Diplomacy for Data | Data Diplomacy Series | National Science Policy Network - NSPN
welcome everyone to our first fireside chat of our data diplomacy series through the National Science policy Network also known as nsbn we're thrilled to continue our conversation on data diplomacy and I'm especially excited to have some great speakers of us today who will be diving into diplomacy for data which means they'll be sharing with us their professional work and insights on data governance and if you're not familiar with nsbn nsbn is an organization designed for and geared for early career stem professionals who wish to engage and train in science advocacy policy and diplomacy so we welcome you to connect with us if you wish to learn more about nsbn for today's event all right so I'd like to start by introducing the team behind the making of this event I would first like to thank our co-sponsor Duke University's rethinking diplomacy program for amplifying data diplomacy through their research and then I would like to introduce the science diplomacy team at nsbn behind this series I'm anastasi Burnett I'm a data scientist at the Pacific Northwest National Laboratory where I analyze and build data tools across energy and environmental fields and I will be today's moderator we also have Ona ambroseta who's the chair of nsband science diplomacy committee then we have macron turci who is a JD candidate at the University of California Davis School of Law and finally Abigail Giles who's a PhD candidate in the medical Sciences at the University of Cambridge this team was behind this event's early development and its ongoing support and I would like to really especially thank Ona and Abigail for all their insights on science diplomacy so today's event will be a rich slice in a larger conversation on data diplomacy and our goal through this series is really to bring attention to and contextualize the emerging field of data diplomacy using real world examples so far we've launched our series with an introduction and Keynotes to data diplomacy and now we're diving into our specific themes these themes are diplomacy for data then data in diplomacy and then finally data for diplomacy for today's event we'll be exploring diplomacy for data or in other words how data governance and user Agreements are used to navigate International and domestic affairs and because I'm extremely curious to hear what our speakers are going to say I will only briefly introduce what diplomacy for data is and why it is important and then we'll turn straight over to professional introductions in a discussion between Jennifer way Hannah Bracken and Alma hirich so what is diplomacy for data and why does it matter diplomacy for data is a thematic slice in our larger framework about data diplomacy and it represents the Diplomatic decisions surrounding data use and governance on the circular pedals to the left you'll see examples of diplomacy for data which some of you will hear about today such as the application of eu's General data protection regulation or also known as gdpr which has deeply shaped the political narrative and governance of cross-country data flows and diplomacy for data is important because data can't be readily divorced from our assigned economies cultures and Science and governance as a result data is can really be the source of socioeconomic and geopolitical power but diplomacy for data can help prevent harms and promote novel political solutions to emerging issues in an increasingly Global and technological world so on that note I welcome our speakers for today who will engage in a set of questions on this exciting topic up until five minutes till the hour then we'll briefly open up for questions from the audience and because we wanted our speakers to be secure in their answers we've allowed speakers to come prepared with their thoughts but we also encourage any speaker who feels inspired by the conversation to respond to their co-speakers where they see fit by raising their hand also with such little time given to the audience for questions I deeply encourage members to reach out to the speakers after the event for additional questions so with that I'm excited to briefly introduce our speakers and then let them take the stage so today you will hear from genre Hannah Bracken and Alma highrich John verway is an East Asia National Security advisor at the Pacific Northwest National Laboratory in his role he uses his background in strategic trade controls and U.S China technology assessments to support U.S government expert control supply chain security and non-proliferation missions he is also a contributing author to Georgetown University Center for security and emerging technology and has worked for the US Department of Commerce and for two federal U.S trade agencies he also holds a graduate degree in international political economy from the London School of economics next we'll have Hannah Bracken Hannah is a policy advisor focused on data flows between the European Union and the United States in the U.S dlc's privacy Shield team Hannah previously worked on digital policy at the U.S mission to the
European Union in Brussels and before that worked on cyber security policy equally International Hannah received her master's degree from Sciences Poe in Paris and also worked as a trainee lawyer in Paris for a year finally we have Alma hayrich who is a PhD student in the human and social dimensions of science and technology technology program at the school for the future of innovation at Arizona State University her research focuses on critical data studies of emerging Technologies centering data governance surveillance and privacy she's also an NSF fellow in the National research traineeship on citizen-centered Smart cities and Smart Living and is a haystack scholar and Alma holds a master's degree in science and technology policy so thank you all so much for being here today and I'm going to open it up for you all to share your introductions so I'll go in the same order and let John start us off with his introductions sure thanks for the kind introduction on Nastasia so as she mentioned yeah I work at Pacific Northwest National Laboratory and a large part of my work for piano focuses on supply chain security and supply chain risk management so I think the original reason for me being a part of this panel was last year I gave a testimony before a commission of Congress on U.S government efforts to review and manage Supply chains and that's kind of the context in which I'll be talking about data availability data paucity and traceability because that's the area that I spend most of my time thinking about right now um as you have no doubt noticed in the headlines everyone's talking about supply chain security these days but no one does a very good job defining what that means and defining what it means is actually a very important step in understanding what sort of data resources are available or frankly not available when you're trying to establish the security or lack thereof of the supply chain so the government spent quite a bit of time working on this and there's an executive order in January of last year I believe or maybe two years ago at this point EO 14017 which mandated a series of executive branch reviews of critical technology Supply chains so this was the Department of Health and Human Services and Department of Agriculture all the way to Department of energy and Department of Defense and they were all looking at different Supply chains and in particular using data-driven approaches to map those Supply chains so there are kind of two different aspects to data and Supply chains that I'll speak to very briefly and then I'm actually going to hand it over because I don't want to take too much time but you can use data on Supply chains which takes the form of international trade information so imports and exports as a proxy for supply chain dependence so you can look at for example U.S Imports of a particular commodity from another country as a percent of overall U.S imports from the world for that commodity to determine import dependence so for a country like Malaysia that exports a lot of integrated circuits to the United States what you can do is figure out very quickly what percent of overall U.S Imports of integrated circuits come
from Malaysia and use that to characterize the supply chain dependency and in some cases where the number is very high it you know hypothetically some sort of commodity where the US is 100 import dependent on a particular country for a commodity that's the sort of choke point that you can use data to identify and then ideally go around the path of mitigating it the other type of information that's frequently used in supply chain analyzes if it's more of a data driven approach is frankly owned by the private sector because Supply chains consist of private companies engaged in private transactions that are typically business to business and occasionally business to consumer so you have to use a lot of data resources that are sort of outside of mainstream accessibility so there's a lot of commercially sourced supply chain information where aggregators will go through and scrape lists of company facilities and Manufacturing locations and to determine the provenance of goods or look at where a product begins as a raw material becomes a processed material and becomes integrated as a sub component and then a component and then into a finished assembly and that information is generally owned by the private sector companies that are involved in those stages but aggregated by a third-party commercial vendors who then sell that information to other entities that want to engage in supply chain risk management so that's kind of my high level overview and I will stop there and hand it over to if we're going in order I think Hannah will be next yeah thank you so much really fascinating especially the the choke point uh mention uh but yeah go for it Hannah thanks so much and it's it's just really great to be with this group of scientists and Engineers today so you know thank you for the opportunity because I'm so aware that you all are using data for good in many ways um and my first job out of my undergraduate degree was working for an academic publisher in the sciences and that experience left me in awe of the work that you do and the very prolific way that you share it um it just as a quick background about me and you know where I'm coming from on these topics after my time in publishing I studied law in Paris and that was while the European Union's general data protection regulation the gdpr was entering into Force so in one class we considered the um unchartered territory for compliance with the gdpr um and this is of course applicable in the EU and extra territorially for public sector private sector organizations and also non-profits so now that academic experience that I had and often those same questions factor into my work um for the international trade Administration so the international trade Administration is part of the Department of Commerce and itas strengthens the competitiveness of U.S industry it has a role promoting trade and investment and it ensures fair trade through enforcement of our trade laws and agreements um and with our interagency counterparts we do diplomacy work to promote international data flows that are so critical for research among other things um I'm on a Europe Focus team as was previously previously mentioned and that makes sense and I appreciate that given my personal background and experience in Europe um but just so that you know I have colleagues who work on issues at the intersection of trade national security and privacy law globally as well so we're by no means solely focused on the European Union and we administer a program that was designed to give us companies a stable legal basis to receive EU personal data in compliance with you law including the gdpr U.S organizations and multinationals with activities in the U.S will be able to use this program as the basis for their commercial data transfers after the European commission finalizes a draft adequacy decision that it has relative to the program and this program is called the EU us data privacy framework the transatlantic work that we're doing with our European counterparts facilitates these transfers for the benefit of both U.S and EU companies so um I think this is a key point just at the outset of the conversation that there's not a zero-sum game in terms of data and the actions that we as governments can take to facilitate trade-in research can serve both our local companies and those companies from our strategic partner Nations at the same time um European companies want to be able to transfer you personal data as well and they might transfer it to the US for instance if they have U.S operations to manage um so data is just more useful when it's not siled um and just to close my kind of intro and talking about companies and Commercial data flows so this is particularly applicable for research that's taking place within the private sector specifically within organizations that are subject to the Federal Trade Commission or the U.S Department of
Transportation but the underlying issues are of course applicable for non-profit in public sector use storage and movement of data and so I have colleagues at the National Institutes of Health among others who are experts in that Arena and that we work with thanks all right awesome thank you so much it's great to meet you and hear about your work um so I guess finally we'll turn to Elma for her introduction thanks for the very generous introduction already um I'm very excited to be here and looking forward to the discussions I think the other panelists here have very robust and Rich experience directly working with policy I am a third year PhD student in human and social dimensions of Science and Technology at ASU um and I think my approach to data governance uh is a bit removed being a PhD student but I did have experience interning at GAO on their Science and Technology assessment and analytics team looking at 5G and facial recognition um that's my direct policy experience but otherwise my research is really looking at data from a critical data studies perspective and identifying some of the gaps and some of the opportunities where we have to enrich our approaches to the governance for example I see a lot um looking at privacy specifically and a lot of Clauses that address personally identifiable data but my research is kind of scoping it out a little bit more to start thinking about surveillance ecosystems and um some of the experiences that people have who are subjected to these emerging Technologies who might not have consented to them and just digging into that scope I'm also part of the NSF nrt on uh citizen-centered science citizen centered smart cities and Smart Living so my interest in data governance Falls specifically into that smart cities framework um and that's also where I see a lot of gaps and a lot of opportunity for more governance even though the direction there is heading towards less and less governance okay great thank you Alma and also great to meet you and thanks again for everyone sharing their backgrounds with us it's really compelling to hear from each of you um so now I'm really excited to finally dive into some questions um I'm going to ask four questions and maybe a fifth one if there is time so I'm going to start with a question that I thought would help set the ground about what are some of the challenges and opportunities you're facing in your work and so I want to ask you know data governance often considers the need for accessible interoperable and secure data how would you describe the role that data governance and our data diplomacy plays in your work what progress have you seen on those fronts and where is their legal friction and I'll direct this question in reverse order starting with Alma sure so I mentioned a little bit about the Smart City approaches being more and more towards kind of these Innovation districts that tend to be hands-off governance and even local governance kind of allowing this test zone and this um sandbox that allows for Innovation and I think there is a very large challenge between balancing that Innovation mindset and protecting privacy and protecting data and kind of thinking about the surveillance ecosystem again um you know different locations have had different approaches and we've seen some locations have very large failures like the sidewalk labs in Toronto was a very big failure in part because of their lack of attention towards data security and and data governance um so there are Lessons Learned and and things that set the stage there um also thinking about cyber security as an aftermath is often a problem in these spaces um there's a lot of legal friction between emerging Technologies and trying to do data so I hope that answers the question for now yeah that's great especially I never considered much about cyber security posts maybe disaster in the data World which I I could see that um I think there's maybe my work a lot more um effort to do it pre after maybe some bad experiences of post uh so yeah thank you um Hannah I'll direct this towards you too now thanks um it's a really interesting question and um the international cooperation aspect of data governance is at the core of my work um professional experience and I've found that clear definitions are key in having a kind of Baseline understanding of what's being discussed it sounds really basic but it's also essential for live discussions and policy meetings um particularly the case in international settings and so an example of this is like the concept of personal data which is important in research and Commercial context particularly for the ability of personal data to move and be accessed by different parties in compliance with privacy laws but it can be hard to fully Define personal data on a national Regional or global scale um and so one reason a definition is hard is that as well our technological capabilities of societies are evolving um advancements in anonymization and encryption that we've seen over the years for instance also play a role so I think finding Baseline understanding is a key part of today's topic of diplomacy for data which I understand to cover the um management of international relations as it pertains to data access into use um which is at the core of the research profession so I think there's an important distinction that can be made between like an a potentially artificial construct of data security that's focused solely on location which can sometimes be the case and its ability to be accessed and then um perhaps a more substantive approach to the question based on the consideration of the protections that data enjoys in practice and recognizing the importance of cyber security and operational safeguards and then the safeguards provided by Democratic societies with shared values accessing or not accessing but um involved in as destinations for data I cast through within their jurisdictions it's really fascinating yeah John do you have any remarks yeah so within the context of Supply chains and thinking about data challenges and opportunities I think the primary challenge is the one I already alluded to which is pretty much every supply chain is owned by the private sector so information about those Supply chains is only knowable to the extent that private sector firms involved in those Supply chains choose to talk about them publicly because they're under no obligation to describe for example how they go about making an airplane so I'm based in Seattle Washington Boeing has factories in 50 plus countries designed teams in 50 plus countries they're under no obligation to describe where they Source the rubber that makes the wheels where they Source the printed circuit boards that go in the avionics where they Source the carbon fiber Composites that make the wings all of those Supply chains are under the control of the company and they have no they have no commercial incentive to share that information so for policy makers that are interested in assessing supply chain resilience and supply chain security navigating a lack of data availability is really important and figuring out what sources of information you can turn to that might provide sort of a proxy that you can use to assess supply chain is very important I think one opportunity that I see is especially in light of the recent executive order I've mentioned earlier the US government's generated quite a bit of information on critical technology Supply chains in recent years and actually the international trade Administration is currently our recently solicited feedback on a proposed list of critical technology harmonized system codes so codes that correspond to particular Commodities that are deemed critical technology so the government's paying a lot of attention to this and they're doing so in a data-driven way and I think the big opportunity is not losing that momentum in the medium term because the Temptation is to write a report once every five years on a subject and sort of walk away from it in the intervening time but a lot of the information that's been generated will be more relevant and more impactful for policy makers as it's provided it is regularly updated really great yeah all these mentions about obligations or no obligations jurisdictions definitions codes really great to hear about so let's dive more into kind of the specifics of what your work entails um I'm really curious to ask as a novice reading up on data user agreements but also as someone who handles a lot of other people's data um I'm really fascinated by this legal world that exists and kind of the rules with it um for example the trade the trans-pacific partnership agreement TPP has been described as the most advanced model for electronic Commerce so far and the EU General data protection regulation gdpr has been known to have heavy transnational obligations and scope and cross-border data transfers so what opportunities and or barriers have you encountered in your work as it pertains to these large multilateral agreements and how have you seen other data user agreements play a role likewise how have domestic laws reacted to larger international data laws and multilateral agreements so with that I I'll direct this question first to Hannah and then Jonathan Alma thank you um I I'm gonna focus on the general data protection regulation or gdpr um and just as a quick background and people might be familiar with it but it's a comprehensive privacy legislation in the EU that applies across industry sectors and to companies of all sizes in addition in addition to the text of the gdpr itself individual member states um have uh guidance that they publish to help organizations operating in their territory can fly with local gdpr data protection requirements and the European data protection board that groups together all the member State data protection authorities also publishes guidance meant to harmonize interpretation of the gdpr across the European Union so for instance the European data protection board has guidelines with hypothetical examples that are meant to help organizations understand whether data processing Falls within the scope of the general data protection regulation and I recognized that for organizations there's a lot of information for them to monitor when crafting and updating their data governance and data privacy policies to comply with the gdpr so this can also entail significant compliance costs the EU us data privacy framework that we administer at the international trade Administration is aimed at providing an easier way for U.S firms primarily smes to receive EU personal data in compliance with EU law and from a government perspective the U.S Department of Commerce and the European commission have crafted over the course of two years this EU us data privacy framework to provide these companies with the future mechanism to comply within gdpr requirements um and this has been a Biden Administration priority from day one on October 7th 2022 President Biden issued an executive order called enhancing safeguards for United States signals intelligence activities I'm in the Department of Justice issued accompanying regulations implementing the U.S commitments under the EU status privacy framework to these changes to U.S law strengthen the privacy and civil liberties safeguards governing U.S
signals intelligence activities and they establish a multi-layered redress mechanism with an independent binding Authority and the EU us data privacy framework will amend the current privacy Shield framework principles and the strengthen safeguards for signals intelligence activities new redress mechanism and updated privacy principles under the U.S data privacy framework will form the basis for this future adequacy decision from the European commission that I mentioned and you know I'm using this as a case study to show the importance and work being done to restore stability to data flows because it is an issue that thousands of EU and U.S firms rely on thank you what an interesting legal Network um yeah John go ahead yeah so from the supply chain side of things uh there's really not much to add it's kind of the Wild West there are no legal agreements uh again all of these Supply chains are managed by companies that participate in them there are no International agreements there's no standardized templates for supply chain mapping there's no sorts of standardized uh fora where people get together to talk about data in the context of Supply Chains It's all very ad hoc and um there's no real I don't think need or venue for more information sharing ultimately Supply chains are business to business transactions and uh the only time the government seems to express a interest in learning more about a supply chain is one it is deemed critical or when there's a supply chain Interruption so having a proactive role and you know dealing with things at a scale equivalent to gdpr First Supply chains is uh there's nothing like that out there wow that's really fascinating had no idea um Alma go ahead if you have remarks yeah uh the gdpr is really the first kind of Behemoth attempt to try to Wrangle in some of the uh data privacy implications and and governance and um it really set off a chain reaction where many other countries started adopting their own um legislature around protecting data and giving citizens a mechanism to have to complain about um some of these things and I think that's something that's still really difficult to Grapple with and to find enforcement around and that's certainly something that I've seen in work looking at institutions especially in the United States I think we're still lacking so much of that comprehensive legislation and you know there are Pockets where even State legislations like California's legislation don't apply for example on University campuses or um there's still a lot of Gap where things need to be addressed and something that I find really fascinating from the legislation approaches is the topic of National Security because that often creates a lot of exemptions and I think it's worthwhile to investigate those exemptions and to kind of consider the boundaries of these legislations oh thank you yeah it's really amazing to hear how connected but also reactive of this legal field is around data so likewise I'm really curious to ask about data in a more social lens um especially because data has this fascinating trade law history associated with it in addition to acting as carriers of values and identities when countries organizations and communities interpret data so how has cultural diversity shaped your interactions with data governance policy and or diplomacy and I'll direct this question first to John and then Hannah and I will quickly redirect it I don't think I have a very good answer for you on that um supply chain information is uh not much it doesn't have much of cultural resonance and is not part of any cultural Zeitgeist that I'm aware of it is uh really just corporate transactions and business mapping and commodities I see now this is all extremely interesting you know whether you say there's no cultural resonance or it's like the wild west you're really mapping a great picture of the work you're doing I you know if anyone like me had different assumptions um but yeah go ahead um Alma if you want to take on this question sure um my Master's thesis was looking at RFID implants and kind of the implications around that and something that I found really fascinating was it's culturally accepted in Sweden and it was like readily adopted um where people would have these parties of biohacking parties where they would inject themselves like right here with RFID chips and those RFID chips don't really do much they kind of open doors and you know but it was like this cool biohacking thing and gave people the opportunity to talk less and have very brief interactions when they get on a train they can just scan instead of having to talk to somebody so there's definitely a societal and cultural shaping that comes with how people approach data governance and the extent to which they trust their governance which is something in the United States that's very fractured um especially given after the Snowden leaks and um the understanding that citizens were being surveilled even though they had no reasonable actions that would make them um that would warrant that surveillance so yeah that's kind of where I see some of that cultural influence great thank you yeah what an it's always interesting to see how people react uh to data in their communities especially with these parties um Hannah go ahead I had no idea about these parties it's really A Whole New World very interesting I want to thanks for thanks for that um I I was thinking about this in relation to commonalities between privacy laws across jurisdictions and they often build from internationally recognized principles like the oecd Privacy guidelines that were the first internationally agreed privacy principles um but I do think every country has its own approach that's influenced by its history and culture and also what its domestic legal framework is um and something that we also run at the international trade Administration are the global cross-border privacy rules the cbprs and there's um it's a forum that's um basically establishing a baseline of common standards across jurisdictions to bridge different approaches to facilitate cross-border transfers of personal data without requiring The Identical legal framework in every jurisdiction I think there's an important role as well that governments can play in explaining the our work around data both to Citizens but also to strategic partner Nations for instance in the trade space um and that basic understanding of a country's history can help us understand why they have some of the laws that they have particularly in the Privacy space so effective diplomacy can acknowledge that and build on this and um that those were my thoughts on this question thank you yeah thank you interesting especially with you Hannah hearing about you're very concerned about like definitions and standards you're really trying to build this legal language all the time so great um my final question for you all is kind of one that starts leaning more into critical Technologies we've been kind of mentioning it in the background we all kind of know the Technologies are some of the very things that collect and store data uh so with big data The Internet of Things also known as iots artificial intelligent and cloud computing there are all these data tools and analyzes that are creating disruptions in the data science and data governance Fields how have these novel data Technologies or other novel data Technologies impacted the data economy and data policies in your work and what do you anticipate happening next um and I'll direct this question first to Elmont and then Hannah and then John yeah this is right up my alley for for what I'm looking into um I it seems like these technologies have really pushed forward this open Innovation concept and I think on a broader International lens there's kind of a competition mindset to who can you know develop the best AI who can um you know get there first there's definitely that kind of mentality on a broad scale but and and it seeks seeps down into some of the more local initiatives and I think you know given just this Innovation mindset and this very shiny promise of like automated vehicles and um you know self-driving vehicles and and this very utopian technological dream um that's being sold it is really fascinating and great but it lacks the understanding that people who are historically marginalized tend to then be once again marginalized by these new initiatives and there's a lot of practicality that is ignored um and a lot of harm that's created in pursuit of these kind of sci-fi dreams um and I think something that I'm seeing the direction heading towards is a lot of pushback and I think that's something that is unanticipated and for example those smart street lights project in San Diego where they put up these street lights that were said to just be sensing to turn on and off automatically ended up having a lot of different capacities onto them and surveillance microphones watching neighborhoods um that received significant pushback in the communities and was eventually forced to be turned off um so there's kind of this pushback that I think is going to become more and more prevalent as people realize their need to have their privacy protected more and more and kind of um depending on where they are and how their government is acting it could be very oppressive very quickly um so that's kind of where I see things heading thank you yeah it's almost as if there's very few safeguards it's all about yeah that big competition Hannah any remarks I was gonna focus on the AI piece of the question and um highlight some work that other parts of the Department of Commerce and the government are doing in this space that I think is relevant so that within the Department of Commerce the National Institute of Standards and Technology nist has developed a framework to better manage risks to individuals organizations and Society associated with AI this is the nist AI risk management framework and it's intended for voluntary use and to improve the ability to incorporate trustworthiness and considerations around trustworthiness into the design development use and evaluation of AI products services and also AI systems so it was released very recently on January 26th and was developed through a consensus model so information draft versions that were available for public comment workshops and other opportunities that um that people had to provide feedback so it's intended to build on a line and support AI risk management efforts by others as well and then the other um area where I thought AI was um was worth noting is that um the U.S EU trade-in Technology Council sorry for all the acronyms this acronyms the TTC that you might have heard of it was initiated with the European commission under the Biden Administration and in the TTC um the Department of Commerce leads or co-leads on the U.S government side for five of ten different TTC working groups and the topics range from Tech standards to secure supply chain icts security and then we work with our interagency colleagues specifically the state department and the United States trade representative on the other working groups that we don't read but within this whole set of working groups we're also cooperating on standards more broadly and so here's specific typically as a result of the commitment made within the context of the TTC on January 27th the U.S and the European Union signed an
administrative arrangement to bring together experts from across the U.S and Europe to further research on our artificial intelligence Computing and related privacy protecting Technologies So within this my understanding is the five key Focus areas for driving responsible advancements in AI are related to extreme weather and climate forecasting emergency response management health and Medicine improvements electric grid optimization and then agriculture optimization great thank you I definitely resonate yeah with that list um no it's really great to hear about um kind of like Risk Management as a solution and even just increasing conversations if you're not going to do it externally it's great to do it internally um so I guess we'll end with John unless last remark for this question sure yeah so within the context of the supply chain data world to focus on critical Technologies has mainly focused on defining the supply chains for how a critical technology comes to be so to stick with the AI example that's been mentioned a lot of the focus has been on the determinants of how you make AI which is generally agreed to be some combination of well-structured data that you can train an algorithm on an algorithm and then Talent the physical Workforce that's doing it and then the hardware or the compute so data Hardware software and talent are kind of the high level supply chain buckets for how AI gets made and that's indicative of the overall approach supply chain world has taken to critical Technologies which is defining what constitutes critical technology and then figuring out what value-added steps along the way ultimately result in the emerging or critical technology whether it be small modular reactors or brain computer interfaces well thank you um really great discussion overall um if anyone still also wants to tune in to respond to anything anyone has said please feel free um this has been really eye-opening um and I'm really thankful thankful for you being here today and sharing about your work um I'm gonna open up the floor for any audience questions early um and then if there are no pressing questions I'll ask one truly one last final question all right we have one question so far how does an institution or organization best balance the need for data security with data accessibility and usability anyone want to take this on it's a classic question there's always the accessibility versus security question I I can try um I I think this is something that every institution or organization needs to kind of grapple with it within their own culture and their own priority I think it's hard to say this like a general answer around this um but I think it really it's a need to have a team or or person that's really dedicated to finding Solutions around this question within what they're if they're creating Technologies to make sure there is a team dedicated looking at the the social and ethical implications of the technology and looking at and they have a team that's looking at cyber security impacts and making sure that those things are taken care of up front because what I see a lot of the times is there's a cyber security in incident and then there's kind of a fix um or there's kind of a really big impact that's detrimental to its Community or or customers or um whoever it's it's is being subjected to and then there's kind of an attempt to fix it but there kind of needs to be an upfront um Innovation cycle or organizational structure that starts to think about these things upstreamed I'll ask a quick follow-up too because Alma you're more in the research World um I feel like cyber security in order to like maybe build on the solutions you are addressing do you feel like it needs to become more of like a research question or is it more like a practical institutional tool kind of like what Hannah's saying like have your risk management unit yeah I think what Hannah brought up is kind of the way to start going about it I think all of this needs to be down at a practical level and I think um yeah I I am a PhD student but I think my program is really oriented towards looking at things from a practical um view as well and yeah I hope that answers the question yeah thank you anyone else wants to take this on or any other questions I appreciate elma's insights on this and I don't think I have anything to add thanks all right well I might just ask one last question this again can be optional um just to conclude the meeting so something that I think is being considered is that a more data-driven driven world has often been described as one that's more decentralized um because citizens practitioners and experts each own their own data and they generate their own data how would you describe the state of data ownership and privacy in your work likewise one has the provenance and Trust around data been important conversations in maintaining data diplomatic relations anyone who wants to take this on leave it open sure I'll take a crack at it initially so the hard thing with supply chain related information is in general it is probably all public if you know where to look but the value proposition that many companies have built a business model around is aggregating vast amounts of supply chain related information into well-organized searchable queryable you know software as a service landing pages and at that point the data becomes private and is owned by those firms because they've paid the cost to Aggregate and organize it and resell it even though in theory all of that information may be publicly available if you know what databases to be querying from certain government agencies and state and local agencies and things of that nature it's uh data ownership is increasingly uh challenge in supply chain security because of that um thank you John um I guess if there are no other questions there's one comment let me see am I hmm okay I'll I'll read this out loud and see if anyone wants to take this on so one one comic slash question asked was am I correct to think that much of the work described in this webinar is a matter of turning away from formal treaties and conventions and working instead of building normative rules of behavior by consensus does this supplement uh supplement strict legal approaches and if so shouldn't or if you disagree if you're like no it's the Wild West yeah there's uh I think this question is not super relevant to the supply chain world I don't think there's much to say from my side okay I I I think that there's a lot of effort and I think uh Hannah really gave us an insight into a lot of the policies and regulations that are being made and and Frameworks that are being made to try and have some kind of mechanisms on a broader scale to look at how data is being governed but I think for me and my perspective on it and my research it in lieu of having comprehensive regulations and while we are really grappling with this very difficult and messy um understanding of how how do we do data governance and how do we do it right and how do we have all of the enforcement and mechanisms like this is all still being really um created in in real time so I think while that is still being grappled with there's an obligation on um kind of normative rules of behavior and and legal approach approaches being supplemented by institutional policies by kind of local level policies yeah thank you Alma okay well if there are no other comments um I'm going to wrap up this great webinar and so I want to give a great thank you to the speakers for participating in this event um they truly offered perspectives that I thought were nuanced that were detailed um diverse in thoughts um diverse in background and I'm grateful to have been able to work with you all uh so not to wrap up the event I want to say that this is one event of many if you're curious to learn more about data diplomacy we will have two more events in the series and if this event diplomacy for data was especially inspiring I really encourage audience members to reach out to our speakers for more questions and the nsbn team behind this event if you like to continue expanding the series with us and so thank you all again for attending and I hope you have a wonderful rest of your day
2023-04-17 00:57
