Latin America’s Digital Development – This century’s strategic choice for security
This research note is also available in Spanish.
The leaders of Latin America, a set of some two-dozen diverse, emerging countries with some 700 million people, face a strategic choice for security. This decision to secure trusted digital information networks will impact the region for the next century. It will determine whether the region develops in a prosperous, inclusive, sustainable, and democratic direction, or an authoritarian one.
Latin America faces some important choices in its digital development. It wants to ensure its citizens and enterprises enjoy world class technology; to protect and preserve human rights and sovereignty; and to innovate regionally with compelling digital solutions and services. Latin American leaders can learn and adapt from EU models for digital governance.
Technology behemoths from the China have promised a bill of goods. It is critical that Latin American leaders scrutinize these offers for their net impact, how local people benefit, and whether autonomy and democratic values are preserved.
Given its history, experience, and coordination, the EU offers a real, actionable way forward for digital development.
Strand Consult believes digital development thrives when grounded in democratic values.
Digital Infrastructures: horizonal, vertical, and cloud
Latin America’s emerging digital economy consist of three kinds of infrastructures: (1) the horizontal networks of fixed and mobile communications which transmit information; (2) the vertical layer of devices, applications and services which collect, process, and use information. (3) the cloud, a distributed set of computers which functions both as horizontal and vertical network, collecting, processing, and storing information.
Each Latin American nation depends on these three types of infrastructures, though each nation differs on the speed of its digital development. 4G / 5G wireless networks and fiber are replacing earlier telecommunications 2G, 3G, and copper-based networks. These horizontal communications networks form the foundation on which all digital development depends, binding people and communities nationally and regionally. Communications providers which provide the “horizontal” transmission services are typically licensed by the nation state and regulated to deliver a common set of connectivity services to all people, enterprises, and institutions.
On top of the horizontal infrastructure of communication networks are vertical networks for devices (smartphones, tablets, smart cars) and applications (software platforms for commerce, finance, health, education, public safety and so on). Popular Latin American “superapps” include Rappi (the “everything” marketplace for 64 million users in 220 cities and 140,000 merchants); Mercado Libre; and PicPay. Whereas the horizonal infrastructure of communications networks transport data, vertical devices and apps collect, process, and store data.
The third type of infrastructure is cloud; it provides both horizontal and vertical processing and storing information. Cloud networks are provided by large, global information technology hyperscalers (and sometimes smaller competitors) but are not necessarily licensed or regulated within any nation. Cloud infrastructure is connected via communication networks with devices, and applications. See Strand Consult’s research note on cloud.
Ensuring security and trust across the set of horizontal, vertical and cloud networks is complicated as it involves different rules, vendors, services, and jurisdictions. However Latin America is not the first region to consider such a task. Indeed the 27 nations of the European Union (EU) have promulgated data protection, network security, trust, and governance policy for decades, integrating the needs of the people, enterprise, and government into a unified regime for 27 member states. Latin American leaders can learn from this model and adapt appropriately.
The European Union shows the way forward.
The goal of the EU is a common internal market, security space, and human rights for the citizens of its 27 member states. With the digital economy, the EU adopted a set of policies which have become the global standards. The popular shorthand for the world economy is that the US innovates; China replicates; and EU regulates. Indeed, EU General Data Protection Regulation has become the global standard, with the world’s largest IT firms adopting its conventions for lawful processing, integrity, confidentiality, accountability, consent, accuracy, and the culture of privacy.
The Digital Markets Act (DMA) and Digital Services Act (DSA) package aims to create a safer digital space where the fundamental rights of users are protected and to establish a level playing field for businesses. The EU’s Artificial Intelligence Act (AI Act) offers comprehensive rules for trustworthy AI. The EU’s Gigabit Infrastructure Act promises faster rollout of gigabit-capable connectivity and a set of policies to fast-track the rollout of fiber infrastructure.
To safeguard security and resilience, the EU developed a foundational and globally unique approach to security of 5G networks with the EU 5G Toolbox. The EU deems 5G networks critical for their horizontal role underpinning the delivery of health, energy, manufacturing, media, and mobility. Hence the EU Member States, the European Commission, European Union Agency for Cybersecurity (ENISA), and the Body of European Regulators for Electronic Communication (BEREC) developed an EU-wide coordinated risk assessment. Based upon a set of identified risks, the EU 5G Toolbox was developed and agreed to include strategic (non-technical) and technical mitigating measures. In sum, the European Commission and the EU member states implement key measures in two areas; strategic (non-technical) and technical security measures, both of these assessments and mitigation measures must be satisfied to deem 5G equipment suppliers as secure and trusted.
The EU Network and Information Systems Cooperation (NIS) Group supports, monitors and evaluates the implementation of the EU 5G Toolbox. It supports continuous knowledge exchange and capacity building as well as promotes resilience in other security objectives. More than half of the EU member states are already succeeding in their 5G security goals; however, the laggards create a security challenge for the region. The latest progress report from the NIS Group concludes,
“Twenty-four Member States have adopted or are preparing legislative measures giving national authorities the powers to perform this assessment and issue restrictions. Out of them, ten Member States have imposed such restrictions, and three Member States are currently working on the implementation of the relevant national legislation. This situation creates a clear risk of persisting dependency on high-risk suppliers in the internal market with potentially serious negative impacts on security for users and companies across the EU and the EU’s critical infrastructure.”
As a result of a series of NIS reports and input from the European Court of Auditors, it became evident that 5G suppliers exhibit clear differences in their characteristics, in particular to their likelihood of being influenced by specific third countries which have security laws and corporate governance that are a potential risk for the security of the Union. Due to these high risks, and based on an assessment of the criteria set out in the Toolbox for identifying ‘high-risk suppliers’, the European Commission decided,
“Due to these high risks and based on an assessment of the criteria set out in the Toolbox for identifying ‘high-risk suppliers’, the Commission considers that decisions adopted by Member States to restrict or exclude Huawei and ZTE are justified and compliant with the 5G Toolbox. Without prejudice to the Member States’ competences as regards national security, the Commission has also applied the Toolbox criteria to assess the needs and vulnerabilities of its own corporate communications systems and those of the other European institutions, bodies and agencies, as well as the implementation of Union funding programmes in the light of the Union’s overall policy objectives.”
The implication of applying the EU 5G Toolbox for Union funding means that EU funds for 5G network deployment be it for EU internal purposes such as in the case of Slovenia or in external EU funding, such as part of the 2023 Enlargement package Ukraine, and the Western Balkans.
Looking beyond the EU neighboring countries, EU is also engaging in promoting ICT infrastructure in other third-countries through the Global Gateway and its regional initiatives such as EU-LAC which invest in digital transformation in Latin America and the Caribbean.
The Global Gateway creates the opportunity to condition EU’s funding for ICT infrastructure with adherence to EU 5G toolbox. The prerequisite for participating in these projects is that they live and are compliant with the EU 5G toolbox.
The EU offers comprehensive policy for the digital age, ensuring the rights and data protection of individuals, fair operating conditions for the marketplace, and the security and trust of networks. The policy aim is to direct digital development in a just, human, and modern direction which protects democratic values and guards against totalitarianism. Latin American leaders can learn from the EU and adapt policy appropriately to local conditions.
10 Relevant Case Studies for Digital Development
Managing digital development is a difficult task of policy to enable access best in class technology, protect national sovereignty, and promote local excellence and entrepreneurship.
Wise politicians look at the risks associated with a nation choosing China as a partner at the expense of suppliers and partners from countries that have a political form of government like that of its own country. Here are some exciting cases:
- When upgrading the existing 2G, 3G and 4G networks to 5G, nations are faced with the choice of whether to use untrusted vendors such as Huawei and ZTE. In Europe and other places, Chinese suppliers have been rejected in what is considered a trust risk. The first country in the world, taking an official stance already in 4G was Australia, where back in 2012 Social Democratic Prime Minister Julia Gillard made a ban on the use of Chinese equipment. Other countries have later followed Australia.
- Digital infrastructure is much more than telecommunications infrastructure; it is e.g. smart cities that the Chinese are trying to deliver around Latin America but also communication solutions for modern trains. In Germany, politicians believe that it is a problem that the German railways Deutsche Bahn has purchased and uses communication solutions from Huawei. What is feared is that China will shut down the smart cities and the trains, which in many places constitute an important infrastructure.
- At the top of the telecommunications infrastructure, people use IT solutions that are abused by the Chinese regime to collect data, the most talked about case is TikTok where their CEO Shou Zi Chew who was allowed to answer a number of critical questions in the US Senate. In many countries, authorities have banned public employees from installing TikTok on their work phones for fear of spying. Many of the devices people use in that are connected to the internet come from Chinese suppliers and the associated apps that collect and send data to Chinese clouds.
- Payment’s infrastructure is also an area to consider. Chinese players are trying to put themselves on the infrastructure that we use when we make payments. The risk associated with this is that China and Chinese players with close ties to the regime in China can gather information about who buys what, where, while at the same time choosing to shut down the payment infrastructure if you get into a conflict with a country.
- PCs and servers from players such as Lenovo are used to collect, process and store data. In many countries, the authorities have banned the use of PCs and servers by public authorities such as the armed forces. It is in countries such as England, Denmark, Australia and the United States.
- When collecting data, it is often stored in a cloud. If you look at Latin America, a very large part of the data that authorities, companies and private individuals generate ends up in one of the many clouds that China and Chinese suppliers have built and operate in the region.
- Many people talk about electric cars and not least the success that many Chinese manufacturers have in this area. People just forget that an electric car is a smartphone on wheels, that it has more censors built in than a mobile phone and that it continuously sends data back to the car manufacturer. In China, automakers are forced to share this data with the authorities. A modern electric car can not only be used to spy on those sitting in the car, it can also be remotely controlled and used as a weapon against those who walk the streets.
- Latin America is rich in rare minerals and other important raw materials. In many countries, China has set its sights on the extraction of these raw materials. The raw materials are sent to China where they are processed into valuable materials used in many different types of production. We find it difficult to understand why the countries of Latin America allow the export of raw materials and why they do not themselves carry out the processing that increases the value of these materials.
- Energy infrastructure is important, and it is not getting smaller in a world that is becoming greener and where electricity is becoming the most important source of energy. Around Latin America and elsewhere in the world, China and Chinese companies rely on energy infrastructure, which means that they not only control that infrastructure, but they also decide when and how to upgrade that infrastructure. If a Chinese player holds back on upgrading energy infrastructure, it could slow down the green transition and economic development in the countries where China and Chinese actors control this infrastructure.
- Chinese Government financing is often advantageous and since 2008 China has taken an additional role in relation to the Inter-American Development Bank. When you as a nation borrow money from China, it comes with a price, a price that makes it difficult to relate critically to China and Chinese companies. In a country like Argentina, China has repeatedly threatened to call the loans it has granted to Argentina.
China is a nation that has a different political form of government than the one sought in Latin America. In addition, China has different human values than those that are the foundation of Latin America.
Today China suppresses not only basic human rights, but also people’s ability to practice the religion they believe in. Many articles have been written about how China monitors and represses Uyghurs in Xinjiang. We are talking about people being placed in prison camps for the purpose of suppressing their religion and re-educating them with the values that the Chinese dictatorship believes should apply in China.
Other religions experience the same oppression, the Catholic Church and other Christian churches do not have the best conditions in China. Last year China passed a “Patriotic Education Law,” consolidating the Chinese Communist Party’s control over education, including religious education. The new law, which was passed during a session of the National People’s Congress Standing Committee, would require churches and religious groups to adapt their educational activities to promote the party’s official ideology.
Conclusion
China in the world today is no longer the “responsible stakeholder” of the early 2000s. The rise of Xi Jingping has been coupled with aggressive urgency to control and militarize; and information technology is critically integrated in its global strategy for geopolitical and economic domination. Look no further than China’s Great Firewall, in which it has unilaterally blocked the media and internet from abroad, both to force the use of domestic tech champions as well as to prevent its people from consuming foreign ideas of freedom and democracy. Strand Consult has described this in You Are Not Welcome: An Analysis of Thousands Foreign Technology Companies Blocked by China Since 1996
While there is still trade and exchange with China, it is prudent and rational to review and restrict those products and services which are critical to privacy, security, and sovereignty not the least of which are the elements of telecom networks.
To learn more about this complex issue, see Strand Consult’s many reports about China and cybersecurity.