glorioso: I am happy to take this first if you don’t mind, Bob. First of all, Steve, I have to challenge the premise of your question. I think that a subset of American IT companies are based on that business model. But if you look at the IT sector as a whole, not all companies make money in that way. And not all companies use this free, I mean, advertising-based model. It is successful in certain cases, but is not successful in others. If you look at—I don’t necessarily want to name names, but last time I checked——

Boorstin: Go ahead.

Glorioso: Well, last time I checked, Cisco, which is a very successful American IT company, doesn’t give its products away for free. And there are very good reasons why it doesn’t. And Microsoft until recently, and I still believe that—you know, I don’t want to talk for Microsoft, but it doesn’t seem to me that the vast majority of their business model is based on giving away products for free. So different companies have different business models.

On your specific question, though, I think what is important from a European perspective—and I think this is sometimes misunderstood—we have absolutely no problem with behavioral advertising, as long as certain basic principles, which include the proper transparency and information to consumers so that they can actually choose whether they want to be subject to the kind of behavioral analysis, if that is provided, fine. There is no such thing as a free lunch. And even if you might think of us as a kind of proto-socialist part of the world, we also understand that there is no such thing as a free lunch. But free markets operate on the principle of private information, so we should at least know what our data is being used for.

Boorstin: I do want to say, however, that there are such things, at least in this session, as free minutes.

Glorioso: Yeah.

Boorstin: Because it went from three minutes to seven minutes. Thank you, David. I appreciate that. Sir, up front here.

Wilhelm: My name is Rich Wilhelm, recently retired from Booz Allen Hamilton. And yes, I’ll out myself a little bit. I ran the group that Snowden worked in.

Boorstin: So you’re the one who’s responsible.

Wilhelm: That’s an interesting question.

Boorstin: Well, American companies in Europe thank you.

Wilhelm: But in any event, what I wanted to ask, there’s a recent study out from an organization called the ITIF that suggests that the Snowden revelations have, or will, cost the American tech industry $35 billion dollars a year. Could I get a comment on that?

Boorstin: Comment?

Weinman: Well, that study was done—by the way, ITIF is a separate organization from the organization that I’m with. That study was done shortly after the Snowden revelations and I think that the exact statistic was $35 billion over the course of three years. And we’ve seen a number of other statistics come out of McKinsey and Garnett, other think tanks. I think each company’s experience is unique here. I couldn’t necessarily comment on quantifying the impact of the Snowden revelations, because it’s hard to look at them in isolation.

But I’ll do another Washington thing and make a comment about something that was said earlier, which is talking about global norms and global rules and treaties. I just want to make an observation about the change in lexicon when we talk about these issues. And for a long time, we talked about harmonizing privacy laws, harmonizing data protection laws. But there’s been a real shift. The shift has now become interoperable privacy laws. And you make think that that’s verbiage without a distinction, but it is actually significant. I think within the digital single market, they are looking to harmonize the privacy laws, which is why they’re willing to put out a regulation, versus a directive, which will—

Glorioso: Within the European Union, which is our business.

Weinman: Within the European Union, right. However, but when you’re dealing with jurisdictional borders, I think that harmonizing is going to be more challenging, whereas interoperable is achievable. And there’s a lot of work is being done right now on achieving interoperability with different privacy frameworks.

Boorstin: And personally, what I like about interoperability, even though I can’t say it, is that it takes us back to the roots. It takes us to a technologist’s view, as opposed to a politician’s view, of how things should run.

Andersen: Actually, I’m going to briefly comment on what you said. I’m not familiar with the exact study that you mentioned. That’s why I’m going to hesitate to provide an uneducated response specifically to what that study said. But my reaction to that is actually I tend to disbelieve that number. And the reason why is because I think that the core issues that were revealed by Snowden were bubbling already. They were already sort of like there, or they would have emerged quickly at some point and become issues. The issues of basically national sovereignty, the issues of data security, the issues of consumer privacy, and you know, issues like that, they were already sort of, you know, in the mix before Snowden. Snowden kind of galvanized a lot of those issues and brought them to the highest levels of government for dialog and so they created a different sort of dimension to the discussion. But my belief is those issues were always going to be there. And in some ways, you might even argue that they ended up accelerating a dialog about solutions to some of these problems that perhaps might have sort of sat in the background for many years if they hadn’t been brought to the fore so quickly through the Snowden revelation.

Glorioso: Bob, can I very briefly react to the question?

Boorstin: Yeah, I want to get to this question, but, please.

Glorioso: Just very briefly. And I will not comment on the Snowden affair. I will not comment on that number. I will simply note that the US government—and this is our position, we think that the US government has been doing a lot to restore trust and to explain what actually the intelligence systems to collect data here in the US were. On a personal basis, I would note that intelligence is something that every country does. It’s known to be the second oldest profession in the world. And very often, it is combined with the first oldest profession in the world.

I will note very quickly that the thing that struck me, as a person who has been working in the IT sector for a long time—my first job years ago in the private sector was actually with an American company, with a Silicon Valley company. I think what perhaps here in the US people fail to see is the amount of goodwill that Silicon Valley companies have actually had in Europe. The reaction to the Snowden revelation was made more acute because—and I think it was absurd, but people actually believed that American companies, Silicon Valley companies were out there to save the world. I’m sorry, those were companies, they were there to make a business profit, which we respect very much. And they were subject, and are subject, to the laws of the country that they are incorporated in. It’s just at a certain point those companies would have been guilty, in terms of marketing, for selling an image of themselves that perhaps went a little bit beyond what they were actually doing. If they had been, I wouldn’t say more honest, but a little bit clearer on what their role as companies actually were, perhaps the political and social reaction in Europe to the Snowden revelations would have been a little bit less acute than what we have witnessed.

Boorstin: I’m sorry, I’m being given the sign that we have to end the session. If you’d like to come up afterwards and ask the panelists, please feel free. In the meantime, thank you to the panelists. I think that was terrific.