‘When personal data is used for political messaging, are we happy with the rules?: EU Security Commissioner Julian King

Julian King, a British diplomat, was appointed the European Commissioner for the Security Union in 2016. Mr. King’s portfolio includes the European Union’s internal security, which comprises cybersecurity, combating radicalisation and improving intelligence-sharing between EU agencies. Excerpts from an interview in Brussels:

What are the greatest security threats to the EU?

To Europe... we face a series of threats from terrorism, predominantly Islamist extremist terrorism, and we face a series of threats from cyber and cyber-enabled activity. And those are the two main focuses of the work we have been doing in the Security Union. Within that, obviously you need to evolve as the threats evolve. What we’ve been doing around terrorism has changed and evolved over the last two or three years and what we have been doing around cybersecurity, starting with an awareness of the nature of the challenge, has changed a lot in the last 12 months.

Where do you think the challenges and gaps are, and where do you think you have been successful?

I think we have made progress — but in saying this you have to recognise that the threat level remains very high — both from terrorism and from cyber. The kind of progress we’ve made on terrorism includes securing our external borders better. That is, not closing them but having a much richer information picture of who is coming in and out of our shared space. We have significantly reinforced cooperation between police and law-enforcement authorities across Europe against these threats. We have also made some progress, but it’s a hard long-term challenge, in addressing some of the root causes in the terrorist threat, which is Islamist extremism, which takes place in some of our communities and, notably, takes place online.

On the cyber challenge, there’s been a step change in awareness of the nature of the challenge in the last 12-18 months, both with the major international attacks that struck Europe as well as elsewhere in the world and brought home to people the level of exposure that is almost inherent in the way we rely on our interconnected cyber-enabled world but also equally important with the politically motivated attacks that have taken place in the U.S. and in Europe.

During your time in office have you ever pushed for the idea of internal borders with the EU?

Well, as you know, the Commission isn’t in favour of reintroducing internal borders. We’re in favour of making Schengen work, and that’s what we’re endeavouring to do. So, we’re proud of the progress we’ve made with the Schengen member states to remove internal borders. We have accepted that in exceptional circumstances, because of either migration challenges or security challenges, some member states have chosen to reintroduce temporary internal border controls but in each case we made it clear that this is a temporary thing and we need to work together to get back to effective Schengen across the entire Schengen space. In order to do that, we have to have sufficient confidence in the measures to control our external Schengen borders, which is why I said that one of the things we have made progress on, but there is still more to do, is to reinforce our external border.

Of late, each year there have been a few attacks somewhere in Europe. Does it really take away from the single market and the freedom of movement to have internal checks? Are there philosophical issues with this?

It’s not just philosophical. That’s not necessarily the best way of dealing with the security challenges either. We believe, not least through the creation of these EU-wide law-enforcement databases we’re building up and reinforcing, that we can get to a situation where it’s not possible to move around in the Schengen space, legally, without a confirmed bonafide identity. At the moment, we have a challenge. We have a real problem that it is possible, it’s been proven, that people are moving around Europe with false identities, multiple identities, for criminal purposes or, on occasion, some of the people who have perpetrated terrorist attacks have been benefitting from that. We’re going to remove that, we’re going to deal with that challenge, but not through controls at internal borders but across Europe, through an effective system of EU-wide law enforcement database and effective police cooperation.

Would this mean an EU-wide identity?

Not a single identity. Individual states are responsible for issuing passports and ID cards, although we are making sure they raise the standards of those. We have reinforced the controls including identity controls that will be exercised for people visiting the EU through creating an entry-exist system that records arrivals and departures of visitors, through introducing the European equivalent of ESTA [a pre-clearance system for the visa-exempt], through the modernisation of our visa system. So if you’re in our space, you should have a bonafide identity. And that can be, if necessary, checked. And you don’t need to do that only at internal border controls. I believe we can build a system that would enable you to do that, if there was cause to do it, wherever you were. That’s not going to be random because in all of these measures, all of the security measures we are pursuing, we are always very conscious of what it is we are seeking to defend, which is our values and our way of life. And that is true of the security measures we are taking to counterterrorism and cyber and cyber-enabled threats as well. We are not going to takes measures that undermine the very values and the very way of life we are seeking to defend, so it’s always rooted in those values and it always comes with very strong protections for people’s privacy, confidentiality, but there are ways in which we can make ourselves more secure in a shared and open Schengen space.

So doesn’t this become trickier, this system of visa checks and having one bonafide identity when entering the Union from outside, when terror is home-grown?

You’re right.

You could still have multiple identities…

Well, hopefully they won’t have multiple identities if they are in the EU because if they’re seeking to have any interaction with public authorities, they’ll have to have an identity and that identity will be an identity that is rooted in biometrics. But you’re absolutely right, there’s no point to just think about controls the EU would exercise at external borders or the controls you would exercise for people visiting the EU. Some of the worst attacks back in 2015 and early 2016 were perpetrated by so-called returning foreign terrorist fighters. But if you look at all of the attacks across Europe last year, those weren’t perpetrated by people who were returning; they were perpetrated by so-called home-grown, often self-radicalised individuals. So the challenge there, and it’s a very big challenge, is to tackle this problem of radicalisation. And there we’re working to deal with radicalisation as it were, on the ground, in our communities, but also – and here, Europe, I think, can collectively play a role – the real challenge of radicalisation and radicalising content online. All of the attacks that took place last year across Europe had an online element to them – either a radicalising or glorifying element to them. It’s a big problem. We are working with the platforms to make progress on a voluntary basis but we’ve made it absolutely clear now the set of things we need done by the end of May and if we’re not getting the necessary progress on those measures by the end of May, we’ve said that we will need to look at a way of compelling the platforms to make progress.

This is outside the whole disinformation thing…

This is illegal terrorist content. This stuff is illegal. If you were wandering around the streets of Europe circulating pamphlets calling for jihad, you would be breaking the law. And what we’re saying is, if it’s illegal offline, it’s illegal online. You need to take action against that content. We have said that platforms need to take it down in an hour if notified by police, that they need to use automated means to identify and stop it going back up, they need to cooperate with police. And if they don’t do those steps, which we’ve set out in detail now, by the end of May, then we’re going to have to look at regulation and legislation to deal with it. But that is a separate set of issues and challenges from the wider issue of disinformation and fake news, etc., where we’re also working to make progress. It’s not about zapping individual bits of content because we’re not doing censorship. We’re not saying take this bit or that piece of content down, because who is going to judge that?

Has the Islamic State been completely defeated? Where do you see the next such challenge coming from?

I think the progress the coalition has made on the ground in Iraq and Syria is very positive. The dismantling of the mechanics of the so-called Caliphate is very important. It would actually be a mistake to think that is the end of the threat from extremist Islamist [forces]. Because it is clearly not. That threat will change and evolve.

There’s an immediate challenge, following the progress against the so-called Caliphate, from displacement. Some people have gone to ground locally, it seems, and some people have, it seems, sought to move to other areas, either where there is existing conflict or to areas including the Maghreb, where they think they can generate trouble. That is why it is important to work with our partners to counter radicalisation and violent extremism, including in our neighbourhood.

So, the Islamic State, in your view, has not been defeated.

Well, there is a continuing threat from Islamist extremist terrorists and we need to be conscious of that and we need to take measures to deal with it.

In the context of the Financial Action Task Force (FATF) assigning Pakistan to the ‘greylist’, is there any evidence that Pakistan has taken noteworthy action on terror? What do you expect from the FATF plenary next month?

Well, we support the FATF process. [It] is a slightly separate process and I am not going to prejudge what I hope will be constructive discussions that Pakistan and indeed a range of other countries are going to have, to make progress against terrorist financing. [The FATF meeting in Paris in April] emphasised again the importance of international cooperation to deal with terrorist financing and the EU is going to do whatever it can to deal with the problem of terrorist financing in Europe [and] to support all effective international cooperation against terrorist financing.

What action is Pakistan taking?

I am not responsible for the FATF process. We support it and I hope there is going to be a constructive discussion.

But you probably have a view from the EU side on what actions Pakistan is and isn’t taking.

I don’t think it would be right for me to try and double guess...

On India-EU counterterrorism cooperation, is there real-time information sharing such as what India has with the U.S.?

We do have information exchanges, which are based on the discussions taking place in the context of CT [counterterrorism] dialogues and summits. I can’t make a comparison with India’s exchange with the U.S. because I haven’t got sufficient knowledge to make a basis for the comparison. Would we like to continue to develop our cooperation with India on the whole range of counterterrorism challenges? Yes, we would like to and we hope we will continue to do that.

On the EU code of practice on disinformation, do you think you can leave it to tech giants to police themselves because the Commission has proposed a very light-touch approach which has been criticised for a lack of ambition?

I wouldn’t agree with that. There’s a big space between the status quo, saying everything is fine at the moment which clearly it is not, on the one hand and censorship, 1984-style Ministries of Truth, which we’re not going to do, on the other hand. What we have said is, we’ve opened up a discussion which now needs to move quickly — and I am determined it will — about what we can do in that space. So the first step has to be for everybody to recognise that you do need to do something and you can do something without it falling into the trap of censorship. The second step, which we now need to take over the coming months, is to define better with the platforms how we can achieve some basic objectives. We’ve set out the basic objectives around increased transparency, traceability and accountability. Some of them are relatively detailed so we’re saying very specific things around sponsored content, around greater transparency, around how algorithms and news feed is pushed, but exactly how we’re going to deliver those needs to be worked through with the platforms over the next few weeks. I intend that the code of practice that we come up with by the summer will be detailed and will include some detailed performance indicators.

So it will be a self-assessment-based process?

No, not necessarily. There’s peer assessment and there’s member-state expert assessment of performance. It won’t just be platforms signing off on their own performance. If we don’t get sufficient progress against detailed performance indicators, then we’ve said we reserve the right to look again at whether we need to change the rules. And we haven’t jumped to that because any question of regulation or legislation in this field is going to be complicated and is going to take time.

Can you clarify what is meant by the European Commission supporting media organisations that put forth data-based journalism? This was one of the Commission’s proposed ideas to tackle disinformation online. There is a view that it’s not desirable for the government to be a major player in media.

I have a great deal of sympathy with that. I think there are some long-term challenges that we’re going to have to work through to do with how you support media diversity and how you do the education part of this — generate a critical, aware readership — and those are not things we’re going to sort out by the summer or by the end of the year. What I was talking about are some of the shorter-term concrete measures that we need to get on with, where I think there’s real-time pressure, not least because there have been examples of attempted outside interference around elections and we have a big series of elections across Europe [to the European Parliament] in spring next year. I think we need to take two tracks. The physical dimension is making sure that our electoral processes are cyber-secure, but there’s also a track that needs to be pursued around behavioural interference: are there people using my personal data or particular forms of messaging in the context of elections that are doing it without sufficient transparency?

The measures to tackle disinformation online say, “The Commission will launch a call for proposals in 2018 for the production and dissemination of quality news content on EU affairs through data-driven news media.” Is the Commission going to start companies?

Well, that was one of the recommendations that came from Commissioner Gabriel’s [Mariya Gabriel, European Commissioner for Digital Economy and Society] consultation process which she ran for some months and I am sure she will continue to consult as she takes that forward.

Okay, so that’s not your baby and you’re not quite sure…

I have given you my answer but I agree with you: we need to be very careful about public authorities, either national or at the European level, becoming or being perceived to be too involved in the management of the structure of media. I don’t think that is at the heart of what we’re proposing.

Where is the line between the legitimate use of data and unethical manipulation? Cambridge Analytica has said that what they did was legitimate and that they’ve been vilified.

Well, that’s what we’re going to have to explore. The use of personal data to sell us things has been accepted. What we’re saying now is when mined personal data is used to target messaging in the context of political processes, particularly elections, are we happy with the level of transparency that applies to that and potentially the rules that apply to that? We have very strong rules, different in different member states, but we have very strong rules across Europe around advertising and political party activities during election periods. Our question is: Are we happy that those rules are sufficiently adapted and up to date for the online age? And that question is open for me.

There’s a bit of a cultural rift between Eastern and Western Europe. Longer term, do you think this rift in core philosophy and disagreement on what the heart of European values is, is a security challenge?

I would dispute your premise a bit. There are certainly challenges — I would call them ‘societal’ rather than ‘security’ challenges — about different forms of populism across Europe and that manifests itself in different ways in different countries. And there’s a debate therefore about how you deal with that and the response is different in different countries... That’s sometimes linked to a question of European values. Populism can have very negative consequences and people are trying to push back against that within their own different political contexts. There is a debate, sometimes referred to as the ‘debate about values’, which has focussed in particular on some central European countries where people are saying that there are questions about the functioning of the rule of law in those countries. And there the Commission [has] been rigorous and has attempted to be very consistent about saying that there are some underlying ways in which the justice system should work which should apply across the EU because the EU is a community of law. So it’s not that there’s a division between east and west that’s being pulled in some way by outside actors on the basis of influence and values.

Is right-wing extremism something you’re concerned about longer term?

On the question of right-wing extremism, we do have an extremist Islamist terrorist challenge, [but] that is not the only form of extremism that we worry about. There have been examples of right-wing extremist terrorism in Europe unfortunately, including, arguably, in the U.K. with the attack on Jo Cox, the Member of Parliament. And we do have to be conscious of that. There are certainly examples of right-wing disinformation, fake news, apparently designed to generate tension and dissent and we have to guard against that. So the measures we’re taking either on illegal content or on the wider issues of disinformation and fake news are not pointing in any one direction; they’re about the underlying phenomenon and those can be sponsored from Islamic extremists or they can be sponsored from other forms of extremism, including right-wing extremism. It is a challenge, I don’t want to blow it out of proportion, but it is a challenge which we are conscious of.

This article is closed for comments.
Please Email the Editor

Printable version | May 11, 2021 8:51:45 PM |

Next Story