 Good morning and good afternoon to our friends and colleagues in mainland Europe. I hope you're all keeping well and staying safe. My name is Joyce O'Connor and I chair the digital group here in the IIEA. You're all very welcome to our webinar on security and democracy in the digital age. We are honoured today to have with us Thomas Hendrik Ilvis who is the widely known as leading the digitalisation of Estonia, a former two-term president of Estonia. He is a leader with a vision who fundamentally changed Estonia and also provides us all with an example particularly for Europe and indeed globally of what is possible once you have a clear vision and a political leadership. Thomas you are very welcome back to the IIEA. We last met back in 2012 when you inspired us with your actual work what was happening in Estonia but it's different place different times today and we look forward to your presentation. Today's event is the second in the IIEA's project entitled Europe's Digital Future which is exploring the topic of digital sovereignty in Europe. As part of this project which is supported by Google the IIEA will host a series of events and undertake research exploring what the concept of digital sovereignty means and what future it might hurl for the EU and for small and open economies like Ireland. Thomas will speak to us for about 20 to 25 minutes or so and then I will go to your audience for questions. I look forward to you joining us in our discussion and you can do that by joining through the Q&A function at the bottom of your screens. It would be great if you sent in your questions during Thomas's presentation and I would really appreciate if you would give your name and affiliation when you ask the questions. Thank you so much. Please feel free to join us on Twitter and our handle is at IIEA and the presentation and Q&A as usual is on the record. Digital technologies are impacting our lives, how we live, work and play. Technology can, as we see from the impact of emerging technologies like AI, IoT, blockchain help us redefine problems, create solutions and help us reinvent the future. However, issues like cyber security permeates all aspects of our activities. We hear about the consequence of cyber technology for political and social affairs including the disruptive and empowering effects of eDemocracy practices, online voting, the implications of fake news, disinformation and other and voter manipulation. Today's webinar is timely and important. President Ilves will outline the threats, dangers and the imperatives of defending against these challenges. He will also discuss the role of the European Union and ask the question, is the European Union a structure better suited to confront these challenges? Today, former President Ilves continues to make a major and significant impact to global issues and to a range of key institutions and organizations. Prior to being president, he was the first post-independent ambassador to the USA. He also served as an MEP as vice president of foreign affairs committee of the European Parliament. He has served as chair as the world economic forum on cyber security. He is a member of Kofi and Anand's foundations on global commission on elections and democracy in the digital age. He is also a commissioner of the transatlantic commission on electoral election integrity in the alliance of democracies. He's been a visiting fellow to numerous universities including Stanford University and is currently a member of the board of the center for technology and global affairs in Oxford University. He's published widely and received many international awards. I wouldn't have time to go through them, but I just mentioned his last one, which he received the world leader in cyber security by Boston Global Forum. Thank you again, President Ilves, for joining us today. It's an honor to have you with us and we look forward to your presentation. Well, thank you very much. It's great to be back as it were. I'd like to be there non virtually, but unfortunately at this time it's not really possible. Let me try this today. I mean, it's going to be a tough thing to do this all in 20, 25 minutes, but because I'm going to try to cover two related topics. One of them is actually less about the actual security in the sort of international context, but to talk about what we have done in Estonia. And very briefly, we have basically in my country, you can do everything digitally except for three things, getting married, getting divorced and selling property. You have to show up for that and that's to to avoid problems with anonymous shell companies, which we had an early age ban for fairly obvious reasons having to do with our geopolitical location. The essence of the Estonian system that allows us to do all of this and including voting, I would add, is that we have had since the year 2001 the system that allows us to do all interactions with government and public services. It has three pillars. One is we have a secure digital identity available. I mean, that is mandatory for everyone. And it is available in various forms. You have it on your phone, but we also all have a card that looks like a traditional ID card with a chip on the back with which we log on and with which we authenticate our identity and enables us to do digital signatures equivalent to wet signatures or pen signatures, which basically has reduced the huge amount of work and time. The ID is absolutely necessary because you cannot, you don't know who's who on the internet and you may recall the cartoon from the New Yorker from some 26 years ago of two dogs in front of a computer and one dog says to the other on the internet, no one knows you're a dog. Well, we cannot allow that in in cyberspace. You must know who you're talking to and therefore you must be authenticated. Secondly, we have an architecture which is a distributed architecture about in which there is no central database. Everything is distributed around the around and various servers in the cloud, but in order to access anything, you must be authenticated. And these, of course, communicate among each other also through authentication. And the final thing, which there's very little attention paid, unfortunately, is the issue of data integrity. Everyone is worried about privacy. Privacy is something someone finds out what my blood type is, someone finds out what my bank account is. The real problem we face is what happens if someone changes your blood type on your medical record. And then, I mean, that can have fatal consequences. Changing my bank account obviously is a lot worse than than just publishing it, especially given how meager it is. And moreover, that it's unlikely they will increase your bank account size. Those are the three pillars upon which this system is based and which has been operating continuously without a break since 2001 and has now been adopted and copied by Finland, Denmark, at least the Faroe Islands, Iceland, Panama, Moldova, Azerbaijan to a certain degree. Greece has taken this system over and I, in fact, spent the 2019 beginning of 20 until COVID struck, advising the Greek government that has now gone over to digital services. So that's one side of things and this is why we are known as a digital country. If you want to read about it in a more sort of non-technical but sophisticated way, the New Yorker of December 2018, one of those weeks in there, has a long article called The Digital Republic. The other reason Estonia is known in the digital world is that any history of cyber attacks will begin or of cyber war will begin with Estonia when in 2007 we were attacked by Russia with what are called DDoS attacks. A DDoS attack stands for distributed denial of service and a DDoS attack entails massive pings on a server originally from bots but now more from internet of things devices such as CCTVs. And the idea is that you overload a server so it no longer responds. And in 2007, April, May, we were subjected to one of these attacks that took down government sites, the banks, and media. So we were basically cut off or we couldn't get those services and the only way we could, in fact, take our first steps to actually restore service was to cut off all communications with the outside world. If something did not have our upper domain, which is .ee, just as you are, .ie, that if it didn't come from there, you couldn't get into anything and this allowed us to restore service domestically. And so following Von Klausowitz's definition of war as the continuation of policy by other means, this is, this was a classic case. Now my main, when we look at where we are today when it comes to security, we have had since, since our pre-hominated ancestors, perhaps even baboons and bonobos and chimps, we have seen conflict in which you fight or try to kill members of your own species and usually in a group. So that's, that, I mean, since anyone took up a stick or a rock to, to attack a member of your own species from another band or something, all of this war has been, all of this, which is sort of proto-war, but throughout history, it has been kinetic. It's, I mean, it's very kinetic, meaning you, something that weighs something moves a certain distance and use that to harm someone. So whether you hit someone on the head with a rock or you attack them with a missile, it's all kinetic until about 2000. In the year 2000, we began to see first in the form of espionage, the first publicly known hack by a political, by a political adversary was the moonlit mile hack of 1999 against the U.S. Department of Defense. They were probably things before that, but publicly we know of that as the first time that anything was done in digital space that could be, that could be related to conflict. Espionage is as a special case, I would argue, because nothing bad is done except they steal your secrets. Or in the case of what we have seen in the United States, from presumably China, theft of intellectual property, which is, which is thought to be one of the biggest threats to the U.S. economy of the last 20 years. It gets a little dicier when you start hacking things that are getting sensitive. One of the biggest hacks that has ever taken place, and certainly one of the most damaging is known as the OPM hack of the United States. OPM is the Office of Personnel Management in, and where they had 23 million personnel records from a United States civil servants stolen. It's thought to be China, but they either, they don't know or they don't tell us. But in any case, this included things such as this, the all of the home addresses of anyone who's ever worked for the U.S. federal government, whatever records they have on them, including the psychological profiles of people working for the Central Intelligence Agency. So it gets pretty granular. And all of this was copied. And of course, the lack of awareness, even on the part of the United States, which we usually think of as the most sophisticated people in this regard, they had stored all of that data in clear text. It was not even encrypted. So all you had to do was get in, suck it out. And then they had the information. Now that's already getting sort of borderline. This could be quite dangerous, obviously, for all of the people who ever worked for the U.S. government. And those are the kinds of things that we're facing at the level of espionage. So that was done by what we call a hack. But since espionage is not considered, or is considered okay to do, we do not get into counterattacks with espionage, as annoying as it might be. This is, and this is why the recent solar winds hack that basically got into everything remotely security related in the United States, as well as much of the private sector, the U.S. government is loath to counterattack. And then finally, we have sabotage. And sabotage is what, when you actually cause kinetic damage using digital means. And this can do, you can basically do, given the level of digitization of everything these days, you can do on anything ranging from, as I mentioned, these cyber attacks on knocking out parts of the Ukrainian and Georgian grid only yesterday or the day before, ranging to something that actually happened six, seven years ago, where a disgruntled employee of the Los Angeles traffic department hacked into the system and at one point turned all of the traffic lights in Los Angeles red. And you can imagine what a total snafu came from that and the massive tie up. But actually, if you think about it, you realize that they could have done something far, far worse, which would have taken months to untangle probably, which is if in a city, a big city like that, you turn all of the traffic lights green, in which case you will probably have hundreds of thousands of car accidents and trying to damage would be immense. So I mean, given that we are moving towards, towards all kinds of, I mean, the digitization of everything, all of these digitized processes need to be made secure. And this is really the task of any form of cybersecurity. And that's what we have to deal with. This is why we have at the most basic level in my country, the requirement for authentication in order to get into anything that is government related. It takes a little more time, but that's what life is about. I mean, it's going to save a lot of time through digitization. Some of it you have to give up by not getting in as easily as you as you might want to. Now, where things start edging into the real, the real threats, I argue, to Europe is that basically in political processes are being dramatically affected through digitization. And in ways that we could have never conceived of, both in what is traditional so-called cyber and also in the sort of more in terms of propaganda. On traditional cyber, what we have is there are two hacking groups in Russia. There are many others, but I will focus on these two because they seem to have focused on liberal democracies in the transatlantic area. And they're called, they're designated by CIA as APT-28 and APT-29 or Advanced Persistent Threat 28 and Advanced Persistent Threat 29. They're also known as fancy bear and cozy bear and have all kinds of various names. But these are the people who hacked into Hillary Clinton's servers. And then, as we now seems quite clear, gave the material over to Julian Assange, who then published this material on WikiLeaks in 2016. And apparently, I mean, it is a statistics show. They probably had a determining effect on the outcome of that of the U.S. election then. The U.K. government is not showing anything. They are hiding the material or... Can you hear me? We can hear you now. Okay. You're welcome back. This is what happens. I assume we weren't attacked. I'm hoping we weren't. This has never happened to me. I have to say it hasn't happened to us either. So we'll investigate it later and see if there are any sinister aspects to it. Well, it happened on my side since I have my son and my daughter-in-law here and they all went out in the time we started the whole system. Okay. Thank you very much. Where was I? You were talking about the political, you know, the political side of what's happening. Well, we had the... I mean, what happened in 2017 in France was that the Macron team, realizing what had happened to Hillary Clinton, ceded their campaign server with such egregious fakes, but which would be scandalous. So they were, in fact, attacked. But then when they published this material, the fakes, I mean, they were Macron-planted fakes. And of course, soon as the bad guys, as it were, went crazy on this thing. Look at this. And then the Macron team said, look at this. These are obvious fakes. And they managed to sort of get rid of that problem The point, however, is that you can use digital means now to manipulate elections and to manipulate political process. Now, if you think about that, then you really recast the nature of, well, I don't know, conflicts or the continuation of policy by other means. Why would, for example, indicates of, say, Russia and Europe or NATO? Why would they bother launching a massive campaign, a military campaign? I mean, during the Cold War, we had this concept of the Fulda Gap, which was this city in Germany, still in, where it was thought that across the plains of Germany, the oncoming Soviet armies of the Warsaw Pact would all charge in and try to reach the Atlantic. Well, in fact, you don't have to do that anymore. If you don't like NATO, as they clearly don't, and you don't like the European Union, well, what's the best thing to do now? The cheapest way to do it is to disaggregate, you've got a wrong term also against the EU, to disaggregate the EU by fomenting within the European Union, a fascist tendency. Brexit is one example, but you can foment this in lots of countries and they do. If you want to cause problems within the EU, you can spread all kinds of disinformation. Currently, first and foremost, regarding regarding vaccination, we have a terrible problem here where Russian language media, which is watched by about a quarter of our people, complete anti-Pfizer propaganda saying it's all poisoned, and you can only use the only one that's any good, is Sputnik. The problem is that EU has not authorized Sputnik, and so we're constantly dealing with disinformational campaigns, which are also available, and here I'm moving from hacking on to content. This is all enabled by the digital needs of social media. In many ways, when I say that everything started in 2000 with hacking, actually, the real dramatic change in political manipulation by the web happened as a result of two things in the early 2000s. One of them was the invention of Facebook, which was originally just local to Harvard and then the Ivy League universities. You have social media, this is the first social media. It did not have that big an effect because it was restricted to people who had computers. The real thing changed, which was kind of the combination that has completely changed the world in terms of all kinds of ways, but especially when it comes to threats in the visual world. Is the smartphone coming out in 2006 first with the iPhone by Apple and later on to all the various Android variants that came out shortly thereafter, and the decision to mark Zuckerberg to turn Facebook into a mobile phone app, which then that's what is done. And now they have almost four billion people on Facebook and of course, all of the other social media forms that developed after that, which means that the first time in history, you can basically communicate with almost any. If you have four billion smartphones and you have three billion people on Facebook, and who knows how many another, we also have WeChat, Weibo, all those, that you can, if in the past you had a nutcase Nazi living in your town, you didn't know any other nutcase Nazis because they were in some other town. Whereas in the United States today, all of the crazy, I mean, that's in the case in the United States, because I mean, that's the most studied, but you can see, be it ISIS, be it the United States, the hard right in the US or the hard right in Europe, I mean, they are, they have all met each other through the internet and through social media and then they have closed social media groups, all of which has led to rather major destabilizing threats using the medium of social media. And this has been politically, this has been what I would say that the next step is development after the development of social media was, it was the arrow spring in 2011 where everyone was rejoicing that look how civil society can overturn oppressive governments using Twitter and Facebook, which they did the problem with it is that authoritarian regimes looked at this and said, oh, look at how powerful these things and they do they're doing it without any real state resources. But what if we put our state resources into social media and into hacking and so the Russians on their side created the St. Petersburg Internet Research Agency, which is the primary provider of nasty fake news social media events, which have had, as we know from at least the Brexit referendum and on through the US election and other elections elsewhere, lots of elections elsewhere have had a major effect on the Democratic process, which means that we are we are vulnerable in ways that we have never been vulnerable before this era that we're in. And when we talk about security, we have to get off our focus of security as a kinetic problem and kinetic warfare, but really in terms of it's more psychological warfare. It is action at a distance. We are not seeing the real employment of force in this classical sense definition of employing mass times acceleration, but rather we can do things from afar and and in fact get a much better result because you don't have to spend all this money on invading people, you can just change political climate in the country. And so this has led me at least to think about what can we do. And the first the problem is in terms of these things be it strictly hacking, digital sabotage espionage, or the more sort of soft end of things in terms of propaganda, I think news, etc. This information is that we are all in this, I mean, all liberal democracies are subject to this. And that we are asymmetrically subject to, which is that I mean, the Russians or the Chinese or the Iranians theoretically could alter the results of an election in a democratic country in the liberal democracy. You're not going to be able to alter the results of an election in quotes in Russia. We know who's going to win. You can even predict, I mean, focus groups will determine what's the optimal percentage to give to Putin, you know, so it looks relatively contested, but relatively overwhelming. So you end up getting 72, 73, or 74 percent for Putin, even though we know that no popularity stays constant like that. And so we are at an asymmetric disadvantage in this regard, and there are things we can think of doing back to them. And that's not for this talk, certainly for the purposes of this talk, is that what we have to think of what we can do for defense. For defense, our biggest drawback right now is that no one talks to anyone else. Because the whole realm of cyber and anything digital has grew out initially from signals intelligence, where it was, I mean, it's the espionage paradigm is sort of people are just anti-sharing. And you have five eyes, right? But even that doesn't work too well. And when we get to those of us in the European Union, no one anymore, any longer is in the five eyes, we really get up to the UK there. And we don't talk to each other. One of my own personal experiences is when in Estonia, we found a Russian worm in our military network. So we went to NATO and said, we discovered this Russian worm in our military network. And the response from NATO at that time was, oh, you too. Which is the wrong response. So what we have today, looking at the entire range of cyber state, again, from hacking to this information, is that every single country has its own various and often non-communicating silos. Be they academics or the military, they don't talk to one another. And the encryption people don't talk to the people. But much worse than that is that there is virtually no cross and transporter cooperation. Even though the threat vectors can count them on one hand. So even though it's APT-28 and APT-29 and the St. Petersburg research agency are attacking all of us, we don't go around and say, hey, Ireland, we in Estonia discovered this thing. We don't do that. There are no mechanisms for it. So if we want to actually be effective, we need to substantially boost this side of security within the European Union with our trustworthy neighbors inside the European Union. Do the relevant legislation to create this strong defense. But right now it's ad hoc. Certain countries will talk to one another. I know that the Germans and the Austrians, because it's German language based, have their own little thing going, but not much. I mean, within the EU, I mean, everyone is protected of the information. And so we have EMEZA, which is located with early enough in Greece, but in the case which is the cyber security agency. We have a center for cyber in Romania, but we really, I mean, we have these little centers and we think that that's it. That's all we have to do. Instead, we need a very robust approach. And I argue that, in fact, we don't need to do the tank thing with PESCO, rather it should be digital. And then where I would finally end up is that digital renders organizations such as NATO obsolete. I mean, you're going to need things like NATO or card security. However, with the disappearance of distance and mass and time or acceleration in the digital era, you don't actually, NATO loses much of its importance because NATO is the North Atlantic Radio. Japan, while it's Japan and Anzac share our liberal democratic values, they are not in NATO either because they're not the North Atlantic. I would argue, again, bring my favorite little country, Uruguay. I mean, they too should be in NATO as one of the best functioning liberal democracies of Latin America. But that doesn't happen because what NATO is built on is a tank logistics, bomber range, fighter refueling, I mean, all of this kinetic stuff. Well, let them do the kinetic stuff. I would say that Europe needs to really focus on getting its digital security, which then finally gets to the issue of digital sovereignty. Now, digital sovereignty, to my mind, looking at what is usually meant by this, it's kind of like this anti-silicon valley thing. I mean, it's like, we don't like, we don't like Gauffa or whatever, the fangs, however you want to define Facebook, Apple, Netflix, big American company. I have no love for those companies, but that's not sovereignty. And we're just focusing on sort of products where if you want to have digital sovereignty, then you focus first and foremost on looking at the security aspect. And the other thing I would do, which is sorely missing from Europe, which is really, I think a prerequisite for sovereignty, is an integrated digital governance system. So that analogous to, it does not have to be the same tech, but you have to observe the principles of secure identity architecture and data integrity, so that all of these things are secure that if I travel to Dublin and I get sick and I go to the doctor, I can do what I do in Estonia, which is I authorize, well, I've already authorized them, but I've authorized a doctor to be able to go in and look at my medical records. Ideally, what would happen is that anywhere you go in the European Union, if you get sick, for example, but you should apply to all services, is that you, if I get sick, I go to the doctor, I identify and authenticate myself with my card or some way, and then I authorize them to look at my medical records. And if I'm in Greece, there's no way, and I'd expect that the doctor knows English, but there's no way to be able to read my Estonian healthcare record. And so he will look at them and they will already, this is so easy to do already, he will see my healthcare records in Greek right before the Americans sort of decide what it is that I have. I mentioned this because this is the other aspect that we don't, not only in the European Union do we not work on creating a defensive, a defense in the cyber realm, which would be much easier for us to do than for NATO, all right. And secondly, we don't have an integrated system of services. And certainly the Digital Services Act, which I've seen is not very ambitious. And I also don't really quite understand what they're trying to do. It seems to be focused much more on commercial services, which is good, but little attention is paid to fundamental government services, public services, that should be the interstitial integrating network of the European Union. So I will stop with that because I've already over, because of that delay, I went over my 25 minutes, but anyway. Thank you. Thank you very much for your insights and bringing to us the tests and challenges. There are lots of questions. Can I ask you, are you free to stay on for about 10 minutes over? I have my next meeting in, I guess, at your time. Oh, okay. So we, no, no, I'm saying I have my next meeting is at one o'clock, you're done. Okay. So we can stay on a little bit longer. Yeah, thank you very much. Just one of our member of the audience, Deci, just to go back in it, you know, when we did get the break asked, what were you going to say about the UK before the connection dropped? Was there something specific that you wanted to mention? Well, the UK, I don't know what they're going to do. I haven't really seen anything on what their approach is going to be now. They have been, I mean, the problem, one of the problems that we have is that the Anglo-Saxon, the Anglo-Sphere, the Church of English-speaking peoples, some have, there's this for me, I mean, impenetrable connection to media between objections to having a digital identity or having any identity document and speaking English. So I mean, we have no problem in Estonia accepting an identity. In Europe, you actually do need to, if you want a problem, you must have a travel document, an ID document, right? You can travel across and within the Schengen room with an ID card. You need an ID card. And so when we get to digital, doing anything digital, you need to have a but they don't like it, which is one reason why the United States is lagged so far behind in all areas related to public service. And I live in California, in the middle of Silicon Valley, literally the middle in a 12 kilometer radius. I had the headquarters of Tesla, Google, Apple, VMware, Facebook, Palin's here, YouTube, and they do amazing things. But when I wanted to register my child for school, I had to drive three miles down to the school headquarters, bring along a copy of my electricity bill, my passport, my wife's passport, NRDS 2019 form, which is something for visiting scholars. And then the person sat there for 20 minutes, copying everything out my hand. So I mean, that's an example of the public sector is completely undigitized in the United States. But that's because they both do IDs and the UK has the same problem, Canada has the same problem, Australia, New Zealand as well, the New Zealand I could conclude. But anyway, what is the UK doing? I don't know, they better digitize if they want to compete, which is to be their goal. I know we've some questions here. Thank you for that. From Jackie Fisher from the Department of Finance. And she asks, how does the EU proposal for critical entities, resilience directive tie in with your security and democracy in the digital era confirmation along the NS 12? I'm going to have to look, I don't really know much about that. Yeah, it seemed very specific. But I would say we are extremely resilient. In fact, our public service government network never fell during the massive cyber attacks on us. Yeah, very interesting, because I think Jackie has another question asking about the security, the interconnectedness of Estonia, digital network make it more vulnerable to cyber attack? Well, no, we have found the opposite. Since you cannot, I mean, you can knock out a server, but since you can only access the system through an identity, the way it works is we have two factor authentication for all any connections and we have end to end encryption. So if I want to get into something, the reason why we know I'm me and is that in my device, be it a phone or the computer, the my is up with the pre-program chip or the pre-program program in my computer. And it says you're you. Yes. Yes. Yeah. And then from that point on, the connection is all public key infrastructure and encryption, which is, I mean, I don't know. I won't go into it. I'll just say it's public key infrastructure with that, which basically is the best encryption we have until we get until it's all ruined by quantum computing, but that's a few years off. Then we're really. Yes. With another question here from Peter McClune, who's a member of the board of the IAEA, and he's asking the question, has the digital revolution strengthened the forces that produce inequality with a winner takes all mentality that will, if unchecked, with very strong enforceable regulation, make it virtually impossible for small poorer countries to function as they will have no effective control over what happens in their society? Estonian with 1.3 million has the highest level of unicorns per capita. We have five per cap. We have five unicorns for 1.3 million people. Skype was invented in Estonia, quickly sold, transfer wise is our latest. We have, which is the bank transfer company that is Estonian, but now I don't see that. I mean, basically good ideas come out of wherever people are engaged. Certainly, I would say even more than that. I mean, digital is in many ways the great equalizer. We're a small country. We can in terms of, we can inflict a lot of damage. We want. I mean, we don't want to, but clearly the point is that, if you just extend that, a small hacking group in Russia can inflict enormous damage. We choose not to do that, but the point is that we do can inflict a lot of damage. And in fact, it's no longer a matter of nuclear throw weight. It's a matter of clever hacks in this world. We instituted, this is how my little role in this was in push to get computers in all schools and by 1997, 1998, there were schools and all they were all connected. I mean, we were a very poor country. I mean, we're really a poor country still back then. You know, it's like $8,000, $7,000 GDP per capita, but we just invested in this. And one of the results was when I went in my last term of office, I mean, knowing that educational reform takes 15, 20 years to have an effect. 20 years after we had that, it was my last year in office and I would go around and we had all these startups and I would always encourage them. And about the next session, I said, well, how do you get started? I said 80% of the time, the answer from the founder was, oh, I was a kid in your program. I mean, in fact, the digital divide is a political problem. It's not a technological problem. It is a matter of digital rather political will. I mean, why is the EU so backward digitally? Because the will is missing. And why are individual countries very advanced? Because there is a will to accomplish this. And since the will is actually necessary because most of the bottlenecks are legislative and regulatory, not technical. And according to Moore's, I mean, Moore's law still holds. That means that it's all getting cheaper and cheaper and cheaper. I mean, the amount of, I mean, we could do what we did in my country 20 years ago, nine, 10 times more cheaply simply because the cost of computing is so dramatically dropped. So I don't buy the digital divide argument. I think that in terms of what is expensive and what is costly, today is far, far cheaper than it was 20 years ago. And this should be something that aid programs should be focusing on. And in fact, at least the, I mean, both the World Bank to a degree with a book that I helped put out in 2016 called Digital Dividends, which is the most popular, popularly downloaded book ever produced by the World Bank. And if you go to worldbank.org, you can put, you can search for digital dividends. It's like a 400 page book that you can download for free and get a PDF. The IADB, which is the Inter-American Development Bank, figured this out even more. And I had the wonderful pleasure of being flown all over Latin America because they realized that instead of putting money into all of these brick and mortar projects, actually what was needed was to put money in technical assistance on getting Latin America digitized. And if you need cable, well then put money into cable, but after that it should take off on its own, which it has in some countries. Yes. And just following up on that, so would you say that digital transformation is really about people and leadership then? Yes. You know, it's about having what I talked about earlier, having a vision. And with that in mind, what do you think of, you know, the digital agenda that the EU have really forcibly set out together with the green agenda? Do you think that offers a kind of hope and optimism for that, you know, transform? Well, I would say it's 15 years overdue. My main problem with it right now, it's too much kind of like a knee-jerk reaction against American companies rather than focusing on what we can do. And what we can do far better than any American company or public services, and that's where in any case, Europe is far more public service oriented than the United States. And I would say, well, you know, I mean, there are little tweaks you can do. Certainly, I think the EU approach or at least EU member state approach to social media is a little too state focused. I would basically make it possible to sue them. I mean, right now in the US, there's this big debate on section 230 that says that social media platforms are not liable for the content that they carry. I would make them liable for the content that they carry right now. Instead of saying immediately these boards, you know, we have the Facebook oversight board that is looking to see, well, is this permissible or not? I would just that I would leave the private sector to the private sector and sue them broke, right? I mean, but in terms of public services, there is nothing in the United States that we would want to emulate at all. And I would focus on that which we can do and that is digitization of public services and all of the benefits. I mean, for example, even with COVID, you know, EU vaccination passports as a QR code on your phone, which I mean, and the EU can do that for the EU. I mean, then it gets more complex. What do you do if someone comes from Pakistan, right? You trust their thing or not? But first, let's focus on the EU. Our tracing apps, some of them work cross borders. Most of them don't. Again, these are all these are all kind of state or quasi state or public services that we should be putting our money into them and makes life much easier. Well, if you have a question here, thank you for that from Andrew Gilmore. And Andrew is asking the question, he's the Deputy Director of Research here at the IIEA. Your friend Carl Bildt has spoken of the need for an Atlantic digital partnership between the EU and the US as a counterbalance to China's rising power in this space. Do you agree with this idea? And is there a tension between it and the idea of digital sovereignty in Europe, which seems often to be couched in terms, as you said, of European autonomy from the US? Yes. There is a brilliant paper written by someone who actually has an Irish name, but I don't know if he is, who was head of policy at GCHQ. I'm trying to look for his last name. His name is Kieran Martin. Definitely Irish. He was head of policy at GCHQ, so he's probably a UK citizen. He's teaching now or researching now at Oxford. Okay. And he has, I mean, it has not been published and I heard he wasn't even thinking of publishing it, but he has a brilliant talk, a long paper on the need for cooperation between the European Union and the United States and other liberal democracies against the China threat. And the China threat not so much militarily, but economically, where they're just the, that they just have, they are, for them, I mean, these things are strategic investments and there's, and strategic subsidies all to make Chinese tech, not only in 5G, but in all respects, dominant in the rest of the world, which of course he's very worried about. So I would suggest Andrew to get in touch with Kieran Martin at Oxford. Yes, that's a good idea. I think he's, he has spoken here at the IIE on another occasion, so we certainly follow up on that. I have a question here from Sarah Kenney, a political science and geography student at University College Dublin. And she asked the question about the increase in surveillance that accompanies digitalization and the response to security threats. If this is a reason for concern. Well, first of all, I mean, when people talk about surveillance, they think of the government. I mean, 1984 vision, however, you are far more surveilled to use a non word, but by the private sector, I mean, if you're seriously concerned, read this. It's the capitalism, the age of surveillance capitalism by Shoshona Zuboff. Yes. I mean, it's, for example, in the United States, it is, I mean, this just happened a year ago. It is forbidden for the government, you know, whatever government agencies to deduce surveillance on US nationals. So what did, but the private sector can. And so what did the, what did ICE, the, you know, the anti immigrant, the immigrant immigration police do? They hired a private company to do the surveillance via your phones. And then they bought the material, they bought the information. I mean, everything is tracked by all social media. I mean, you know, if you're on, if you're on the internet, you have to always accept the cookies, right? Whatever newspaper they're all, you are tracked unbelievably much. And that, of course, is purchasable. So you don't really have to worry about 1984 and big brother, because basically in this commercial world, they can just follow you just by the, by the information. And so I would say, I mean, yeah, and you don't even have that possibility to say whether the concrete case I've brought about ICE buying information on illegal immigrants was that it was tracked on your phone. I mean, these people who were apparently illegal were tracked on their phone by a private company that then sold the data of their location to the U.S. government. So I think this is one of the, one of the, this is one of the things that we will face, unless you become an utter ludite and cut yourself off from any contact. Well, then, then you're okay. Otherwise, these are part of the changes we're only now beginning to realize. Up till the middle of the 1990s, you know, if you left home, no one knew where you were. I mean, before the smartphone, I mean, you had a Nokia phone, right? Just a plain little flip phone or something. You, you were no longer, you could be identified, you could be, you could be the geolocated. Before that, you had a phone, it was plugged in the wall, you walked out of the house, no one knew where you were. Today, you can always be found and identified. Yeah. And do you think that the private sector is taking cybersecurity seriously? No. You know, as board members said, you know, exact senior executives. No. You know, the word, the really horrible case of incredibly irresponsible case of, of equifax, which is a credit rating agency in the United States that had basically they had 150 million people's credit ratings and about 11 million in the UK also. And they were hacked. First, I mean, they were hacked. They had been warned, as were all kinds of other companies, that a certain software they had, they would not, that had to be patched in order to prevent it from being hacked. They did not patch the software. They were hacked. And the data for about 150 million residents of the United States and then some Canadians and some UK residents was stolen. They found out it was stolen. They did not even report it for until the, the, at least the CEO and some members of the board sold their stock in their own company because they knew it was stolen. This is all completely illegal. But in terms of responsibility for patching and all that's, I mean, that is companies are not responsible. I think that I mean, as their own sort of selling point who does take it seriously is Apple, from my experience, compared to the other companies providing the same services. And that's their whole marketing tool. I mean, they advertise and rightly so that we take privacy seriously. The other ones don't. Right. So the question here, thank you for that. Thomas, the question from Andrew Rue InfoSec consultant at BCC Risk Advisory. Do you think that increased focus on security and digital sovereignty might result in segmentation of the internet under the two spheres of interest? For example, North America, EU, Russia and China. Yeah, I mean, that's, well, certainly on the part of, I think there are three approaches, broadly speaking. We have the utterly free market capitalist surveillance model pursued by the United States. Then we have in to a greater extent in China, because it's just good. And to a lesser degree, because in Russia, because they're not, algorithmic authoritarianism. I mean, just keeping track of everything and everybody doing the same thing that the, you know, that Google does, but they're doing it there. They have an additional pipe that goes through the government and the social credit model that has been developed in China, where you get plus and minus points for various behaviors that then determine what you are allowed to do in further life is a good example. That is Orwellian. And then what is not yet really, I mean, this is what all these EU policies, I would assume, are going to be focusing on is what approach do we take in Europe? We are far more privacy oriented than North America. Certainly, we are far more basic human rights oriented than the authoritarians, but we haven't really put out an effective model. But if there's going to be a I don't know what you call it. I mean, if you are going to have a splintering of the internet, which is a distinct possibility, it will, first and foremost, I think, and I hope, go along the lines of authoritarian human rights, ignoring versus liberal democratic and human rights respecting how that will turn out. I don't know. Thank you, Tomas. We've had lots of questions. I'm just going to finish on this one. We're just coming up to Court Pass 12 or Court Pass 1 with you. And this kind of follows up on that. Then how should the EU respond to cyber attacks from external actors? In 2020, the EU imposed sanctions against Russia and Chinese based actors for cyber attacks. Is this the right? Is this the step in the right direction? And that's from Seamus Allen here at the IIA. Well, up till now, with a few exceptions, Western governments have shunned the hackback. The hackback meaning that if you are hacked, you do it to them. In fact, in the United States, it's explicitly forbidden to private companies that can hack to hack back. Because if you figure out who did it, you can go get them. But we need stronger responses, I think. And here, I mean, the EU, I think, is actually at a better position. Basically, you have the European arrest warrant. You can forbid anybody engaged in this activity from coming into the European Union. If you're your average Russian hacker, you're not going to go to the US. But certainly, you love to go to the French Riviera or whatever. And that has to be a European response. I mean, for Ireland or for Estonia to say, you can't come to my country because you did this bad thing. But if it's all of the EU, then it becomes, I mean, it becomes a problem, right? Out of the UK gone, they'll all go to London. But that's a different matter. In any case, I would say pan European approach to this. And then we can move on to stronger sanctions. Certainly, you can do smart approaches. The problem, rather, in the European Union, is no one wants to do anything in this regard. Well, unfortunately, time has cut off with us. So thank you so much for your time and for your exploration of those threats and challenges in such a graphic way so that we remember them. Very important. And your recommendation for a pan European approach, I think, is critical. And I'm optimistic at this stage in Europe that they are open more to these ideas and the whole area of integration and cooperation. It will take time, but it's people like you, President Ilvers, that you have to keep talking about this in the way you do in such an inspiring way. So I'd like to thank you for your contribution. We've lots and lots more questions, so you'll definitely have to come back again. Hopefully, with the vaccine and everything else, it will be in person. So I'd like to thank Lorcan Mullally, today, our IEA production team, who managed to get you back, to get you here and get you back again. That was very good. And to Seamus Allen, our Digital Policy Researcher. And to your audience, thank you so much for your attendance, but also for your active participation. They are very, they loved your presentation, Tomaso. Thank you very much again. And we look forward to seeing you in the future. And in the meantime, stay well and keep safe.