November 2, 2020

What’s at Stake in Digital Fragmentation? Q&A with Zoom’s Josh Kallmer

Categories: Events, News

As Head of Global Public Policy at Zoom, Josh Kallmer — an expert in international trade with broad experience inside and outside of government — serves as the architect of Zoom’s global public policy and government relations strategy and the company’s chief representative before governments around the world. In this role, he has seen first-hand how the pandemic has led to the rapid acceleration of digital transformation in the U.S. and around the world. He also must keep his finger on the pulse of global governments as they wrestle with key decisions related to trade, security, and privacy.

Kallmer previously served as executive vice president for policy for the Information Technology Industry Council (ITI); he co-chaired the United States’ bilateral investment treaty (BIT) program, served as lead U.S. negotiator for several international investment agreements, and represented the Office of the U.S. Trade Representative (USTR) on the Committee on Foreign Investment in the United States (CFIUS).

On October 22, 2020, Steven Weber, CLTC Faculty Director and Head of UC Berkeley’s School of Information, spoke with Kallmer about what he is currently seeing, how key trends and debates might evolve, and the implications for society and the digital economy as we look ahead 3-5 years into the future. Excerpts from the discussion are included below (note that questions and responses have been edited for length and content). You can also watch the full interview above or on YouTube.

When the pandemic began, Zoom expanded rapidly over the course of just a few weeks. What did it look and feel like to be in the middle of that kind of a maelstrom?

Our daily meeting participants went from about 10 million a day to over 300 million a day. We went through this extraordinarily rapid scaling of the business in quantitative terms. I’ve been able to see what that means from an engineering point of view, when it comes to putting data centers and servers all over the world and making sure it doesn’t break down. We handle that part extremely well, and we have had very few outages or service interruptions.

The part we didn’t handle quite as well — and what we’re starting to handle better — are the qualitative issues about that. Before March, our clients were almost exclusively large organizations who had experts who could configure their systems. When the pandemic came and Zoom became used for so many other purposes — yoga classes, religious services, human rights discussions — we were confronted with very significant public policy issues around security and privacy, including what’s become known colloquially as “Zoom-bombing,” with uninvited guests coming into meetings.

As we’ve been on this journey — technically and qualitatively — we’ve also been on a journey politically and in terms of our values, which has led us through the summer. People may recall that we made a decision to shut down some Zoom meetings around the Tiananmen Square commemoration on June 4. By our own admission, that was a bad decision. We didn’t put ourselves in a position to make the right decision because we hadn’t anticipated that kind of use of Zoom, and we should have, which leads into the question of what I’m working on.

There are two broad categories of issues. The first have to do with China. We have a significant amount of development in China, and we have big global customers that have Chinese employees and customers they want to communicate with. So we’re making sure that we are explaining the nature of our business and that we’ve got really good security around our operations there, and that we’re being transparent.

Second are issues that are already coming down the pike, but in the coming months will do so even more, which are things like hate speech, child safety issues, and the use of Zoom as a place for “bad guys.” We want to make sure that it doesn’t become a place for bad guys. We’ve moved recently to end-to-end encryption, which is a tremendously positive thing from a signal purity and privacy point of view, but it raises some valid questions about keeping people safe.

The third area, which may be the least sexy but most important, is the internal work of coupling our values around all of these public policy interests with the infrastructure and tools and processes to actually implement it. I’ve hired people around the world, and I’m trying to educate the company on what it means to look out into the world and see how people are reacting, and to anticipate the kinds of questions we’re going to get so that we can get ahead of things. It’s the “shoe leather work” within the company. It’s quite an adventure in a lot of ways.

Your prior experience was as a global trade lawyer and government negotiator. And now you’re on the front lines of what may be the fastest and perhaps most important accelerant of a particular kind of global trade, which is trade in ideas. Is what we’re seeing new, or is there some continuity from something that was already happening?

I would love to sound really insightful and say there is some qualitatively new issue here that represents a discontinuity that nobody’s thought of. And there may be. But I haven’t put my finger on it. I agree that this is an acceleration of something that was happening anyway, although I think the period of time in which it was happening was maybe shorter than we thought. It has certainly been the case for the last generation that global commerce has been moving from trading goods to trading services. Now over 50% of global trade is in intangibles, and an increasing percentage of that is being done digitally. It’s the trading of ideas as a “product,” and the use of data in the production of physical things. The ways in which digital information or data have come to dominate the global commerce discussion have been profound, and they’ve happened in a relatively short amount of time.

COVID has certainly accelerated it, and has revealed new issues that we hadn’t thought about before. It has accelerated not just the importance of looking at global trade through the lens of data rather than the lens of “widgets,” but also the challenges that governments are having around the world in figuring out what their relationship to data is going to be. That has manifested in a lot of different ways.

It seems like digital fragmentation is becoming more deeply entrenched, and not just between the United States and China. Do you see this as an inevitable trajectory, as something we’re going to have to learn to manage? Or is it something that could be reversed?

It has already happened, and we’re learning to navigate it right now. It is reasonable to say that China has its own internet and its own players. It certainly has its own rules of the road. It is a state capitalist environment that is driven by concepts of control, and that is now sufficiently reflected in the legal architecture. The nature of the commercial market is to allow one to say the “splinternet” has happened in some very real way, a way that is still playing out.

The five-year horizon of what happens with the rest of the world is not inevitable. The U.S. has a certain model, and Europe has a certain model. They have similarities, but they have very important differences. In Europe, there is a concept of needing to have a regulatory architecture before the identification of problems, whereas the U.S. has historically taken a more responsive approach. That’s being challenged in the area of privacy, for example in California. In Europe, there are fundamental battles being played out about what the contours of the next big regulation after the GDPR are going to be.

The ultimate question is whether the U.S. and Europe — along with Japan, Korea, Canada, Australia, and other western countries — can come together around a common understanding of data, of technological activity, and around trust. This is a five-year horizon that we’re talking about. Is it reversible? Not anytime soon. I think the overall question of which way the world goes when it comes to decoupling and disaggregation will be a generation-long question. We’re at a point similar to the Uruguay Round of the development of the WTO Rules in the mid 1990s. That set up the global economic architecture for the last 25 years. And it’s that concept that’s being challenged. It’s maybe more than a generation. It will be years and years before there’s some sort of real multilateral conversation about whether there can, in fact, be a grand bargain or meeting of the minds at a global level around these things.

When you think about the trajectory of innovation in the digital environment, how do you navigate the fact that you don’t know which of those worlds you’re going to live in over the next couple of years?

Whether it’s Zoom or any other technology company, the calculus is different because the businesses are different. As a company, we’re obviously not happy about the fragmentation. We’ve run into some challenges in China, but I don’t think that we have yet seen it impairing our ability to operate globally and benefit from scale. Even if our ability to access certain markets were interrupted, I believe it would be a pain in the neck, but an incremental pain in the neck, not a catastrophic one.

I would contrast that with companies producing physical goods that are dependent on truly global supply chains. If you look at CFIUS, the national security review mechanism in the U.S. for foreign investments, the U.S. is now adding a range of regulatory or gatekeeping restrictions on the ability to export, import, and transact with technologies in ways that will create challenges for a company like Zoom, but more significantly will interrupt the operations of hardware manufacturers like semiconductor companies. It’s become trite to say, but today’s cars are computers on wheels and airplanes are computers with wings. I anticipate really heavy economic effects happening, and certainly, we’re not happy about it. I think it’s just less profound right now.

What do you anticipate will be on the policy agenda in the first 100 days or six months of the next administration — and are there things you think should be on that policy agenda that are not?

The one thing that will not change is the antipathy around China, along with antipathy for Big Tech. If Biden wins, the flavor will be different, and we’ll probably start moving in a more productive direction tactically. But the overall view that we are in a generation-long struggle with China over commanding the future, I don’t think that changes. With a Biden administration, you would have people more committed to the kind of multilateral cooperation that you’d need to achieve a meeting of the minds around data and technology and the rules of the road, and perhaps updating the WTO. I anticipate we will see more work around privacy, because federal privacy legislation has had some momentum.

One of the most significant things we’re focused on is a reexamination of the fundamental rules around what’s called platform liability, or intermediary liability. People are probably familiar with Section 230 of the Communication Decency Act, the “26 words that created the internet.” It will take some time, but I think that there will probably be legislation that cuts into the liability protection that internet platforms have enjoyed for 24 years.

The second issue is the topic of antitrust and competition. We all just saw the DOJ opening the case against Google, but that will be a broader initiative that will mostly focus on the Big Four. I think that creates interesting questions for a company like Zoom and other companies that have accelerated in recent years. If some of the fundamental principles of antitrust law change, that could change the analysis of market position for a lot of different companies.

Is there something that should be on the agenda but is not? I live in perpetual fear that people aren’t taking cybersecurity seriously enough, whether or not that’s in the executive branch. I’m not sure if it’s a legislative question. I think it’s truly a more working-level executive branch activity that may or may not be proceeding actively enough. But there’s an issue that I think gets more attention than it deserves, and that’s privacy. I don’t mean to say privacy is not incredibly important. It is. But I think the GDPR and CCPA reflect that there is roughly a global consensus. We see it in other parts around the world that the battle over privacy is now one of legal architecture rather than substance, which is important. I think they need to get it back to Congress, get a bill, and get a federal system. California may not like it, but I see a lot of benefits to a non-fragmented U.S. system, and then do the work of achieving more interoperability with Europe and the rest of the world.

We at CLTC like to ask our friends and colleagues who are in government and industry about what kinds of issues or problems or questions keep them up at night. What are the challenges you wish someone in a public research university would try to solve?

The work your colleague, Nick Merrill, is doing [on studying internet fragmentation] would absolutely fall into the category of things that would be incredibly valuable for the world to have. The starting place is to recognize the fundamental problem that has plagued political theorists since the beginning of time — and that the pandemic brings into sharp relief — which is the disjunction between shared global problems and the incentives of political actors in a world governed by individual nation-states.

The governance of data is a perfect example of this. It feels good to regulate the flow of data within your borders. Governments have incentives to do that, by virtue of the physical territory they govern. But it leads to collectively irrational results for the world, whether it’s the United States or UK or whatever the market is that’s taking those natural actions. I’m fascinated by questions around that disjunction, and how each government is making the decision — how it’s set against the actual playing field of interests that is larger than itself — and what it means for the net welfare of that larger field, as well as the immediate economy.

If you could show that the Chinese firewall was creating a loss of economic welfare for a group of Chinese citizens or an industry in China in the amount of X, those would be great stories to be able to tell. Or if people were to do those analyses in Washington, DC, broken down into each of the 435 congressional districts to show, how is this move you’re taking consistent or inconsistent with the interest of this factory in your district? Those are the kinds of questions we really struggle to get data around to help improve public policy.

How can we get people working on the engineering side to anticipate and foresee future social or political challenges?

It’s a perennial challenge. I’ve been at Zoom for five months, and I’m beginning to do that in a meaningful way. What I’ve observed in the past is that there is a real continuum of how successful companies are doing that. It played out most particularly in the work we did at ITI around technical standards, which is where there was a daily intersection between very technical people and policy people, because that was the nature of the work. I saw that there were some companies whose policy people were intrepid and good at plumbing the depths of their companies to figure out, here’s the expert on this electromagnetic compatibility issue, I really need to get to know this person and help them understand what’s at stake if the standards regime around this topic turns out poorly. It’s about getting deeper into a technical environment and asking a lot of stupid questions and trying to create rapport with people who are not focused on the political issues. I have not found anything that short-circuits that hard work that one has to do within a company.

The silver lining for Zoom for what we have gone through — which was so public and painful — is that we have a CEO who’s an engineer, and he was on the front line of that. There was a way in which it hit home for him and many of our engineers pretty immediately. But that’s quite different than actually having engineers anticipating or spotting issues, or just asking the question, is this feature change that I’m about to implement something that somebody could be concerned about? That’s about bringing colleagues into the conversation and trying to connect those dots before stuff gets baked.

Beyond China, other countries are withdrawing or looking at options other than the “U.S.-Euro internet,” including Russia and India and countries in the Middle East. How do you think about managing all those other players in the game?

India probably is the most significant player in that category of other players, and it’s one we think a lot about. One of the byproducts of India’s increased tension with China is that they are more focused on solutions in the US relationship. We’ve been gaining some momentum when it comes to deepening our engagement in India. Ultimately, every market has to be taken on its own merits. We’ve got business interests in different parts of the Middle East. It’s easy to generalize, but they’re very individualized markets. And in some of those countries, there are values questions that we have to make sure we’re comfortable about, as well as more mundane regulatory issues. Now that I’m with a specific company, the discussions are less about these big themes and more about the immediate possibility for Zoom to partner in the market. It’s India, it’s Turkey, it’s Brazil, it’s Vietnam. And I don’t think there’s a generalizable approach to achieving success with any of them other than spending the time there, getting to know them, and hopefully being able to engage.

We’ve done research looking at boards of directors as a driving force on security, product design, and other issues. What has been your experience with this at Zoom?

I have a sample size of one in terms of direct involvement, but I have found this group to be much more engaged and smart and thoughtful about these issues than I would expect most boards are. We brought on H.R. McMaster [former U.S. National Security Advisor] around the time I was hired, and he’s making an incredible contribution. He’s a great colleague, and there are multiple other people that have really interesting ideas around this. They get why it matters. It doesn’t have to be explained to them, and everybody on the board cares. And so when we go through the kinds of things we’ve gone through over the last several months, they’re very involved, and it’s a bi-directional conversation.

I think one of the benefits you get with a board is that, theoretically, you’re getting people from different perspectives who are not in the crucible of engineering every day. It’s more common with directors from traditional, non-digital-native companies, as they think about, what are the right questions for us to pose to our security people, is that they will ask, what does good look like? And our answer, which is not terribly satisfying, is that that’s not the right question. It has to be more dynamic than that. How do you get the question to be, what does getting better look like? A lot of board members find that to be very unsatisfying, but that is really where we have to be.

Is there any other issues that you’ve been thinking about?

When I look at the way the political environment has evolved, not just in the United States, but but in parts of Europe and some other markets — like Brazil over the last two or three years — it’s really troubling. It reflects a level of rancor that I think has some very legitimate underlying causes having to do with the economic structure of economies and so forth. But it’s now converging, and whether it’s Zoom or other technologies, we see that there is potential to really amplify that rancor. What I’m going to try to do on behalf of Zoom, in addition to just addressing the issues we may run into, is to advance the conversation internationally. It’s a classic area for companies that beat each other up in the commercial marketplace to try to work together on.

Another area that could be interesting to explore is, what’s the next generation of international institutions that could be a fit for where we are now, versus where we were in 1994 when the WTO came into being? And what does it look like? It’s a set of institutions around not just trade and data, but around security and digital taxation and around the different ways in which the the global battles over technology are going to be played out. What is the Congress of Vienna that we need to bring out? It’s where this conversation needs to go to have sensible outcomes when it comes to all this fragmentation that we’re seeing.