Leave US economic espionage grounded with European cloud

Excessive economic espionage to strengthen the economy has a long tradition in America. The Americans, however, claim the opposite.

More than a decade ago, under the code name "Echelon", US intelligence agencies and their colleagues from the UK, Australia, New Zealand and Canada tapped not only military communications but also private and commercial information. In 2001, a specially convened committee of the European Parliament described the actions of the intelligence agencies - the spying on European technology companies of friendly states to give their own companies competitive advantage in world markets - as unacceptable.

These "Echelon" operations were justified by James Woolsey, a former director of the CIA, by claiming that a European company would have a "national culture" of corruption if it were to deal with the allocation of major contracts in international trade. The representative of the Central Intelligence Agency even went a step further, revealing: "It would be a waste of intelligence agency resources if commercially relevant insights gained from espionage weren't passed on to American companies."

European experts on US intelligence agencies fear an even more expansive repetition of such espionage actions. Because the scale of surveillance and data collection of allied nations by the NSA (National Security Agency) in the US and the GCHQ (General Communications Headquarters) in the UK goes beyond imagination. This involves millions of respectable citizens above any suspicion of terrorism citizens and the very specific reconnaissance of valuable technology information.

Better negotiating position

The Americans also used PRISM in the build up to the signing of the "Trans Atlantic Trade and Investment Partnership" (TTIP) to manouver a better negotiating position. In addition to tariff issues, the agreement deals with the elimination of barriers related to technical regulations, standards and market conditions for admission. It is obvious that with a daily exchange of goods of around two billion euros between the US and Europe, protection of one's own interests brings serious economic benefits.

Economic espionage is quite explicitly mentioned, for example, in the legal basis for GCHQ's spying program "Tempora", the Intelligence Service Act of 1994, as a reason for conducting intelligence activities. In addition to the provision of security, the fight against terrorism and organised crime, economic well-being is explicitly strived for. If this task is tackled aggressively, it means nothing else than targeted industrial espionage!

Gigantic collection of meta-data

What’s happening now in the online industrial espionage is the gigantic collection of meta-data from senders and receivers of emails and data via flight and account connections, which allows data miners to create exact company profiles. This intimate knowledge of market competitors can be quickly used to gain competitive advantage.

In many cases it is not necessary to access the local IT-infrastructure of enterprise and to skim the information right there. The data is simply swiped at central nodes in the internet, making the forensics at the companies concerned considerably more difficult. The majority of international internet hubs are located on US soil. The British, in turn, take the opportunity to tap terrestrial deep-sea cables that run across the Atlantic. Economic espionage has arrived in the digital age.

German industry and technology expertise in particular is in high demand for "friendly intelligence services". No other European country has been so intensively hacked in the recent past as Germany. A "Corporate Trust" study of industrial espionage from 2012 estimates the total damage for the German economy in this year at 4.2 billion euros. Compared with the study from 2007 this amounts to a rise of almost 50 % or an unimaginable 2.8 billion euros.

Industrial espionage is easier for the Americans and the British because their largest companies in the information and communications industry can be forced at any time by arbitrary legal authority of the intelligence services to hand over client data. The latest example is Verizon: The NSA could spy with a secret court order millions of user accounts. Non-Americans have no rights or data protection in such arrangements.

Only Open Source Software

After whistleblower Edward Snowden revealed the PRISM procedures to the public, even long-time insiders of the American information industry lost confidence in their own industry. The former Microsoft "Chief Privacy Adviser" (chief consultant for data protection matters), Caspar Bowden1, now avoids using his former employer's programs and uses only open source software whose program code can be checked.

When it comes to the value of ICT for American companies, the espionage activities are also deliberately flanked by mergers. First, European companies are strategically weakened by the scouting of sensitive technology and data plans and finally bought for a low price and withdrawn from the market. The best example is Nokia. Five years ago "Finland’s pride and joy" was a clear industry leader in mobile telephony with about 40 % world market share. In these heyday years the company employed 22,000 people. In September of this year the global market share was only 14 %, for smartphones a derogatory 3.1% and the number of employees decreased to 4,700. As a last resort, the former flagship Finnish company with an estimated market value of 260 billion euros sold its mobile division for 5.4 billion euros to Microsoft.

Europe is also listening

The suspicion of industrial espionage in connection with PRISM and Tempora also hit the media in summer 2012. As a result, business people were sensitised and mobilised to greater efforts in terms of data protection. In Brussels they were also alarmed as evidence strengthened that GCHQ had been spying on the parastatal telecommunications company Belgacom and in particular its subsidiary BICS (Belgacom International Carrier Services). The BICS operates a node for data exchange and communication services between several hundreds of providers including the access provider of EU bodies. What belongs to the daily business at America's NSA - eavesdropping and data collection at the UN headquarters in New York, for example - is also going on in Europe in most intimate centres of power.

The time has come to act decisively with political momentum to enable the European ICT infrastructure to stand on its own two legs. With independent power and data centre resources, resilience to spying attacks and other forms of cyber war can be strengthened. Without doubt, cloud computing is at the forefront of today's ICT development. In Europe we need this long overdue change to a private cloud industry "Made in Europe" - the signs of the times are looking good for Europe.

The further raised awareness of data protection in European businesses and citizens has resulted in the Brussels EU administration pushing to extend the "digital privacy regulation". In parallel the confidence of the European economy in cloud computing should be strenghened. The message from Neelie Kroes (Vice Commission President, responsible for telecommunications and information policy) and fellow Commissioner Viviane Reding (Vice Commission President responsible for justice) amounts to a similar conclusion from the espionage incidents: A European cloud will only be able to establish itself against the US dominance if it is governed by strict European rules, which American cloud providers with data centres in Europe also have to adhere to.

Call for European Cloud

At the call for a European cloud Thierry Breton, the former French finance minister and current CEO of the information technology company Atos, made a weighty proposal: "We need a Schengen for data." Just as citizens from 26 European countries may pass between Schengen internal borders without a passport, data should be able to circulate freely within a virtual free-trade area . This vision was in no way meant as protectionism from an economic point of view, but in terms of the security of customer information and cloud services in Europe. This would guarantee the highest possible protection for their data and secure access to this data Europe-wide.2

Even American analysts in the ICT scene fear that PRISM could prove to be a real boomerang for America’s up-til-now dominant cloud companies such as Amazon, Google, Microsoft and Apple, particularly regarding the attraction of non-US customers. The Europeans are rethinking - cost-effective data storage outside of Europe is being increasingly critically questioned.

If Europe has its own autonomous cloud infrastructure with a European set of rules that provided data security, access security, legal security and quality of security to users, then the incentives to store corporate data outside Europe and to face the uncertainties of barely contestable US law fall away.

The economic benefits of company size and associated scalability of software offerings repeatedly highlighted by the Americans - especially without significant European competitors - more a myth than truth. Neither Microsoft Office products nor database systems from Oracle or Cisco network components pass on any economic benefits from such mass production to the final consumer.

Start with United Clouds of Europe

Europe has an opportunity now to put "United Clouds of Europe" into motion. "United Clouds of Europe" provides a single legal framework and uniform technical standards. Under this "umbrella", any sized European cloud service providers can offer their services. This approach would offer the best interoperability from established standards, a variety of products with optimal comparability of offers and a common European marketplace. The "German Market Cloud Exchange" could provide a central trading place for cloud computing "Made in Europe" on the basis of these fundamental regional governance principles.

Examples from European industrial history show that standardisation can have resounding success in the world market. Today, GSM standards originally designed for Europe are a global standard. Other prominent European statements to the world market include EADS / Airbus and the globally designed independent European satellite navigation system "Galileo".

Of course, the US will initially perceive a European single rule book as an impediment to the dissemination of its cloud services. The US government and US companies thereofore constantly lobby against such movements.

Europe needs to create its own strong cloud infrastructure with fixed rules based on European principles. Europe needs to open the market to all providers who are willing to act in accordance with these rules and standards. If these two aims are implemented it will have two effects: Firstly, ICT Europe will generate jobs and thus gain ground on the USA other major ICT markets in Asia. Secondly, US suppliers operating in a strong Europe will very quickly make the necessary investments in order to comply with European laws in the specifications of their offerings.

The striving for autonomy in Europe's ICT requires appropriate funding. In the research, these budgets are added to the FP programs to meet the "Horizon 2020" targets. However, the funds for the development of open source software based on existing standards in standard areas such as Office programs are lacking. European authorities and companies pay billions of euros a year for office software products from Microsoft . These could be provided relatively easily and much more cost-effectively by European open source solutions. The funding of such developments could come, for example, from fines for market abuse.

EU wants to reform

The responsibility for penalties3 for market abuse are held by the European Commission (Vice-President Joaquín Almunia) and the Directorate General for Competition. Fines to the European Court of Justice do not currently flow to the affected companies (competitors), but to the EU budget and then to the Member States (affected markets) - but without earmarking. In both the network of national competition authorities (ECN - European Competition Network) andl in the EU Commission itself, however, a certain zeal for reform is evident : In the future, not only the earmarking of penalties, but also the limitation of business plans as a means of deterring abuse could be introduced.


1 The US surveillance programmes and their impact on EU citiziens‘ fundamental rights. Policy Department Citizien’s Right and Constitutional Affairs; Directorate-General for internal Policies (2013)
2 International Herald Tribune, Danny Hakim, „U.S. at odds with Europe over cloud computing – Digital Privacy becomes flash point in Brussels during regulatory debates“, 7th October 2013
3 Competitive policy in the European Union: Application of rules on competition, article 101-109 of the treaty on the functioning of the EU; article 102 "Abuse of market dominance" article 23 VO 1/2003