Since the early 2000s, a new sovereign model started to surface from the supposedly free space of the Internet- the model of the cloud platforms, such as Google/Alphabet, Amazon, Facebook and Apple (GAFA). Over the years, it has become clear that these platforms represent not only a new corporate model, but also a political one that claims sovereignty over cyber and material spaces through its infrastructure and algorithms. At the same time, modern states are beginning to morph into platforms themselves. In this context, the clash between the European Union and the North-Atlantic GAFA stack, over European citizens’ data resulted in a showdown between these two logics of governance. The newly released GDPR (General Data Protection Regulation) is the first product from this battle.

While in Brussels, EU politicians hear Facebook’s defence on the Cambridge Analytica scandal, at the southern border of the Union, the Mediterranean sea is turning into one of the most data-surveilled areas in the world by the EU itself. Projects such as Frontex and Eurosur are implemented by the European Union to map and datafy the surface of the sea, extending the EU’s sovereignty through the machinic vision of monitoring satellites and the presence of the coastguard’s fleet. Whilst flows of migrants from Africa and West Asia are claimed in the form of data, the people themselves are not welcome. Safety and efficiency are the regulatory logic behind these policies, with biometric indexing at the borders already being discussed.

Island.eu Talks

In the public programme on Thursday 20 September 2018 at Het Nieuwe Instituut, Benjamin Bratton, Victoria Ivanova and Marten Kaevats shared their insights, and laid out the questions at stake.

Benjamin Bratton presented his hemispherical stack thesis. The Stack thesis describes planetary scale computation comprised by six layers: Earth, Cloud, City, Address, Interface, and User, each of which has its own platform sovereignties. The production of new territories occurs as states absorb functions of the cloud and indeed become cloud platforms. Instead of presuming that new cloud spaces are developed in opposition to the state (understood as a fixed land-locked entity against which liquid flows swim) we see that states are producing new cloud territories themselves, and are perhaps their most important innovators. In recent years, the ever more granular and global, planetary reach of computation has cohered into irregular and sometimes antagonistic consolidations, federations and geopolitical alliances. We see the emergence of not one global Stack but a mitosis of the stack genera into a regime of multipolar hemispherical versions. Each hemispherical stack organises its constituency of users according to different conceptual and contextual demands.

Debates in Europe contest the terms of its inclusion or exclusion in an Euro-American stack (so-called GAFA stack, consisting of Google/Alphabet, Apple, Facebook, Amazon, and potentially Microsoft), and what the norms of that inclusion may be. By Europe’s GDPR, the legal status of EU data draws dotted lines from datacenter to datacenter regardless of their physical location. EU Digital Single Market rules (right of erasure, pseudonymisation, data portability, etc.) may in time take on a gravity similar to that once afforded to the Euro and the ECM. Enforcement depends of course on what is meant by operating ‘in’ a jurisdiction and what counts as ‘EU data’, and will continue to be redefined by opportunistic circumvention.

Characteristic of the European measures is that they formulate general technology-agnostic principles that take the individual autonomy of the (human) natural person, mostly understood as a citizen, as cornerstone for the new policies. This leaves open (and unregulated) the domain of aggregated, de-personalised data, and deprives those that are not full citizens of the data-status, posing questions in relation to non-human users.

Victoria Ivanova shared key ideas that inform her ‘Project SupraCitizenship’, a framework to rethink the basic parameters of citizenship for the 21st century. The project addresses the shifts in the foundational parameters of citizenship by focusing on its operational mechanics, and is a speculative exercise in building prototypes for citizenship models. Ivanova addressed the naturalised assumptions about citizenship, such as presence of a social contract mediated by the state, with the obligations and responsibilities towards the historical community. Citizenship is commonly understood as a legal relation between a natural person and a governance body;  a ‘bundle of rights’ defining access, mobility and political agency.

Conceptualising citizenship in terms of bloodline and territorial rootedness as the norm is highly limiting, and does not take sufficient account of the organising dynamics that shape today’s societies. Proliferating irregular zones and fragile/failed states, claiming political self-determination, create new pressures and lead to a ‘crisis of citizenship’. Meanwhile, under the strains of economic ranking and sovereign debt market, nation states such as Cyprus and Malta increasingly substitute naturalisation criteria for citizenship with a plain requirement of a capital investment. In current reality, a change of language is needed to re-signify the norm from citizenship as ‘territorial rootedness’ — towards citizenship as access to renegotiating mutual obligations with polities. How can citizenship be approached as a form of leverage, with other than financial incentives?

Marten Kaevats, the National Digital Advisor in the Government Office of Estonia, highlighted the historical and cultural specifics of Estonia that has enabled it to become the first country in the world to offer e-residency, and to decouple its economic location from its geographic. After the collapse of the Soviet Union 1991, Estonia did not have to deal with a legacy of paper-based bureaucracy. Its main cybernetic powerhouse, that had been writing code for various Soviet era applications, could start building e-governance systems from scratch. A small, economically distressed state of 1.3 million people served as a perfect testing ground for decentralised architecture and digital identification systems. Since 2008, Estonian governments’ citizen identification system runs on a 256-node blockchain (with the support of private company Guardtime). This ensures anti-tampering measures and data integrity, and makes it a GDPR-compliant model: citizens own the information tied to their identity. In the future, the government seeks to explore structures for interoperability and mutual recognition of digital identities between countries (see: future directive eIDAS).

Estonia is also advancing a simple legal framework for algorithmic accountability, that would operate outside of traditional legal sectors (maritime law, financial law, etc). The so-called Kratt law, the artificial intelligence policy currently in development, would allow autonomous technologies to become a separate class of legal entities (next to persons and corporations) under a specific accountability regime. The law is named after an Estonian mythological creature Kratt, brought to life from hay or household objects, that would do anything its master ordered it to. It was mostly used for stealing and bringing various goods to the Kratts’ maker. Existing in Estonian cultural space for hundreds of years, today the myth becomes a vehicle for understanding current technological developments.

Lab Objectives

The talks by Benjamin Bratton, Victoria Ivanova and Marten Kaevats provided the conceptual groundwork for the Lab the following day. Taking place on 21 September 2018 in Amsterdam, the Lab was devoted to collective research and the creation of a cartography of the current European geozone, within which different techno-political sovereignties clash. The invited participants comprised of prominent researchers, artists, architects, designers and technological experts. Four experts were asked in advance to prepare a research question and a provocation, in relation to a specific layer of the Stack. Each presentation was discussed by the group, and followed by cartographic exercise in the afternoon. A world map with six transparent layers of the Stack (with Europe in the center) was provided as a discussion aid, and as a way to test the applicability of the model.

Invited participants: Ben Cerveny, Pablo DeSoto, Jaap-Henk Hoepman, Victoria Ivanova, Fieke Jansen, Vladan Joler, Marten Kaevats, Alison Killing, Philippa Metcalfe, Marina Otero Verzier. Facilitated by: Klaas Kuitenbrouwer, Arthur Steiner, Benjamin Bratton & Leonardo Dellanoce. Report: Anastasia Kubrak.

More information on each participant can be found in the 'people' section of this web magazine. Short video interviews with the participants can be viewed here.

Key Questions

• Is there a potential European model for public oriented datafication, data citizenship and/or AI development, and how does this relate to the dependence of European digital services on the the GAFA stack? And what constitutes the particular ‘europeanishness’ of the model?

• How does the notion of ‘European model’ relate to questions of immigration and the radical datafication of the Mediterranean sea?

1. User

The first session was introduced by Benjamin Bratton, who unpacked the notion of the User and clarified the implications of generic User positions, as formulated in the model of the Stack. Abandoning the fork between humans and non-humans and anthropocentric views on the notion, User is understood solely as an empty position in a platform that any addressable entity can (temporarily) step into at any given moment of time. An Airbnb-using tourist, an Uber driver, an Uber rider, a person in the call center, a self-driving car or a Facebook API are all Users; the occupation is often nested and simultaneous. Agency of the User position needs to be separated from the idea of individual subjectivity, identity or human autonomy as the ultimate goal, means & ends — and the existence of entangled co-agencies needs to be acknowledged. Moreover, different User positions are tied to different bundles of rights (all the way from the bloodline citizen to data-citizen, e-resident, API’s and CCTV camera) that interlace with different possible legal subject positions (natural person, corporation, kratt, device or a composite).

Assessment & Issues

• Key qualities along which taxonomy of the User can be made:
  Applicable right bundles — User position is a fluid composition of activations & provisions. The platform is agnostic and doesn’t care about the legal status of the entity stepping into position.
  Temporality — Any entity can hold an unlimited number of User positions at once, each with a separate bundle of rights & responsibilities; stable, unstable, short- or long-term occupation. Certain user positions are characterised by longer durations than others.
  Vantage point — User is an internal presentation of the platform; how User sees the platform (via interface) is fundamentally different from how the platform sees the User.

• Disciplinary perspectives — User position and User agency are defined differently from the standpoints of different disciplines (social justice vs. design vs. philosophy). When do we speak of User as a product, User as a resource, User as a labourer? Are these problematics implied by the position by default? For example, the notion of User in architecture suggests the presence of an Owner and a certain precarity. When approaching User from a variety of political, economic or social narratives, a contextual specification is required.

• We have constructed systems (platforms) which have de-facto forms of agency and sovereignty, but we haven’t defined neither the constitutional terms of participation, nor who should assign our rights & responsibilities.

• Better terms are needed to describe instances of involuntary Usership, for example,‘the involved’ or ‘the inhabitants’. Non-users and non-participants still get affected by the larger model and should be accounted for. One possible method could be mapping emerging hierarchies and gradations of Usership.

• Within GDPR, User is approached as a human natural person by default, and privacy is a focal point of its low-resolution legal architecture. Citizenship is taken as a main form of credentialisation. An urgent design task is to imagine a system of standards that would include different types of Users, and work with a variety of credentials. (see below: 3 — Identity vs. Identification).

2. Address/Migration

The second session started with a provocation on justice by researcher Philippa Metcalfe from Data Justice Lab, revolving around questions of addressability and verification, and problematics of their implementation within the context of migration and marginalised communities. Who gets mapped when it’s undesired, and who is unaccounted for when necessary to be seen? The stateless, the vulnerable and the marginalised often provide a testing ground for novel identification and control systems, due to the lack of legal leverage. In this context, technologies of verification are developed and sold as permanent techno-humanitarian solutions to the problem of statelessness. For instance, in refugee camps, corporate actors (from Microsoft and Goldman Sachs) often supply ‘humanitarian’ identification software, maintaining a tight grip on the collected data.

One proposition for a stateless verification system is ID2020, a blockchain-based application that functions as a form of digital passport and carries a permanent record of the owner's name and educational, medical and other histories. In principle, the identification is issued by a third party (in this case the UN) and is interoperable with national ID systems within the official legal infrastructure of global governance. While the statelessness would get integrated within UN framework, migrants would have an option of becoming ‘officially undocumented’, getting access to a specific bundle of rights (a subset of full citizen rights). Another, more temporary and reactionary solution is exemplified by IRIS Guard / EyeBank, a biometric verification system and database used within Jordanian refugee camps. The system gives access to financial aid in exchange of the iris scan, providing migrants with ‘help in the blink of an eye’, and luring them into entering an exploitative social contract.

Assessment & Issues

• Social justice is a dynamic, complex and debated concept, and unfolds differently from positions of various institutions. Platforms form a relevant and urgent institutional perspective from which we need to develop social justice practices.

• Recognition of the refugee status applies only to a marginal percent of the entire migrant population; and access to authentication doesn’t guarantee rights. Potential effects of these applications could be the rise of novel mechanisms of oppression. For instance, aid and assistance to undocumented populations that refused to join ID2020 scheme could be heavily limited.

• The ability to have leverage and to negotiate terms and conditions is tied to the acknowledged subject positions (of a citizen or a migrant or a stateless person). Leverages that people have in the moment of entry into contractual relationships need to be identified. Projects such as ID2020, and especially spaces of mediation of this contractual entry, could provide opportunities for policy innovation and organised political action.

• We witness an emergence of different entangled authentication systems, from state-bound ‘strong’ ID schemes to Cloud-based partial schemes (for instance, Google- or Facebook-enabled registration for accounts in online shops). M-Pesa is an alternative mobile currency tied to a mobile phone, used in many African countries in the absence of a trusted bank or ID-provider, and is largely perceived as empowering. To what extent are these systems be tied in (bundled or unbundled) with legal rights and obligations?

• Refugee and migrant conditions are often characterised by intense occupation of User positions within non-state platforms (social media and communication platforms, mobile banking systems), and simultaneous exclusion from state platforms.

3. Identity vs. Identification

In Session 3, following up on the questions articulated in the previous discussion, Jaap-Henk Hoepman stressed the importance of differentiation between identity (in a social sense) from the mechanisms of identification and authentication. Our identities and attached histories are a part of social and psychological fabric. In principle, they should be treated separately from the national platforms, and from the legal concerns of identification. Social media platforms (and Facebook in particular) have been instrumental in tying the notion of identity to the notion of digital identification. Before social media, on the Internet ‘nobody knew you were a dog’.

Furthermore, the notion and practice of identification needs to be diversified. We are used to assign bundles of rights to one strong mode of identification, whereas we could (and should, in the light of privacy protection) be assigning subsets of rights to various schemes for context-specific authentication, following the logic of selective information exposure. For example, to sell the bottle of alcohol, the liquor store only needs to know whether the buyer is over 18. A single information snippet (that can be read as “>18=yes”) needs to be transferred between the buyer and the liquor store, and no information regarding name, address or gender should be shared.

In the landscape of software silos, isolated by private platform architectures and locked-in API’s, email remains an outstanding example of an open standard and interoperable system. More such adaptable mechanisms are needed today. While there might be not enough leverage to force platforms to open their API’s into the public domain, we witness developments of alternative authentication systems, exemplified by Jaap-Henk Hoepman’s ABC (Attribute Based Credentials) — a digital passport or a virtual badge, that allows User to define the scope of access to their information. It functions as a modular system of credentials, potentially issued by different state and non-state actors, ranging from municipal government and a hospital to a bank. The User decides which parties are able to ‘see’ which small fraction of the authentication bundle, while the privacy properties and the content of the attributes can be modified or updated over time. The moment of authentication is permanently registered, however anonymised. The logic behind issuing the ‘ABC’ is built on the logic of the API: the relationship is fully programmable and encoded.

Assessment & Issues

• It’s crucial to define the authority that should decide which attributes matter, and need to be vouched for (gender, age, name, etc.), what is the context for each attribute and their ‘expiration date’.

• Cultural and social norms of one region might get imposed onto another local context through systems of rigid standards. The simple example is the age limit for drinking alcohol. Potential for diversification and contextual integrity needs to be built in those systems, allowing for flexibility in the definition of attributes.

• Faceted verification has potential to be installed on the level of the City or the State, as well as within corporate Cloud platforms — through User agreements and login systems (e.g. Facebook ID). We need to explore possibilities for other, supranational forms of verification, that could be enabled by different NGOs, or powered by UN.

• How could this unbundling techniques work on the scale of European Union?

4. City/Governance as Software 

Ben Cerveny, co-director of the Foundation for Public Code, brought in a proposition for a public software framework in European context. Today, policy and software are almost interchangeable, as more and more governmental functions run on code. Nevertheless, software is not treated or understood in terms of deliberation or assessment of impact, as policy commonly is. First we consider services as new technologies, but after a certain time we perceive them as infrastructure, which leads to a loss of their (ant)agonistic socio-political dimensions. The core idea behind Public Code is to take the open source, community-run software operating on City level (from projection tools to parking optimisation apps), and make it into a toolkit, easily replicable and deployable by other Cities. The refresh rate of policy is currently lower than that of disruptive data extractivist services, and Public Code scheme could enable governments to catch up with the tempo.

But what does it mean for a municipality of a European city to run its services on American software like Oracle? It is crucial to consider the terroir of software, and the ideological and socio-political choices that are predicated by it. For instance, Estonian or Dutch solutions may not work in other cultural contexts, where public trust is not as strong. We need to design software open enough for accomodate locality and different cultural rationales, assuring its contextual integrity.

Moreover, it is necessary to specify what we refer to as governance in the context of platform space. We tend to forget that governments are in essence technologies for communal problem-solving. Powered by GDPR and data localisation law, EU is currently launching a system  for provisioning regional cloud services, or public infrastructure (for example, data centers owned by the European commission). Europe itself constitutes a functioning platform: a rule space with the encoded responsibilities, affordances and opportunities.

Assessment & Issues

• How does a European (supranational) platform relate to a model of a City or national platforms? Considering that certain Cities like Barcelona are older than many nations, it is plausible that the City has a better disposition to run open source platforms.

• Implementing ‘governance as software’ will require deep restructuring of existing organisational systems, from introducing more ICT personnel to developing a new framework for interoperability.

• Openness is dependent on rigid systems of enclosure. Following the logic of HTML, TCP/IP or the email protocol, a new set of functional, technical standards is needed to allow for different things (API’s, non-human actors, corporations, states or natural persons) to plug into the system.

• Standardisation may lead to cultural homogenisation and flattening of EU into a (technological) monoculture. At the same time, usage of single type of software creates high risk of failure. The biggest challenge is to create an architecture of diversification in terms of hardware and software, which could withstand these dangers.

• Things that used to be political now get subsumed by the infrastructure under the strain of optimisation. But hypothetically, there could be two political parties with two pre-coded software models; once one party gets elected, its code and entire political rationale would go ‘live’. In other words, there is still room for agonistic, contestation politics in platform space.

Mapping Proposals

Following the discussion, participants undertook the first attempt at mapping, and tested different forms of cartographic representation. Should maps depict the present or possible/desired futures? Which national or supranational actors should be addressed? The first proposals will serve as a basis for the next four Vertical Atlas Labs, eventually forming a complete cartographic toolset.

Group 1 (Vladan Joler, Fieke Jansen, Philippa Metcalfe, Jan-Henk Hoepman) posed larger imperative questions about the function of the Vertical Atlas. Who could benefit from the methodology and pedagogy of the Stack? Could it empower the bottom-up tactical initiatives, or assist in increasing literacy within governmental structures or NGOs? Moreover, it is necessary to consider different types of visualisations in response to different types of questions. The map only gives an appropriate answer to question ‘where?’, while our research will require to know ‘when’ or ‘how much’. A coherent Vertical Atlas will demand different kinds of representations for each different layer of the Stack (timelines, charts, bubbles and more), interconnected on a vertical axis. And in order to navigate a grid of each layer, we first need to define the coordinates and axes along which these grids are drawn.