Von der Leyen Wins: Something for Everyone in Europe to Hate!

Europe has selected a new president of the European Commission. Last night, German Defense Minister Ursula von der Leyen won support from a majority of members of European Parliament to lead the executive body that shapes policy for the world's largest economic bloc. The final result was a close shave, however — she won by a margin of just nine votes out of 757 — and there's something in the outcome for everyone to hate.

For many anti-EU populists, von der Leyen's appointment confirms their view that the EU is undemocratic and doesn't respect ordinary citizens. Why? Because she wasn't selected by the voters who went to the polls in the recent EU parliamentary elections — or even indirectly by the lawmakers who won those seats. She was hand-picked by leaders of the 28 EU member states, who side-stepped parliament after better-known candidates chosen by various political factions within the legislature failed to attract enough support from the national governments. Anti-EU politicians like France's Marine Le Pen will spend the next five years reminding us that von der Leyen's presidency reflects everything that's wrong with Brussels.

For Angela Merkel, Emmanuel Macron, and other European leaders who backed von der Leyen, her narrow margin of approval gives her a weak mandate as she confronts huge challenges such as the EU's fraught relations with the US and China, showdowns over Italy's budget, erosion of the rule of law in Hungary and Poland, the economic and political fallout of the UK's exit (or not) from the bloc, and the EU's drive to regulate Big Tech.

Von der Leyen herself, who is from the center-right, made significant concessions to get her nomination through with parties that are deeply suspicious of her. Those included a promise to propose a so-called "green deal" within her first 100 days in office, reform the minimum wage, and launch a push for EU-wide legislation on artificial intelligence. Von der Leyen also pledged to reform the process for selecting future candidates for Commission president and to give the EU Parliament a "stronger role in shaping and designing" the EU's future. Now that von der Leyen has secured the closest thing the EU has to a top job, she'll be spending much of her political capital trying to deliver on those promises.

What Climate Change can Teach us About Securing Global Tech

I'm just back from a week in Rwanda, where I spoke at a conference on technology and economic development. One of the big questions was how countries that are working their way up the economic ladder should balance the need for better access to digital technologies with the need for those technologies to be secure and trustworthy. The discussion reminded me of another big policy challenge facing governments around the world: climate change.

How so? Well, climate policies today ask poorer, developing countries to swap the easy gains of fossil-fuel-powered growth that helped make rich countries, well, rich in the first place for something more sustainable (read: more expensive). The dynamics in tech are similar: today's tech giants got huge and rich countries a lot richer during a period of digitally-fueled growth marked by poor cybersecurity and little regard for consumer privacy. But now the US is demanding other countries reject the most economical (Chinese) options for building 5G networks, while European regulators are setting tougher standards for data privacy that are having ripple effects around the world.

The US crackdown on Huawei reflects a concern (overblown or not) that allowing the Chinese tech giant's cut-price gear into next-generation data networks poses unacceptable security risks. Ditching Huawei in favor of Western suppliers, or imposing tougher security standards across the board, as some European countries have proposed, might ease security fears — but could be cost-prohibitive for many countries in Africa.

The EU's tough data protection rules, similarly, aim to shore up online privacy. But they'll come at a cost as popular online services are forced to hire more compliance staff and rethink their business models. Attempts to establish similar protections in African countries might limit tech companies' appetite to provide innovative services there and in other regions where the digital economy is still just starting to gain steam.

Viewed through this lens, it's easy to see why developing countries might be loath to abandon cheaper Huawei equipment for 5G or adopt strict, European-style privacy practices around personal data. Rich countries that have already benefitted from decades of digital innovation and economic growth under the old system are in a better position to cope with the shift towards tougher security and privacy standards. Just as with climate change, the cost of transitioning to a more sustainable model could end up falling hardest on developing countries, where millions of people have yet to fully reap the benefits of an earlier, more carefree age.

Trump Takes his Foot off Huawei’s Neck — and Catches Hell for it

As US-China trade talks sputtered back in May, the Trump administration banned Chinese tech giant Huawei from acquiring US technology. The move, which threatened to cripple the company and crater China's plans to lead the world in next-generation 5G network technology, prompted high-fives from US national security hawks, who view Huawei, and China more broadly, as security threats — "strategic competitors," even.

Read Now Show less

Trump Throws a Cyber Jab at Iran

The cyberattacks reported by Yahoo News on Friday and by others in recent days targeted Iran's Islamic Revolutionary Guard Corps and a proxy militia. Although this isn't the first time the US has used its cyberweapons against Iran — back in 2010 the US and Israel hit Tehran's covert nuclear program hard with a computer worm called Stuxnet — the decision to unleash a cyberattack while refraining from a conventional military response raises some interesting questions:

Why launch a digital strike? It sends a message — but stops short of outright war. President Donald Trump didn't want to further escalate the conflict, but he did want to respond to the triumphant downing of an unmanned US drone, as well as to the tanker attacks that his administration has blamed on Iran. While computer code is undoubtedly dangerous — knocking out a power grid could easily kill thousands of people — dropping a payload of malicious ones and zeroes isn't nearly as provocative as physically bombing the country and killing people.

What next? Expect more digital shenanigans from both sides. Iran has history of launching disruptive cyberattacks against the US and its allies (and companies), and US officials are already warning of more. As Trump runs out of parts of the Iranian economy to sanction (see Hard Numbers, below), he'll likely see cyber as an increasingly attractive option: it can hurt Iran without provoking precisely the kind of wider war that he says he wants to avoid.

What could possibly go wrong? The first worry is collateral damage. Malicious code is hard to control once it's been released "in the wild," and it can affect systems that attackers didn't intend to hit. That leads to the other problem: unintended escalation. Cyberspace is a domain of conflict with few if any real rules, and no consensus on what constitutes an appropriate response to a damaging cyberattack. Put these two risks together, and what looks like a convenient way to smack an adversary without sparking an armed conflict could accidentally spin out of control.

Facebook’s High-risk, High-reward Crypto-gambit

Facebook unveiled plans for a new cryptocurrency and payment system on Tuesday. It's called the Libra, and it's not-so-modest goal is to "reinvent money," and "transform the global economy" so that "people everywhere can live better lives." Ambitious much, Zuck?

This is a huge political gamble, but the rewards could be enormous. Here's a quick look at the tradeoffs:

The risks: Facebook is asking its 2.5 billion users — and government regulators — to entrust it with something that's vitally important to people everywhere and a power that governments jealously protect: access to money. And it's doing so at a time when trust in Facebook and other big Silicon Valley companies is at a low ebb.

Whether it's a concern that Big Tech has become too powerful or that it's not doing enough to protect privacy or put a stop to fake news, it's a heck of a time to launch a new techno-utopian project that could give Silicon Valley much more power — including the ability to track not just what people say they like but how they spend their money.

Mark Zuckerberg understands this — the Facebook founder is setting up Libra as a Swiss-based non-profit that will be governed by an "association" of 28 tech and financial companies and non-profits of which Facebook is just one member. He's also promising that Facebook will not mix personal data with payment information, and to cooperate with regulators.

But this will always be Zuckerberg's baby, and by launching Libra, he's painting a big new political bullseye on his own back.

The payoff: If Libra can survive the inevitable political and regulatory storm (and convince its billions of users that they can trust the underlying technology and financial stability of the new cryptocurrency) the upside could be enormous.

How enormous? The Libra website claims that more than 30 percent of the world's population — about 1.7 billion people — currently lack access to traditional bank accounts. Many more pay steep fees to transfer money using traditional payment services. Libra, by contrast, promises access to anyone in the world with a simple smartphone — and to make payments as inexpensive as sending a text message.

Plug those capabilities into a social network whose user base is roughly double the population of the biggest country in the world, and the results could be revolutionary — not just for billions of people who would gain new access to financial resources, but for Facebook's business model, and for central banks and governments that have traditionally sought to control the flow of money through their economies.

That would be a techno-utopian dream come true, but it's a power that governments won't willingly surrender.

All Up in Russia’s Grid

If Willis's story on Tuesday about Argentina being plunged into darkness after a nationwide power failure didn't get you packing a flashlight and checking that your car has a full tank of gas, this one should. Over the weekend, the New York Times said anonymous US officials had revealed a US campaign to plant "potentially crippling malware" inside Russia's power grid "at a depth and with an aggressiveness that had never been tried before."

Quick thoughts:

This is a big provocation. It's the cyber equivalent of mining a harbor — an aggressive move that falls short of actual conflict but sends an unmistakable message: mess with us, and we'll mess you up.

The leak was probably intentional. The campaign fits with the new US strategy, launched under the Trump administration, of trying to deter cyber adversaries like Russia, China, and Iran from hacking its critical infrastructure. By disclosing the US campaign, US officials are effectively telling Russia (and by extension China and Iran), that they've got a loaded gun cocked and pointed at their economies.

That's dangerous. People — and governments — may not always behave rationally when a gun is pointed at their heads. Russia might be even more inclined to lash out. And unlike more conventional forms of conflict, cyber isn't a domain where the US can be sure it has an overwhelming advantage if push comes to shove.

It gets worse. The Times said US cyber officials described a "broad hesitation" to go into details of cyber operations against Russia with President Donald Trump because they feared he might cancel it or tell other governments about it. Among other things that are disturbing about this story, a lack of communication between the President and US cyber warriors could send mixed signals that further embolden US adversaries.

The Graphic Truth: Who’s Hacking Whom?

It's no secret that cyberattacks are becoming more commonplace. But where do most of them originate and what countries do they target most? The graphic above shows the most significant offenders and victims since 2006. Hackers in China, Russia, Iran, and North Korea account for three-quarters of all major attacks. Nearly a fifth of attacks, meanwhile, have targeted institutions or companies in the United States.

(At least that we know of: this chart highlights known attacks on government agencies, tech companies, and other operations that caused more than $1 million in economic damage. But many cyberattacks are never disclosed, and some countries are more transparent than others, so consider this a cross-section of a much bigger — and more disturbing — picture.)