“There are some big decisions to make.”
US Ambassador to the EU, Gordon Sondland, speaking about Huawei, September 4 2019.
HUAWEI. The plot is thickening, with fresh accusations and counter-accusations. Chinese telecommunications firm Huawei have accused the US government of hacking into their systems and attempting to hire their employees as informants, according to a document purportedly emanating from the company’s legal department, seen by EURACTIV.
One Huawei official told EURACTIV that the cases made against the US administration were legally “bulletproof.” Yesterday, I caught up with US ambassador to the EU, Gordon Sondland, and pressed him on the accusations, to which he replied that he’s “not going to comment on classified matters.”
However, I pushed Sondland further on a claim the founder of Huawei, Ren Zhengfei, recently made to EURACTIV, that it’s “very likely” Huawei equipment will be used in core 5G network infrastructure in the UK. How would the US respond to this? Sondland told me that there “are some big decisions to make but I think that we’re in close consultation and cooperation with them [the UK]” over the matter. We recently reported that the UK will decide by the autumn whether to grant Huawei involvement in the country’s future 5G infrastructure.
5G SECURITY. In other US government news, Vice President Mike Pence has been doing the rounds in Europe this week. Visiting Warsaw, he signed a joint declaration to collaborate on 5G security with Polish Prime Minister Mateusz Morawiecki and said that the agreement should “set a vital example for the rest of Europe”.
Speaking after the signing on Monday, Polish President Andrzej Duda revealed that “Poland’s counter-intelligence has detected activity that could be of espionage nature,” with regards to Huawei, adding that prosecutors are investigating the claims. The company vehemently denies the accusations.
AVMSD. This week, Parliamentarians have been sitting in Brussels, with a number of key hearings in the tech field. Yesterday, DG Connect’s Director-General Roberto Viola spoke to the Culture Committee and highlighted issues related to the Audio Visual Media Services Directive, in which he said that the Commission is “very worried” about the ever-approaching transposition deadline of September 2020.
Viola added that to make the process smoother, implementation guidelines would be issued by the Commission on the essential functionality criteria for platforms but that the directive should be used to tackle online hate speech and that any platform which offers a video sharing service comes under the scope.
MENTAL HEALTH ONLINE. Meanwhile, British Liberal MEP Judith Bunting pressed Viola on the issue of mental health online. Hers was a timely question, as yesterday the advocacy group Privacy International published a report that “shows that many mental health websites don’t take the privacy of their visitors as seriously as they should.” Viola informed her that this is a situation the Commission is taking more seriously and he revealed that Giuseppe Abbamonte, Director of the Media and Data Directorate has been tasked with consulting experts on the negative impacts of social media overuse.
DIGITAL SERVICES ACT. In addition, S&D’s Petra Kammerevert said that the recently leaked details of the Commission’s plans to regulate the online ecosystem – known as the Digital Services Act, may obscure how the EU deals with rights such as “freedom of expression and diversity of opinions,” to which Viola said that this is a “delicate issue” but MEPs can “rest assured that all the steps of better regulation will be followed…[including] public consultation, debate, impact assessment.” He added however that the eCommerce Directive, which the Digital Services Act will essentially replace, needs to be overhauled.
Meanwhile, the Internal Market Committee (IMCO) is also vying for influence in the run-up to the Commission’s presentation of the Digital Services Act, set to come in the second half of 2020, as they plan to submit an initiative report to the Conference of Committee Chairs on the measures. The Legal Affairs Committee (JURI) are also expected to jockey for influence.
GOOGLE DATA BREACH. Yesterday, it transpired that Google is using a “surreptitious mechanism” to leak personal data to advertisers, according to new evidence presented to the Irish Data Protection Commission as part of an ongoing investigation. Google is accused of using hidden web pages that scrape personal data, which is then traded on Google’s advertising exchange business ‘Authorized Buyers’, previously known as DoubleClick.
In Brussels, Carmen Avram, a Romanian lawmaker from the Socialists and Democrats (S&D) group, has issued a series of questions to the Commission, asking the executive to confirm whether it was aware that Google is using the sensitive data of its users in this manner.
ENISA. Elsewhere in Parliament, ENISA’s new chief, Juhan Lepassaar, appeared before the Industry committee (ITRE), earlier this week. He addressed concerns related to the scope and the voluntary nature of cybersecurity certification as part of the recently adopted cybersecurity act, but also said that he hopes the new rules “can become what the General Data Protection Regulation has become for privacy: the new global standard for trust.”
GAIA-X. Big news for Europe’s cloud infrastructure, as news surfaced this week that in October, German Economy Minister Peter Altmaier is set to reveal more detailed plans for the establishment of a European Cloud initiative known as ‘Gaia-X.’ Up to now, the European cloud marketplace has been dominated by US firms.
SPACE WASTE. In other news, EURACTIV’s Alexandra Brzozowski writes this week that according to the European Space Agency’s (ESA) latest Annual Space Environment Report, the quantity of space junk around Earth has hit a critical point.
LIBRA. EURACTIV’s Jorge Valero reveals that the EU’s Economic and Financial Committee has requested an analysis note from the European Commission to probe the risks posed by Facebook’s digital currency Libra and to explore the ways to regulate it.
FACEBOOK FACIAL RECOGNITION. Staying with Facebook, in a blow to privacy advocates, judges in Wales have ruled the use of facial recognition by local police is lawful. The ruling came as Facebook tried to appease concerns by making technical changes to ensure that its facial recognition technology will no longer identify users.
The digital security of Europe
his article is part of our special report Finding digital freedom in a crowded world.
A clear trend can be seen for our digital future: What can be connected will be connected. But companies and societies do not network within traditional, analogous borders.
Dr. Thomas Kremer is a board member of Deutsche Telekom Group.
Machines are also increasingly being connected to one another. The Internet of Things is growing faster and faster. These developments give us a unique opportunity to bring the citizens of Europe closer together. And we must not let this opportunity pass us by. At the same time, the digital networks are and will become an increasingly attractive target for criminal or state-controlled cyber-attacks. Deutsche Telekom’s systems have reported up to 70 million different attacks on a single day this year. A new, sad record! And a leap compared to the figures of 2018! Thanks to our efforts, these attacks are not getting through, but the number is vertiginous.
For a company like Deutsche Telekom, but also for all other pan-European or globally active companies, it means being vigilant. Companies develop security strategies across borders, in Europe and worldwide. Cyber security may have been the nerds’ paradise discipline in the past. Today, cyber security belongs at board level, as it does here at Deutsche Telekom. To protect the EU’s digital internal market and the digital sovereignty of European companies and citizens, cyber security must therefore also become a top priority in Europe. With her new team the new President of the European Commission Ursula von der Leyen is responding to this challenge and giving top level attention to Cyber Security. I welcome it.
We talk a lot about the consequences of digitization these days. However, I very much miss a discussion: The European Union must develop into a digital security union.
For this necessary further development, I see us all as having a duty. This is a common task for the EU, its Member States, its citizens and its businesses. Only together we will achieve a better level of security, keep Europe competitive as a strong business location and finally assume a stronger role as a technology leader again.
Networks were and are the locomotive of the European internal market. Network operators are expanding this infrastructure more and more – more bandwidth, more speed. They thus promote growth in Europe and bring people closer together. This requires both strong political backing and forward-looking regulatory guidelines. Then this approach can succeed.
Cyber security is a highly complex issue in Europe. We are looking at a colourful patchwork of European and national regulations. In Europe, for example, we have the Directive on High Network and Information Security, the NIS Directive, the EU Cybersecurity Act and the currently discussed E-Evidence Regulation. A similar picture emerges in Germany. There are the IT Security Act 1.0 and 2.0 and additionally the security requirements for telecommunications network operators of the Federal Network Agency, the Federal Office for Information Security and the Federal Commissioner for Data Protection and Freedom of Information. A comparable patchwork with partly very different security requirements exists in the European finance or energy industry. The situation is similar for security-relevant certifications and the evaluation of products and services. That cannot remain so. This complexity costs us too much strength and speed.
The initiative of the new Commission-President to establish a Single Market for Cyber Security with a Joint Cyber Unit, is a step in the right direction. And it is positive news that a strong Vice-President will be in charge of the Commission’s Digital Agenda. Responsibility, resources and budget need to be concentrated in one hand. The incoming EU Commission attributes highest priority to our Digital Security. The European Parliament should support this policy. We need clear rules for cyberspace that are uniformly applied in Europe. This also requires more efficient EU structures.
Exchange of ideas alone is not enough
On the question of “who should know that…”, we are fortunately one step further. The exchange between the central players in cyber security at state and private level has been intensified and improved in recent years. This applies especially to us in Germany. Nevertheless, significant improvements are still possible and necessary. The dialogue between industry, national supervisory authorities and national legislators is still too national today. This, too, is a direct result of the complicated legislative system. In the process, we need cross-border exchange more than ever on the way to a digital security union. This must be promoted. An agile body of experts consisting of state and business representatives from the EU member states is the logical consequence: network operators in dialogue with national and European institutions, with the task of drawing up concrete proposals. A pure exchange of ideas is not enough! And to avoid misunderstandings: Even in the area of cyber security, sovereign tasks cannot be taken over by private companies.
Looking for European standards
From a technical point of view, Europe’s level of security can be further improved, for example by trustworthy digital identities. Making people and machines unique on the Internet of Things is a prerequisite for secure digital legal and government transactions in the domestic market. And last but not least, this is the basis for citizens’ trust in e-government and digital services. You will already suspect it – here, too, every Member State is pursuing its own approach to solving the problem. That is not enough! Today, European citizens need a European digital identity, and not just ten years from now!
Instead of making cooperation more difficult, European network operators must be made easier to cooperate on security issues in particular. Secure networks are a prerequisite for the digital world, for a secure, digital Europe and for satisfied citizens.
And in general. For the digital space, analogue national borders are almost meaningless. The difference between digital and analogue is too often exploited by organised crime. For example, attacks via the Internet are deliberately launched from abroad in order to disguise the authors and elude access. How do we deal with this? Similar to the Schengen area in the real world, digital border controls can enable unhindered and secure data traffic to and from the EU to the whole world. In the event of a massive attack from outside the EU against the functioning of the internal market infrastructure, digital border controllers can be used to selectively prevent external attacks by means of technical filter lists.
There are still many unanswered questions. But one thing is perfectly clear: digital security is a top priority on the European agenda. Europe needs a shoulder-to-shoulder approach between European institutions and network operators to protect the digital world.
Europe needs a digital security union.
(TO BE CONTINUED)