The revelations of Operation Dunhammer, a joint NSA/ Danish FE data collection scheme, made European headlines as President Biden visits Europe. The headlines reintroduce a need for stronger tech alliances and regulations, as well as data protections.
Madrid (Brussels Morning) Following four years of turmoil and distrust amongst European leadership and the US Trump administration, President Joe Biden is touring Europe with the “America is back” promise. A traditional trans-Atlanticist, Biden promises to restore regular multilateral ties and an air of normalcy as he works through the G7, NATO, and the Geneva talks with Russian President Vladimir Putin. “Back to normality” is a message that relieves Washington’s European Allies, but it is not a message free of controversy.
Biden calls for cooperation but no one forgets that the Snowden leaks marked the legacy of the Obama Administration and his own legacy as Vice president. The EU is reminded that while the US may be an ally, their intelligence services are not above friendly spying and a divide-and-rule approach to security cooperation. In this case, Denmark was Washington’s “liaison” in Europe, but there are no doubt others exchanging information for special access to know-how and information. As stated by Kristina Irion, Associate Professor at the Institute for Information Law and the University of Amsterdam, “It is not really in the logic of spies not to spy on allies.”
Whistleblowers and European leaders alike want answers
Upon the story of Operation Dunhammer breaking, Edward Snowden, America’s most famous whistleblower tweeted, “Biden is well-prepared to answer for this when he soon visits Europe since, of course, he was deeply involved in this scandal the first time around. There should be an explicit requirement for full public disclosure not only from Denmark, but their senior partner as well.”
French President Emmanuel Macron also called for an explanation at a Franco-German Council of Ministers, stating “This is not acceptable between allies, even less so between European allies and partners,” with Merkel echoing these views. But as the week moves forward, little discussion of the affair is taking place, and Operation Dunhammer is migrating to the back of the headlines.
Good things are developing at the summits, and the Director of the Centre for European Politics, Dr. Marlene Wind, mentions the topic may not be brought up because, “everyone does it and everyone knows that everyone does it. The problem in the Danish case is that it was discovered.” A statement, she says, that comes from intelligence experts. Even so, it’s a friendly reminder that the US has skeletons in the closet that have yet to be addressed.
Why Dunhammer Matters
Operation Dunhammer was initially reported by Danish Broadcasting Corporation in cooperation with SVT , NRK, Süddeutsche Zeitung, NDR, WDR and Le Monde. DR reported that Denmark, an EU member state, used cables to access phone lines and internet servers of a variety of important figures, most notably German Chancellor Angela Merkel, passing on the data to Washington.
While suspicions of said spying date back to the early days of the first Obama administration, of which now-President Biden was VP, it remained unclear how the National Security Agency was able to access such sensitive information.
Following an investigation lasting several months, the paper revealed information of a secret, internal cohort in the Danish Intelligence Services (FE) who concluded the NSA used phone numbers of politicians and officials from Norway, Sweden, Germany, and France, using internet cables that ran to and from Denmark, intercepting everything from texts to calls.
Speaking with National Security, Defence and Cyber Security Lecturer at the Baltic Defence College, Shota Gvineria, he explained that unethical, friendly spying is hardly crossing the lines of illegality. Considering that one’s data is protected at any given point would be naive, as seen in this case. No matter what protections one may place on personal systems or the prestige they may have, the very methods of information retrieval and dispersal can be breached.
The Snowden- Schrems regulatory legacy
Nevertheless, the initial revelations of mass surveillance struck a nerve in Europe, and continue to do so today. Snowden’s leaks led to knowledge of the National Security Agency’s gathering of millions of people’s metadata through phone records and internet browsing, with companies like Facebook, Twitter, and Google providing backdoors to US intelligence.
In the EU, the Case of Max Schrems, an Austrian privacy advocate, v. the Data Protection Commissioner, in 2015, led to the destruction of the Safe Harbour Agreement that allowed data transfers between the EU and the US. The data transferred was then required to be accessible to the US government. This brought forth an awareness that these social networks and search engines were not international entities required to follow the rules of the states they operated in, but American first and foremost.
Snowden and Schrems significantly transformed the European approach to data protection, raising awareness and public sensitivity. Cases like Operation Dunhammer retell that the world of technology is manipulated for economic and intelligence purposes though that does not mean measures cannot be taken to reign in these oversteps.
Irion states that “when European leaders fall victim of surveillance it makes the headlines, however, mass surveillance of European citizens is at least as much disconcerting.” The implementation of the GDPR is a step forward.
The GDPR creates common standards for personal data protection. This push sets the EU as a leading global regulator, but not specifically a global player in tech. Today, the EU likes to call their efforts the “Brussels effect” attempting to help set global precedent and regulation in the digital sector. To ultimately achieve a safer internet, the US must also come to the negotiation table and set precedent on data flow and work transparently with allies.
A universal standard for the internet
The EU has trailblazed the digital space in terms of protections for its citizens. A step it hopes, as communicated in December 2020 agenda for global change sent to the Biden administration, the US may follow. In terms of taking on adversaries like Russia and China, creating an internet governed by democratic values and a human rights first approach can ensure a united front. The EU proposed joint agreements for the realms of AI, data flows, and an initiative between the EU and US to develop 6G technologies.
Between Russian election interferences, the recent SolarWinds and pipeline hacks, and the row China over 5G, it is clear the systems which host most of today’s infrastructures require an improved security that will be best developed amongst allies, in order to thwart influence of authoritarian states.
The restoration of multilateralism is not only an effort to undo the missteps of the Trump era, but to address the issues plaguing relations amongst allies. Building a cooperation that puts cyber security first requires a strong alliance in the face of adversaries like China and Russia.
While according to the Pew Research Center, western European states such as France or Germany have a rebounding approval rating for the new Biden Administration, though approval ratings have yet to rebound to pre-Obama era confidence. The damage of the Trump era has left many wary of US motives and democracy, and lack of tech transparency and espionage only further hinder confidence.
Conversations at both the G7 and NATO summits reinforced cyber threats and digital security as top concerns. At NATO, member states agreed to a new cyber defence policy, while stating that “cyber threats to security of the alliance are complex, destructive, coercive, and becoming more frequent.” The communique also stated “reaffirming NATO’s defensive mandate, the Alliance is determined to employ the full range of capabilities at all times to actively deter, defend against, and counter the full spectrum of cyber threats, including those conducted as part of hybrid campaigns, in accordance with international law.”
Cooperation amongst member states including between the US and EU will be necessary moving forward to deter attacks from adversaries. But Gvineria emphasised that incorporating cyberspace policies into the actual defence and planning processes and avoiding buzzwords like resilience are necessary.
Even with multilateralism back on track, there’s no doubt that to fully address tech policy and bring forth new measures of joint cooperation, these skeletons won’t be able to hide in the closet forever. While adversaries have taken centre stage this week, the US will also need to answer for the ethical oversteps it’s taken with European allies to ensure a public trust can be rebuilt.