Europeans are still furious about US spying activities on their mobile phones and Internet traffic. Many complain about “cellphone-Gate” and call for European countermeasures to break the US dominance in the Internet and protect the privacy of European web users.
Proposals range from a creating a “Cyber Fortress Europe” or an “Internet Schengen,” akin to Europe’s Schengen Borders Agreement on open borders among its members, or even bringing the NSA wiretapping activities to the International Criminal Court. Europe, they argue, needs to separate from the US as it did with the creation of Airbus Industries, a European effort decades ago to break the dominance of Boeing on the aircraft market.
Alas, even if the idea of European self-determination is correct, lamenting US wiretapping practices alone does not help. It ignores the fact that it was not only the US that was bugging electronic communications to counter terrorism or organized crime. Canada, Australia and the United Kingdom pursued these activities as well and will continue doing so. They closely cooperate and exchange data with many other intelligence services of the European Union for mutual benefit — probably violating the civil rights of their citizens as well.
Without such intense collaboration, the fight against international terrorism would not have been as successful as it has been in recent years. Moreover, it is worth remembering that worse dangers emanate from countries like China or Russia conducting economic espionage on a massive scale and launching cyberattacks to paralyze entire countries.
This is not to minimize the misconduct of US intelligence services against close allies or to paper over Europe’s justified rage about illegal bugging. Instead, it reveals the worrisome fact that both sides of the Atlantic face a common problem.
Intelligence activities in democracies need rules and boundaries set by governments, otherwise they tend to stretch their limits and develop a life of their own. Regrettably, the technology of cyberspace evolves so incredibly fast that our societies cannot keep pace in agreeing on legal, political or ethical rules. Take the use of drones: A new technology is extensively used without having a complete legal or legitimizing framework — either in the US or Europe.
The cyber world of the 21st century poses fundamentally new questions for both sides of the Atlantic: how can a new balance between freedom and security be found if the Internet poses not only huge benefits but also severe dangers? Can Europe maintain its high standards for data protection if terrorists abuse the same technology for their purposes? What does “privacy” mean today when the disclosure of individual data through social media has long created the fully transparent Internet user?
How much privacy can be granted if criminals misuse it as a smokescreen for illegal action, and who decides when the right of privacy needs to be curtailed? Is privacy a fundamental right to be violated only when suspicion arises, or is it legitimate for intelligence services to seek suspicious activity through the bugging of electronic communication? In other words, is the massive eavesdropping for suspicious keywords inevitable for combating crime or is it a breach of law?
All of these questions are highly disputed with dividing lines through the Atlantic and Europe and individual nations. Finding a lasting consensus is therefore not only a national or European task but a trans-Atlantic undertaking. Two steps are crucial.
In Europe, discussions are overdue on the political level and within societies. This must include the respective Internet communities as they add a different perspective to the debate with distinct views on rules and values in the cyber age.
On the trans-Atlantic level discussions are also necessary; however, there is no forum or institution for such a dialogue. Fortunately, Europe and the United States agreed upon the idea of a trans-Atlantic free trade agreement, the Transatlantic Trade and Investment Partnership. Negotiations have already started and will place strong emphasis on common norms and standards.
Hence, it suggests the need to include benchmarks for data protection and privacy regarding intelligence activities as well. Instead of sidetracking the negotiations, as some Europeans proposed in reaction to US spying activities, they should be used as a vehicle to find common solutions.
US intelligence agencies overstepped limits with or without the knowledge of their political masters and European anger is justified. In addition to technical or organizational measures to protect European Internet users, there is also an urgent need for a political and legal set of rules that can only be tackled together with the United States. Washington-bashing and a friend-or-foe approach do not help. ■
By Ambassador Hans-Dieter Heumann,president of the Federal Academy for Security Policy in Berlin. These views represent only those of the author.