The revelation that Cambridge Analytica, a data firm hired by the Trump campaign, exploited Facebook data from 50 million Americans should be a wake-up call. Our government is failing to protect us online. Foreign intelligence agencies need only check social media user-agreement boxes to harvest our data and run influence campaigns. Meanwhile, as everything from hospitals to nuclear power plants to Wall Street are connected online, America is increasingly vulnerable. Yet compared with our allies, there is little urgency to tackle the problem.
This is a surprising role reversal. European weakness in the face of national security threats has been a bipartisan headache since the end of World War II. Yet, when it comes to the newest digital threats to the West, like those emanating from Russia, Europe is charting the way, adopting whole-of-society methods for dealing with this new challenge.
While there is no single “European” approach toward Russia, various European countries — along with the EU and even NATO — are providing a variety of smart policy responses that America should emulate.
Beginning with 2007 attacks on Estonia’s internet, Europe has been a digital-aggression petri dish: cyber-attacks, digital propaganda, even election hacks. Employed effectively, these actions disrupt or discredit news sources, strain national dialogue, and even crush democratic legitimacy.
In response, Europe has wisely stopped treating cyberspace like its own special domain reserved for tech geeks and certain policy makers. Just as Russia has integrated various digital tools – be they for espionage, cyber attacks, or propaganda – into larger, aggressive political strategies, more countries must have their own integrated approaches. This was reflected in January’s launch of the joine EU-NATO European Center of Excellence for Hybrid Warfare, which seeks to enlist diplomats, law enforcement, intelligence services, even technical experts to tackle the threat.
Europe is also active in another respect: regulation. Germany has implemented a hate-speech law requiring swift action and large penalties for spreading already-illegal language. France has promised legislation targeting fake news. And at the EU level, the European Commission is preparing its General Data Protection Regulation, which will use the threat of stiff fines to engender better cybersecurity. European willingness to write rules reducing vulnerability or stamping out foreign actors’ malign acts signals a resolve that so far is lacking in the States.
In no area is Europe more engaged than in mobilizing society to achieve digital resilience. As documented in a 2017 Washington Post report, these efforts have been going on for years. They exist in countries like Sweden, where schools are enlisted to detect Russian propaganda, and at the EU-level, where a task force documents and analyzes state-sponsored malign influence campaigns. As German MP Patrick Sensburg said, “We have to prepare the public.”
Little such urgency is seen in the United States, where a 2016 study from Stanford showed that students have a “dismaying” ability to tell fake news from real, and where tens of millions of Americans may have unwittingly used platforms like Twitter or Facebook to view or share Russian propaganda during the 2016 election season. These actions continue today, and there are signs they will be employed in this year’s mid-terms.
One major lesson from Europe is that responding to Russia and bolstering defenses is not just about foreign policy. Through fixes to law, there is much that America can do to shore up its defenses. Sensible proposals exist, but they withering on the vine. Disclosing foreign funding of political ads, as recommended by Senator Warner, can help inject much needed transparency. Legislation pressed by Senators Lankford, Kloubachar, and others, will not only fund election infrastructure hardening, but put equipment suppliers on notice that we expect better security.
Regulation is not a silver bullet; America’s first amendment make some European-style regulations impossible. Yet Americans can and should take steps to curb tech abuses.
While Congress must act, the Trump administration can take steps now to protect America.
For the military, the Pentagon is taking a good first step by elevating U.S. Cyber Command. But it should also ensure the military can conduct hybrid warfare in an integrated way. For instance, in the future, it may be that information warfare should fall in CYBERCOM’s job jar. At the same time the command should also follow a model closer to US Special Forces, whose actions are most effective when tied to strategic objectives set by regional commanders and diplomats.
The State Department needs to get in the game. We should be investing in our counter-propaganda tools, like the Global Engagement Center (though re-thinking its contract with Cambridge Analytica would help).
Expanded law enforcement investigations to expose illicit foreign cyber and influence efforts is an area where the U.S. is actually surpassing Europe, as evidenced by the Mueller probe. We should devote more resources to these efforts, just as we did to counter terrorism following 9/11.
But the strongest signal would be enforcing laws meant to punish election interference. The President must signal the clear intent of the United States to defend itself against adversaries, like Russia, employing digital means to attack our democracy.