Why We Need a Transatlantic Deal on Cyber Security and Privacy

Après les révélations d’Edward Snowden sur les écoutes américaines en Europe et l’émotion suscitée dans certains pays européens, il est nécessaire de penser à un accord transatlantique sur la cybersécurité et le respect de la vie privée, écrit Annegret Bendiek, du German Marshall Fund.

The recent debate over the U.S. National Security Agency’s surveillance activities has highlighted the United States’ and European Union’s different approaches to security, liberty, and executive power. How much privacy should the Internet provide ? What security measures should be taken against crime and terrorism ? Where should boundaries be drawn between the sovereign rights of national governments and the global sphere ? The manner in which these debates play out and which concerns receive priority will have decisive effects on the emerging new order of cyberspace.

Europe and the United States are currently implementing differing levels of cyber security and privacy vigilance. This creates inconsistencies for companies operating in both jurisdictions, and will complicate negotiations toward a proposed free trade and investment deal. Only a transatlantic deal on cyber security and privacy can help the United States and European Union position themselves as credible actors on Internet governance. There is precedent for that kind of cooperation. Along with the EU-U.S. Working Group on Cybersecurity and Cybercrime, the United States and EU have since 2010 held regular cyber-attack defensive exercises. And a new U.S.-EU working group has been created to address the access of non-American citizens’ personal data by U.S. authorities.

Security problems are without a doubt one of the most important issues facing the regulation of the Internet, but the apparent tussle between security and freedom is not a zero-sum game. For example, protection from industrial espionage renders important economic advantages — online sales are 4 percent of total EU sales — but it requires substantial faith in Internet security. Yet an excessive emphasis on the security aspect and neglect of the idea of the Internet as a global public good threatens fundamental freedoms and thereby the democratic values upon which the Internet is supposedly based. 

The challenge for both the EU and the United States will be to ensure sufficient democratic oversight over cyber security. While some countries’ idea of Internet governance is clearly based on the expansion of state control, the current multi-stakeholder model is biased toward the interests of the developed states, specifically the United States, and their multinational corporations. In their own ways, both models fail to provide democratic legitimacy and accountability. 

A first objective of further transatlantic cooperation should be to maintain the current architecture of the Internet, with its open standards and decentralized administration, while making it more democratic. The multi-stakeholder approach and multilateral negotiations would benefit from involving developing states as equal partners rather than expecting them to blithely accept the global digital divide.

Secondly, the private sector needs to be involved in any legally binding mechanism to ensure adherence to codes of conduct in cyberspace. A code of conduct can only benefit from the expertise of large global corporations, and their involvement will help ensure that they adhere to universal standards on security, informational self-determination, and data protection.

Finally, the EU and the United States should push for an update to the General Comments on Article 17 of the International Covenant on Civil and Political Rights of the UN Human Rights Commission, which serves as an international anchor for the right to privacy. The last such interpretation of international human rights law on the protection of privacy took place in 1988 and is in desperate need of being updated for the Internet age.

Only when the political, social, and economic dimensions of the Internet are considered and legislatures are more fully involved can a transatlantic Internet and cyber security market truly develop. Only in this way, can the transatlantic community ensure that security is not sacrificed for liberty and that the interests of the state are not pitted against privacy. Such a forward-looking transatlantic market will also hopefully function as an important bridge to other countries at the international level.