Europe should give meaning to the rule of law online

Marietje Schaake is a Dutch D66 Member of the European Parliament and a Trustee of Friends of Europe

Online, we do not yet have a tradition of the rule of law. We are not certain how to apply existing laws when the internet is used to attack or to repress. In the absence of clear rules that safeguard principles such as fair competition and non-discrimination, big technology companies are filling the vacuum. But the rule of law must retain its meaning in a hyper-connected world, and Europe should pave the way in setting norms that put people’s rights and freedoms first.

The foundations are there: the General Data Protection Regulation; net neutrality enshrined in law and multi-million-euro fines imposed on tech companies for abuse of dominance and competition rules. It is time the EU embraces norm-setting in the digital world as a competitive advantage, and becomes a global leader by developing policies in the public interest beyond the digital single market.

The alternative – where the internet is ruled by the laws of the jungle – is unfolding before our eyes. During the United States presidential election, the Democratic Party was hacked. American officials immediately accused Russia of seeking to manipulate the election outcome. While the evidence is being gathered, we should reflect on the consequences of such unprecedented acts and, more importantly, how to prevent future hacks.

Fake news flourishes on online platforms where sensational headlines beat fact-checked reports for clicks and advertising revenue. Daily reports about hacks, leaks and propaganda have eroded trust in the internet, which hinders its economic potential. This stands in sober contrast to the promise of democracy going viral, which many considered possible when all people on the open internet could access information, speak freely and connect globally.

In a major 2010 policy speech, then US secretary of state Hillary Clinton highlighted internet freedom as a core issue for her foreign policy agenda. She argued that on top of President Franklin D. Roosevelt’s Four Freedoms there should be a fifth: “the idea that governments should not prevent people from connecting to the internet, to websites, or to each other. The Freedom to Connect is like the freedom of assembly, only in cyberspace.”

Sadly, the US has since lost credibility – not by limiting people’s ability to connect, but by intrusively following them afterwards. To keep the internet open, trustworthy, free and safe, both states and companies must take responsibility.

From the technological infrastructure to the services sent over it, the private sector is increasingly influential online. It is essential to look across borders and beyond traditional governance models to ensure the rights and freedoms of internet users are respected, wherever they may log on. This is easier said than done in the shifting dynamic between sovereign states and the borderless internet.

The knee-jerk response of creating a closed-off ‘splinternet’, where states seek to develop an online space in sync with territorial borders, must be avoided. It rejects the notion of an open, global internet. The urge to regain control over citizens goes hand-in-hand with the use of technologies to repress populations or wage war. The most drastic way to control people online is to completely block access, which happened in Egypt during the 2011 uprising against President Hosni Mubarak. In Turkey and Bangladesh blackouts hit specific regions or services such as Whatsapp, Facebook Messenger and Twitter. The Ugandan government forced internet service providers to block Whatsapp, Twitter and Facebook in the run-up to elections, and Algeria closed social media to avoid cheating during exams. China has built a ‘Great Firewall’; it seeks to keep its population controlled and foreign companies out.

With these drastic moves governments are shooting themselves in the foot. Closing off the internet has major economic consequences: 81 blackouts over a 12-month period in 2015-16 caused US$2.4bn of damage to the global economy. The immaterial damage is less easily measured, but felt by people unable to call relatives or an ambulance, or get news amid the chaos.

There have been few concrete repercussions, although for EU candidate countries such as Turkey, digital rights form part of the ‘Copenhagen criteria’, the basic standards for entry into the bloc. The EU can do more to ensure existing laws are enforced when digital freedoms are violated. Development aid conditions on respecting human rights should always include freedoms online.

Unfortunately, the rule of law and effective judicial and democratic oversight are concepts that are not always respected in democratic societies. Despite revelations about the practices of American and British intelligence services and court rulings against aspects of these practices, intelligence services still want to collect data in bulk. In both the UK and France new legal frameworks gave intelligence agencies extraordinary new powers to track individuals online. Besides the fact that major question marks arise about whether these measures actually make societies safer, the credibility of democratic countries is undermined. The EU must lead by example and raise the bar for respecting human rights online.

Recent terrorist attacks in European cities have created additional momentum for governments to adopt laws that prioritise national security over cybersecurity. EU member states are calling for ‘backdoors’ to messaging apps and access into encrypted communications. But computer scientists argue any form of specialised access would make communications infrastructure vulnerable to attack at its core. This in turn would make it more difficult to protect our digital infrastructure and personal communications from unauthorised access. A global company cannot provide special access to one government and oppose it for others; creating backdoors would negate the things we seek to defend: cybersecurity, the open internet and open societies. Encryption is a logical extension of the freedom to connect, since it enables individuals to exercise their rights to freedom of opinion and expression in the digital age. This deserves strong protection.

Educating people about basic security measures should become mainstream, but states must also take responsibility for avoiding escalation and global collateral damage. The Netherlands Scientific Council for Government Policy proposal to declare the internet’s core infrastructure a neutral zone can prevent the worst damage. We need to move from a zero-sum assessment of security and freedom to an appreciation of ways in which they reinforce each other; we must replace a digital arms race with an understanding of the mutual dependence between states and companies in an online world.

Beyond states, large technology companies are increasingly acting as ‘new sovereigns’. Because of their major global role, they are increasingly confronted with challenges that traditionally landed on the desks of diplomats or politicians. Should companies apply censorship under pressure from foreign governments, because content posted on their platforms causes deadly clashes? Can governments tackle violent extremist radicalisation without cooperating with social media giants? And what checks and balances are in place to limit the removal of information?

Large tech and social media companies are filling the regulatory void and developing norms that conflict with the rule of law. Facebook removed pictures of a centuries-old statue in Italy for being ‘sexually explicit’. YouTube wrongfully identified one of my political speeches as spam and took it down. With many citizens accessing news only via social media platforms, and certain search engines being used for nearly 100% of searches, the public interest is at stake. States operate with a growing dependence on tech companies to protect critical infrastructure. How should this be regulated, and who is ultimately responsible?

The EU’s leadership in developing normative rules for the open internet and its use is essential if we want to prevent closed, top-down control practices or profit-maximising business models from becoming the new normal. This is not only a moral duty: it is in our core interest to deliver upon the promise of a networked society that empowers individuals and respects and protects fundamental rights online; one where users can have access to information without any form of unjustified censorship. The EU should be ambitious. It should go beyond a digital single market. It should lead the world in giving meaning to the rule of law online.