Missing in Europe’s Tech Regulations – Security

Credit: Markus Spiske via Unsplash.
Credit: Markus Spiske via Unsplash.

In an interview with CEPA, President Toomas Ilves criticized the EU for failing to consider security risks in its recent series of landmark tech regulations.

European regulators aim to increase competition in digital markets and to oblige Internet platforms to take responsibility for the content they host. But President Ilves, a Distinguished Non-Resident CEPA Fellow, believes that the real motivation is to curb the power of US tech companies. This interview has been edited for clarity.  

Question: Do you think Europe was wise to move ahead with strict digital regulation, particularly at this sensitive moment in the wake of the Russian invasion of Ukraine? 

Ilves: Despite its attempts to talk about security, the EU has failed. All legislation from the EU has to be reviewed for its effect on climate. However, when it comes to security, there's no review of legislation, which is a fundamental flaw.  

The Digital Markets Act is a perfect example of applying 20th-century competition policy without thinking about security. For example, it goes after Apple for vetting its apps. Apple doesn't want to have to host apps that can be used for surveillance.  We cannot allow apps that help foreign entities listen to your conversations, or even shut down your electricity grid. But there seems to be no awareness of this in the legislation we have seen.  

Question: Why do you believe Europeans are so determined to ‘get’ the Americans? 

Ilves: The reason for US tech dominance has much more to do with the nature of financing in the United States versus financing in the EU. In the US, 80% of financing is private equity and 20% banks. In the EU, it’s the other way around.  

Let’s take the example of the hated Apple. In 1975, can we imagine a long-haired 25-year-old guy named Steve going into Deutsche Bank and saying, “My friend and I, we're building something called a personal computer in my garage, and I'd like to get around $50,000." You would be frog-marched out of there within seconds. In California, people were interested in investing some of their own money into it. 

If you're 55 years old and your mortgage is paid off, maybe you’ll get a loan in Europe. Startups have a really hard time finding financing, which is why they move to the US. When I was in office, I read in an Estonian newspaper that a college student had gotten $250,000 dollars for his startup idea. Since I was encouraging people to do this kind of thing, one afternoon, I invited him in for tea.  

“What are you going to do?” I asked. 

“Mr. President, I have to tell you, in two weeks I am moving to the US,” 

“Why are you doing that?”  

“Because this is the only way I am going to get funded."

He moved to the US, and six months later, he had $6 million. Three years later, he sold his company for over $100 million. That would have never happened in Europe. And now, his company is yet another big US company.  

We can’t legislate things like private equity into existence. Instead, what we do is take aim at our own security with the goal of “getting the Americans.” 

Question: What should Europe do to promote tech? 

Ilves:  When I saw the title of the ‘Digital Services Act’, I thought that this was finally going to be what we need, to create European cross-border digital services.  

Ten years ago, I talked with the Finish president. 

“You have digital prescriptions, and we see a huge proportion of the Finnish population travel to Estonia,” he told me. “Why don’t we build ours so both systems are interoperable?”  

Technologically, it would have taken a week or a week and a half to set up. But it took eight years, because there are many concerns around arbitrage in one country, or regarding subsidies. Today, this system now works on a limited basis between Estonia and three other countries (Finland, Portugal, and Croatia), which is a big step forward. If we take it a step further, what we really want to do is to make your medical records accessible in other countries, so that if someone goes to Greece and gets sick, he can authorize a Greek doctor to look at his records already translated into Greek. All of this has been technologically possible for over a decade but it needs a European legislative framework. We should be doing this sort of thing when we talk about digital services.  

Rather than legislating in the hope that someone might start something in Europe, and that it will be a competitor to Facebook, we should be making services available all across Europe. And that's what I thought the Digital Services Act should deal with. 

Question: What about the threat of Chinese tech? 

Ilves:  We have the Europeans hating the Americans, the Americans dissing the Europeans. We’re focused on each other. Meanwhile, China, with a 1.3 billion population is sitting here doing its thing. China has what I would call an algorithmic authoritarian model. We’re not building a model of liberal-democratic tech regulation. We’re building models of protectionism. We’re taking the Argentinian model of tech, the protectionist model of Juan Perón, who made Argentina go from one of the top ten most rich countries to one that never recovered after a hundred years.  

Question: And what about Russia? 

Ilves: I don’t think Russia is a problem with tech.  They have smart programmers. But they’re not anywhere technologically and I think they’re going to be more and more behind, especially with the sanctions. Their own tech scene is bad or underdeveloped. They can’t get their chips to the low nanometers.  They can’t produce anything of contemporary worth technologically.  

Question: But what about Russian cyberattacks? 

Ilves: Since the 2015 electrical system disaster, the Ukrainians have had much more sophisticated defenses.  When Finland was having a debate on NATO membership in the Parliament, they were under constant DDoS bombardment, which didn’t take anything down. Why? Because their defense mitigated these attacks.  

The other related factor is related to the primitive deterrent, mutually assured destruction. The Ukrainians are no slouches when it comes to cyber efforts. If you do something nasty to them, they can do something really nasty to you back.  

Cyber, as I used to say in a completely different context, is the Great Equalizer. Estonia may be very small, and we may not have many people, but we can still do a lot of damage if we choose. 

Question: And Russian disinformation – does it represent a significant threat? 

Ilves: As for disinformation, it has not gone away. There are places that are more susceptible and others less susceptible. I would say that the Baltic States, Poland, and the Czech Republic are pretty good at ignoring it. If you've been subjected to disinformation, then you end up recognizing it or even laughing at it. When Germany put a small contingent of troops in Lithuania, Russia Today started saying how the Germans have been raping Lithuanian women. The idea was to get the Lithuanians all worked up, but they knew that it was just Russian disinformation.  

Toomas Ilves served as president of Estonia from 2006 until 2016. He is now a Distinguished Nonresident Fellow at CEPA.