The technology industry has amassed tremendous power – largely underwritten by the rise of the Internet, the proliferation of new digital products and services, and massive amounts of data. American technology companies like Apple, Microsoft, Google, and Amazon as well as social media platforms such as Facebook and Twitter have become some of the largest and most profitable organizations in the world.
These technology giants are increasingly operating in ways that blur the boundaries of conventional industries, and obscure distinctions between public and private sector activities. The absence of consensus on the roles and responsibilities of the technology industry is generating tensions on both sides of the Atlantic— with significant implications for security, trade, and politics in the United States (US) and Europe. Without answers, the technology industry may be simultaneously creating security and insecurity in the transatlantic community.
The European Union (EU) has led much of the global charge against the American technology industry. Sometimes referred to as ‘techlash’, regulators have taken a historically strong position against American technology giants operating in the EU. It is argued that these powerful companies must be highly regulated in order to protect European social and economic values. Since the early 2000s, American technology companies like Amazon, Microsoft, and Google have paid billions of dollars in fines for antitrust violations, data-related privacy violations, and tax code violations in the EU. In order to retain access to the European single market, which is the largest international market for many American-based technology companies, the industry has generally complied with penalties imposed by the EU and is likely to continue doing so.
Growing concerns from policymakers and regulators about the need to control American technology companies however extend beyond Europe’s borders, as the technology industry is increasingly at odds with the US government. For instance, the current Administration has targeted the major online retailer, Amazon, suggesting that the company is in violation of American antitrust laws. Microsoft is also embroiled in a federal court case against the US government as a result of its refusal to comply with law enforcement over a request to access data stored in the company’s servers in Ireland. Facebook has been called to testify before Congress on several occasions— responding to questions about the company’s exposure to Russian interference in the 2016 Presidential Elections and recent concerns about data privacy, consent, and the third-party data use following revelations about Cambridge Analytica. Yet, some commentators like David Dayen have criticized the US Federal Trade Commission (FTC) and the Department of Justice (DOJ) for failing to take more decisive action against the technology industry, conceding a global leadership role to Europe.
Against this context, many American technology companies are becoming entangled in transatlantic security, trade, and politics. There are notable concerns from policymakers and regulators about these companies, the products and services they provide, and the powerful information they possess. Leaders in the transatlantic community are grappling with a wide range of interrelated and sometimes contradictory questions surrounding the technology industry:
Should technology companies be responsible for unlocking iPhones and providing access to encrypted messages on WhatsApp for security purposes? Should these companies be responsible for monitoring social media news feeds and removing content that promotes violent or extremist views? And what about companies who are refusing to comply with government requests to provide access to technology and data given their concerns about reputational damage to their business? And others that may be influencing political campaigns by allowing third parties to access vast troves of data?
In spite of similar questions and challenges, the ways in which governments on both sides of the Atlantic are coming to terms with these tensions has been fragmented. While the US has hesitated to impose new responsibilities on technology companies, leaders across Europe are calling on the technology industry to take decisive action. In the United Kingdom (UK), Prime Minister Theresa May has frequently asserted her position that technology companies must be responsible for filtering violent and extremist content from social media and removing encryption as a barrier to law enforcement. Although provisions in the Investigatory Powers Act of 2016 currently allow the UK government to make such demands of communications service providers, May has insisted that major technology companies have a responsibility to act voluntarily. French president Emmanuel Macron has echoed his support for May’s position, announcing that the UK and France would consider creating new legal liabilities for major technology companies. In Germany, the Network Enforcement Act, which came into effect in January 2018, now requires social media companies to filter online content at the risk of major fines. The General Data Protection Regulation (GDPR), which came into effect in May 2018, imposes comprehensive data privacy rules on technology companies operating in the EU.
Underlying these immediate tensions, however, is a deeper question regarding the extent to which pressures surrounding the technology industry are blurring the lines between the ‘everyday’ and the ‘exceptional’ – or what Jef Huysmans refers to as the diffusion of ‘little security nothings’. As technology giants take on responsibilities traditionally assigned to government, they become powerful securitizing actors. These private sector companies are asked to make determinations about what is ‘real’ and what is ‘fake’; what is protected within the ‘freedom of expression’ and what is illegal ‘violent extremism’; what is ‘ordinary’ and what merits ‘extraordinary’ response. Importantly, these security decisions are being made within the context of everyday interactions – through social media posts, emails, videos, and text messages – reinforcing Huymans’ concept of ‘little security nothings’ as well as what Stevens and Vaughan-Williams refer to as ‘the disruptive potential of non-elite knowledge’.
Embattled relationships between the technology industry and policymakers in the United States and Europe put transatlantic relations in a potentially fragile position. Ongoing and often-interrelated debates about encryption, online surveillance, censorship, and data privacy are ultimately manifestations of broader uncertainties about the roles and responsibilities of private sector technology companies in the twenty-first century. The questions surrounding these technology giants are likely to find different or incompatible answers in the US and in Europe – creating (in)security in the transatlantic community for the foreseeable future.