European Commission
Cecilia Malmström
EU Commissioner for Home Affairs
Rebooting Trust? Freedom vs. Security in Cyberspace
Panel Discussion/Munich
31 January 2014
There is sometimes a notion – as the title of today's panel indicates – that there is a trade-off between freedom and security. I disagree with this notion and will explain why.
First of all freedom requires security. Take the Internet as an example. While the net has totally changed the way we live our lives, it will not continue this way unless we make sure that we can secure people's ability to unrestricted access to the Internet so they can shop online, use social media and make sure that information flows in a safe way.
Secondly, security requires freedom and participation from the citizens. We have seen societies built on the idea that the less freedom you have the more secure the societies are. These are authoritarian regimes. And I would not say that these societies are more secure than ours.
Individual safety in those countries is undermined daily by arbitrary arrests and other human rights violations from those in power. There is also a tendency in those countries to censor the Internet.
So freedom needs security, and security needs freedom. And limiting one in pursuit of the other damages both.
When I think of the Snowden-debate and comments like finding the right balance between freedom and security, I come to think of one particular quote from Harry Potter.
I'm reading all the Harry Potter books for my children. They are not only exciting; at times they provide serious food for thought.
The professor at the school, Albus Dumbledore, at one occasion looks at Harry Potter and says "It is our choices, Harry, that show what we truly are, far more than our abilities."
And to me, this captures the debate on intelligence gathering and the wider issue of how we deal with security, but also data protection and privacy. It is the choices that show what we truly are, far more than our abilities.
It means that just because one can monitor everything does not mean it’s the right thing to do. For that matter, I do not think it's the most efficient way to enhance security.
So what are then the choices and security challenges the EU has to confront?
The first that comes to my mind is how we tackle terrorism and violent extremism. Europe is seeing a sharp increase in extremist views. An undoubted factor in this growth is the availability or radicalising material online. And we face similar problems of online radicalisation related to foreign fighters, going to Syria and coming back further radicalised and trained in violence.
The second challenge is how to ensure an open, free and secure Internet. Citizens and business must be confident that they can take advantage of all benefits from the Internet without anyone stealing their money or information.
We see that cybercrime is now one of the most lucrative sources of income for organised crime groups. This includes everything from massive attacks on banking systems to exploration of children.
But it's not just organised criminals; even state and non-state actors have quickly learned how to use the Internet for disruptive purposes. This can include everything from spying to get sensitive information, to damage critical infrastructure.
Preventing terrorism and strengthening cyber security are both societal challenges and therefore require a societal response. Traditional security actors, such as law enforcement, are still very important but they cannot do the job alone. Preventing young men from being inspired to go to Syria is for instance not something the police would be that good to do.
The way to secure this participation is to build partnership with the actors on whom we depend. So we need to enhance the circle of actors. To prevent terrorism, I have set up a network of experts with more than 700 practitioners from all over Europe. This includes law enforcement, social workers, health workers, academics as well as victims of terrorism.
Based on their advice the European Commission has just adopted a proposal for a European toolbox on how we can better prevent violent extremism and terrorism. Many of the actions suggested require participation from civil society and other actors like the private sector.
As this panel shows, with so many of the panellists from the tech sector, I'm convinced that we need much more cooperation with the private sector.When it comes to violent extremism the role of Internet is very important, both when it comes to radicalising and recruiting people, but also when we try to counter these attempts.
We have to go from talking about the industry to actually talking with them. Only then can we use our common knowledge to suggest smarter ways to address the problem.
This is why the EU will actually launch a dialogue with the tech industry and civil society. A first meeting will take place early next week.
In building cyber security and fighting cybercrime the role of the private sector is even more obvious. States and Governments can do a lot, and to give a few examples the EU has only in the past three years set adopted tougher legislation, set up a cybercrime centre in the Hague and developed an overarching strategy to explain how all pieces fit together. These are important steps but not enough.
We have to work more with the private sector. But let's be clear; this is a two-way street. While Governments need to accept that all problems cannot be addressed by legislation, the Tech sector has to assume an even greater responsibility in protecting the networks and help us educate citizens so they know how to act online. This includes simple things as changing passwords, having adequate firewalls and not responding to all sorts of scams taking place.
This brings me to the last and most important point. Everyone here knows that and effective security has to be built upon trust. This goes for cooperation with the private sector, with the citizens and of course with our partners.
The EU and the US have – and are – working very closely to address the threats we face. Without close cooperation we would not be able to achieve the same security as we do today.
But I would be lying to you if I said that our trust has not been damaged after the Snowden revelations. Because it has.
That said, I do see some promising signs that what is now happening in the US, and also in Europe for that matter, will result in security policies better anchored in privacy and adequate data protection.
And to end with professor Dumbledore and Harry Potter, we have choices to make. In making the right ones, we can start to regain the trust of civil society and between states. This way we ensure effective security that is achieved not at the expense of freedom and fundamental rights, but based on them.
Thank you.
1