The DPG Charter: Key takeaways on norms and principles for safe and inclusive digital public infrastructure
This blog first appeared on the Digital Impact Alliance (DIAL) website and is written by: Nicholas Gates (DIAL), Chrissy Martin Meier (DPG Charter), Lucy Harris (DPGA), and Moira Whelan (National Democratic Institute).
Throughout 2022, DIAL held a series of consultations in partnership with the DPGA and other partners to inform the scope and substance of the Digital Public Goods (DPG) Charter. Read the introductory, first, second, and third blogs from this series for more background and context.
Insight #1: Digital public infrastructure is not deployed in a vacuum; political context matters, and DPI must be designed and governed with the safeguards required to ensure platforms maintain trust and empower all people.
- Solution #1: Build capacity to develop and implement regulations and policies that build and sustain trust.
- Solution #2: Implement a consent network as a foundational layer of DPI.
- Solution #3: Empower civil society actors to create, improve, and sustain safeguards that create accountability in how digital public infrastructure is designed and implemented.
- Solution #4: Where possible, decentralize the storage of sensitive data.
Insight #2: For digital public infrastructure to empower people, its components must be designed to prioritize inclusion, with policies and incentives that include traditionally marginalized groups as fundamental to the design of platforms and user interfaces.
- Solution #1: Ensure that digital public goods are easy to access and use in their design, particularly for traditionally marginalized groups.
- Solution #2: Design services associated with digital public infrastructure to be available offline for citizens without consistent connectivity or electricity.
Insight #3: To play a meaningful role in population-scale, society-wide digital public infrastructure, open-source digital public goods must be affordable for countries to deploy and maintain.
- Solution #1: In collaboration with open source product owners, governments, donors, and ecosystem actors, develop clear and sustainable pricing models for open-source technology.
- Solution #2: Explore new and alternative approaches to financing and building digital public infrastructure.
As countries build digital public infrastructure, there are a number of considerations regarding safeguarding digital systems against hostile state, non-state, and foreign actors. Furthermore, digital public infrastructure, we are finding, is not inherently inclusive. As a recent report from Harvard University highlighted, it is only through active and ongoing consideration of the underlying values and interests inherent in the design and deployment of digital public goods that we can create deliberative processes and robust policy frameworks to govern them when implemented as digital public infrastructure.
In order to support the security and inclusiveness of foundational digital public infrastructure, and to make it responsive and revisable over time, the DPG Charter is mobilizing commitments to help ensure that countries implement specific regulatory, technical, and process-oriented measures to ensure that the benefits of digital public infrastructure and related use cases outweigh risks for all people.
Our recent consultations with actors including country offices from global organizations, the Digital Principles community network, and African policymakers surfaced four key insights related to Safeguards and Inclusion, centering on the need for safeguards and improving safeguards in the financing, design, and governance of digital public infrastructure.
Digital public infrastructure is not deployed in a vacuum; political context matters, and DPI must be designed and governed with the safeguards required to ensure platforms maintain trust and empower all people.
We live in an age of democratic backsliding. As of 2020, 43 percent more countries saw democratically-elected governments systematically working to dismantle democratic processes and institutions than in the five years prior. Given this reality, safeguards play a critical role in ensuring that, even if some aspects of government or institutions change, digital systems can continue to empower, rather than create a “DPI dystopia”.
At the same time, large pools of funding are being unlocked and mobilized for digital public infrastructure because of mounting evidence of the transformational impact these investments can have for people, innovation, and critical service delivery. However, these investments do not promote systems that are value-neutral by design and there’s a risk that these systems interact with and, in some cases directly reflect, ever-changing and increasingly complex geopolitical realities.
As many in our consultations noted, much of the excitement for digital public infrastructure has arisen out of the success of two very different countries’ society-wide digital government systems: India and Estonia. But, the success of these countries’ core digital infrastructure — in particular, digital identity, digital payments, and data exchange — has relied on a number of checks and balances, or safeguards, in place in these countries. Some of these safeguards can easily be implemented by design, such as Estonia’s X-Road system, which notifies citizens every time their data is checked. Others must be implemented through governance, such as democratic institutions like India’s Supreme Court, which has made several rulings to ensure that the digital identity system balances usefulness with the country’s right to privacy.
In this way, safeguards come both from the design of the underlying technology itself — which is often easier to implement, but nevertheless reflects values — and the society that surrounds the technology, which is harder to implement because it includes a wide range of laws and regulation, legal institutions, civil society, and media. Our consultations affirmed that for donors, international organizations, and governments investing in digital public infrastructure, safeguards in both design and governance of digital public infrastructure will be critical to upholding democratic norms, but have different requirements.
Without getting the design and governance of foundational digital systems right, platforms risk being of little value to citizens and can result in mistrust. For this reason, governments must work to build platforms that empower people and maintain trust in the institutions that are building and governing technology. Therefore, a strong underlying trust framework between government and the rest of society is required, or platforms will be of little value to citizens and will fail to empower all people, regardless of their underlying technology.
Trust frameworks rely, in large part, on existing regulation and governance norms. Our consultations suggest a number of pathways for how citizen trust in digital public infrastructure can be strengthened:
- Build capacity to develop and implement regulations and policies that build and sustain trust. Examples of necessary policies and regulations are critical and include provisions that discourage conflicts of interest; laws for identifying and clarifying financial entanglements; and improved data protection and privacy standards. Some governments are also considering independent bodies to protect against government overreach and misuse of technology.
- Implement a consent network as a foundational layer of DPI. Early lessons from India’s attempt to do this suggest that well-implemented consent networks will give individuals greater control over their digital data; enable them to approve/reject data requests, revoke access to data, and share data at a granular level; and enable greater efficiencies in the economy by reducing friction across transactions, regardless of where data is held.
- Empower civil society actors to create, improve, and sustain safeguards that create accountability in how digital public infrastructure is designed and implemented. Civil society organizations such as the Africa Digital Rights Hub, CIPESA, and others play a big role in holding governments and the private sector to account for delivering on the promises of digital inclusion and digital rights. These organizations can strengthen implementation of both technical and ethical safeguards by creating additional, independent checks against abuse. Examples include providing knowledge and training on digital rights for consumers, activists, and companies; leading issue-based advocacy campaigns; publicizing citizen concerns and reports of abuse; and litigating illegal use of digital systems.
- Where possible, decentralize the storage of sensitive data. Centralized data storage can allow for many of the efficiency gains promised by digital transformation, such as the ability to quickly cross-check an individual’s status against government databases. But, highly centralized digital architectures can create a “honey pot” of personal data that can be accessed by non-state actors, rogue government actors, or authoritarian regimes. More research debate is needed to understand how to balance these tradeoffs and to decentralize it without foregoing convenience.
“(And) there’s a constant desire or tendency to find ways to exploit these systems for surveillance. So one question for me is: “Are there technical ways to get around political problems? Or vice-versa? Have we seen technical or social ways that can mitigate some of the worst harms when it comes to what governments would otherwise be tempted to do?”– Consultation Participant
For digital public infrastructure to empower people, its components must be designed to prioritize inclusion, with policies and incentives that include traditionally marginalized groups as fundamental to the design of platforms and user interfaces.
There is arguably no quicker way for a government system to lose legitimacy than to intentionally or unintentionally exclude certain groups. Poorly designed digital public infrastructure is not only bad for people, it is bad for society. It risks data misuse, is open to security vulnerabilities, and leads to the possibility of surveillance, which could erode trust and prevent mass-scale adoption.
The potential for these harms requires more focus on inclusion by design. Inclusion by design means that technology is maintained and updated through engagement with a wide variety of citizens, to understand the needs and limitations of using these systems and platforms. This is particularly essential for historically marginalized communities, including women, (semi-)illiterate people, and politically-persecuted minorities.
Ideally, these will be the people most empowered to participate in a positive and equitable digital future. However, our consultations made clear that without intentional design and security measures, bolstered by civil society, digital public infrastructure will likely fail to achieve sufficient adoption and uptake, or even worse create the potential for harm and misuse.
Our consultations highlighted a few suggestions related to furthering inclusion:
- Ensure that digital public goods are easy to access and use in their design, particularly for traditionally marginalized groups. It is critical to understand how all types of users interact with these systems. Consulting with these users during the design phase is critical, but insufficient, as factors impacting inclusion and use may change over time. For example, women experience a variety of legal and contextual challenges that result in a gender digital identification gap in many countries; low-income segments may lack access to devices, education, and language skills necessary to interact with many digital systems. It is also critical that, through the deployment and iteration phases, marginalized groups be consulted in safe environments in order to identify risks and vulnerabilities. Finally, it is critically important to ensure availability of digital public goods in local languages, as many are based on technologies or systems from English-speaking countries.
- Design services associated with digital public infrastructure to be available offline for citizens without consistent connectivity or electricity. While building and maintaining digital public infrastructure is important, it requires governments to also continually ensure the availability and accessibility of that infrastructure and the services built on top of it. For that reason, non-digital options are critical in infrastructure design to make sure it is available offline. Continued investments in fundamental accessibility gaps like basic connectivity and electrification are necessary to help ensure the benefits of digital public infrastructure reach the most people possible.
“Technology itself holds no values; the values are instilled by those who control the technology.”– Ravi Shankar Chaturvedi, Frontiers in Digital Development Forum, November 2022
To play a meaningful role in population-scale, society-wide digital public infrastructure, open-source digital public goods must be affordable for countries to deploy and maintain.
An ever-increasing number of actors are beginning to scrutinize how financing is influencing the design and governance of digital public infrastructure, particularly in low-resource settings. Indeed, many donors investing in digital public infrastructure want it to be secure, open, and designed with citizens in mind. This has led to an increased focus on the role that digital public goods can play in creating inclusive and equitable infrastructure.
Digital public goods are, by definition, committed to ‘do no harm’ and to promote the sustainable development goals (SDGs). They are also open-source, which promotes transparency and accountability of systems. These characteristics mean that digital public goods can help prevent digital infrastructure from being used now, or in the future, to enable digital repression and digital authoritarianism at scale.
But, as new capital is unlocked, governments will have a number of choices, including proprietary and custom-built solutions, some of which may offer some advantages over the available digital public goods. In this context, how can we be certain that digital public goods are a competitive option for equitable and affordable digital public infrastructure?
Our consultations offer some preliminary ideas for how this might be accomplished:
- In collaboration with open-source product owners, governments, donors, and ecosystem actors, develop clear and sustainable pricing models for digital public goods. Unless there is clarity on the true costs of deploying and maintaining open software and technology on an ongoing basis — and governments have clear understanding of how to do so — it will be difficult for donors to finance it and more attractive to procure proprietary solutions, even where open alternatives exist. A lack of confidence in the pricing and sustainability of open digital public infrastructure would make the decision to invest and maintain long-term more challenging, perhaps leading governments to default to private sector capital.
- Countries should continually explore new models for subsidizing and allocating resources to digital public infrastructure. Emerging models like three-sided marketplaces and joint funds might help sustain investments, but require further investigation.
These insights and practical next steps are invaluable to catalyzing effective commitments through the DPG Charter, which imagines a world where everyone has access to education, health care, and the essential services they need not only to survive, but to thrive. Digital products, particularly those that are open-source and designed for the SDGs, can help us make that a reality, if we work together.
With immense gratitude to those who participated in the consultative process, we look forward to sharing more insights through this blog series with you in the weeks to come. Stay tuned!