The shared fear of Russia’s military aggression has been a glue holding together the transatlantic security alliance. Since the 2016 United States presidential election, a new kind of Russian threat has become increasingly salient in the public discourse: the manipulation of public opinion via cyber and information operations. The US, Germany, Great Britain, France, Spain, the Netherlands, Italy, Sweden, Latvia, and Bosnia and Herzegovina are all believed to have fallen victim to various degrees to election tampering orchestrated by the Kremlin over the last two years (details on these operations can be found here and here).
What is clearly a common problem, looming over Washington as much as over European countries, warrants a common response. Organizations like the Atlantic Council have repeatedly called for “greater and sustained transatlantic cooperation” and “coordination between parliamentarians” in countering Russian information operations, in addition to calls for dialogue with and between technology companies and civil society organizations. NATO’s Science and Technology Committee also made ‘Russia Meddling in Elections and Referenda in the Alliance’ one of the three issues on its agenda for 2018. And yet, a review of the responses to Russian intervention on both sides of the Atlantic uncovers close to no coordinated steps on the political and legislative levels.
Tackling the same threat – separately
The new Russian threat did not go unanswered. The US and European governments have taken countermeasures to prevent cyber attacks on voting systems and computer networks of sensitive organizations. Additionally, they have taken steps to regulate cyberspace or the operation of propaganda-spreading foreign media outlets with new legislation and established national or transnational information centers to tackle ‘fake news’. Many of these initiatives originated at the EU level, ranging from the call to establish a legal obligation for political organizations to upgrade their network and information security, to the foundation of the East Stratcom Task Force, which is charged with exposing Russia’s online disinformation operations. However, at the transatlantic level, joint responses are manifestly scarce.
NATO, as the embodiment of the security alliance between the US and Europe, has long been aware of the security implications of Russia’s information operations and began researching information warfare in 2014. Last year, EU and NATO officials declared their intention to expand cooperation on this topic, especially via the European Centre of Excellence for Countering Hybrid Threats – a Helsinki-based intergovernmental think tank set up by NATO and the EU in April 2017, meant to serve as an international hub for practitioners and experts assisting member states and institutions against hybrid threats. However, it is difficult to ascertain to what degree, if any, member states actually rely on its services. Moreover, despite US involvement in the project via NATO, it is clear – as the name suggests – that the Centre’s focus is on the European side of the Atlantic, making it a poor transatlantic response.
The power of joint action
The potential benefits of developing a common strategy for countering information operations, particularly those originating in Moscow, have been noted by think tanks devoted to transatlantic ties. The Atlantic Council has called upon the US and the EU to establish a Counter-Disinformation Coalition, a group of government and non-governmental stakeholders, including social-media companies, traditional media, ISP firms and civil society, that would meet regularly to develop, share and recommend best practices for confronting disinformation. Carnegie Endowment for International Peace also acknowledged that regular exchange involving foreign ministries and diplomats could assist other government agencies and nongovernmental actors, including media organizations, political parties and social media companies. Nevertheless, all exchanges between officials from other countries, especially in the lead-up to important elections, remain ad hoc and institutionalized mechanisms for the sharing of best practices are yet to be established.
The lack of a united transatlantic response to Russia’s information operations and election tampering becomes particularly apparent when compared to the West’s response to Russia’s involvement in the Ukraine and the annexation of Crimea. The unified front demonstrated by the US and EU in that context is celebrated as a key component in the abatement of Moscow’s aggression, making the crisis a “transatlantic success story”. In contrast, a joint front against influence campaigns is yet to be established. A prominent example is the use of sanctions as a tool against aggressors: in the wake of Crimea’s annexation, all NATO members instituted sanctions against Moscow that continue to remain in force. In contrast, the US responded to election meddling with sanctions unilaterally, without any transatlantic coordination.
Who, or what, is to blame?
Whichever tools NATO member states choose to retaliate with, past experience in the case of the Crimea suggests that they will work best if governments use them in a coordinated manner. This begs the question – what might be impeding a joint strategy for tackling Russia’s information operations?
The immediate suspect is President Donald Trump, who has been reluctant to acknowledge that Moscow intervened in his favor in the 2016 election, despite clear rulings of US intelligence agencies. He also waited eight months before finally enacting sanctions on Russia – reluctantly signing the bill in August 2017, following nearly-unanimous support for the measures in Congress, but introducing the sanctions only in March 2018 – making them seem half-hearted. Trump also did not suggest that European allies do the same, in stark opposition to his predecessor, Barack Obama, who embarked on a European tour to convince EU countries to maintain Ukraine-related sanctions on Moscow, despite their close economic ties with Russia. Therefore, in European eyes, Trump perhaps appears as an ‘unreliable partner’ with no real interest of ‘punishing’ Moscow for something that he is not willing to fully admit had happened.
Given all this, it is not surprising that European countries prefer to limit their multilateral response to the EU level and source knowledge from NATO centres, without seeking a potentially more effective coalition with the US. But the European preference for tackling this threat alone may also be fueled by a deeper, more long-standing divide: Europe’s and America’s conflicting preferences when it comes to the right to privacy vs. free speech.
The problem of irreconcilable differences
Developing a joint strategy to fight foreign influence requires reaching a common understanding on the degree to which a government can intervene and limit the activity of private tech companies; or the degree to which it can revoke users’ anonymity and restrict their privacy in the pursuit of trolls and bots, for example. Reaching a transatlantic agreement on the nature of such infringements will be a monumental task.
Traditionally, European countries adhere to a high degree of government involvement in protecting data privacy, perceiving it as a fundamental right, while US laws emphasize freedom of expression as a fundamental value. The resulting European belief that the American legal system does not ensure an adequate degree of personal data protection has led in recent years to intense debates over the lawfulness of personal data mining, the “right to be forgotten” and limitations on data transfers between the EU and the US.
Even agreements related to counterterrorism efforts using personal data were not spared controversy: US demands that European airlines provide records of passenger names, or that financial transactions be made available to the US Treasury Department to track possible terrorist funding, were met with immense opposition in Europe over the balance between the pursuit of public security and the privacy of citizens. Eventually, agreements were reached on both issues in the ‘spirit of transatlantic partnership’, but not before certain changes were made to accommodate EU data privacy laws.
The extraterritoriality of the US demand for information sharing and the scope of the EU’s power to regulate the activities of non-European actors that affect its citizens remain contested issues. Also the willingness of US authorities to regulate tech companies like Facebook and Twitter, whose networks became fertile ground for information manipulation, has been called into question: Europe recently introduced the General Data Protection Regulation (GDPR), which limits how these companies collect and use the personal data of all users located within the EU – information that theoretically could be used for their targeting in an information campaign. But Facebook, Google and other tech giants refuse to extend the same protection to US users, and authorities are not expected to intervene in order to protect their privacy.
Also, with regard to freedom of speech, different legislation creates a gap in terms of the American and European ability to limit content shared online. The First Amendment to the US Constitution, for instance, includes protections for potentially offensive and hateful speech, whereas European countries can ban hate speech. Some legal scholars also believe that the First Amendment extends to the freedom to spread ‘fake news’ or that the protections it provides can be undermined by labelling certain content as propaganda by foreign agents under the Foreign Agents Registration Act (FARA).
Therefore, given the different lines in the sand drawn by both Europe and the US – violation of privacy rights on the one side, and restricting freedom of speech on the other – finding a common regulatory framework as part of a joint strategy against foreign information operations will likely remain a challenge. Even though a transatlantic response to Russian manipulation would boost efforts to counter the threat, the obstacles curbing possible cooperation are substantial – and will not dissipate even under a new US administration.
Israel Public Policy Institute (IPPI) serves as a platform for the exchange of ideas, knowledge and research among policy experts, researchers, and scholars. The opinions expressed in the publications on the IPPI website are solely that of the authors and do not necessarily reflect the views of IPPI.
Beyond Regulation: a new approach to dealing with digital disruption
“Citizens are speaking to their governments using twenty-first-century technologies, governments are listening on twentieth-century technology and providing nineteenth-century…