Article by Foreign Minister Frank-Walter Steinmeier on the opening of the transatlantic cyber dialogue. Published in the Handelsblatt on 27 June 2014.
Digitalisation holds great potential to enhance our lives. Intelligently managing domestic and commercial energy consumption would enable us to greatly increase the energy share provided by renewable sources. Electronic patient files could reduce medical errors and pave the way for new methods of treatment. Connected navigation systems in cars could prevent traffic jams and thus reduce environmental damage. The increasing capacity of computers, which save and analyse huge quantities of data will without a doubt give rise to new opportunities in terms of “big data”.
Now that all actually sounds very good, but the risks are not negligible. The prospect of the digital revolution frightens many people. When data is exchanged, people need to trust that it is secure and that their privacy will be protected. This trust is currently being eroded – and with it trust in the internet itself. Surveys reveal that 86 percent of internet users do not consider their online personal data to be secure. The main reason for this is not fear of hackers and cyber criminals but mistrust of the state, and mistrust of companies.
Two main factors drive this – firstly, fear or the state’s growing omnipotence. Edward Snowden’s revelations have led people to lose their trust in governments’ responsible handling of data. Many citizens feel that their privacy has been infringed upon. They have the sense that a big brother state is collecting sensitive information on them – and that it may use it against them.
We must take these concerns seriously. Information constitutes power and this must not be abused. It is partly for this reason that Europe’s trust in our most important ally, the United States, has suffered. In fact it is precisely because our partnership is so close that for many the disappointment runs so deep. Security is of course important to people on this side of the Atlantic too, however it must be balanced with freedom.
For others – and this is a contradiction in appearance alone – it is the state’s impotence that they fear, for governments are not the only ones who collect data. Every post on Facebook, every search entry in Google and every book purchase on Amazon creates data which feeds into the internet’s mass of information on our behaviour. Who controls, who sets the rules governing this data? Is it still governments or is it powerful data service providers? The euphoria over the idea of a network which governs itself has faded away.
Trust has been lost – trust in our international partners as much as in large IT companies which are often headquartered outside the EU. Some are now proposing supposedly simple solutions: Europe – or Germany even – should set its own rules. If data is only saved and exchanged over a limited area, or so the argument goes, then our information would be secure.
From the technical point of view, I have been told, the dream of a European internet sounds fairly risky. But that is not the only reason why I say that it will not work. If we continue to interact in a globalised world, to talk to one another, if we want to trade with one another, we cannot shut ourselves off. In the long run there are no islands in the internet. We need an open, free and secure, world-wide network. And we need global rules which safeguard our fundamental rights, our privacy and data protection within this network.
Even if many hold this to be contradictory at first, in order to set up and implement these rules we need to cooperate with the United States of America. Transatlantic cooperation is a pre-requisite for digitalisation to be based on democratic values and fundamental rights. And this discussion is not just a European or even German debate, it is one which is taking place in the US too.
For what connects us is far greater than what separates us. Yes, we have differences of opinion when it comes to handling big data. Yes, we do not always agree on the point at which it is justifiable to infringe on citizens’ privacy. We often come to different conclusions because the experiences of our recent past are different: 11 September 2001 sewed seeds of doubt in the US as to whether the state can protect its citizens from terrorists, whilst the Stasi’s surveillance state in the former GDR serves as a warning to us Germans against the state having too much control.
Naturally the internet and global networks also heighten threats to our security, and we take these threats as seriously as the US does. But any infringement on privacy must be proportionate. It must be based on a cost-benefit analysis which establishes the cost that we are willing to pay in terms of privacy for a gain in security. And we must then apply this in a concrete manner to the work of the intelligence services of both of our countries, to the regulation of our companies and we must amend our regulations and laws wherever this is necessary.
Notwithstanding these differences we shove a significant amount of common ground. Fundamentally, we agree that we need to strike a balance between security interests and the protection of privacy. Over many years, we have developed a system of fundamental principles, based on democracy and the rule of law, which enables us to reach understandings. Our common basis of values remains intact, it simply needs to be adapted to the needs of the 21st century.
It is only together that we are strong enough to stand up to the many actors in the world who do not share our beliefs: many governments want to bring the internet under state control, to block YouTube and Twitter, to discriminate against bloggers. They are only too happy to exploit fear of supra-national internet giants. In their attempt to get them under their thumb however, they are pursuing entirely their own agenda: they want to control both the internet and their citizens.
We must counter these actors, if possible together with the US! As we do so we should learn from the mistakes of the past: for example in climate protection we are still struggling to find solutions 20 years after the Rio Summit. We cannot afford to take so much time formulating global rules for the movement of data. With the UN initiative “The Right to Privacy in the Digital Age” we have got the ball rolling for the creation of new international law for the digital age.
President Obama has entrusted his advisor John Podesta and a body of experts with carrying out a comprehensive investigation into the consequences of big data on the protection of privacy. One of the recommendations of this body is for the privacy of citizens, including non-US citizens, to be better protected. That is important to us and it is something that we must discuss together.
That is why today, together with John Podesta, I am opening the transatlantic cyber dialogue here in the Federal Foreign Office. In a broad dialogue with representatives of civil society, business, government and members of parliament, it will focus on three main topics:
Firstly we must define a balance between freedom and security in the digital age. Clear rules on privacy and data protection need to place limits on the use of big data, for which proportionality, democratic control and transparency should be the guiding principles. To be able to set out other credible rules, the state must set a good example with its actions. This involves exercising restraint in terms of data collection, where appropriate.
Secondly, we must pick up on big data as a driver of innovation and growth – whilst at the same time creating the correct political and legal framework. We must protect equal opportunities whilst avoiding discrimination. We cannot allow certain citizens to be grouped together and denied loans or insurance because the statistics dictate as such.
Thirdly, we must lay out a framework for an active cyber foreign policy in order to achieve fair governance of the internet and to open up the opportunities presented by digitalisation to developing countries.
If both sides make real efforts towards mutual understanding then we have the great chance of guaranteeing that the digitalisation of our world takes place on a foundation of shared values and common rules.