VIDEO: Governance Vacuums and How Code Is Becoming Law

Speaker: Bianca Wylie

Series: Data Governance in the Digital Age

March 28, 2018

VIDEO: Governance Vacuums and How Code Is Becoming Law

In the year 2000, Lawrence Lessig, a lawyer and a technologist, wrote an essay entitled “Code Is Law.” In it, he warned of a governance vacuum, in which technology has hurtled ahead of governance, making software code created for commercial ends part of the de facto law.

In this video, CIGI Senior Fellow Bianca Wylie says that Canada is currently entrenched in such a governance vacuum and that Canadians need to take back some of the power related to code being law from corporations.

A national data strategy, Wylie explains, is where Canada must start to address the governance vacuum. In order for a national data strategy in Canada to be effective, three issues must be addressed: access to and ownership of key digital infrastructure, the self-regulation of the software engineering profession and rethinking how government procures software.

In developing this data strategy, Wylie stresses that the processes must be open and accessible to all Canadians and that it supports pre-existing, democratically informed policies.

There’s a governance vacuum currently in Canada and that relates to both policy and law in terms of technology. And what that means at its core is that all of our policies and laws were formulated prior to the internet era. In this void, companies are able to create products and as they’re used, that becomes normal and that’s this idea from Lawrence Lessig about code is law. Where commercial influence is now shaping technology faster than policy, legislation, regulation is happening. Which is why we need to really look at this and take back some of the power related to code being law and understand where we need to apply and direct that and be intentional within government about how we’re going to apply this code to our lives.

There are three planks that you would need to have an effective national data strategy. The first one is a digital and data infrastructure policy, and that would set the terms of who can own data, how can it be collected, who can use it and under what terms. The reason the word infrastructure is in there is because we have to start thinking about things like sensors as critical state infrastructure, which means that they should be owned by government or if they’re not owned by government, be wholly accessible to government. It also enables government to then turn around and open that data.

So the second plank to be considered would be the self-regulation of the software engineering profession. Starting there and thinking of borrowing from civil engineering, which is when you have a, you realize that there’s a public safety element to the products that are created under your watch. And also, what this does is it shifts responsibility to as many places as possible because policy will always have holes, legislation will have holes. So this is an idea of how we start to push some of this responsibility to individuals, so that it’s something that can become part of the responsibility for one person.

So the third plank of a data strategy would be procurement reform. This is not a new conversation, this is something that has been had in policy circles for a long time. But in particular to software and to technology products, procurement wasn’t designed to buy software. Software is never finished. There’s an implication to having a lack of technical capacity and ownership over some of the software and other pieces of technology in government. There’s a vulnerability there where you have a reliance on a third party. It’s not to say that all things should be built in-house by any means, but sometimes looking at which things might make a lot of sense to have in-house because they support critical business functions and because it would be helpful to have a large number of staff who know how they work and to have sort of institutional memory on how these things work.

These three planks are an opening, sort of starting idea set around how you might want to manage a national data strategy. I think what’s really important is to say nobody knows exactly what to do right now. And so, what’s important is to start doing that work and to have it done in a way that it can be iterative, that it can be open, that there’s a lot of transparency, that there’s a lot of accessibility for people to participate in this kind of a strategy and we really need to make sure that it supports pre-existing democratically informed policies because technology and tools and data are only as good as the policy that they’re trying to support. 

Series: Data Governance in the Digital Age

This series of videos explores topics including the rationale for a data strategy, the role of a data strategy for Canadian industries, and policy considerations for domestic and international data governance.

For media inquiries, usage rights or other questions please contact CIGI.

The opinions expressed in this article/multimedia are those of the author(s) and do not necessarily reflect the views of CIGI or its Board of Directors.

Rationale of a Data Strategy

The Role of a Data Strategy for Canadian Industries

Balancing Privacy and Commercial Values

Domestic Policy for Data Governance

International Policy Considerations