It’s important to think beyond the cliché that data is the new oil. The dystopian dream of seamless data integration and the ability to ‘collect and know it all’ overlooks the complex politics of data. National borders and ambitions make for a landscape characterised by Balkanisation, conflict and contestation.

Countries know that strategic advantage is lurking somewhere in the data—the signal in the noise. However, a key question for all countries is whether that advantage lies in ensuring centralised control of data, in promoting openness and transparency, or in prioritising the use of data to serve the public interest.

It would be easy to pull up the drawbridge and regard increasing calls for digital sovereignty as calls for autarky. Mobilising Australia’s asymmetric advantage relies on our ability to lean into our democratic legacy to avoid perverse mirrors of the systems of data surveillance, or ‘dataveillance’, we frequently criticise. This means moving from a mindset of tech adoption and data dependence to one of strengthened interdependencies, international partnerships and civic engagement.

Nearly 10 years ago, CIA Chief Technology Officer Gus Hunt articulated the ‘collect it all’ theory of cybersecurity and mass dataveillance: ‘The value of any piece of information is only known when you can connect it with something else that arrives at a future point in time. Since you can’t connect dots you don’t have, it drives us into a mode of … try[ing] to collect everything and hang on to it forever.’

This collect-it-all ethos increasingly defines vast areas of national security and economic and social life. We are living in an age of big data where seamless integration is seen as a strategic necessity.  Much rests on our ability to convert the potential of data into a resource. This would extend the national conception of where and how we derive and trade economic value.

It’s easy to get swept up in a mindset that sees modernisation of data infrastructure as an essential good. Although corporate and government jargonistas would have us believe they’re scaling us into the stratosphere, many societal problems remain intractable.

A recent example of the tensions common to many corporate and government data projects is the pause of the ‘battle management system’ component of the Australian Army’s Land 200 project. The chief of army described the digital command and control of forces as the service’s highest priority project: ‘[W]hen we build a network and connect all the parts of that force to that network we are greater than the sum of the individual. It is the improved quality of command and control of all aspects of our operations, so it’s not about high-end warfare, not about counterterrorism. It’s about everything we do.’

The battlefield management system was intended to connect every vehicle and soldier to a secure tracking system so that commanders would know the exact location of all their personnel and equipment, and so that every soldier would see, through moving symbols on a personal or vehicle-mounted computer screen, where everyone else was.

The cost overruns, the significant governance issues identified in a scathing audit report and the pause of the program represent common vulnerabilities in data projects.

It’s tempting to buy equipment off the shelf to save money, but we have to think about how enterprise data projects are products of unique organisational cultures, human capital and infrastructure densities.

The great promise of 360-data systems is that they allow a busy executive or commander to determine problems and opportunities by glancing at an appealing dashboard without needing to understand the shape of the data.

However, this assumes that organisations have a solid governance and hygiene strategy for managing data that may be inconsistent, poorly integrated or from questionable sources. If the right questions aren’t asked of the data, what appears on a dashboard may be meaningless or deceptive. In the quest to rationalise and simplify, a dashboard may indicate that something is wrong, but not how bad it is.

Lack of data literacy from the top to the bottom of organisations is a widespread vulnerability. In an age defined by attention deficits, the promise of complex problems neatly solved on PowerPoint slides concedes too much to slick sales agents.

And all of our sophisticated tools for handling, searching, linking, sharing and analysing data in mind-numbing iterative and synergising processes may give us a misdirected sense that we’re on the path to change, when in fact we’re simply replicating the status quo.

Despite the claims of tech evangelists, the tendency towards indiscriminate corporate collection and monitoring of everything risks lowering the ability to understand complexity. Big data can construct new realities where ‘face-tuned’ algorithmic acceptability becomes the ideal.

The worst aspects of data analytics reduce diverse human lives and multidimensional social structures into data points. The functional and the mechanistic are preferred over the contradictory and paradoxical, and the critical value of weathered experience, good judgement, the obscure and the marginal can be lost.

The collect-it-all ethos, and the 360-degree view of human and ecological systems it might offer, could be endlessly exploited by the powerful. Citizens grouped into pseudo-scientific psychological profiles make rich fodder for microtargeting by rogue governments, foreign agents, charlatans and corporate executives.

There are inherent inequalities in data systems. A report commissioned by the Dutch Data Protection Authority 12 years ago estimated that the average Dutch citizen was included in 250–500 databases, and up to 1,000 for more socially active people. This can occur through over-monitoring of some groups and individuals (reinforcing over-policing, for example) and under-monitoring of those without access to data systems.

Data always presents a partial view, but even more pressing is the issue of data power asymmetry. The collection of our movement, health and demographic data is increasingly given over to global and national monopolies for control and profit extraction, rather than to further the national interest.

With fewer firms possessing the human capital and brute computer-processing power to handle complex data, we face a narrow world where rich and paradoxical human experience is nudged and reduced towards more ‘efficient’ and predictable choices. In the process, we lose a sense of a democratic data ideal—to use this resource to preserve the public good.

This translates to the setting of international norms about data, another highly contested area. When we assume that data is perfectly interchangeable, we miss the important ways that regulatory frameworks and international standards ensure the continuation of cross-border data trade.

Blockchain, for example, is meant to smooth the flow of information between jurisdictions, but when single countries insist on global compliance with their domestic cryptographic protocols, this can force the opening of backdoors that pose security risks. We should not lose sight of the importance of maintaining an international system that provides some form of common regulatory oversight over data transfers.

China has made data a matter of national security, and has placed strict limits on how it can be stored and taken beyond the ‘Great Firewall’. Although there’s an economic case for this form of data mercantilism, it’s a far cry from the early promises of a free and open internet. China has more to learn from the comparative openness of democratic systems as a source of innovation, which it has tried to gerrymander through strategic theft of intellectual property.

But within our own borders, we may not even know our own data network’s strengths and weaknesses. Many data systems function because they’ve been effectively patched over by temporary measures. Although there’s a lot of attention on modernisation of tech infrastructure, most of our tech spending is on operating and maintaining legacy systems, not on improvement.

A recent US Government Accountability Office report found that of the US$90 billion the federal government spent on information technology in 2019, nearly 80% went towards operation and maintenance of existing systems.

In Australia, a 2019 review of IT spending in the Australian public service concluded that ‘agency capital budgets are under-funded and there is strong evidence of a technology deficit across the APS, with some major legacy systems at or near end of life’. That review called for an audit of infrastructure, which might provide a strategic direction for a government otherwise relying on a passive approach to tech adoption.

A 2016 GAO report found that the US departments of commerce, defense, treasury, health and human services, and veterans affairs were still using 1980s and 1990s Microsoft operating systems that the vendor had stopped supporting more than a decade before. The same mix of Australian departments may be similarly vulnerable.

Frank assessment of Australian networks and infrastructure risks may evolve as the pivot to a risk-management approach in government information security becomes more widely understood.

It’s impossible to eliminate all data security risks. All organisations want to avoid a breach that adversely affects individuals or national revenues associated with intellectual property and collective surveillance. It is within our grasp to drive for a high standard of preventive risk reduction and to create a data regime that acts in the national public interest.

There are underexplored opportunities in Australia for genuine use of data that a top-down collect-it-all ethos might miss. There are examples of experimentation with data that build citizen engagement and participation into regulatory processes. One is the Taiwan process established by a civil-society movement at the invitation of Taiwan’s minister for digital affairs.

Australia needs to ensure that data benefits are more evenly distributed and that data harms are not socialised. If data frameworks don’t balance preservation of Australia’s democratic system and development of our skills ecosystem, we’ll end up with a digital and data dependence that compromises our sovereignty and doesn’t provide the strengthened digital interdependence we’ll need to navigate a period increasingly defined by digital geopolitics.

Over the last few weeks, media around the world have been saturated with stories about how technology is destroying politics. In autocracies like China, the fear is of ultra-empowered Big Brother states, like that in George Orwell’s 1984. In democracies like the United States, the concern is that tech companies will continue to exacerbate political and social polarisation by facilitating the spread of disinformation and creating ideological ‘filter bubbles’, leading to something resembling Aldous Huxley’s Brave New World.

In fact, by bringing about a convergence between democracy and dictatorship, new technologies render both of these dystopian visions impossible. But that doesn’t mean that there is nothing to fear.

Much of the coverage of the 19th National Congress of the Communist Party of China (CPC) focused on President Xi Jinping’s consolidation of power. He is, observers warn, creating an information-age dictatorship, in which the technologies that were once expected to bring freedom to China’s 1.4 billion citizens have instead enabled him to entrench his own authority. By providing the government with highly detailed information on the needs, feelings and aspirations of ordinary Chinese, the internet allows China’s leaders to preempt discontent. In other words, they now use big data, rather than brute force, to ensure stability.

And the data are big indeed. More than 170 million face-recognition surveillance cameras track every step citizens make. An artificial-intelligence-enhanced security system can spot criminal suspects as they cycle beside a lake or purchase dumplings from a street vendor, and immediately alert the police. Data surveillance cameras feed into China’s ‘social credit’ data bank, where the regime compiles thick files on its people’s creditworthiness, consumption patterns and overall reliability.

The CPC is also using technology to manage its own ranks, having developed dozens of apps to communicate with party members. Meanwhile, it blocks some of the empowering features of technology: by forcing all tech companies to have their servers within China, it effectively ‘in-sources’ censorship.

The impact of technology on American politics has been even more visible, but it is analysed in terms of the market, rather than the state. Among the most eye-catching stories has been the role that ‘fake news’ played in shaping last year’s presidential election. Facebook has admitted that 126 million Americans might have seen fake news during the campaign.

More recently, Special Counsel Robert Mueller, who is conducting an investigation into whether US President Donald Trump’s campaign colluded with Russia’s interference in the 2016 election, charged one-time campaign chairman Paul Manafort with 12 counts—including ‘conspiracy against the United States’—for his actions prior to the campaign. A foreign policy adviser to the Trump campaign, George Papadopoulos, was also indicted for lying to the FBI about meetings with individuals closely associated with the Russian government during the campaign, though he has already pleaded guilty and has been cooperating with investigators since the summer.

But beyond such bombshell developments is a broader anxiety about the ability of tech companies to control the information people receive. With big tech’s secret algorithms determining how we perceive the world, it is becoming increasingly difficult for people to make conscious decisions—what philosophers perceive as the basic dimension of free will.

Big tech companies, worth more than some countries’ GDP, seek to maximise profits, not social welfare. Yet, at a time when attention is supplanting money as the most valuable commodity, the impact of their decisions is far-reaching. James Williams, a Google engineer turned academic, argues that the digital age has unleashed fierce competition for our attention, and few have benefited more than Trump, who is for the internet what Ronald Reagan was for television.

At the same time, the impact of technology on politics is relatively independent of regime type. Technology is blurring the comforting distinction between open and closed societies, and between planned and free economies, ultimately making it impossible for either to exist in its ideal form.

By revealing the US National Security Administration’s massive government surveillance, Edward Snowden made clear that the state’s desire for omniscience is not limited to China. On the contrary, it is central to the idea of national security in the US.

In China, things are moving in the opposite direction. To be sure, the Chinese government is pressuring the biggest tech companies to give it a direct role in corporate decision-making—and direct access to their data. At the same time, however, the internet is changing the nature of Chinese politics and the Chinese economy, pushing both to become more responsive to consumer needs.

For example, a friend who worked for the search engine Baidu explained to me how the company tries to enhance the consumer experience of censorship, testing the ways in which people prefer to be censored. Jack Ma of tech giant Alibaba thinks that China can use big data to design perfectly calibrated state interventions that enable it to outperform free-market economies. In the coming decades, Ma believes, ‘the planned economy will get bigger and bigger’.

In the digital age, the biggest danger is not that technology will put free and autocratic societies increasingly at odds with one another. It is that the worst fears of both Orwell and Huxley will become manifest in both types of system, creating a different kind of dystopia. With many of their deepest desires being met, citizens will have the illusion of freedom and empowerment. In reality, their lives, the information they consume, and the choices they make will be determined by algorithms and platforms controlled by unaccountable corporate or government elites.

As the government’s review of the Australian Intelligence Community (AIC) picks up steam, one of the key challenges is to identify and resolve growing gaps in the AIC’s technological capabilities. One such capability is the collection and use of Big Data.

The generally accepted definition of big data casts it as a “problem”, because it’s characterised by its extreme volume, velocity, and variety, which makes collection, management and analysis rather challenging. The problem stems from a ‘data deluge’ of social media posts, photos, videos, purchases, clicks and a burgeoning wave of sensor data from smarter and interconnected appliances and accessories, known as the ‘Internet of Things’. Those sources generated a staggering 4.4 trillion gigabytes of data in 2013, but that figure is forecasted to reach 44 trillion gigabytes of data by 2020, which threatens to overwhelm conventional methods for storing and analysing data.

In response to the problem of big data is the “promise” of big data analytics. Analytics promises to not only manage the data deluge, but also to analyse the data using algorithms to uncover hidden correlations, patterns and links of potential analytical value. Techniques to extract those insights fall under various names: ‘data mining’, ‘data analytics’, ‘data science’, and ‘machine learning’, among others. That work is expected to yield new insights into a range of puzzles from tracking financial fraud to detecting cybersecurity incidents through the power of parallel processing hardware, distributed software, new analytics tools and a talented workforce of multidisciplinary data scientists.

However, in order to keep the big data “promise”, the AIC review needs to address the following challenges:

1. There need to be mechanisms to ensure that data is manageable in terms of the definitional iron triangle of volume (size), velocity (of data flow), and variety (of data types and formats). While these are challenging enough in the big data context, the data analyst must consider the veracity of the datasets they select: the data’s representativeness, reliability, and accuracy. The analyst must also consider how the data will generate insights of value to the end user.
2. The current framework for privacy protection, based on the idea of ‘notice and consent’, needs updating. Currently, the burden is placed on an individual to make an informed decision about the risks of sharing their information. This is complicated in the context of big data, as this informed decision is, in the words of former President Obama’s council of advisors, ‘defeated by exactly the positive benefits that big data enables: new, non-obvious, unexpectedly powerful uses of data’.
3. Data-based decisions need to be comprehensible and explicable by maintaining the transparency and ‘interpretability’. That will become more challenging over time, as explaining the processes and reasoning behind a machine learning algorithm isn’t a simple task, especially as those algorithms become more complex, merge into composite ensembles, and utilise correlative and statistical reasoning.
4. Regardless of whether data analytics decisions are explicable, a fourth challenge is whether the public will accept algorithmic decisions. The ongoing debate about machine learning in autonomous vehicles demonstrates these concerns. As decisions of increasing importance are informed by algorithms, this challenge of ‘Algorithm Aversion’ will intensify.
5. Big data and analytics security needs to be ensured. That isn’t just limited to the traditional problem of the ‘honeypot’ allure of big datasets. It also relates to the distributed, parallel, and diverse architectural challenges of big data computing. It also relates to the security of the analytics themselves, with research into ‘adversarial examples’ showing that small changes to inputs can result in serious misclassification errors in machine learning algorithms.
6. Big data has both benefited and suffered from fever-pitch hype. According to Gartner’s Hype Cycle, mainstream attention to big data began in 2011, peaked in 2013, and was removed from the hype cycle in 2015, with the explanation that big data is now ‘normal’ and several of its aspects are ‘no longer exotic. They’re common’. While the idea that big data is the ‘new normal’ is reaching a growing consensus, it’s important to note that some of the early big data promises no longer hold in reality, and the distinction between hype and reality needs to be clear to policymakers before effective big data policy can be developed.

Over the coming months, ASPI, with support from CSC Australia, will undertake an analysis of Big Data in National Security to further explore the policy issues and challenges outlined in this piece, and to stimulate policy discussions around the issue.