December 15, 2020

Democracy by Design

An Affirmative Response to the Illiberal Use of Technology for 2021

Executive Summary

A global contest between democracies and autocracies is raging on the digital front. Technology stands to alter the balance between free, open societies and closed, repressive regimes. Nation states in direct competition with the United States seek to project global influence by shaping an existing digital order to their will. Impulses toward illiberal use of technology at home threaten to curtail individual liberties, constrict opportunity, and erode a truly open society.

Democracies do not yet have a model for how to confront this. In the United States, a roadmap for a solution must start with the fundamental question: How should U.S. technology companies, with the help of the U.S. government, respond to the illiberal use of technology by authoritarian actors abroad? This report contends with this question by identifying concrete actions and threat-mitigating strategies that contain the input of government, the tech sector, civil society, and academia. It provides starting points to address the systemic risk inherent in dealing with authoritarian regimes and also examines cost imposition on those complicit in tech-enabled human rights abuses.

Yet a strategy aimed only at staunching the illiberal use of technology will fail in the long term. Instead, the U.S. government and tech companies alike must recruit democratic allies to purvey an affirmative agenda that promotes digital freedom across the globe. This report proposes an agenda that stresses privacy leadership by the United States and its technology companies. It identifies areas of collaboration for U.S. allies and democratic partners, like digital trade, foreign law enforcement requests for data, and technical standards. This report’s affirmative agenda also contains an imperative for U.S. tech companies to build commercial norms toward digital freedom and incentivize transparency within their own ranks.

A strategy aimed only at staunching the illiberal use of technology will fail in the long term.

For digital freedom to prevail over authoritarian uses of technology, democracies must present something better. Together, they must establish an alternative model for the use of technology globally. These recommendations build that democratic case, starting with the United States.

Summary of Recommendations

Address Systemic Risk through Existing Federal Mechanisms

To help U.S. private companies address systemic risk when operating abroad, the U.S. State Department (DoS) should:

  • Integrate a host country’s digital practices into its annual Country Reports on Human Rights Practices, also known as Human Rights Reports.
  • Work with the Commerce Department to update its Country Commercial Guides to incorporate a set of key indicators of authoritarian digital practices abroad.
  • Update the Country Commercial Guides to include these new indicators, as well as feedback from willing partners in civil society and the tech industry, on an annual basis.
  • Hold formal consultations with U.S. tech companies every two years on the utility of providing information on the risks associated with aiding authoritarian governments.
  • Regularly update its risk-based compliance framework for surveillance technology due diligence, in coordination with the Department of Commerce and other relevant agencies.
  • Take steps to make human rights end use due diligence compliance legally binding, instead of voluntary. This includes coordinating with the Department of Commerce’s Bureau of Industry and Security (BIS) to expand export controls based on end use.

To address systemic risk, U.S. universities should consider the following courses of action:

  • Rethink engagement with authoritarian countries writ large, based on indicators of systemic risk arising from involvement with these countries and the shift to online learning due to the COVID-19 pandemic.
  • Comply with U.S. government human rights guidance based on end use from the State Department and entity listings from the Department of Commerce.
  • Conduct own due diligence on individuals, organizations, and end uses of academic research by instituting an internal human rights research review board.
  • Integrate human rights standards and training into business and engineering curricula.
  • Develop guidelines for assessing national security risk in funding sources and research collaborations.

Impose Costs on Tech-Enabled Human Rights Abuses

To impose costs on actors committing tech-enabled human rights abuses, the U.S. government (legislative, executive, and federal agencies as specified) should:

  • Audit the current decision-making process used to inform federal actions aimed at confronting high-tech illiberalism. Specifically, the White House should bring together multiple agencies, starting with the DoS, Commerce, and Treasury, to survey the existing federal toolkit—sanctions, bans, suspensions, and divestment—and consider alternative measures to slow or prevent investment in technologies and tech actors that enable human rights abuses.
  • Harmonize these multi-pronged approaches, adjudicate decisions, and take into account all stakeholders in the process via the National Security Council (NSC), in coordination with the National Economic Council (NEC) and the Office of Science and Technology Policy (OSTP).

Establish an Affirmative Agenda for Digital Freedom

This affirmative agenda consists of three main concepts: lead in privacy, find areas of mutual cooperation with democratic partners and allies (e.g., digital trade, foreign law enforcement requests for data, and technical standards), and enlist and support tech companies’ construction of commercial norms toward digital freedom.

Lead in Privacy

Congress should:

  • Establish a federal data protection framework with appropriate standards and oversight for how the federal government and commercial entities collect, store, and share U.S. user data.
  • Articulate and publish a public justification for this framework that describes the fundamental elements of a strong privacy regime.
  • Mandate that the Federal Trade Commission (FTC) enforces privacy legislation.

Congress and the White House should also:

  • Fund the research and development of privacy-preserving technology solutions through the National Institute of Standards and Technology (NIST), the National Science Foundation (NSF), a restored Open Technology Fund (OTF), and the DoS, particularly the Bureau of Democracy, Human Rights, and Labor (DRL).
  • The U.S. government also should fund the research and development of privacy-preserving and democratic models of surveillance authorities, utilizing bilateral solutions, such as the Clarifying Lawful Overseas Use of Data (CLOUD) Act, to better coordinate with partners.

U.S. tech companies should:

  • Devote engineering capacity to designing protocols with built-in data privacy protections.
  • Invest in “interoperable privacy” to ensure the feasibility and endurance of this privacy regime with those of democratic allies.
  • Similarly, invest in privacy compliance, as well as privacy preservation, to solidify strong privacy practices hand-in-hand with the federal government.

Focus on Areas of Mutual Cooperation With Allies and Partners: Digital Trade, Foreign Law Enforcement Requests, and Technical Standards

To keep digital trade open, the Office of the United States Trade Representative (USTR) should:

  • Strengthen digital trade language in free trade agreements to enable the free flow of data and regulatory interoperability between allies through the global expansion of the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) System.

To help ensure foreign-generated law enforcement data requests and compliance are consistent with democratic values and to strengthen collaboration with like-minded partners globally, the DoS and Department of Justice (DOJ) should:

  • Leverage the CLOUD Act to seek bilateral and even multilateral agreements on foreign law enforcement data requests to U.S. companies with governments that honor baseline principles of digital freedom, open digital trade, privacy, human rights, and due process.

To promote digital freedom through international standards organizations with like-minded partners, the Secretary of Commerce should:

  • Issue a plan for federal engagement in developing technical standards for surveillance technologies, akin to the 2019 NIST plan to advance artificial intelligence (AI) standards and research priorities.

To promote digital freedom through international standards organizations with like-minded partners, Congress and the White House should:

  • Expand federal support of standards developing organizations (SDOs) to ensure that outcomes (standards and regulatory recommendations) related to technologies prone to abuse by authoritarians, such as AI-related tech, are more supportive of digital freedom.

To promote digital freedom through international standards organizations with like-minded partners, U.S. universities should:

  • Leverage U.S. involvement in the development of International Organization of Standardization/ International Electrotechnical Commission (ISO/IEC) standards, such as 24368 ‘AI overview of ethical and societal concerns’ and 24027 ‘Bias in AI systems and AI aided decision making.’ Duly, implement training on the ethical and responsible use and development of technology in science, technology, engineering, and mathematics (STEM) curricula, with an emphasis on algorithm design. This inclusion of the appropriate considerations surrounding AI ethics and bias in curriculum design will allow for the enhancement of STEM curricula in alignment with international standards.

Enlist Tech Companies to Build Commercial Norms toward Digital Freedom

To build norms that promote digital freedom and incentivize transparency, U.S. tech companies should:

  • Develop guidance for responsible release of novel emerging technologies that are susceptible to abuse (e.g., leverage examples such as Open AI’s staged release of GPT-2 language model) to build norms around responsible release.
  • Continue to advance efforts to safeguard user security and privacy, including through technology such as encryption and other privacy-preserving technologies.
  • Consider publicizing voluntary, biannual public reports on policies and intent regarding data collection, storage, and sharing.

Download the full report.

Download PDF

  1. Ely Ratner, Daniel Kliman, Susanna Blume, Rush Doshi, Chris Dougherty, Richard Fontaine, Peter Harrell, Martijn Rasser, Elizabeth Rosenberg, Eric Sayers, Daleep Singh, Paul Scharre, and Loren DeJonge Schulman, “Rising to the China Challenge: Renewing American Competitiveness in the Indo-Pacific,” (Center for a New American Security, December 2019),, 24.
  2. Sheena Greitens, “The Future of China Studies in the U.S.,” ChinaFile, August 27, 2020,
  3. Martijn Rasser, Elizabeth Rosenberg, and Paul Scharre, “The China Challenge: Strategies for Recalibrating the U.S.-China Tech Relationship,” CNAS, December 12, 2019,
  4. Some language in these recommendations is derived from the author’s September 2020 CNAS publication “The Razor’s Edge: Liberalizing the Digital Surveillance Ecosystem,”
  5. Martijn Rasser, Rebecca Arcesati, Shin Oya, Ainikki Riikonen, and Monika Bochert, “Common Code: An Alliance Framework for Democratic Technology Policy,” (CNAS, October 21, 2020),, 1.
  6. Ratner et al., “Rising to the China Challenge: Renewing American Competitiveness in the Indo-Pacific,” 26.
  7. International Organization for Standardization, “Standards,”


  • Kara Frederick

    Former Fellow, Technology and National Security Program

    Kara Frederick is a former Fellow with the Technology and National Security Program at the Center for a New American Security (CNAS)....

View All Reports View All Articles & Multimedia