How do private and often foreign tech companies get crucial positions in EU security provision?
///

Beware of false promises: The reality of technological solutions in digital security

Is there a need to reassess the involvement of private and foreign tech companies in EU cyber security?

Digital technologies pose both risks and opportunities for security: Risks emerge from savvy cybercriminals, tech companies that occupy key positions in critical infrastructure, or foreign intelligence services that gain access to sensitive data. At the same time, there are increasing opportunities to use big data analyses and artificial intelligence tools in the fight against terrorism and crime.

To mitigate these risks and take advantage of emerging opportunities, public authorities in the EU often collaborate with private technology firms that own critical digital infrastructures and have the knowledge to evaluate security-related information. However, there have been reports of problems with performance, worries about data protection, and delays in progress.

This creates a dilemma for public actors: On one hand, they are dependent on the expertise and capabilities of private companies to tackle security challenges. On the other hand, public actors need to exercise control to ensure adherence to accountability and legitimacy standards and public interests. However, overly restrictive regulations can limit private actors’ ability to solve security challenges. In short, public authorities face trade-offs between competence and control.

In our research, Timo Seidl and I show how private actors use their power to influence public actors, often framing themselves as necessary and effective in solving security challenges.

Technological solutionism: exploiting uncertainty

While technological and data-driven solutions are heralded as essential for solving complex societal challenges, such as the COVID pandemic or urban transportation, the capabilities of technology are still unclear. This uncertainty provides openings for companies to establish themselves as problem-solvers to get lucrative public contracts.  

A commonly used strategy to influence is the presentation of solutionist arguments. Solutionism suggests that every problem can be solved by a technological solution – while simultaneously allowing companies to make a profit. To convince public officials to grant them key roles in EU security provision, private companies thus need to achieve three things: 

First, they need to depict security problems as problems that are amenable to technological solutions. Security problems are not simply ‘out there’, demanding specific solutions. Instead, they are constructed and framed in ways that make certain ‘solutions’ seem necessary and effective.

Second, they must show that only they can provide such a solution – promising a technical fix. Private actors may use solutionist arguments to inflate their capabilities or downplay the risks of their technologies.

Third, they also need to highlight the compatibility between their own economic interests and the broader political or normative interests of public actors, thus reducing the perceived need for control by promising a win-win. 

If successful, this can lead to a narrow focus on specific technological solutions while limiting the critical evaluation of their effectiveness in addressing digital security challenges.

Credit. Lexica art

Palantir in EU law enforcement

In two case studies, we trace how private actors use ideas to shape public-private relations. The first case study focuses on the involvement of Palantir in European law enforcement. Palantir is a software company that develops tools for data visualisation and analysis. The company is contested due to its origins in US intelligence and its influence in Europe

Palantir has frequently used solutionist arguments to promote its technologies as necessary for addressing complex security challenges, such as fighting terrorism and organised crime. The company has also worked hard to establish itself as privacy-preserving, setting up a Privacy and Civil Liberties Engineering Team and emphasising its commitments to European values and the EU’s digital sovereignty. However, critics have raised concerns about the lack of transparency and accountability regarding the company’s cooperation with EU security authorities. 

Security agencies in Europe, including Denmark, France, and Germany, have widely used the company’s products. The European Police Office Europol started using Palantir’s software Gotham in 2016 for counterterrorism purposes but stopped in 2021, seemingly due to performance issues. In Germany, the Bavarian police are continuously paying licensing fees despite never having started using the software, as a recent ruling found current data mining processes too expansive.

Cloud security and Gaia-X

The second case study examines the prominent role of (foreign) tech companies in the cloud project Gaia-X. The current dominance of major foreign tech companies has been increasingly perceived as a geoeconomic and geopolitical challenge. To foster European digital sovereignty, Gaia-X aims to offer a decentralised and interoperable platform for cloud service providers. 

While receiving significant public funding, Gaia-X is a privately run project. In addition, major foreign techs companies such as Amazon, Google, Huawei, Microsoft, and Palantir have become dominant in shaping the project’s technical design. Although their inclusion was contested, both public and private actors argue that their participation is indispensable and desirable.

Private companies have successfully used solutionist rhetoric to promote their technologies as essential for securing Europe’s digital infrastructure. For example, they suggested that the best way to ensure successful European companies is by allowing them access to the world’s most advanced technology. However, questions have been raised about the potential risks of relying on foreign tech companies in a critical area of security governance. 

In addition, the project seems to be progressing slowly due to internal fighting. Thus, despite the inclusion of these competent actors and limited control, the project seems to be failing to fix the problems it was intended to solve.

Conclusions

As digital technologies continue to transform security governance, private companies attempt to shape public perception of their competencies and intentions. They often rely on technological solutionism to promote their products as necessary and effective solutions to digital security challenges. 

However, this narrow focus may crowd out alternative approaches and gloss over critical evaluation of private actors’ capabilities and intentions. In order to promote security decision-making that is more inclusive, transparent, and accountable, it is crucial to thoroughly analyse security issues and determine which solutions and actors are best suited to address them. At the same time, it is important to leverage the potential of digital technologies for security governance.

🔬🧫🧪🔍🤓👩‍🔬🦠🔭📚

Journal Reference

Obendiek, A. S., & Seidl, T. (2023). The (false) promise of solutionism: Ideational business power and the construction of epistemic authority in digital security governance. Journal of European Public Policy30(7), 1305-1329. https://doi.org/10.1080/13501763.2023.2172060

Anke S. Obendiek is a postdoctoral researcher at the Centre for European Integration Research at the University of Vienna. She holds a PhD from the Hertie School, Berlin, and her book, "Data Governance: Value Orders and Jurisdictional Conflicts," was published by Oxford University Press in 2022. Her research focuses on digital policy and data governance from a global perspective.