Denmark often brags about its leading role in digitalisation. In the Danish IT-sector, it is almost impossible to attend a conference debate without hearing the sentence: Denmark is world champion in public sector digitalisation once again! But with Russia’s attack on Ukraine and Donald Trump’s turn toward authoritarianism and away from NATO and EU-alliances, questions about security issues in the Danish digital infrastructure are increasingly being asked. Furthermore, the dependency of many companies and the public sector on US products (both software and hardware) has suddenly turned into a potential security risk. In other words: The times of celebrations are over. To me, this does not come as a surprise. In this article, I am going to tell you why, and I will take you with me on my personal journey from Germany (which Danes like to laugh off in terms of digitalisation) to Denmark. In the face of global crises, the Danish approach to digitalisation suddenly seems overly naive, while one could learn one or two lessons from Germany.
Let’s start from the beginning. During my teenage years in Germany, I was shaped profoundly by the impact of Edward Snowden’s PRISM-leaks around 2012. Already before that, I was interested in technology and the potential threats of mass surveillance and large-scale data collection for democracy and society. I wish I had written a book about it then, because even in Germany, people laughed when I worried about the risk that democratic governments could become authoritarian and gain access to a lot of data about its population. A bit more than 10 years later, here we are, and Elon Musk and DODGE are dismantling the US public service.
Danish Facebook Dependence
But nevertheless, Edward Snowden’s leaks hit hard in Germany. Basically every German family has been impacted deeply in one way or the other by violent dictatorships and mass surveillance, either during the Nazi- or the GDR-regime. Of course, many Germans were complicit or in favour of the regimes at the time. Despite that, these experiences have resulted in a deep scepticism toward empires of any kind, and especially against state surveillance. While every Dane got a personal identification number decades ago, many Germans protested fiercely even against a relatively small scale population census. Social networks like Facebook and Instagram were successful in Germany as well, but I would argue that their reputation has always been worse here than other places, and the role of Facebook in Germany is significantly smaller than in Denmark, where it is almost impossible to stay up to date about cultural events without it. In contrast to Denmark, Facebook Messenger has never been that popular, and up to 80 percent of Germans use WhatsApp instead (which was, of course, bought by Facebook a few years back). The Snowden leaks led many of my friends, myself included, to go on the hunt for alternative software and encrypted messenger services like Signal, Threema or Telegram (which had not turned into a platform for all sorts of bad stuff back then). A couple of waves of people deleting their Facebook-accounts followed. I got rid of mine, too. I did not miss it at all.
Digitally Naked
Fast forward to the year 2017 when I came to Denmark. One of the first things that a case worker told me when I obtained my residence permit and my CPR-number was that I should not tell anyone my CPR-number, otherwise my digital identity would be stolen. A few days later I wanted to get a Danish phone number and a contract with a Danish provider. The poor young employee in a store in Hillerød had to argue with me for 10 minutes to convince me that he was not actually trying to steal my identity. When he also asked for the number of my passport, I thought I had entered a totalitarian state, not Denmark. Why on earth did he need my CPR and passport number for a dumb phone contract? I was puzzled and felt weirdly naked in a digital way.
This was not the last time that I had to take my digital clothes off in Denmark. Basically anybody had to get my stupid CPR-number, before they could do anything for me. My language school, my football club. And I did not only have to tell people my CPR-number, I also had to give them my phone number and everything else. Back in Germany, my address would often be enough and when I did online shopping, I never gave out my phone number to avoid scams. Oh, and I did not have a CPR-number. People asked for my passport sometimes, but that was it. Unless I had to change my residence, I barely had to register my passport number anywhere. I am well aware of the fact that times have changed in Germany too, mostly due to fears about terrorist attacks, but in short, my digital trail of data was much smaller in Germany than it is in Denmark.
Oh, and I had to get myself a Facebook account, because I could not convince many people to communicate with me otherwise, which is a problem when you arrive in a new country on your own.
Danish Digital Convenience
Of course, there were a lot of comfortable things that came together with my CPR-number. I could log in to many different websites with NemID (now MitID), and every time I logged in, they already had my basic data: Name, address, age, nationality and so on. That made a lot of digital paperwork easier, because I did not have to wait weeks or months for an appointment at the municipality during their famously limited opening hours, like I had to in Germany. I changed my residence with a click, not with sitting at the municipality for two hours and filling out a couple of formulas. How amazing was that?
But I never got used to the fact that the smart e-government services are based on a gigantic data-exchange machine. I trust the Danish Government (at the moment). But my health data is out there somewhere, all my financial information is out there, it’s basically everything. I can only trust the government that my data is safe in their hands, that my data is secure, and that no one without permitted access can get to my data. And I can only hope that the Danish people will never elect some sort of Trump-type with a DODGE-companion who will get control over my data.
Everytime I enter my MitID-information and some service has all my basic data ready for me, it creeps me out a little bit, also after eight years.
While I personally enjoyed the benefits of public-sector digitalisation and the fact that many things could be resolved from my sofa, I sometimes wondered why everything had to be digitalised and connected to the internet.
If its Smart, it’s Hackable.
If it’s on the internet, you basically give all criminals access to your front door, as IT-security expert Mikko Hypponen once said. Well, a few years ago, we only worried about criminals. Now we also have to worry about Russian hackers targeting critical infrastructure.
Danes are often complimenting themselves for their high trust in the public sector and authorities. I do not want to criticise that trust per se. But in the digital world, it might be misplaced. Here, a good portion of German distrust might be better in order to secure one’s digital systems. A good portion of German scepticism could help to ask two questions: Does something really have to be digitalised? And if it has to be digitalised, how can we develop systems that provide maximum security and privacy for their users so that the users’ data is difficult to misuse in the present and the future.
Large parts of the reason why Germany is lagging behind in terms of digitalisation are the inherent German fear of sharing data with government institutions as well as a stronger sense for security and especially privacy.
This has led to a situation where Germany feels the consequences of lacking digitalisation. During the pandemic, it was more difficult to change to digital education. While I had lectures on zoom a few days after the beginning of the first lockdown, my German friends had to wait for a month, and they studied at an IT department. While I could easily get a proof for my vaccination digitally and as a pdf or through an app, my German friends had to queue for hours for the one printer at the vaccination centre that could print their certificate. The list of examples is long.
But it has also led to a situation where German institutions are somewhat less vulnerable to attacks on the digital public sector, for instance, since so many parts of the public sector are not yet digitised.
That is not to say that everything is perfectly secure in Germany or that Germany is not threatened by Russian attacks on it’s (digital) infrastructure. But I would argue that the hesitant German approach to digitalisation due to security and privacy concerns could lead to more resilience in a critical situation, especially compared to Denmark.
Danes Lack Technology Understanding
Another fact that always surprises me when comparing Germany and Denmark regarding digitalisation is this: Compared to many of my Danish peers, I have a much better understanding of the risks of different technologies. This surprises to me, because technology has been a much more integrated part of my peers’ education. According to fairytales about Danish and German Digitalisation, I should be the one missing knowledge. I wrote nearly all of my high school exams with pen and paper, while my Danish friends wrote theirs on their computers. In general, working on computers was everyday life for my Danish friends, but it was not for me in school (even though that is changing in Germany as well, slowly but steady). Disclaimer: I did study IT-security for a year, so the comparison might not be totally fair, but even if I do not take this knowledge into account, the difference is staggering.
Here is my generalised hypothesis:
Dane’s are excellent consumers of technology, but many are definitely not excellent at understanding technology.
And here comes an unpopular opinion: A school subject about technological education alone might not change that.
Here is why: To understand the potential and the risks of new technologies at a basic level, it is not necessary to understand how a given technology works.
Yes, read that again.
Before you call me crazy, let me explain by using AI as an example. I personally do not know how “AI” works. I have a superficial understanding of different kinds of AI and of some of the basic mechanisms behind generative AI. To see that generative AI can be extremely dangerous to democratic societies if generative AI services remain unchecked, I do not need to understand the technical aspects of AI. The only thing I need is critical thinking. I see that generative AI can produce fake images and videos. With my critical thinking I realise what fake images and videos of, let’s say politicians in compromising fake situations, can do for election campaigns and public trust in politics, media and ultimately democracy. After I have identified this risk, I might conclude that regulation against fake content should be put in place, or I might conclude that some sort of more liberal approach might be better. The point is, I do not need any substantial technological knowledge to arrive at this point whatsoever. I also do not need any technological knowledge to realise that Open AI’s scraping of the whole internet might raise some important copyright issues.
How I Learned Critical Thinking
What is necessary here is critical thinking and an idea of how technologies can affect societies. I certainly did not develop these skills in my technology subject in school, where I learned how to write a letter in Microsoft Office.
I did develop these skills in subjects like German, ethics, history, politics, economics and philosophy. At the heart of these subjects is the development of critical thinking, analytical skills, putting things into perspective, seeing the bigger picture. Maybe it was even the analysis of poems and images that enable me to pay attention to details and context when I try to spot AI-generated content. The great thing about the skills I mentioned is that they are not limited to specific technologies. I was able to apply them when social media was hyped back in the days to connect the dots between data collection and privacy risks. I was able to apply them when Facebook hyped its Metaverse to be sceptic about the promise that weird avatars will connect people on a deeper level. I was able to apply them when I saw how AI generated images might be a massive problem for democracy. And I will be able to apply them to any technological development in the future.
Of course, critical thinking is an important skill that students learn in Danish schools, too. But my impression is that it is even more prominent in Germany, at least in high school. Across different subjects, the German past with two horrible dictatorships within a century leads to a deeply rooted “Never again”-attitude. It leads to a profound scepticism toward everything that might resemble false promises, as well as a more risk-averse attitude.
The downside thereof is an overly pessimistic view of the world, and the disliking of risks can lead to stagnation.
My point is that a subject like technological education can certainly be a good idea. But in order to gain a deep understanding of new technologies and it’s impact on societies, we do not need a new subject. On the contrary, we should strengthen the development of skills like critical thinking, analytical thinking and analysing problems in light of the bigger picture and the historical context. These skills are general and encompass any technological development. Therefore, we should not rely on a new subject, but instead strengthen the focus on analytical and critical skillset that other subjects teach.
Of course we also need technological specialists like software developers, software engineers, security experts and so on and so forth. But for the broader public, I believe that critical thinking and interdisciplinary perspectives are much more important than understanding how a specific technological development actually works. A superficial technological understanding is sufficient for most of us.
Critical Users Rather Than Passive Consumers
If more people become critical users of technology rather than just passive consumers, that would be a big step. I believe that in the long-run, this would lead to a better apprehension of the need for security and privacy. Such an understanding would prevent the naive implementation of technology much better than the development of specific understanding for different technologies. We can leave that to experts. As a society, we need to be able to understand the bigger picture and the overarching risks and potentials of different technologies. Most of us do not have to understand how AI works in particular. But we need to know what questions to ask when talking to the experts. We need to know how we want to shape our society so that we can adopt technologies according to that, and not the other way round.
Most of us do not need to know how our heating system can be hacked. Most of us only need to know that it can be hacked, if we connect it to the internet, if “we make it smart”. And then we can consider, if we still want to make it smart, or if we prefer the dumb, but maybe more secure version. Even if that means paperwork.
And then we can consider, if we like the idea that our electric grid is digitalised, that our train signalling system is digitalised, that all our health data is digitalised. We might reason that all these are good and necessary ideas for many different reasons. But still, we can ask the specialists: How can you ensure that the systems are secure and that our data is protected? And if you cannot: What are the alternatives or back-up plans that we need?
Top picture: Nataliya Vaitkevich from Pexels
