What Should Ireland’s Data Centre Strategy Be?

August 14, 2020 in Essays

Last week TikTok announced it would be investing €420m in new Data Centres in Ireland, and creating up to 100 jobs in the process.

The IDA announced this as a big win for Ireland, but the announcement sparked a bit of pushback and public debate, with many questioning the wisdom of our industrial strategy that encourages Data Centres to locate here.

The main concern with Data Centres is their power usage. Eirgrid, which manages our national electricity grid, predicts that Data Centres alone will account for 29% of our total energy demand in 8 years time.

“The demand forecast in Ireland continues to be heavily influenced by the expected growth of large energy users, primarily Data Centres. These need a lot of power and can require the same amount of energy as a large town.”

We have signed up to aggressive carbon emission reduction targets, which we’re already at risk of missing, so an ever increasing number of power hungry Data Centres will surely worsen our performance, costing us both financially and ecologically.

Is it fair that we are giving our beef farmers grief one day, but celebrating new Data Centres the next?

The other main critique is that, given all of the power Data Centres demand, they give back very little in terms of jobs. The initial build creates a flurry of construction work, but after that the maintenance is minimal.

The Government’s policy on the benefit of Data Centres also feels weak. The Government ‘Statement on The Role of Data Centres in Ireland’s Enterprise Strategy’ says:

“Data centre presence in Ireland raises its visibility internationally as a technology-rich, innovative economy. In turn, this places Ireland on the map as a location of choice for a range of sectors and activities that are increasingly reliant on digital capabilities including manufacturing, financial services, animation, retail and global business services.”

But does that really hold up? Just because your Data Centre is in Athlone, does that make you more likely to locate your UX design team in Grand Canal Dock? I’m always skeptical of any strategy that has “raising awareness” as it’s main KPI.

TikTok’s dual announcement of HQ and Data Centre jobs this week adds weight to their claim, but overall I’m still skeptical.

Taking this all into account, however, I still think a strong case can be made for Data Centres in our strategic industrial policy.

They don’t create many jobs, sure, but that shouldn’t be entirely negative. They create a large amount of economic value, but don’t take much human intervention. So we need to ensure that we capture that value for our wider society. This means ensuring the Corporate Tax rate is enforced and paid in full.

An important factor of their energy consumption is that it is all Electricity, and every year more and more of our Electricity is generated by renewables. We’re approaching 40% in 2020, the vast majority of which is Wind.

You can’t plug a cow into a windmill, but you can a data centre.

It’s also worth asking “if not here, then where?” Due to our cool climate, Ireland could be one of the most carbon efficient places to host data centres. We’re not going to stop watching Netflix and making Zoom calls, so are we just pushing the servers behind those activities to a more carbon intensive environment?

In a simplistic view, one can imagine each new Data Centre built here being connected to a state owned Wind Farm, financed by zero interest bonds, paying large amounts of recurring revenue for its energy and paying its corporate taxes each year.

This would take a courageous industrial policy, attracting Data Centres because we know Ireland is a great place for them, and charging and regulating them accordingly.

The current Government strategy doesn’t do this. It’s far too optimistic on the positive externalities, talking about Data Centres as if they’re akin to University R&D Labs, rather than warehouses full of servers, and it’s too light on the measures we need to counter the negative externalities and push for net-zero carbon emissions. The only concrete proposals it contains are about removing local communities from the planning process, to streamline it.

I do think a stronger, more ambitious policy is possible, which continues to pitch Ireland as the home of Data Centres in Europe, but mandates a goal net-zero carbon emissions, ties in a strategy of state owned renewable generation and ensures that local communities have a say in how they benefit from these businesses.

In this model wind and cold weather can become Ireland’s new natural resource. It’s our new gold and Data Centres are how we mine them.

Peter’s Newsletter 11 – How do we decide which ads to ban?

July 30, 2020 in Essays, Weekly Newsletter

There wasn’t much important news in the world of tech this week, so this week’s newsletter is a deeper piece of analysis on the ASAI’s decision to remove the Tampax commercial, the role of self-regulation and the Facebook Supreme Court which will set up later this year and make lots of decisions like these.

The “Tampons & Tea” Ad

This week the Advertising Standards Authority for Ireland upheld complaints about a tampon commercial which Tampax have been running on Irish TV.

The decision to recommend the ad be removed from air has caused quite a bit of backlash, not least because many saw the ad as genuinely educational. You don’t read this newsletter to hear a tech nerd express opinions on tampon commercials, so I won’t, but I do think it’s interesting to consider how the ASAI made their decision and to ask the more important question… who even are the ASAI?

A total of 84 complaints were made about the advertisement, under 4 broad headings. Under three of the headings, the ASAI didn’t find the complaints adequate. These were “Sexual Innuendo”, “Suitability for Children” and being “Demeaning to Women”.

The only complaints that were upheld were under the heading of “General Offence” and even here the reasoning is peculiar. From my reading of their findings, it seems that, while the ASAU didn’t find it to be offensive, enough people complained that they considered the ad to be breaking the code that “A marketing communication should not bring advertising into disrepute.”

To paraphrase, ‘We didn’t find it offensive, but enough people did, and the rules say not to be offensive’.

In defence of the position, ASAI Chief Executive Orla Twomey said in the last four-and-a-half years there have been only seven adverts that have had 60 or more complaints.

So I guess we know the magic number now. If you want any ad you dislike taken off the air, just get 60 people to fill in an online form.

Who are the ASAI?

Despite what you might first guess, the ASAI is not a government body or publicly funded. It is an industry group which has a self-regulatory code of conduct for all advertisers.

The optimistic view of this setup is that all industry players have a vested interest in keeping the standards in advertising high. If one advertiser tries something crass and eye-grabbing which opportunistically works for them in the short term, but degrades the efficacy of advertising in the long term, this is bad for everybody.

Also, not being defined in legislation gives self-regulatory bodies a bit of nimbleness to adapt as methods and trends change.

The more pessimistic view is that they do “just enough” to keep the worst behaviour at bay, but give government no impetus to setup a public regulator or enforce stricter rules. The main motive of a body like the ASAI is to keep advertising a profitable enterprise over the long term by setting code of conduct for advertisers. Sometimes this profit motive overlaps with the wider goals of society, but sometimes it does not.

This week’s decision is a good example of when those interests can come into conflict. If you’re an industry body charged with keeping a medium profitable, why wouldn’t you ban the one ad a year that generates too much controversy? Assessing it complexly is difficult and erring on the side of conservatism makes sense.

Where as a statutory (non-industry) regulator may have to weigh up a decision more complexly, considering the educational benefit, the wider context of gendered “offence” and the importance of free expression.

This decision is also another great example of how difficult it will be to regulate “political” and “commercial” advertisements as if they are always distinct and separate. Is Always’ “Run Like A Girl” ad commerical or political? Nike’s Colin Kapernick ads? What about Monsanto running ads about the benefits of fertiliser?

This isn’t the ASAI’s first difficulty with this distinction either. In 2018, they refused to hear any complaints about any advertisements in the abortion referendum, which left the digital ads in an un-regulated limbo. In 2016, they found the ads for Eircode to be misleading, it said they were outside its remit because they’re “public broadcasts.” (Which is probably fair – you can’t have an industry body regulating the government?)

Facebook’s Supreme Court

While we’re on the topic of self-regulation, the new Facebook “supreme court” has been established this summer and will soon start hearing cases.

The Facebook Oversight Board, as it’s officially called, will play an interesting role for the company and is an experiment worth watching for anyone interested in the ongoing debate around how we moderate content online. It is made up of some pretty impressive people, mostly former judges and human rights lawyers, and the intention is that it sits separate to Facebook (although funded by it).

Characterizing the FOB is tricky, as Evelyn Douek notes – “It is court-like in that it will hear appeals from and act as a check on Facebook’s policy-formation and enforcement processes and provide public reasons for its decisions. But it will also give policy recommendations, and neither its members nor those who appear before it will be lawyers applying the law. It is a private institution fully of Facebook’s own creation, but it has reasonably robust mechanisms to ensure independence from Facebook, which has put $130 million into a trust intended to fund the FOB for at least two three-year terms. It is a global body, but it would be naïve to think that it will be able to settle global speech norms when different jurisdictions have clashed about these for many decades.”

Facebook currently employees about 35,000 content moderators globally, who make decisions every minute of every day to remove content from the platform based on an ever growing set of company policies. If the removal of an individual piece of content, or a certain type of content, proves very controversial, Facebook can escalate this to the FOB for deliberation.

People who are hoping this might act like the US Supreme Court, handing down binding rulings and setting precedent for Facebook, will be disappointed. This Oversight Board won’t act in that way, and it would probably be naïve to trust that such a system could always work – Facebook can always just choose to ignore a body that it established, if it wishes.

But Evelyn Douek argues, quite compellingly, that this isn’t what optimists should hope for from a body like this. Instead, the benefit should come from the act of public deliberation itself, rather than just the final ruling. Forcing Facebook to explain why they removed content, and defend the logic publicly, should greatly enhance the public debate around these issues and also cause Facebook to more carefully consider each internal policy they implement, knowing that they may one day have to defend it publicly.

The hope is that the dialogue between the FOB and Facebook, through being forced to make arguments in cases and publicly respond to FOB recommendations, will finally ventilate the reasons behind why Facebook makes the decisions that it does by forcing Facebook to justify them. This process itself will hopefully improve decision-making, but at the very least it will provide a level of transparency and accountability that is currently sorely lacking. To those from the United States, the paradigm “strong-form” judicial review jurisdiction, this might seem feeble. But many other jurisdictions have a version of this dialogic “weak-form” review, and it often turns out to be much stronger in practice than it appears in theory.

As we’ve seen this week here in Ireland, self-regulation has its own problems. As Douek notes, “it is unsatisfactory for private, profit-driven platforms to be making these decisions unilaterally and without any accountability.

“On the other hand, heavy-handed government involvement in speech regulation is always suspect, and the cure to our current woes should not be worse than the disease. The FOB is therefore an effort to find a third, least-worst option.”

Similar to the industry that the ASAI represents, much of Facebook’s business model would just be simpler if it was an uncontroversial space to sell people’s attention to advertisers, so why not delegate some of these decisions away?

These are issues that will only become more and more prevalent in the coming decade, as the public sphere shifts from broadcast and print to digital, so every new experiment is worth watching closely. I’ll be watching with skepticism and a dash of hope.

The HSE’s New Covid Tracking App

July 2, 2020 in Essays

Update: Since publishing this post, the HSE app has been released. You can download it here.

The HSE have released the details of their new public facing app “Covid Tracker“. They released a very comprehensive overview, access to the app’s source code, and their detailed Data Protection Impact Assessment.

With the details of app now public, journalists, policy makers and citizens will want to start analysing and appraising the app. So what are the questions we should be asking? What constitutes a good app or a bad one? What are the trade-offs other countries had been considering, and how have they been handled here?

I’ve sketched out a series of questions which I hope are a useful framework for analysing this, or any other app that is used in the fight against Covid-19.

If you want to keep updated on the app as it progresses, you can subscribe to my free weekly newsletter. Every Friday morning I share the interesting tech & public policy news of the week.

This is stored in Mailchimp and will only be used to send you this newsletter.

Overview – A “Touchpoint” for the Wider Regime

We couldn’t assess a restaurant’s new app for food delivery, without the wider context of the restaurant business itself. Is an app good if it’s always accessible, but the kitchen is only open and making food in the mornings?

Here too it’s worth a quick recap on contact tracing as a wider programme of activity before we assess how an individual app fits within that.

A contact tracing regime is a prediction exercise that takes in data from infected patients (cases), makes predictions about others they may have infected (contacts) and then takes action on those predictions. Here’s an example:

Data: A person gets diagnosed with Covid at a hospital. A staff member at the hospital asks them for all the names and phone numbers of all the people they’ve seen in the last week.

Prediction: Their contacts are predicted to have an increased likelihood of infection.

Action: Somebody calls them to recommend they self-isolate or come in for testing.

An app is a tool that can play a part in this wider regime. Most countries are looking at an app to a) help gather more data to make infection predictions and b) take action by notifying people they are at risk. Some countries, mostly Asian, are also adding proactive testing as an action, deploying resources to schools, workplaces, churches etc. where infection is predicted.

Key Questions

With this in mind, here are some of the key questions we can ask about an app, to assess its role in the wider trace & test regime, the data and privacy implications of the data it gathers and the actions it will enable our health service to take.

I’ve discussed each question in more detail below, but here’s the cheatsheet to get started:

Key Question Answer Implications
Use Bluetooth? Yes Uncertainty around the accuracy of a “contact” prediction with bluetooth
Apple/Google Framework Yes International standard. Better than any alternative bluetooth option. Anonymised solution.
Using GPS? No No sense of “place” for the virus. Can’t use location for contact prediction. Can’t show where outbreaks are occurring
Contact Notification Yes Alerts users to potential infection. Introduces spoofing risk.
Self-Diagnosis No Only allows confirmed diagnoses from HSE. Removes risk of fake activity.
Symptom Tracking Yes Anonymous information passed to HSE, but “probably” positive people are encouraged to isolate and test
Behaviour Change Yes Goes beyond “news” seen in other apps. Encourages people to “check in” every day and shows country-wide stats on app downloads, check-ins and symptom reporting.

Let’s dig into each of these here in detail.

The Apple/Google Bluetooth Exposure Notification Service

This is one of the core functionality choices within the app. They have chosen to use bluetooth to measure proximity and predict a contact.

Generally, a contact is defined someone you share a pocket of air with for a period of time. This app will endeavour to record anyone you’ve been near for a while (within 2 metres or less, for 15 minutes or more) in the 14 days leading up to either of you getting diagnosed with covid. This is the European CDC definition of a close contact.

The Apple/Google exposure notification framework sits “always on” in the background on your phone. It gives your phone an anonymised id. When your phone comes near another person with the app installed, your phones swap ids via bluetooth. Later, if one of you get diagnosed with Covid, you’ll be asked if you have the app installed.

If you do, then the HSE will ask if you’re willing to upload your contact history, which is a list of all the anonymised ids you came in contact within the previous 14 days. If you say yes, the HSE send you a code by SMS. You input this into your app and it uploads a list of all the IDs of contacts on your phone.

The HSE servers will send this list to every single app. Each app will scan through the list, and if one of the IDs matches that person’s phone, the person gets an alert.

 

GPS and Location Data

This app does not ask the users to automatically share location data. This was a big choice by the HSE, which alleviates many privacy concerns, but removes any sense of “place” from the data the app gathers.

This means that bluetooth will be the only measure of proximity when determining a contact. The app will know if a likely contact took place, but not where in the country that was, or who the people involved were.

This will surely calm the concerns of many privacy experts and advocates. It helps the HSE avoid the risk of headlines that read “HSE app tracks your location data” which could severely hamper adoption and public trust in the app.

On the flip-side, it means the app gives the HSE less information about where the virus is in Ireland, but I think they have made some clever prompts and additions in other parts of the app and system which will capture much of this information in different ways, but without the attention-grabbing headlines of location tracking.

Contact Notification

Because the contact predictions are all being done anonymously, the HSE cannot text, call or visit anyone who might have the virus, they can just send them an anonymous push notification.

The app will alert a contact with a push and with a persistent in-app message. It will then show them a list of recommendations for keeping safe and self-isolating.

Most interestingly, it will also ask if they would like to share their phone number and get a call from the HSE. This will allow for more traditional contact tracing to take place. It will be really interesting to see what the uptake rate on this option is.

Proactive Testing

One feature of successful contact tracing regimes, like Singapore and South Korea, is proactive testing. Reaching out to people and groups of people (like workplaces) where contacts might have occurred and proactively test as many of them as you can.

At first glance, with anonymised bluetooth and no GPS, it would seem that this app wouldn’t support such activity, but digging a bit deeper it looks like it might?

The first way it does this is by offering users the ability to request a phone call from the HSE once they get a contact notification. On that phone call, there’s every possibility that the person can be asked some extra information, if they wish to share it, about where in the country they live. They could be also be encouraged to take a test, at which point their details could be taken, including where they live and a verbal contact history recorded, as happens today without the app.

The other place some additional personal data can be captured is in the app’s symptom tracking section.

Symptom Tracking

This is, to my mind, the most unique part of the Irish app, which I haven’t seen in any other country’s apps. The app will encourage people to “Check In” every day, and report how they’re feeling.

 

One of the motivators to do this is the nationwide stats that will be shared within the app – how many tens of thousands “checked-in” today. Sort of like an Operation Transformation, but for Covid fighting.

This is really hard to assess before launch. You can see the potential if it goes well, but also the risk of how publicly and visibly it could fail. Those aren’t the kind of risks usually taken by the civil service, so fair play to them on that front.

If it works, a large portion of the country will be recording their symptoms. Without any extra information, there isn’t much action that can be taken based on that data, but the app does prompt users to enter their sex, age range and location. So the HSE can get some self-reported data on location and demographics of users who are reporting symptoms. They also keep capturing extra data on confirmed cases outside the app, like they do today.

 

Conclusion

You can see the balance they’re trying to strike here. Removing any functionality that is greedy for user data, or could even be perceived as a privacy concern, will help build trust and get adoption. Using the Apple/Google exposure notification system is the most privacy conscious route to allow for contact notification, but it doesn’t really support “contact tracing”.

They then layer in some behavioural nudges in the form of “join the fight” daily check ins and “would you like a phone call?” notifications, which capture just a small amount of actionable data, and from only the most interesting users (probable infections) and in a manual way that doesn’t feel invasive. In that way they bring in some contact tracing elements, but just the minimum effective dose.

There are probably 3 key risks they need to overcome with the launch:

  1. That the Apple/Google bluetooth system proves effective enough at recording contacts accurately
  2. That people trust the app and download it
  3. That people check it regularly enough to make the data capture from check-ins meaningful

It seems like a very well intentioned, good faith effort at balancing all the competing concerns and I hope, for all of our sakes, that the bets they’ve made pay off.