Category: Writing

Categories
Links Writing

Canadian AI Sovereignty: The Interplay Between Technical and Regulatory Pressures

Khan and Jancik’s recent article, “Canadian AI sovereignty: A dose of realism” offers a structured way of assessing sovereignty claims and subsequently undertaking actions that might reasonably follow from this assessment. They set out a spectrum wherein some applications of AI systems may require heightened sovereign ownership or localization, and others where sovereign requirements might be applied more narrowly to establish reliability and control over facets of AI systems.

They offer a series of analytic questions that organizations (and governments) can ask in assessing whether a given investment will advance Canada’s sovereignty interests:

  1. Is there a compelling policy rationale or public interest objective?
  2. Is the sovereign solution competitive?
  3. Is it viable at Canadian scale?

They assert that bringing AI sovereignty policies to life, at scale, requires state capacity to be developed (e.g., technical experts must be hired to guide decision-making), there must be coordinated AI strategies across levels of government, and business ecosystems must be developed amongst Canadian businesses.

Of note, their assessment is guided by an assertion that AI sovereignty will depend on technical decisions, first, and not regulatory conclusions or rule making. They make this based on their perception that regulation has (generally) had limited effects to date.

While certainly true that regulation moves at a different pace than technological innovation, the early efforts of a range of governments to coordinate on core values, principles, and expectations have laid the groundwork for contemporary regulatory efforts. The effects of such groundwork are being increasingly seen in various jurisdictions as regulators issue guidance, decisions, and undertake policymaking activities under their own responsibilities.

Such activities are being seen at national as well as state and provincial levels. One of the notable developments has been that privacy regulators have often been the first to move given the ways in which AI systems may rely on personal information throughout the data lifecycle. That could change as AI safety and consumer protection organizations increasingly focus on risks and challenges linked to AI systems’ applications but, to date, such regulators are often behind those of data protection bodies.

Categories
Writing

Dromology in the Age of Synthetic Cognition

Paul Virilio was a French cultural theorist well known for his theory of dromology. Dromology explores the logics and impacts of speed in the modern era. At its core, it theorizes how the velocity of action or decision-making enables actors to accrue wealth and power over others. Virilio often approached this concept through the lens of martial power, contemplating how new means of movement — the horse, the automobile, telemetric control — created new capacities to overcome the frictions of time and space, and to overcome adversaries through heightened sensing and accelerated decision-making.

We exist in an era of digital intensification. Cybernetic systems are now core to many people’s daily realities, including systems over which they have little meaningful influence or control.1 Earlier digital modernity was often described as an “attention economy.” Today, we may be entering what I’ll call a “velocity economy,” which is increasingly grappling with the implications of a faster-moving world.

Escape Velocities

Om Malik has written recently on velocity and how it may now precede attention as a structuring condition:

What matters now is how fast something moves through the network: how quickly it is clicked, shared, quoted, replied to, remixed, and replaced. In a system tuned for speed, authority is ornamental. The network rewards motion first and judgment later, if ever. Perhaps that’s why you feel you can’t discern between truths, half-truths, and lies.

Algorithms on YouTube, Facebook, TikTok, Instagram, and Twitter do not optimize for truth or depth. They optimize for motion. A piece that moves fast is considered “good.” A piece that hesitates disappears. There are almost no second chances online because the stream does not look back. People are not failing the platforms. People are behaving exactly as the platforms reward. We might think we are better, but we have the same rat-reward brain.

When velocity becomes the scarcest resource, everything orients around it. This is why it’s wrong to think of “the algorithm” as some quirky technical layer that can be toggled on and off or worked around. The algorithm is the culture. It decides what gets amplified, who gets to make a living, and what counts as “success.”

Once velocity is the prize, quality becomes risky. Thoughtfulness takes time. Reporting takes time. Living with a product or an idea takes time. Yet the window for relevance keeps shrinking, and the penalty for lateness is erasure. We get a culture optimized for first takes, not best takes. The network doesn’t ask if something is correct or durable, only if it moves. If it moves, the system will find a way to monetize it.2

The creation and publication of content — and the efforts to manipulate engagement metrics to juice algorithms — have long been partially automated. Bot and content farms are not new. What may be new is the scale and ease of synthesis. As the cost of producing text, images, summaries, and responses to each declines through the widespread adoption of LLMs and agentic systems, the volume of generated material increases dramatically.

That increase in volume does not just mean “more noise.” It alters competitive dynamics and means that velocity — which then accrues attention — becomes key in an algorithmically intermediated world. In this environment what is increasingly put under pressure are decisional latencies — the time between sensing, synthesizing, and acting. And humans are making decisions on what to focus on based on automations and algorithms designed to cull out what they “should” be paying attention to.

Earlier digital acceleration primarily affected distribution: messages moved faster, and telemetrics enabled the expression of power at heightened distances, as examples. Now we may be witnessing the acceleration of what looks like cognition. LLMs have no theory of mind insofar as they do not “understand” in any human sense. Yet they can synthesize, summarize, categorize, and prioritize at speeds that mimic cognitive activity. And when those synthesized outputs are connected to agentic systems capable of taking action — filing forms, executing transactions, triggering workflows — we move beyond accelerated messaging into accelerated execution. Decisional latencies can become compressed in order to produce outputs that move sufficiently fast, and with sufficient purchase, to be registered by algorithms as worthy of amplification and, ultimately, human attention.

Put differently: as velocity becomes a mode of capturing attention there is pressure to move more quickly in the face of other, similarly fast-moving outputs, and in ways that potentially exploit or game algorithms in an effort to obtain human attention.

New Velocity, New Harms

For Virilio, every accelerant technology carried with it a corresponding accident. The invention of the ship implied the shipwreck. The car led to the car crash. Radio and telecommunications enabled new forms of propaganda and coordinated deception. And so on.

LLMs and agentic systems may carry their own accident structures. They enable mass automated persuasion at scale. A flaw in a widely deployed foundation model could result in class-breaking errors replicated across applications dependent on that model.3

Agentic systems introduce further risks: cascading autonomous mis-executions, rapid propagation of flawed decisions, and compounding feedback loops that create significant problems before humans detect them.4

AI accidents have the potential to be more distributed and more simultaneous than prior automation failures. While automated systems have long-posed risks the generalized and cross-sector nature of foundation models could expand the blast radius of automated harms. When many systems rely on shared models or shared training data, correlated failures become more plausible.

Velocity, in this sense, does not merely amplify error; it compresses the window in which errors can be identified and corrected. It risks creating brittle systems and generating what Charles Perrow has called “normal accidents.”

Velocity and Organizational Impacts

If decisional latency becomes the friction to be minimized in a velocity economy, organizations may feel pressure to shorten analytic cycles and accelerate workflow tempos. In domains where speed confers agenda-setting power, organizations may need to move faster or risk marginalization.

At the same time, we might see a divide emerge. Some institutions may further prioritize velocity and first-mover visibility as a way to shape agendas. Others may deliberately preserve slower processes to protect legitimacy and safety. Friction — often treated as inefficiency — may be read as functioning as a source of institutional credibility.5 It may, also, be used by some organizations to justify their resistance to innovation and with the effect of falling behind other actors.

As information volume expands, organizations and individuals may increasingly depend on third-party systems to track, assess, and prioritize what is “meaningful.” LLMs and agentic systems may be paired with other automated triage systems designed to impose order on informational abundance.

Yet such sense-making is inherently lossy. The world is dense with detail, contingency, contradiction, and edge cases. When LLMs normalize information statistically, much of that raw specificity can be abstracted away. The effect can be that important context is never surfaced for human review; reliance on abstracted assessment systems to navigate a digitally intermediated world may entail a further loss of representational fidelity.

This abstraction is not unprecedented — humans have always distilled complexity — but the scale and automation of the distillation may be new. And as (or if) human review recedes the capacity to interrogate what has been smoothed over may diminish.

Organizations must also determine when they will introduce human review as well as when they will deliberately refrain from doing so. Prioritizing human assessment of all outputs could introduce friction that other organizations or jurisdictions may not demand. A majority-human-review organization may operate outside the dominant tempo of a velocity economy, with the end of potentially gaining legitimacy and safety while simultaneously sacrificing influence or timeliness.

Organizational Consequences of LLM and Agentic Velocity

If LLM- and agentic-enabled systems increase the rate at which information is generated and decisions are executed, several consequences may follow.

  1. The distribution of power may become linked to access to compute, to foundational models, to reliable data, and to the capacity to act digitally or physically. Countries that dominate the production — or regulation — of foundational models may accrue disproportionate influence. Where production and regulation of AI models or systems diverge between nation-states or geopolitical regions, conflicts over norms and authority may intensify.
  2. Organizations may need fast initial outputs to secure attention in a velocity-based information environment. However, rapid outputs need not be final outputs. Deeper analysis may continue in parallel, informing subsequent action and ensuring that longer-term activities based on such analysis remain well grounded in facts and aligned with strategic priorities. Organizations that excel at this two-track approach to knowledge production may gain strategic benefits in being able to set agendas as well as subsequently navigate them with complexity, depth, and institutional integrity.
  3. Where agentic systems are entrusted to make certain classes of judgments, institutions must determine under what conditions (and to what extent) they will add the friction of human oversight. The more friction introduced, the greater the potential divergence from competitors operating at full automation speed. At the same time, human-informed decision-making may confer benefits of perceived legitimacy and safety.
  4. Institutions must carefully consider how they can, and cannot, adopt LLMs and agentic systems so they are responsive to changes in the lived reality of the world while at the same time working to carefully protect social trust that they possess. There may be increased pressures on institutions to align their decisional horizons with machine-accelerated and innovation-driven time horizons, perhaps requiring shifts in decisions from slow and fixed in time, to more fast moving and subject to routine revisions. For bureaucratic organizations or institutions this could require major changes6 in decisional structures and processes.

Future Looking Velocity-Imposed Pressures

If we are to take Virilio’s insights seriously, along with changes in technological activity per Malik’s thoughts, then there are at least three tensions worth watching:

  1. Organizations with access to contemporary models may be able to move more quickly and accurately, with the effect of reducing the time delta in summarizing or producing information while compressing decisional cycles. At risk, however, is whether this elides the specificity that is reflective of the actual world and has the effect of delegitimizing actual decisions as a result of minimal (or insufficient) human oversight or governance. To what extent might LLM- and agentic-forward organizations make bad decisions more quickly and undermine their legitimacy? How much will access to contemporary models differentiate between organizations’ abilities to undertake rapid-pace sense-making and decision making?
  2. Epistemic pressures may worsen as synthetic media is produced at scale and automated intermediaries filter what humans encounter. What happens when your digital assistant, or one your organization relies on, has been sorting content for months, only for you to discover it has been amplifying propaganda because of model poisoning or bias you did not anticipate? What to do when the decisions you’ve been making have unknowingly been badly torqued to the advantage of other parties?
  3. Class-breaks that result in cascading failures become more plausible in monocultural model ecosystems. To what extent does widespread reliance on common foundation models create systemic points of failure that are difficult to detect, diagnose, or correct? Will this encourage the development of more ‘small models’ in an effort to stem or mitigate these kinds of security impacts?

Virilio suggested that speed restructures power. Malik suggests that velocity now structures visibility and attention. If LLMs and agentic systems compress not only communication but also enable synthetic cognition and decisional executions, then the next few years may test whether institutions can preserve legitimacy, trust, and factually-driven actions and decisions in a world increasingly oriented around motion.

It will be interesting to assess whether friction comes to be seen increasingly as an obstacle to wealth or power, or whether organizations that maintain appropriate degrees of friction preserve (or expand) their legitimacy relative to those that move quickly and break things.

  1. Examples include automated bots interacting with global capital markets, and the automated balancing of critical infrastructure systems to enable seamless continued services. ↩︎
  2. Emphasis not in original. ↩︎
  3. In computer security, a “class-break” refers to a vulnerability in a widely used underlying technology such that an exploit affecting one instantiation effectively compromises the entire class of systems built upon it. For example, a flaw in a common cryptographic library can render all software relying on that library vulnerable simultaneously. ↩︎
  4. If humans even ever do detect them… ↩︎
  5. While not taken up, here, this divide between moving quickly versus slowly may have interesting implications for agenda-setting windows, and the development and proposals of policy problems and solutions. ↩︎
  6. Perhaps even existential changes! ↩︎
Categories
Links Writing

Trusted Content Calls for Trusted Identities

Adam Mosseri recently posted about how Instagram is evolving to arbitrate what is, or is not, truthful in a generative AI era. Om Malik’s analysis of said post is well worth the time to read and, in particular, his framing of Instagram’s movement into what he calls a ‘trust graph’ era:

[Instagram] has moved from the social graph era, when you saw posts from people you knew, to the interest graph era, when you saw what algorithms though [sic] you will like. It is now entering a trust graph era, in which platforms arbitrate authenticity. And it is being dragged into this new era. [^ Emphasis added.]

AI is flooding the system, and feeds are filling with fakes. Visual cues are no longer reliable. Platforms will verify identities, trace media provenance, and rank by credibility and originality, not just engagement.

Malik’s framing is useful not simply because it captures a product evolution, but because it gestures toward a deeper shift, and one whose implications extend well beyond Instagram as a platform. Namely, platforms are positioning themselves as arbiters of authenticity and credibility in an environment where traditional signals of truth are increasingly unstable.

There are some efforts to try and assert that certain content has not been made using generative systems. Notwithstanding the visibility that Meta possesses to try to address problems at scale, what is becoming more salient is not merely a technical response to synthetic media, but a broader epistemic and ontological shift that increasingly resembles Jean Baudrillard’s account account of simulacra and life lived in a state of simulation:

Simulacra are copies that depict things that either had no original, or that no longer have an original. Simulation is the imitation of the operation of a real-world process or system over time.

This framing matters because efforts to ground authenticity and truth are predicated on the existence of an original, authentic referent that can be recovered, verified, or attested to.

Generative AI content can, arguably, be said to largely be divorced from the ‘original’ following the vectorization and statistical weighting of content; at most, the ‘original’ may persist only as a normalized residue within a lossy generative process derived from the world. Critically, generative systems do not simply remix content; they dissolve the very reference points on which provenance and authenticity regimes depend. And as generative LLMs (and Large World Models) are increasingly taken up, and used to operate the world in semi-autonomous ways, rather than to simply represent it, will they not constitute an imitation of the operation of real-world processes or systems themselves?

This level of heightened abstraction will, to some extent, be resisted. People will seek out more conservative, more grounded, and perceptibly more ‘truthful’ representations of the world. Some companies, in turn, may conclude that it is in their financial interest to meet this market need by establishing what is, and is not, a ‘truthful’ constitutive aspect of reality for their users.

How will companies, at least initially, try to exhibit the real? To some extent, they will almost certainly turn to identity monitoring and verification. In practice, this means shifting trust away from content itself and toward the identities, credentials, and attestations attached to published content. In this turn, they will likely be joined by some jurisdictions’ politicians and regulators; already, we see calls for identity and age verification regimes as tools to ameliorate online harms. In effect, epistemic uncertainty about content may be displaced onto confidence in identities attached to content.

This convergence between platform governance and regulatory activity may produce efforts to stabilize conservative notions of truth in response to emergent media creation and manipulation capabilities. Yet such stabilization may demand heightened digital surveillance systems to govern and police identity, age, and the generation and propagation of content. The mechanics of trust, in other words, risk becoming the mechanics of oversight and inviting heightened intrusions into private life along with continued erosion of privacy in digital settings.

Regardless of whether there is a popping of the AI bubble, the generative AI systems that are further throwing considerations of truth into relief are here to stay. What remains unsettled is not whether platforms will respond, but how different jurisdictions, companies, and regulators will choose to define authenticity, credibility, and trust in a world increasingly composed of simulacra and simulations. Whether the so-called trust-graph era ultimately serves users—or primarily reasserts institutional authority under conditions of ontological and epistemic uncertainty—will remain one of the more intriguing technology policy issues as we move into 2026 and beyond.

Categories
Photography Writing

The Beauty of the Everyday

I really liked Robin Wong’s reflection on why he keeps returning to the same streets to make his images.

the beauty of doing the same routines, walking the same paths is the familiarity of the location, and you know every turn and corner, you know the details inside out, so you can be prepared for the unexpected. That is also the exciting part of shooting on the streets, you will find something unusual, something you will not know will happen beforehand, and the surprise is worth the redundant process of walking the same streets all over again. […] It isn’t about finding something completely new or extra-ordinary to shoot but finding beauty in the most ordinary settings and make it worth clicking your shutter button for.[^ Emphasis added.]

Like Wong, I’ve found that familiarity can sharpen my eye. Because I walk the same places regularly, I’m able to find the images I do. Having seen the same scene hundreds of times, I can tell when something has changed or that there’s some novelty in the scene that’s before me.

To some extent I think of regularly seeing the same scenes a little like drinking whiskey. At first, whiskey just tastes hot and spicy; any differences seem more theoretical than real. But over time you notice subtle nuances and also detect rarified variances between what you’re enjoying. And you can get excited over little things that really aren’t apparent or distinguishable to someone that hasn’t built up the same kind of palate.

When you walk the same streets over and over, you develop your own sense of what should and shouldn’t be there. You can detect what’s normal or novel. By training your eye on these common spaces, you develop your style. If you need to find something novel in the same place over and over, you’ll develop a unique way of seeing the world, whereas if you’re always seeing a new place you don’t need to stretch in quite the same way — you don’t need to push yourself to develop your sense of what is visually interesting to you.

All of which is to say: from afar, street photography can look pretty dull or boring because there’s a lot of repetition. It’s exactly this repetition, however, that helps you discover the kind of photographer you are.

Categories
Photography Writing

Supporting Artistic Creativity

Back in February 2022, I made a commitment to myself. I set out to add a bit more positivity to the internet by reaching out to writers whose work inspired me, or photographers whose images resonated with me. I wanted to thank them for their efforts and let them know their work was appreciated.

Recognizing People Matters

It is all too common for people to move through life without peers, friends, or family recognizing the importance of their work or the ways they’ve shaped others’ lives. In my personal life, it was only after my father died that many of the kids he’d mentored reached out to me to share how he had positively affected the course of their lives. His Facebook feed was filled with comments from people who had benefitted from his generosity and kindness. But I was left wondering: had they ever told him directly about his impact? And if they had, might he have avoided his death of despair?

And I’ve seen the power of professional recognition–and felt the cost of its absence. Years ago, after a major project wrapped up, I realized I had forgotten to recognize the exemplary contribution of a junior staff member. I went back into the room to point out how critical their work had been. That small moment of recognition, as it turned out, had a profound impact on their career trajectory. And it was only after I left my last professional job that people contacted me from around Canada about how the work I produced had influenced them, their practice, and their thinking. I’ll be honest: when I left that job, I felt like I’d been writing into a void. Almost no one ever directly recognized the work I was producing or the value they placed in it.

Recognizing Creatives

On Glass, I try to leave a couple of comments on other photographers’ work each month. Sometimes those comments are short, like “Love the composition!👏👏👏 ,” or “Great use of tonality across the frame! 👏👏👏” Other times, when I have more bandwidth, I write longer, more substantive reflections on what I see in their images.

I think this kind of recognition matters. Too often, we wait until it’s too late to share it. Positive, explicit recognition can motivate people who may not have received much encouragement otherwise. It’s one of the many reasons why I support Neale James’ Photowalk Podcast and the community of kindness that he fosters with every single episode.

Lately I’ve been thinking about how to take this further. For me, the next step has been to begin collecting prints or zines from photographers whose work or practice I deeply admire. I’m not buying prints from the famous names you see in galleries–no Martin Parrs for me!–but photographers working in niches that speak to me. Owning their prints feels special. It’s not just me saying “great work,” it’s me saying, to them, “I value this enough to want it in my home.”

Ownership is a Kind of Intimacy

There are practical challenges with purchasing other people’s work. As we know, shipping expenses, cost of making physical artefacts, and the economic realities facing both buyers and artists can impede purchasing other creatives’ work. We can’t all afford to purchase prints regularly. But even buying one piece every year, every few years, or even once a decade can make a meaningful difference. It’s a way of supporting creativity and giving artists recognition that lasts.

What’s powerful about this isn’t only the financial support. It’s the intimacy of having someone’s work become part of your everyday life. Unlike a gallery exhibition, which is temporary and public, a print hanging in your home or office is permanent and personal. It shapes the space you live in, and every time you see it you’re reminded of the artist and the respect you have for their work.

That, to me, is one of the most profound ways we can support and recognize each other as creators. It’s something that I continue to do, and I appreciate the works of others that I have the privilege of viewing on a regular basis.

In closing, if a creator’s work inspires you then I’d strongly encourage you to leave a comment, send a note, or even consider acquiring a print. It might mean more than you know.

Categories
Photography Reviews Writing

An Amateur Photographer’s Mid-Term Review of the Leica Q2

Black-and-white street crowd at Yonge–Dundas; older woman adjusting hood, masked pedestrians, large bank ad billboard behind.”
(Yonge & Dundas, Toronto, 2024)

I’m an amateur Toronto-based documentary and street photographer, and have been making images on the street for over a decade. In the fall of 2023 I purchased a used Leica Q2. I’d wanted the camera for a while, but it wasn’t until late 2023 that I began running into situations where I’d benefit from a full-frame sensor. Since then I’ve been going out and making images with it at least once a week for hours at a time and have made tens of thousands of frames in all kinds of weather.

In this post I discuss my experiences using the Leica Q2 in a variety of weather conditions to make monochromatic JPG images. I tend to exclusively use either single-point autofocus or zone focusing, and either multi-field or highlight-weighted exposure modes, generally while using aperture priority at 1/500s to freeze action on the street. My edits to images have, previously, used Apple Photos and now rely on the Darkroom app on my iPad Pro. You can see the kinds of images that I’ve been making on my Glass profile.

Continue reading “An Amateur Photographer’s Mid-Term Review of the Leica Q2”
Categories
Writing

Amendments in Bill C-2 Would Establish an Intelligence Role for the Canadian Coast Guard

While much of the attention around Canada’s Bill C-2: An Act respecting certain measures relating to the security of the border between Canada and the United States and respecting other related security measures has focused on its lawful access and interception aspects, one notable change has flown under the radar: amendments to the Oceans Act that quietly expand the Canadian Coast Guard’s mandate to include intelligence functions.

Specifically, the bill proposes updating the Coast Guard’s responsibilities to include:

security, including security patrols and the collection, analysis and disclosure of information or intelligence.1

This language, paired with provisions granting the Minister explicit authority to collect, analyze, and disclose intelligence,2 marks a meaningful shift. The update would echo the U.S. model, where the Coast Guard is both a maritime safety organization and an intelligence actor. The U.S. Coast Guard Intelligence (CG-2) has long played a dual role in maritime domain awareness and national security operations.

Why does this matter?

There are a few strategic implications:
1. NATO and National Security Alignment: The expanded role may help Canada meet NATO funding expectations, especially where the Coast Guard is deployed to conduct maritime surveillance and to maintain an Arctic presence.
2. Statutory Authority: These changes might establish a legal basis for intelligence collection practices that are already occurring, but until now may have lacked clear legislative grounding.
3. Redundancy and Resilience: With global intelligence sharing under strain, having a domestic maritime intelligence function could serve as a backstop if access to allied intelligence is reduced.
4. Northern Operations: Coast Guard vessels, which are not militarized like Royal Canadian Navy warships, are well-positioned to operate in the Arctic and northern waters, offering intelligence capabilities without the geopolitical weight of a military presence.

To be clear, this wouldn’t transform the Canadian Coast Guard into an intelligence agency. But it would give the institution statutory authorities that, until now, have not explicitly been within its official purview.

It’s a small clause in a big bill, but one worth watching. As researchers, journalists, and civil society take a closer look at Bill C-2, this expansion of maritime intelligence authority could (and should) draw more attention.

  1. 30(2) of C-2, amending 41(1)(f) of the Oceans Act ↩︎
  2. 30(2) of C-2, amending 41(2) of the Oceans Act ↩︎
Categories
Links Writing

Learning from Service Innovation in the Global South

Western policy makers, understandably, often focus on how emerging technologies can benefit their own administrative and governance processes. Looking beyond the Global North to understand how other countries are experimenting with administrative technologies, such as those with embedded AI capacities, can productively reveal the benefits and challenges of applying new technologies at scale.

The Rest of the World continues to be a superb resource for getting out of prototypical discussions and news cycles, with its vision of capturing people’s experiences of technology outside of the Western world.

Their recent article, “Brazil’s AI-powered social security app is wrongly rejecting claims,” on the use of AI technologies South American and Latin American countries reveals the profound potential that automation has for processing social benefits claims…as well as how they can struggle with complex claims and further disadvantage the least privileged in society. In focusing on Brazil, we learn about how the government is turning to automated systems to expedite access to service; while in aggregate these automated systems may be helpful, there are still complex cases where automation is impairing access to (now largely automated) government services and benefits.

The article also mentions how Argentina is using generative AI technologies to help draft court opinions and Costa Rica is using AI systems to optimize tax filing and detect fraudulent behaviours. It is valuable for Western policymakers to see how smaller or more nimble or more resource constrained jurisdictions are integrating automation into service delivery, and learn from their positive experiences and seek to improve upon (or avoid similar) innovation that leads to inadequate service delivery.

Governments are very different from companies. They provide service and assistance to highly diverse populations and, as such, the ‘edge cases’ that government administrators must handle require a degree of attention and care that is often beyond the obligations that corporations have or adopt towards their customer base. We can’t ask, or expect, government administrators to behave like companies because they have fundamentally different obligations and expectations.

It behooves all who are considering the automation of public service delivery to consider how this goal can be accomplished in a trustworthy and responsible manner, where automated services work properly and are fit for purpose, and are safe, privacy protective, transparent and accountable, and human rights affirming. Doing anything less risks entrenching or further systematizing existing inequities that already harm or punish the least privileged in our societies.

Categories
Links Writing

Research Security Requirements and Ontario Colleges and Universities

There’s a lot happening, legislatively in Ontario. One item worth highlighting concerns the requirement for Ontario colleges and universities to develop security research plans.

The federal government has been warning that Canadian academic research is at risk of exfiltration or theft by foreign actors, including by foreign-influenced professors or students who work in Canadian research environments, or by way of electronic and trade-based espionage. In response, the federal government has established a series of guidance documents that Canadian researchers and universities are expected to adhere to where seeking certain kinds of federal funding.

The Ontario government introduced Bill 33, Supporting Children and Students Act, 2025 on May 29, 2025. Notably, Schedule 3 introduces requirements for security plans for Ontario college of applied arts and technology and publicly funded university.

The relevant text from the legislation states as follows:

Research security plan

Application

20.1 (1) This section applies to every college of applied arts and technology and to every publicly-assisted university.

Development and implementation of plan

(2) Every college or university described in subsection (1) shall develop and implement a research security plan to safeguard, and mitigate the risk of harm to or interference with, its research activities.

Minister’s directive

(3) The Minister may, from time to time, in a directive issued to one or more colleges or universities described in subsection (1),

(a) specify the date by which a college or university’s research security plan must be developed and implemented under subsection (2);

(b) specify the date by which a plan must be provided to the Minister under subsection (4) and any requirements relating to updating or revising a plan; and

(c) specify topics to be addressed or elements to be included in a plan and the date by which they must be addressed.

Review by Minister

(4) Every college or university described in subsection (1) shall provide the Minister with a copy of its research security plan and any other information or reports requested by the Minister in respect of research security.

Categories
Links Writing

Japan’s New Active Cyberdefence Law

Japan has passed legislation that will significantly reshape the range of cyber operations that its government agencies can undertake. As reported by The Record, the law will enable the following.

  1. Japan’s Self-Defence Forces will be able to provide material support to allies under the justification that failing to do so could endanger the whole of the country.
  2. Japanese LEAs can infiltrate and neutralize hostile servers before any malicious activity has taken place and to do so below the level of an armed attack against Japan.
  3. The Self-Defence Forces be authorized to undertake offensive cyber operations against particularly sophisticated incidents.
  4. The government will be empowered to analyze foreign internet traffic entering the country or just transiting through it. (The government has claimed it won’t collect or analyze the contents of this traffic.) Of note: the new law will not authorize the government to collect or analyze domestically generated internet traffic.
  5. Japan will establish an independent oversight panel that will give prior authorization to all acts of data collection and analysis, as well as for offensive operations intended to target attackers’ servers. This has some relationship to Ministerial oversight of the CSE in Canada, though perhaps (?) with a greater degree of control over the activities understand by Japanese agencies.

The broader result of this legislative update will be to further align the Japanese government, and its agencies, with its Five Eyes friends and allies.

It will be interesting to learn over time whether these activities are impaired by the historical stovepiping of Japan’s defence and SIGINT competencies. Historically the strong division between these organizations impeded cyber operations and was an issue that the USA (and NSA in particular) had sought to have remedied over a decade ago. If these issues persist then the new law may not be taken up as effectively as would otherwise be possible.