In every policy area, informed policy-making requires access to data and evidence. Solutions simply cannot be advanced without an accurate scope of the problem. Internet governance and ICT policy are no exception. For policymakers to make informed decisions on combatting cybercrime, they need to know how big the threat is. For economists, national data is just as important. The same applies to critical infrastructure, and many other areas.
Last week's webinar on Evidence and measurement in IG served to highlight the challenge of collecting, retrieving, and analysing the data. The theme is the third of a series being discussed in preparation for November’s international Geneva Internet Conference.
|The webinar recording is available here.|
Joining Dr Jovan Kurbalija, DiploFoundation director and head of the Geneva Internet Governance, were Dr Lichia Yiu, director of the Centre for Socio-Economic Development in Geneva ‒ whose work centres on reporting and measuring data and evidence related to the millennium development goals (MDGs) ‒ and Mr Michael Kende, Chief Economist of the Internet Society ‒ whose research involves evidence collection on the economics of the Internet. Dr Eduardo Gelbstein’s contribution on data and cybersecurity was discussed during the event.
The panel discussion served to highlight the common challenge of lack of data and evidence: from the challenges in implementing the MDGs and paving the way for the sustainable development goals (SDGs), to the challenges faced by economists due to lack of data, to challenges in combatting cybercrime due to the inability to gain better insights into the actual threats.
Linking IG discussions on data and evidence to implementation of development goals
An important aspect in the implementation of the MDGs has been measurement the goals. With only one year to go, discussions about the post-2015 phase on the SDGs have already started; data collection and measurement will once again be a crucial aspect of the process.
Dr Yiu explained that the current discussions are aimed at building on experience from implementing the MDGs and taking it forward to achieve the SDGs’ targets by 2020. When it comes to data and measurement, she explained that there are three specific goals in the SDGs ‘zero draft’:
- Goal 17.15 involves the availability of data. Keeping in mind that many countries have no data, this goal seeks to increase significantly, the availability of high-quality and time data.
- Goal 17.16 involves the setting up of voluntary monitoring and reporting. Although this might not be sufficient, a voluntary reporting system was a good starting point.
- Goal 17.17 involving national accounting. The goal requires countries to develop and progressively introduce, by 2030, a broader system of national accounting including national, social, and human capital, and measures of progress beyond the GDP.
The collection of data, its analysis, storing, and retrieval, is very much linked to accountability, which is not possible unless the data are available. An accountability framework would require decisions on several aspects, such as who should collect data, what should they collect, and where should they collect it, and which resources are available.
One of the main challenges is the policy coherence between policy fields – a challenge which is not particular to development goals but spreads to other IG and ICT policy areas. Dr Yiu explained that this required synchronisation among various aspects including development in the social, economic, and environmental spheres.
Lack of data and the impact on Internet economics
Mr Kende’s work in Internet economics brought him to research the impact following the laying of a submarine cable to The Gambia.
Despite the huge investment, there are no data to document the impact. The only available data are legacy data on telecommunications such as the amount of investment, and the number of users; publicly available data such as retail pricing; and user-generated data which are gathered from installation of apps (e.g. to monitor Internet performance).
In Internet economics, this lack is problematic. Unless the data is collected from surveys, other data such as consumer spending, the impact on jobs, and online revenue, are not measured. As a result, the link between policy and impact cannot be made.
These issues which we see in IG spill over to other areas, such as international taxation. For example, the discussion on economic models and the sending-party-pays principle during the World Conference on Information Technology (WCIT) was not backed with data. No one could say, for example, how much traffic was going in and out of the country, as the data was not available.
Quantifying cybersecurity threats and preventive measures
Dr Eduardo Gelbstein’s contribution on the cybersecurity challenge draws on the stark reality that while the cost of cybercrime is increasing (it is relatively cheap to carry out a cyberattack), companies and institutions are investing very little in cybersecurity.
In addition, on the one hand, companies engaged in the cybersecurity field continuously report on emerging threats, while on the other hand, many attacks against organisations, such as banks, remain unreported.
This raises several questions, such as: How can we use evidence emerging from investigations (forensic and law enforcement) to quantify the effectiveness of cybersecurity measures? And can we quantify the effectiveness of potential preventive measures?
Dr Gelbstein concludes that while some aspects of cybersecurity might not be quantifiable, many measures can be used to support policy-making. It is therefore important to identify which measurements make sense, and how the data can be used.
The next question is: What can be done to bring more evidence in IG, using what concrete tools and techniques? And how should an IG observatory, which would gather and prepare such evidence, function? Please help us take the discussion forward by sharing your views here.
Listen to the webinar recording, in which the panel discussed questions and comments by participants, including accountability, anonymisation of data, and bottom-up approaches.