Craig Mundie: UCIIF

CRAIG MUNDIE: Good afternoon. I’m Craig Mundie, Senior Advisor to Microsoft’s CEO Steve Ballmer, and I’m delighted to be here in Beijing for our sixth U.S.-China Internet Industry Forum. I’d like to thank everyone for taking the time to join us — I know that many of you have traveled long distances to be here.

I’d like to offer some thoughts on a few of the questions we need to address — not only over the next two days, but going forward — to strengthen the U.S.-China relationship on these issues, and to increase the well-being of the one-third of global Internet users who live in our two countries.

We’ve built up a lot of trust in the five years we’ve held this event. We now have solid relationships, and we’ve discussed a wide range of issues — issues that are important to every one of our attendees and to our Internet community.

That said, new issues, new technologies and new services are constantly emerging — and with them, new challenges and questions for both our nations. Over the next two days, we’ll be discussing a significant number of these, but I want to focus my remarks on just a handful.

The biggest issue is of course cybersecurity. If you read all the media coverage of this issue, particularly in the U.S. and Europe, if often seems like cybersecurity is just a single, undifferentiated issue: the theft of intellectual property by foreign hackers, with the finger most often pointed at China.

But, in reality, it’s not that simple. There are a wide range of actors that all governments would characterize as “bad” and warranting a response, from cybercriminals to terrorists. And there are also a wide range of victims: individuals, companies and other organizations, governments, and critical infrastructure.

So both our countries face many of the same challenges. We both need to ensure that our citizens can use the Internet safely and securely and not fall prey to cybercriminals. We both need to protect our critical infrastructures and ensure that organized-crime groups, cyberterrorists and perhaps hostile nations cannot degrade the systems on which we depend. And we need to work together to prevent the theft of trade secrets and ensure that both U.S. and Chinese companies can compete fairly in a global economy. So, over the next two days, we should ask ourselves if we have common causes here and figure out how we might come up with actionable solutions to these problems.

With commercial espionage and trade-secret theft, there are some hard questions to be answered. A lot of this activity clearly originates in China — but is it the work of rogue actors or is it state-sanctioned? And given that China’s policy position is that such activity is absolutely illegal, our two countries clearly need to work together to figure out how to enforce that policy more effectively. Because right now the evidence suggests that China’s policy and enforcement approaches aren’t working.

Another area where I believe we can find common ground is in mobile computing, which features heavily at this year’s forum — we have panels on the mobile Internet and technology infrastructure support for it, evolving search for mobile, mobile applications, and emerging mobile security issues.

Mobile computing — in other words, smartphones, tablets and the wireless broadband connectivity to the Internet — has the potential to transform almost every aspect of our lives: how we communicate, how we do business, how we shop and how we interact with the world around us. And yet as advanced as mobile technologies and services are becoming, they lag other forms of computing in terms of security, privacy, verifiable identity and so on. Again, can we work together to create actionable solutions to some of these issues?

Privacy in broader terms will also be a focus of our discussions, and raises a number of questions in this era of big data and machine learning. What policies can we agree on to ensure that data can move freely enough to create socio-economic value, but also protect individual privacy rights? Can we agree on common policy frameworks that specify appropriate uses of personal data? And how can the interests of commercial, individual and government stakeholders converge to fully realize big data’s vast socio-economic potential?

We should also consider the responsibility of corporations and governments to ensure that the privacy of individuals is adequately protected. Are there codes of conduct we can mutually agree on that will increase users’ trust in the growing number of companies whose businesses are based on the use and processing of personal data? What, specifically, do users hold companies accountable for regarding governance of their data — and what roles can our two governments play in ensuring this accountability?

Technology can help with, not just create, many of the privacy issues I just highlighted. For example, user permissions and policies can be permanently associated with data, requiring any party handling that data to do so in accordance with a user’s wishes. Such a “metadata-based” software architecture can also enable users to change their preferences and permissions over time and prevent unanticipated or undesirable use of previously collected data when new technologies or applications cause them to emerge.

When implemented as part of a principles-based policy framework that provides guidance on trustworthy data practices — supplemented by voluntary but enforceable industry codes of conduct — an approach that mandatorily ties metadata to data could satisfy the interests of regulators, individuals, and industry. It could also prevent an immensely innovative driver of socio-economic benefits from stalling.

Finally, I’d like to talk briefly about Internet governance.

Last year’s World Conference on International Communications was a turning point for the Internet. The WCIT, ostensibly about international telecommunications, became a forum to discuss many aspects of how the Internet functions, as member states made proposals on items including routing, addressing and spam.

Ultimately, we saw the world formally divide over the appropriateness of, including many of these conceptually higher-level Internet-governance topics in an international telecoms treaty. Some have characterized the divide as between those who value an open Internet — one that is managed, developed and regulated by its users — and those who believe greater government control over the Internet and its content is in their countries’ best interests. And as we all know, the final WCIT document saw the U.S. and China on different sides of this particular fence.

But for the purpose of this year’s UCIIF, let’s put that behind us. The question we need to ask ourselves is: what Internet problems are each of our countries trying to solve that aren’t being solved by the mechanisms currently in place? And not only from the viewpoint of the U.S. and Chinese governments, but also from the perspective of companies in each of our countries that are trying to do business on the Internet.

Our current Internet-governance mechanisms aren’t perfect. ICANN could be more transparent, and its relationship with the Governmental Advisory Committee clearly has room for improvement — for example, enhancing the decision-making process, providing increased funding and ensuring that participants have sufficient technical skills. The Internet Society, or ISOC, could greatly improve its outreach to develop Internet engineering capacity in emerging economies. And the U.N.-sponsored Internet Governance Forum also needs work, including better funding and a permanent secretariat.

But the question we have to ask ourselves is whether our current mechanisms can be extended and fixed — which I believe they can — or should a system that is already working quite well be replaced with an intergovernmental organization like the ITU? The Internet has expanded exponentially in reach and capacity and new functionality — without the need to impose a global governance system. In fact, maybe because there were no — or only absolutely essential — attempts at global governance of the evolving Internet. Perhaps we can uncover areas of agreement on this during the next two days.

There is one other aspect of Internet governance we should also consider: balancing individual rights versus collective or government rights. This is often dressed up as national sovereignty or national security, but ultimately it’s about limits on free expression and the free flow of information when weighed against the needs of an Internet-enabled and technology-dependent society in the future.

So we have to ask ourselves: if we really believe in the potential of the Internet to continue transforming social welfare and increasing economic growth, then what policy frameworks can our two countries agree on that will strengthen these trends, rather than weaken them? What recommendations can we make around this issue in the next two days that will be both impactful and actionable and help to find the right balance here?

So these are just a few of the crucial questions I hope we can address over the next two days. They are all pressing issues for the evolution of the Internet, and there’s a growing need for coordinated action on the part of policy-makers, technology companies and Internet-based businesses — not to mention individuals — so we can expand the benefits of these amazing technologies to the next level.

Thank you.