I have a little nephew of mine who’s two years old, and he just learned something today, this week. I’m visiting with my partner, she’s Taiwanese. I come to Taiwan a lot, and it’s a wonderful place.
No, she keeps trying to teach me. I’m sure she would love me to learn soon, but I would be very embarrassed to speak.
The agenda is, we have everyone here from Cloudflare. We are very honored to be here, and thank you for taking the time to speak with us today. It’s just about your vision. What do you want to accomplish with MoDA in terms of the digital services?
The complexity behind the services that you will deliver that’s sometimes opaque to people who may not understand or who don’t know what’s behind the app.
Yeah.
Just to start off, it’s about moda and the services that you hope to deliver to Taiwan use and to Taiwan. A lot of it being my partner and her parents being here, I get to see the other side of things. It’s about educating people about technology and how to use that technology.
Making them aware of what’s available, how to access those service. Then, the services themselves. What value add those services can provide on top of what they could receive already from physical community centers, things like that?
Then, of course, the topics behind…You mentioned in an interview recently about confidentiality, integrity, and resilience of these services. How do you accomplish that at moda?
The last topic will be around technopolitical topics such as access management, data privacy, things like GDPR, and how regulation is sometimes catching up. Where regulation needs to go in order to provide a fair and robust and secure set of services for citizens of any country.
The first thing I want to talk to you about is moda. It has a very important mission. What’s your vision, and what are you trying to accomplish with moda? Some examples of the successes of moda so far.
If you think about it, this mindset, this way of thinking, not working for the government, working with that kind of thing, is a huge shift for people who think in terms of, “We have to have a strong government, a strong ministry to do this.”
How do you how do you explain that to people in layman’s terms? It’s difficult for somebody to understand that, and then, for example, to be able to…You were doing this through Taiwan’s one tablet per child thing, and we’re doing it for the future. There’s still a transition period that we need to go through, which that shift in mindset…
Until now, as you’ve seen many examples, people tend to gravitate towards positions of authority during times of emergency, but when they keep seeing that maybe this is not the right way…
When you see examples of the counterargument, maybe they will shift that mindset over there. Of course, for the next generation, they’re going to be so used to this moving forward…
Along with this, there’s potential still for, not abuse, but to misuse the technology and digital services. You mentioned it, where people using the services, you can manipulate and how they use the services.
If I remember, another interview, you said it about profiling people using social media, ecommerce, gaming apps, etc., and finding ways to influence them. It’s probably not tempting to you, but it’s tempting to…
Of course, not.
It’s also a matter of giving that trust to people, to Taiwan that there’s no intention of doing it. How do you communicate that? How do you demonstrate that?
Basically what you’re saying is familiarity of interface is important. I need to know that the technologies I’m using, I need to understand them…
Similarly, you also mentioned previously about what is it? Humor through rumor or something.
Yeah, exactly. That’s also a way of teaching people about this, the Bluetooth dongle is not going to do bad things that you may hear about it.
Another concern for people is about data protection. Again, going back to what you mentioned previously about confidentiality and integrity of data, how can people using digital services in Taiwan trust that their data is being handled with care?
Part of that, one thing that we didn’t talk about is about the friction of proving that consent, proving you’re showing your idea. That creates friction and that creates…You’re solving two problems then, essentially, right?
Another topic is around data residency and localization.
Obviously you’re not storing any data in some cases, but it is still on a lot of…
That’s the resiliency factor, right?
We have a lot of countries who are trying — EU is trying GDPR, India is trying the digital personal data protection bill, we have SOC2. They’re all attempting to tackle this complex problem, but not only residency, but protection, privacy, and all that.
This is legislative instruments and regulatory instruments that are just coming into maturity. Do you think they’re going to be obsolete by technologies such as Web 3.0 which is basically decentralization.
Further to that, new technologies are constantly being developed. New ways of thinking about security and resiliency coming into the forefront. You mentioned zero trust. Recently, you also mentioned Taiwan is… What was it? Basically, you’re using zero trust to protect against certain parts of cybersecurity or cyberattack.
A lot of these terminologies, a lot of these methodologies were not unknown, but were niche in the past. Now, they’re coming to the forefront.
What are you doing at moda to constantly scan the horizon to see, “What’s coming up? What’s going to happen in 10 or 20 years from now? What should we pay attention to? What should we plan for”? How do you do that?
To that, there’s an example. One of my relatives who’s a professor here in Taiwan who has a patent for cryptography, double oblivious transfer, something like that.
What he was saying is that all that thought, all those patents feed into a ministry. I forgot the name of the ministry. Some kind of government body that then looks at how they can adopt these things, the new ideas that are coming up.
Again, going back to it’s up at democratizing where the future is coming from.
Rather than having a central think tank, or centralized trust of body or body of trust that thinks about everything for you, it’s like you look. It’s much more agile. It’s much more responsive, and can hit the right…Have the right impact at the right time.
Another question is around security, reliability, resiliency should be at the forefront of everything that you do, everything that you think about.
What are some of the examples of Taiwan’s approach to cybersecurity when dealing with external actors or disaster readiness? You mentioned some disaster readiness about submarine cables being cut. I think you’ve…
Useful.
It’s, again, not relying on a single vendor.
Single point of failure. It’s resiliency through, again, for lack of a better word, democracy of…
Right?
Basically, you’re saying you’re trying to solve the vendor lock in problem. Not from a financial sense, but because some vendors, they prefer the whole models.
That also comes with a risk.
Also, it’s important to be completely independent, or not dependent on any one subset or one vendor.
A good example is going back to GPS technology for satellites. It’s like the government could turn it off at any time. They did for some time during the Iraq War, I guess. You don’t want to be dependent on that.
It was an announcement that you made that Taiwan embraces zero trust.
This is identity authentication, continued verification, and a never trust posture. Can you tell us how zero trust helps protect against a subset of cyberattacks? What’s your vision about zero trust? Why this is so appealing for moda and for…?
Because the perimeter always has some holes somewhere.
We just spoke about zero trust. That’s just one subset of the types of attacks that you’re trying to protect yourself against DDoS, as you know, data theft, information manipulation. Especially information manipulation because you do make a point when you say that, “Hey, cyberattacks is not just DDoS.”
It is not just data theft. It’s about how to change the disinformation…
