Introduction
Europe faces a bewildering array of challenges, including weak banks, immigration, a growing gap between rich and poor, an East-West divide over democratic values, and of course Brexit. But perhaps the most profound and pervasive source of upheaval in Europe arises from current revolutions in information technology, social media, and artificial intelligence. As French President Emmanuel Macron has warned,1 Europe faces a disruptive onslaught on several fronts from three outside big powers. Their deployment of new technologies in the 21st century could undermine Europe’s future as the world’s most powerful and prosperous economic union.
These threats emanate from foe and friend alike. A newly aggressive Russia seems intent on waging hybrid conflicts through sophisticated disinformation campaigns designed to reshape Europe’s political contours to favor pro-Moscow forces. China is eager to exploit Europe’s wealth, knowledge, and industrial prowess. Its Belt and Road Initiative is designed to acquire key infrastructure assets and promote an artificial intelligence strategy that picks the brains of Europe’s best and brightest engineers. At the same time, Europe fears its economic affluence and ethical values are being overwhelmed by American technology and social media giants. These companies are perceived as extracting enormous profits, paying little tax, and jeopardizing Europe’s cherished protections of data privacy.
Despite its clout as the world’s leading trading power, the European Union has fallen woefully behind in areas like social media, e-commerce, and cloud computing. Of the world’s 15 largest digital or internet-based companies, all are American or Chinese; of the top 200, only eight are European.2 How Europe copes with these challenges may determine whether the continent slides into terminal economic and political decline. As Macron proclaims, Europe must now acknowledge its own “Sputnik moment” and aspire to lead the world toward a new Age of Enlightenment that sets global rules to tame information technology, artificial intelligence, and other ethical tests of our time.
The European Union has already established itself as one of the great success stories in the history of global governance by making war unthinkable among former enemies who are now bound together through commonly respected laws and regulations. Europe is now pursuing pathbreaking rules for the digital era that are winning support from politicians and business executives in the United States, including Tim Cook, the CEO of Apple, which by stock value became for a brief time in 2018 the biggest tech company in the world. Even though Apple has been subjected to tough treatment by the EU over how it pays its taxes, Cook praised the European Union for enacting the world’s most ambitious internet privacy law. Acknowledging that growing stockpiles of personal data may already pose a threat to our civil liberties, Cook declared at the European Parliament in Brussels that “it is time for the rest of the world, including my home country, to follow your lead.”
While Europe has shown a willingness to take ambitious initiatives in protecting the data privacy of its citizens, the continent still lags behind the United States and China in nurturing an entrepreneurial spirit and encouraging young people to take bold risks that would promote innovation. Banks are reluctant to lend money to new companies unless they can meet exacting profitability standards. Young people also seem risk averse; many still prefer the lifetime security and comfortable perks of civil service careers to the high-stakes gamble of launching their own company. Nonetheless, start-up cultures are slowly beginning to emerge in cities like Berlin, Edinburgh, and Paris.
A decade-long struggle to recover from the 2007 economic recession has caused long-term unemployment to soar among young Europeans and left many of them despondent about whether their future living standards will ever match those of their parents. These internal challenges are likely to persist for a generation or more, particularly because Europe shows no signs of emerging from the doldrums of low or even negative economic growth. Yet the most urgent threats posed by new technologies are now coming from abroad, and unless Europe can respond quickly and effectively the continent’s political and economic stability could further deteriorate—and soon.
Russia: New Power and Influence through Cyberspace
Ever since Vladimir Putin came to power in 2000, Russia has sought to compensate for its inferiority in conventional weaponry by developing ever more sophisticated methods of asymmetric warfare. These effective but inexpensive weapons include cyber-attacks, disinformation campaigns, illicit financing, and influence peddling among ethnic Russians in Ukraine and the Baltic states or in support of pro-Moscow forces across Western Europe. In particular, Russia has increasingly employed “active measures” of information warfare (informatsionaya voyna) to destabilize neighbors and undermine foes abroad. The “Gerasimov doctrine,” named after Putin’s close advisor and Chief of General Staff Valery Gerasimov, calls for “the erosion of the distinction between war and peace, and the emergence of a gray zone” through the use of cyber-attacks that can inflict damage to an adversary without stepping over the line of armed conflict.3 Gerasimov claims such forms of political meddling, information warfare, and other non-military measures can be used collectively and in asymmetric fashion to erode the superior firepower of the United States and other adversaries.4
In February 2017, Russia’s defense minister Sergei Shoigu gave form to that doctrine by announcing the creation of a new branch of the military in which some special forces would be dedicated to information warfare. “Propaganda needs to be clever, smart and efficient,” Shoigu declared, stressing that the special information warfare troops would have a defensive as well as offensive capability.5 It was the first acknowledgement by the Russian defense minister of the existence of such forces, though Western security experts say that disinformation strategies have long been part of Russia’s military arsenal. In the past, Soviet communist propaganda efforts waged by Moscow were crude, ineffective, and often alienated their target audiences. But today, thanks to their mastery of Western social media platforms and freed from ideological constraints, Russian hackers working on behalf of the state have cleverly exploited divisions in Western society by infiltrating unlikely target groups like the National Rifle Association.
Under Putin, Moscow has steadily refined its hybrid methods of undermining key institutions in the West. Not surprisingly, given Putin’s stated goal of restoring the Soviet Union’s sphere of influence that prevailed before the end of the Cold War, Ukraine and the Baltic states have served as testing grounds for these techniques. Russia’s hacking capabilities first came under scrutiny in 2007 when Estonia’s banks, government ministries, newspapers, and political party websites were disabled by a steady bombardment of cyber-attacks that were traced back to Russia. This “denial of services” by Russia was achieved through massive waves of spam generated by botnets. The attacks continued for three weeks and nearly caused the collapse of the banking system before the Estonian government regained control of the situation. Russia also deployed cyber-attacks in its 2008 war with Georgia in which it seized the territories of Abkhazia and South Ossetia. In 2014, ostensibly in response to Ukraine’s signing of an association agreement with the European Union, Russian hybrid warfare techniques were used in the takeover of Crimea and the rebellion of pro-Russian separatists in eastern Ukraine. The deployment of “little green men,” or unmarked mercenaries, in the annexation of Crimea was another form of deception that fits with Russia’s new strategic thinking. The success of such measures, particularly in the area of Russian disinformation and cyber-attacks, has demonstrated how Russia can achieve its strategic aims despite limited financial resources.
This strategy has not been the result of dramatic technical innovation by the Russians. Moscow has been able to achieve high-impact results at very little cost by using Western commercial digital platforms readily available to the public. Russia’s success in exploiting Western technology calls to mind the famous quote from Vladimir Ilich Lenin that “the capitalists will sell us the rope with which we will hang them.” Russia has basically piggy-backed on American, European, or Chinese technology, in both hardware and in software, or by using such platforms as YouTube or Twitter, to disseminate false information for propaganda purposes and to disrupt Western elections by hacking into weakly-protected databases of governments or political parties. These methods promise to become super-charged when powered by new forms of artificial intelligence as applied to asymmetric warfare, which by using bots or other cheap duplication methods can vastly multiply the impact of fake or slanted news.
Even though Russia lags well behind the United States and China in AI research and development, it does not require much additional investment for Russia to escalate to more sophisticated disinformation techniques in order to influence the political landscape in the United States and Europe. Some reports estimate Russia spends as little as $12.5 million a year on AI research, which pales in comparison to China’s plans to invest $150 billion through 2030 and the $7.4 billion in unclassified AI research cited in last year’s Pentagon budget.6 The spending estimates for Russia, however, may not accurately reflect how much time and effort their military establishment now seems to devote to digital information warfare, particularly since recent evidence shows that the GRU, or Russia’s military intelligence branch, has been implicated in hacking operations from England to the Netherlands and even Malaysia.
According to U.S. government investigations into Russia’s meddling during the 2016 U.S. presidential election through cyber-attacks against the Clinton campaign and the Democratic National Committee, the total cost of Russia’s most high-profile influence operation against the United States was likely no more than one million dollars.7 This cost estimate includes the purchase of ads on Facebook and Google, an intelligence gathering trip by two Russian agents posing as tourists, and the operation of a troll factory near Saint Petersburg in which Russians set up fake social media accounts pretending to be real Americans. The troll factory, known as the Internet Research Agency, operates with the knowledge and support of the Kremlin and Russian intelligence services. It was founded by the Russian oligarch Yevgeny Prigozhin, who is known as “Putin’s chef,” since his catering company is believed to be the main funder of the IRA. German legislators who have investigated the troll factory say that since 2016, the IRA has expanded nearly four times in the size of its plant and the number of employees. German sources say that some of the best and brightest young Russians with special mathematical skills have been compelled to work there for at least two years or else face retaliatory measures against their families.8
Putin himself has become an avid recruiter, urging young Russians to develop mathematical skills and to think about their future careers in terms of pursuing work in the fields of information technology and artificial intelligence. “Artificial intelligence is the future, not only for Russia, but for all of humanity,” Putin told a group of students on Russia’s Knowledge Day. “It comes with colossal opportunities, but also threats that are difficult to predict. Whoever becomes leader in this sphere will become the ruler of the world.”9
Given its dwindling population and shrinking oil revenues, Russia may feel it has no choice but to double down on asymmetric warfare methods that are increasingly driven by artificial intelligence in order to fulfill Putin’s strategy of extending its influence deeper across Europe. German intelligence experts say they believe Russia is rapidly developing synthetic media content, or “fake news,” that is inexpensive and highly effective when disseminated through YouTube, Instagram, Whatsapp, and other readily available platforms. Other tools such as Video to Video Synthesis can be employed to doctor or fabricate photographs and video scenes at little cost, while advances in machine learning through new algorithms will make it easier to replicate the appearance of reality and prevent detection of “deep fakes.”10 Such images have already been widely used by Russian media to broadcast fictitious scenes of violent acts supposedly perpetrated by foreign asylum seekers in order to stir up far-right protests in Germany, which remains a prime target for Russian-inspired “fake news.” In the future, such forms of audio and video disinformation will be easily shared on smart phones to reach wider audiences, making it more difficult for governments to counter them, particularly in nations like Germany where Russia’s media influence is already widespread.
The precise origins of cyber-attacks are often difficult to track but Western governments have become more effective at uncovering the sources. Despite repeated denials by the Russian government of any involvement in cyber-attacks, Russia-backed hackers have continuously targeted France and Germany to spread false information during election campaigns, while continuing traditional espionage efforts that use electronic devices to collect classified intelligence from deep inside Western governments. France and Germany, with help from Estonia, have followed the perpetrators time and again back to the same Saint Petersburg troll factory. A 2015 cyber-attack using a sophisticated “phishing” technique against the computer network linked to the Bundestag’s intelligence committee shocked Germany’s political establishment and led to parliamentary approval for a new branch within the armed forces, staffed by more than 10,000 people, to maintain the country’s defenses against cyber-attacks and other forms of electronic warfare.
The German government also ordered a complete overhaul of the parliament’s computer systems. Germany’s domestic intelligence agency identified a group of Russian hackers known as APT 28 and a related one known as APT 29 as the chief instigators of the Bundestag attack. The same groups were behind the hacking of Democratic campaign offices and Clinton emails later published on WikiLeaks. Not surprisingly, WikiLeaks published sensitive documents on U.S.-German intelligence cooperation that Berlin officials said came from the Bundestag attack.11 As Chancellor Angela Merkel noted, such cyber-attacks are so embedded in Russian doctrine and occur with such frequency that they “belong to normal daily life, and we must learn to manage this.”12 Yet until now, Germany and other Western nations have failed to devise effective counter-measures to deter or disarm Russian cyber-attacks.
Putin and his military strategists have expressed amazement at how effective their methods have been in sowing discord and disarray across Europe. The Kremlin’s financial and political support for right-wing populist nationalist parties, such as France’s National Rally, the Northern League in Italy, Austria’s Freedom Party, Hungary’s ruling Fidesz party, and the Alternative for Germany, has targeted voter resentments in its disinformation campaigns. Moscow has capitalized on the failure of mainstream parties in the West to respond effectively to public anxieties about the impact of immigration on national identity, the growing divide between rich and poor, and the frustrations of young people to find sustainable jobs. These social problems are exploited by Moscow’s social media campaigns in ways that elicit a sympathetic response from aggrieved groups in the West. In the Baltic states, for example, Moscow has frequently used social media campaigns to stir up protests among ethnic Russians in Latvia and Estonia who complain about not being allowed to vote or receive full citizenship rights.
Russia has tapped into the public backlash against globalization, growing disenchantment among young people with the democratic process and recent voter preferences for more decisive, even authoritarian leadership. Far-right leaders like Marine Le Pen in France and Matteo Salvini in Italy express admiration for the way Putin runs Russia and have demanded that the West lift economic sanctions that were imposed in the wake of Russia’s 2014 annexation of Crimea and support for pro-Moscow separatists in eastern Ukraine. Hungary’s prime minister, Viktor Orban, has emerged as Putin’s strongest supporter among European leaders, meeting with him seven times since the start of the crisis in Ukraine. “I am very glad for several years we have had a balanced, predictable relationship,” Orban told Putin on a visit to Moscow in September 2018. “It cannot be said that a favorable international climate has always provided for our cooperation. But while all these unpleasant things exist, we can work against them together.”13
Putin has capitalized on Russia’s large energy resources to cultivate friends like Orban across Europe, offering concessions on price and long-term contracts for oil and gas. Europe’s trade and investment levels with Russia are nearly ten times those of the United States, which gives Putin further leverage in his dealings with European leaders. Russia’s disinformation strategy has generally sought to deepen political divisions across Europe by supporting the causes of right and left-wing populist parties against the political establishment, often through clever social media campaigns ahead of elections. Western leaders have vehemently objected to Russia’s actions, but Putin has responded either by denying any attacks or by claiming Russia is merely engaging in retaliation against Western propaganda. Putin’s campaign to restore Russia’s big power status has proved immensely popular at home; it has also been a successful political strategy to keep his people’s minds off troublesome issues like corruption and a feeble economy. Above all, Putin seems determined to reverse the verdict of the Cold War by restoring Russia’s geopolitical influence over neighboring states that comprise its “near abroad.”
Russia has furnished financial and economic aid to Orban to help Hungary overcome the effects of EU sanctions on lost trade with Russia. The Kremlin has also offered aid to other far-right parties across Europe, while seeking to spread disinformation to tilt the political agenda in their favor by fomenting fears of immigrants, often through bogus accounts on social media about rapes and other crimes allegedly committed by immigrants. Moscow has also sought to discredit mainstream opponents in the West through a steady stream of disinformation and hacking attacks. In the months following the 2016 U.S. presidential elections, Russian hackers tried on at least five occasions to break into the computer systems of Macron’s En Marche movement and attempted to break into the computer base of Merkel’s ruling Christian Democratic Union. Having learned from their American counterparts the full details of the 2016 DNC hacking, French and German intelligence agencies were able to warn various political parties months ahead of the elections about the need to take special precautions to foil the efforts of Russian hackers. As a result, Russian meddling in the 2017 French and German elections failed to have a serious impact on the outcomes.
Those setbacks have not deterred Russia’s GRU military intelligence services from pursuing further cyber intrusions across Europe. In the wake of an attempted assassination on British soil using a deadly nerve agent on a former Russian spy, Sergei Skripal, and his daughter, the British government accused the Kremlin of waging a series of “indiscriminate and reckless” attacks involving phishing scams, hacking attempts into government computers, and political disinformation campaigns in Britain and other parts of the world.14 The National Cyber Security Center announced it had identified up to a dozen “cyber actor” groups deployed by the GRU in the wake of the Skripal poisoning to carry out hacking attacks seeking classified information, with names such as Fancy Bear, APT 28, Pawnstorm, CyberCaliphate, Sandworm, and Tsar Team.
These attacks included the hacking of confidential medical records held by the World Anti-Doping Agency, which had been investigating Russian state-sponsored doping in sports. In addition, the Netherlands expelled four GRU officers after they travelled to The Hague under cover of diplomatic passports to hack into records of the Organization for the Prohibition of Chemical Weapons, which was investigating the Skripal attack, as well as the use of chemical weapons by the Assad regime in Syria. Dutch police captured the agents red-handed while they were parked in a rental car near the OPCW building. Inside the trunk, police found a trove of electronic equipment, maps and, cash. British security officials said the same Russian unit had previously traveled to Malaysia to attempt to hack into the investigation of the Malaysia Airlines flight MH17, which investigators say was shot down by a Russian military missile over eastern Ukraine, killing all 283 passengers and 15 crew on board.15
Russia’s campaign of aggressive cyber-attacks, even when they fail, has raised urgent questions about what the West should do about it. Some experts say the failure by the Atlantic alliance to develop an effective deterrent reflects a tacit acknowledgement that the West is already engaged in similar actions of its own and that open discussion about taking counter-measures would backfire and possibly cause political damage to governments that took such actions. Other experts say any retaliation would merely be used as a pretext by Moscow to ramp up attacks on infrastructure and other sensitive targets that would lead to a dangerous conflict escalation. In any case, Keith Alexander, a former director of the National Security Agency, says the unabated attacks by Russia show “the West’s approach to cyber security is not working.” He believes it is clear that in dealing with cyber warfare, “we still have not figured out how to establish real collective defense.” In a Financial Times op-ed, Alexander claimed that Russia “is actively using cyber space to undermine democratic institutions, foster internal disagreements in the west, and set the conditions for more active forms of warfare.” He says the mission for the North Atlantic Treaty Organization is that “we must operate at the same speed and scale as our opponents, sharing information in real time across public and private sectors and among nations. We must also create a common defense picture of the global cyber threat environment, much as we created a common air defense picture across all of Europe after the cold war.”16
The United States and its European allies have stepped up warnings to the public after discovering evidence that Russia’s future targets may include the digital jamming of control centers at key infrastructure sites, such as energy grids or power plants. In the wake of the Skripal poisoning, Britain and other Western governments agreed to embark on a “naming and shaming” strategy to unmask and embarrass the Kremlin and its cyber actors in Russian military intelligence whenever possible. What particularly worries U.S. and European intelligence officials is that Russia now seems to be focusing on a wide range of network infrastructure devices, including routers, switches, firewalls, and network intrusion detection systems targeted in a new cyber campaign labeled GRIZZLY STEP, as described in a joint statement by U.S. and British security agencies. “The current state of our network devices, coupled with a Russian government campaign to exploit these devices, threatens our respective safety, security and economic well-being,” the statement said.17
What the United States and Europe have failed to do is come up with an effective deterrence strategy to thwart attacks by Russia or other adversaries, including Iran and North Korea, which have been linked to previous hacking attacks against Western targets. Economic sanctions applied to these countries have not managed to curb malign behavior. Rob Joyce, the White House cybersecurity coordinator, announced in April 2018 there was a wide range of policy actions that the United States may pursue against Russia in response to its cyber-attacks, including fresh sanctions and indictments against those Russian citizens accused of involvement. Joyce said the U.S. government was prepared to retaliate with its own cyber-offensive capabilities, something the United States has been reluctant to acknowledge in the past, such as a joint effort with Israel to sabotage Iranian nuclear centrifuges. “We are pushing back, and we are pushing back hard,” Joyce said.18 Yet so far, there seems little to back up such vows of robust deterrent measures.
A month after making his claim, Joyce left his position to return to the National Security Agency and the White House decided to eliminate the post of cybersecurity coordinator. John Bolton, the incoming national security advisor, decided to abolish that position because he said those tasks should be handled by lower-ranking aides. But other officials claimed it was a pure power play by the new NSC advisor. Bolton’s action shocked cybersecurity experts, especially since digital and cyber-attacks had just been cited as the nation’s number one threat in the annual assessment sent by the director of national intelligence to Congress. “I don’t see how getting rid of the top cyber official in the White House does anything to make our country safer from cyber threats,” said Sen Mark Warner (D- Va.), the ranking Democrat on the Senate Intelligence Committee.19
The United States finally did take action against Russia in July 2018, just days before President Trump met with Putin in Helsinki, Finland. Special Counsel Robert Mueller indicted 12 Russian military intelligence officers who were accused of interfering in the 2016 U.S. presidential election. They were charged with hacking into the computer networks of Hillary Clinton’s campaign, the Democratic National Committee, and the Democratic Congressional Campaign Committee. They were said to have coordinated the release of damaging information to affect the election outcome through outlets known as “DC Leaks” and “Guccifer 2.0”. In all, the indictment charged the officers with conspiracy to commit computer crimes, eight counts of aggravated identity theft, and conspiracy to launder money.
There were other indications that the United States and its European allies were seeking to escalate their protection against Russian attacks. In November 2018, several hundred officials from NATO’s member states participated in the largest cyber defense exercises undertaken by the Western alliance. In the small town of Tartu, just thirty miles from Estonia’s border with Russia, NATO experts tested allied responses to simulated attacks that featured riots fueled by social media, computer network breaches resulting in poisoned water supplies and derailed trains, and foreign hacking attempts to undermine elections. In one scenario, malware embedded in the NATO network gained access to classified files about NATO defenses and sent them an enemy nation. Another scenario involved troll farms on social networks triggering riots where protesters try to burn a ship containing uncast ballots. The cyber war games were based on plausible attacks that could be launched by Russia or other potential adversaries. “It’s hard to imagine a conflict in the near future that wouldn’t include a cyber dimension,” said Chelsey Slack, deputy head of NATO’s cyber-defense unit. “We need to be ready to address that.”20
Estonia was selected as the staging ground for the NATO exercise because it has become an exemplary case in how to improve protection against cyberattacks. More than any other Western ally, Estonia has mobilized its population to defend against outside intruders. Since the 2007 cyberattacks that swamped the country’s banking and government websites, Estonia has established a volunteer army, similar to a National Guard, that can be called upon to protect the country’s digital infrastructure. The unit’s members donate their free time to regular training exercises in which they practice defending everything from online banking to electronic voting systems.21 Estonia has shared lessons from its training program with other NATO allies and hosts regular cybersecurity seminars in which Western allies are taught how to respond to simulated cyberattacks in real-life scenarios, such as disabled servers, fake news reports accusing NATO of using chemical weapons, and hackers interfering with an air base’s fueling system.
Yet even the most meticulous cyber defense preparations may never be completely successful. History has shown advancing technology in offensive weapons can outpace defensive actions; in other words, the sword will invariably overwhelm the shield, in electronic as well as in physical military warfare. That prospect becomes even more daunting when contemplating how the rapid development of artificial intelligence may act as a huge force-multiplier in the manipulation of information technology to wage cyber conflict. As Darrell M. West and John R. Allen of the Brookings Institution point out, “Just as AI will profoundly affect the speed of warfare, the proliferation of zero-day or zero-second cyber threats as well as polymorphic malware will challenge even the most sophisticated signature-based cyber protection.”22
A new generation of cyber and other weapons, magnified by advances in artificial intelligence, will make it much easier for other adversaries to engage in asymmetric conflict against the United States and its allies. As in the case of Russia, these countries would be tempted to follow this path because they might deem cyber-attacks and other forms of hybrid warfare as the best way to compete against the superior nuclear and conventional weaponry of the United States. The question of whether cyber-attacks fit the classic definition of warfare makes it difficult to invoke international law in justifying retaliation or coming to the defense of allies under attack, as prescribed by NATO’s article five. This gray zone of aggression has made it imperative, in the minds of some European leaders, to create new laws and institutions that could control such actions and prevent them from escalating into regional or global warfare.
President Macron of France believes the best way to fight cyber threats is through a global governance scheme that would bring together governments and business companies in policing the internet. At the Paris Peace Forum convened in November 2018 as part of the commemoration of the 100th anniversary of the armistice that ended World War One, Macron urged world governments and technology companies to pledge their support for a new set of common principles that would guide behavior in cyberspace. More than fifty governments and two hundred companies, including Microsoft, Cisco, Samsung, Siemens, Facebook, and Google, have endorsed Macron’s Paris Call for Trust and Security in Cyberspace that will strive to develop universal rules to govern the internet and ensure cyber security. This international accord, which falls short of a legal treaty of the kind that bans the use of chemical and biological weapons, will operate through the Internet Governance Forum under the supervision of the United Nations Secretary-General.
In contrast to President Trump’s “America First” policies, Macron strongly believes that global problems require multilateral solutions that embrace all key actors. Macron insists a “collegial approach” that develops a strong consensus among governments and leading information technology companies in deciding how to prevent abuses in cyberspace is the only feasible way to proceed in regulating the internet. He emphasizes the importance of business involvement: with half of humanity now using online services, the largest digital companies have more clout than governments in determining what can be done to stop hacking attacks, digital theft, and other forms of cyber intrusions. Macron believes that “giant platforms could become not just gateways but also gatekeepers.” Yet he realizes how complicated it will be for such a utopian plan to succeed, because like any arms control agreement it can only work when the most powerful players are willing to cooperate. While more than fifty nations have already enlisted in Macron’s plan to regulate cybersecurity, his biggest challenge will be to convince the world’s leading powers to cede national sovereignty over issues that require a global approach in order to succeed. Until now, Russia, China, and the United States have refused to sign the Paris Call.23
China: A Different Strategic Challenge
While Russia may loom as Europe’s main adversary in terms of cybersecurity and information warfare, China and the United States represent threats of a different nature to the future prosperity of the continent. Europe is slowly awakening to China’s aggressive targeting of the “crown jewels” among its advanced technologies and key infrastructure assets. American intelligence experts have recently alerted their European counterparts to the dangers of China’s strategic encroachment through mercantile trade policies and aggressive acquisitions. The latest National Security Strategy published by the U.S. government warns that “China is gaining a strategic foothold in Europe by expanding its unfair trade practices and investing in key industries, sensitive technologies, and infrastructure.”24 During 2018, China’s investments in Europe were nine times greater than its investments in the United States.25
As part of its Belt and Road Initiative to create a new Silk Road from Asia through Europe, China acquired control of the strategic port of Piraeus outside the Greek capital of Athens and is now building a high-speed rail network that will transport its goods from there through Belgrade and Budapest into the heart of Europe. Several EU countries, especially those in Central and Eastern Europe, are engaged in “China courting” by offering all kinds of enticements to lure Chinese investment. Since 2012, China has been holding regular summit meetings with 11 eastern European Union countries and five Balkan countries in a forum known as “16 plus 1.” The group’s stated purpose is to promote trade and investment ties, such as the recent major upgrade in freight transport facilities on Bulgaria’s Black Sea coast. Yet China’s growing economic influence is already having a powerful political impact by in effect deepening East-West fissures within Europe. Last year Greece blocked an EU statement in the United Nations criticizing China’s human rights record and Hungary softened an EU statement condemning China’s actions in the South China Sea. In contrast to the criticism he often hears from his EU partners, Hungary’s prime minister Orban does not receive any lectures from China about his illiberal policies that threaten democratic values.
Over the past five years, China has gone on a shopping spree to buy strategic assets across Europe, including companies prized for their research and development in robotics, artificial intelligence, medical devices, alternative energy vehicles, aviation, big data, and cybersecurity.26 Chinese companies have purchased Kuka, Germany’s renowned robotics firm that employs 14,000 people, for more than $5 billion and invested another $2 billion in the automobile giant Daimler. In Italy, Chinese investors bought up the tire maker Pirelli and acquired large stakes in energy companies like Eni, Enel, and CDP Reti. In Portugal, China has spent more than $12 billion on energy projects, health services, insurance, real estate, and media properties. In Britain, China made a large-scale investment in the Hinkley Point nuclear power plant, hoping to glean valuable insights for its nuclear projects back home.
But a backlash against China’s aggressive buying of European assets is gaining momentum. Politicians and business executives are calling for new measures to protect Europe’s sovereignty, industrial independence and security interests from Chinese incursions. When China recently attempted a takeover of the manufacturing firm Leifeld Metal Spinning, which makes uniquely high-strength metals used in cars, space, and nuclear industries, the German government blocked it on strategic grounds. Britain and Germany have expressed wariness about China’s offer to install the next generation of mobile telephone equipment, with some officials expressing fears that allowing the Chinese company Huawei to build the 5G infrastructure could compromise their national security. The United States, Canada, Australia, and New Zealand have refused to allow Huawei to build the next generation of telecom networks on national security grounds.
Senior American intelligence officials have intensified their warnings to European governments about the security risks of allowing Huawei to supply the superfast 5G services that will enable a new generation of digital products and services. Huawei is the world’s largest telecommunications equipment manufacturer and has worked with German partners such as Deutsche Telekom for many years. China’s 2017 national intelligence law, which requires “citizens and companies to support, cooperate and collaborate in national intelligence work,” has raised fears that Huawei could be asked by the Chinese government to incorporate “backdoors” into equipment that would allow Beijing access for spying or sabotage purposes.27
Germany’s foreign and interior ministries, after consulting with the United States and other allied nations, are seeking to prevent Huawei and other Chinese suppliers from participating in the bidding process for 5G contracts in Germany that will take place in early 2019. The European Union’s executive commission has expressed qualms that becoming too reliant on Chinese or American digital technology could jeopardize Europe’s “strategic autonomy.” But some German politicians claim such anxieties are overblown and that excluding the Chinese suppliers from the 5G rollout will deprive consumers of the chance to purchase the most advanced systems at the best available price.
Germany’s 5G debate shows how Europe is becoming more sensitive to concerns that business interests must not be allowed to outweigh security needs in the fields of digital technology and artificial intelligence. In his recent State of the Union address, EU Commission president Jean-Claude Juncker declared that Europe cannot run the risk of behaving like “naïve free traders” in sectors that affect its vital security interests. He laid out a proposal for a foreign investment screening process that would be designed to help oversee future investments and foreign acquisitions for the 28 EU nations that involve matters of strategic security. The European Parliament recently adopted legislation to create an alert mechanism for future foreign investments involving dual-use technologies but has agreed to leave the final decision on such deals to governments in EU member states. In any event, the China challenge is not going away: it is already emerging as a central issue on the transatlantic agenda as the United States and Europe wrestle over how to contain China’s growing power.
America: Taming the Technology Giants
The fear of being “colonized” by China and the United States with the coming wave of new technologies has sparked an emotional debate in Europe about whether to remain an open market in these critical sectors or to pass laws that will preserve and protect its own “crown jewels.” Europe still has world-class companies in fields like biotechnology, luxury cars, smartphone chipmakers, and nuclear energy. But a gnawing anxiety that Europe is falling far behind in the race to develop future technologies has prompted Macron and Merkel to launch a joint strategy designed to close the artificial intelligence gap with the United States and China.
France produces some of the best data scientists and AI researchers thanks to top-notch schools in mathematics and engineering. But after graduation, they often move abroad to work in places like Singapore or Silicon Valley. Macron has promised to lure many of these scientists back to France by creating an AI ecosystem that will double the number of people working in this sector over the next four years. “Artificial intelligence is a technological, economic, social and obviously ethical revolution,” Macron said when he launched a billion-dollar plan to make France a leader in artificial intelligence at an “AI for Humanity” conference in March 2018. “This revolution won’t happen in 50 or 60 years; it’s happening right now. There are new opportunities and we can choose to follow some innovations or not.”28
France and Germany have agreed to collaborate through a joint research center known as the JEDI collective to promote artificial intelligence. Governments in both countries have pledged to offer various incentives to encourage their most innovative companies to jump into the race to develop AI projects where they hold a competitive edge such as in the health, environment, transportation, and security sectors. Cédric Villani, one of the world’s most renowned mathematicians who was awarded the Fields Medal in 2010—equivalent to the Nobel Prize in mathematics—was recruited by Macron in the first months of his presidency to draft an AI strategy for his government. Villani, who joined Macron’s political movement early and was elected to a seat in the National Assembly, brought together some of the top young scientists in France to craft a multi-dimensional AI strategy. One of the most critical factors in achieving success, Villani says, will be to persuade Europeans to overcome their reluctance to allow more open access to private data if they hope to gather sufficient amounts of information to develop AI applications and be able to compete on a global scale with China and the United States.
An EU digital strategy approved in 2015 called for all kinds of data to be shared in order to create a genuine single market across Europe, but apart from simplifying tax rules and ending roaming charges the project has fallen well short of meeting its goals. Europe has been slow to develop a dynamic venture capital culture of the kind that has fueled Silicon Valley’s innovations in new technologies, as many banks and other sources of capital investment remain skittish about funding youthful tech entrepreneurs. Another major obstacle holding Europe back is rooted in the profound reticence of many citizens to share personal data, a legacy perhaps of the traumatic history of Nazi and Soviet-era surveillance. Some experts believe this reluctance to share data across boundaries may ultimately doom Europe’s efforts to catch up with China and the United States in the field of artificial intelligence, where machine learning algorithms rely on massive amounts of user data in order to learn how to do things.
On May 25, 2018, the European Union introduced one of the toughest personal privacy regimes in the world. Called the General Data Protection Regulation, the rules have profoundly affected the ways in which major technology companies conduct business in Europe. The GDPR limits what kinds of personal data can be collected, stored, and used by tech companies operating in the EU’s 28 states. It also includes a “right to be forgotten” that allows people to demand that companies delete online personal data about them. In addition, anyone under 16 must obtain parental consent before using digital services. In the first six months, more than 50,000 complaints have been filed against companies with EU governing bodies. If found in violation, companies face a maximum fine of 20 million euros ($23 million) or 4 percent of their annual global revenue, whatever is greater. But EU officials say maximum fines will only be assessed against serious or repeat violators, not in minor cases.
A recent Facebook breach affecting around 30 million users will come up for judgement in early 2019 by Ireland’s data protection regulator. The Cambridge Analytica scandal, in which data for 87 million Facebook users was hacked, is often cited in Europe as a prime example justifying the passage of stringent data privacy rules. The Trump administration has complained the GDPR creates unnecessary barriers to international trade and will impose significant costs on American digital businesses. But so far, American technology giants have been willing to adapt to the EU rules since the new regime provides greater legal certainty by imposing one common data protection standard across Europe. Facebook and Apple have even called on the United States to adopt similarly tough data privacy laws. “I think the GDPR in general is going to be a very positive step for the internet,” Facebook CEO Mark Zuckerberg said in testimony before members of the U.S. Congress a month before the EU law came into effect.29
Apple CEO Tim Cook has urged the U.S. government to give its citizens the same protections that GDPR now provides to Europeans. With California and other states starting to pass their own data protection laws, Cook and other chief executives of American technology giants recognize the potential value of national legislation rather than dealing with different laws in different states. Apple is less dependent on consumer data to generate revenue than Facebook or Google, which use that information for targeted advertising. As a result, Cook has been more outspoken than other executives in expressing harsh criticism of a “data industrial complex” that betrays the interests of consumers. “Our own information, from the everyday to the deeply personal, is being weaponized against us with military efficiency,” he told the EU parliament in Brussels, in a thinly-veiled critique of Facebook and Google. “This is surveillance, and these stockpiles of personal data only enrich the companies that collect them.”30
The alacrity with which American tech giants have been willing to play by Europe’s rules in adapting to the complex provisions of GDPR suggests they are confident that their grip over the European market is not going to weaken anytime soon. “There has not been any pushback from American companies,” said Vēra Jourovā, the EU commissioner for justice, consumers, and gender equality. “If anything, they seem very eager to understand how exactly they can comply with the regulation.”31 Indeed, Europe’s own strategies to promote artificial intelligence have been embraced most enthusiastically by American tech companies; the biggest investors in Macron’s plan to establish AI research centers in France have been Facebook, Google, DeepMind, IBM, and Microsoft. These American companies have already committed billions of dollars to build or expand their existing investments in France, which Macron hopes will lead to the creation of thousands of well-paying new jobs for France’s young people.
EU countries have demanded that internet companies assume legal responsibility for content involving hate speech or incitement to terrorism; Germany passed a law requiring social media companies to remove such content within 24 hours or be subject to fines of 50 million euros a day. In addition, European antitrust investigators are seeking multi-billion-dollar fines against Google, Qualcomm, and Facebook for abusing dominant positions in the European market. The European Commission is also considering plans to slap big tech companies with a new “digital tax,” based on revenues rather than profits, that could generate a tax windfall of more than $5 billion a year. Apart from ensuring that U.S. tech giants pay their fair share of tax, European governments are also concerned about reining in their anti-competitive behavior which they believe harms consumers and the ability to nurture Europe’s own digital champions.
Those actions have provoked criticism from Washington. The U.S. government claims that EU tax and antitrust policies aimed at American tech titans are tantamount to protectionism, designed to punish them for their success and provide a boost to their European competitors. President Trump has railed about the EU trying to impose unfair tax burdens on powerful American tech companies that have dominated global markets; his predecessor Barack Obama openly challenged EU officials during a 2015 trip to Brussels for taking actions against American companies that were “more commercially driven than anything else.”
While Europe has taken the lead in regulating the internet and curbing the behavior of digital corporate giants, these steps do not guarantee the continent’s future economic strength. Europe will only be able to achieve true innovative leadership when it can cultivate its own domestic technology giants that can hold their own with top competitors from China and the United States. China has been able to compel Google and Apple to bend to its will by growing world-class manufacturers such as Huawei and Xiaomi, and by making Facebook accept its rules because Chinese citizens can turn to WeChat, a local alternative to Western social networking platforms. Until Europe can grow global technology giants of its own—as it has done in sectors like luxury automobiles and biotechnology—the Old World seems destined to lag behind in the fields of artificial intelligence and digital technology. As a consequence, its finest engineers and researchers will be tempted to go off to work for Apple, Google, and Samsung rather than stay in Europe to help create domestic champions.
Europe possesses formidable assets that are waiting to be tapped in the digital era. It hosts some of the finest citadels of higher learning in the world, and its social achievements such as universal health care, family incentives, and old-age pensions are considered models of enlightened policy. Europe can also draw upon its longstanding alliance with the United States to build a safer and secure economic future for its population. Even with the surge of emerging powers like China and India, the United States and Europe together account for nearly half of all global economic activity.
Over the decades, the transatlantic economy has fueled the rise of great companies to the benefit of both sides of the Atlantic. Boeing employs tens of thousands of Europeans, even as Airbus employs a similar number of Americans. Europe and the United States can sustain their remarkable alliance by learning from each other and following their best practices. Just as Europe can become more entrepreneurial with America’s help, the United States should do more to follow Europe’s example in managing information in the digital age in ways that respect the rights and privacy of all citizens. In coping with the emergence of autocratic threats from Russia and China, the United States and Europe must come to realize that their future success as Western democracies will depend on ever closer cooperation to preserve our values, institutions, and the delicate balance between freedom and equality in an age when advanced technologies bear unimaginable consequences—both good and bad.
William Drozdiak is a nonresident senior fellow in the Center on the United States and Europe at the Brookings Institution. Formerly, he was a senior editor and chief European correspondent for the Washington Post.