On Wednesday 4th June, Debating Europe will be partnering with the Security & Defence Agenda for its annual conference: “Overhauling Transatlantic Security Thinking”, taking place in Brussels from 14:30 to 18:30. One of the key issues being discussed will be cyber-security and how to respond to online threats.
We recently had a comment sent in by Olivier. He thinks that the biggest threat online comes from governments, not from criminal gangs or terrorists. Certainly, states have many times the resources of the average hacker group and, increasingly, cyber-warfare is being taken seriously by governments and not just thought of as a plot-device for the Bond movies.
In 2008, a cyber-attack on Georgia during the war with Russia was co-ordinated with Russian military actions on the ground. In 2010, a massive cyber-attack against Estonia paralyzed the country’s digital infrastructure, disrupting government websites, banking services and media. And the “Stuxnet” worm that was discovered in Iran in 2010 – suspected to have been deployed by the US – destroyed almost one-fifth of the country’s nuclear centrifuges necessary for nuclear enrichment. Then, of course, there is the recent NSA spying scandal.
We put Oliver’s question to Jamie Shea, Deputy Assistant Secretary General for Emerging Challenges at NATO. What did he think?
Well, I think that we have to keep things in proportion. It is true that governments do access cyber-space, but often this benefits citizens, because our intelligence services are able to discover all kinds of very serious plots by monitoring the communications of suspected people. Had that monitoring not taken place then things as bad – if not worse – than 9/11 could have happened.
So, to some degree this is a legitimate activity. But, of course, all democracies recognize that there have to be limits, laws, and supervision relating to the way intelligence systems operate. And sometimes when we have issues like the NSA issue in Europe recently, we discover that we need to clarify the rules and that those rules need to be respected, and of course we need to have proper parliamentary control. It’s the old Roman question: who polices the police? Who guards the guardians? But we shouldn’t just look at one aspect of this because again, if we didn’t have intelligence services able to look into cyberspace, we would be much more under threat than we are.
We also had a comment sent in from Paul, who had a very different attitude. He said he couldn’t care less if the authorities chose to monitor his e-mails, because they wouldn’t find anything scandalous. Instead, he thinks monitoring everyone’s online activity helps combat terrorists and pedophiles.
I mentioned a moment ago that it is a legitimate activity for governments to want to monitor communications. However, that is only if they have a reasonable suspicion of direct or indirect criminal, terrorist or illegitimate illegal activity. I don’t believe that there is a role for intelligence services to monitor the emails of every private citizen. This is not very good use of people’s time or public money.
And I think there have to be very firm privacy laws, like you see at the moment being discussed in the European Union. Therefore, we need something equivalent to the Foreign Intelligence Surveillance Court run by the US Congress, for example, which has a legitimate role in supervising and approving requests by the police or the intelligence services to monitor people’s emails to make sure that monitoring only takes place when there are good, legitimate reasons to do so.
Which brings me back to the point I made earlier; the intelligence services are necessary – a must – and cyber offers them a means to access information that didn’t exist before. But sometimes the possibilities run ahead of the ethics, of the legal situation, and in every democracy we have to make sure that from time to time we re-calibrate these things by making sure that the police cannot do whatever they like – nor the intelligence services. They have to come under a proper legal framework and get proper authorization, which means giving their justifications before they do it rather than after they’ve done it.
It’s one thing to fight against cyber-criminals and hackers online, but what happens when those groups and individuals are being sponsored by states? Countries including China, Russia and the USA are suspected of occasionally using hackers as proxies in cyber-attacks. Is Europe doing the same? We put this question to Rini Goos, the Deputy Chief Executive at the European Defence Agency.
Does government monitoring of online activities help combat terrorists and criminals? Should you only be worried if you have something to hide? Does the EU need much stronger online privacy laws to help prevent abuse? Let us know your questions and comments in the form below and we’ll take them to policy-makers and experts for their reactions!