By Kulani Abendroth-Dias and Carolin Kiefer
If World War III will be over in seconds, as one side takes control of the other’s systems, we’d better have
Data, the food of all algorithms, lie at the core of cohesive EU and NATO AI strategies. Such strategies must encompass the regulation of data in high- and low-risk technologies with
and Romania have tested and often deployed AI and ML facial recognition tools, many of which were developed in the United States and China, for predictive policing and border control.3 AI and ML systems aid in contact tracing and knowledge sharing to contain the COVID-19 virus.4 However, the civilian and military strategies that drive use of AI and ML for the collection and use of data diverge across the member states of the European Union and the North a greater understanding of how data feed AI and ML technologies and systems, the results they produce become skewed. For example, a facial analysis and recognition system insufficiently trained to analyze and recognize women or people of color will often misidentify people in these populations, which could lead to inaccurate criminal profiling and arrests.7 Machines don’t make errors, but humans do. Policymakers need to rapidly identify parameters and systems of governance for these technologies that
maximize their efficiency while protecting civilian rights.
Growth in the development of AI-driven technologies has been exponential, but strategies to regulate their implementation have yet to catch up. The European Union and NATO need to develop coordinated, comprehensive, and forward-looking strategies based on data protection protocols to regulate AI use and deployment to counter myriad threats. Such strategies will be critically important if the transatlantic alliance is to adapt a common defense system to evolving threats in the digital age. Beyond Definitions
AI and ML are changing the security landscape-for example, by the deployment of disinformation to undermine political participation or of unmanned autonomous vehicles (UAVs), which may or may not operate as lethal autonomous weapons systems (LAWS). The states that are party to the Group of
Governmental Experts (GGE) on Lethal Autonomous Weapons
the smarter, faster, more resilient network. dual uses. They should guide policies governing predictive
or delivery within the European Union, Amazon policing, border surveillance, facial analysisand countering disinformation.6 and recognition now sells facial recognition cameras for door
locks, webcams, home security systems, and office To regulate data use effectively, policymakers need to attendance driven by artificial intelligence (AI) better understand the technical, political, economic and
and machine learning (ML)-powerful tools with civilian 2 social risks and biases in data collection methods. Without and military purposes. Germany, France, Spain, Denmark
Atlantic Treaty Organization (NATO).5
(LAWS), which aligns its work with the Convention on Certain Conventional Weapons (CCW), have devoted considerable attention to defining autonomous weapons. Unfortunately, the group has not yet paid enough attention to the data. Prolonged focus on what constitutes LAWS rather than the data that drive them impedes the important investigation of how best to regulate the technologies’ rapid development and use for security and defense. Discussion of the types, limits, and biases of data that drive AI and ML is pertinent throughout the myriad sectors in which they find application.8
Recently, the GGE took steps to move the debate from definitions of autonomous systems to why data matter. In 2020, it decided that the 11 guiding principles that frame the development and use of LAWS needed no further expansion.9 The group agreed to give greater attention to how the principles can be unpacked. It decided to distinguish between high- and low-risk AI technologies and gain a better understanding of dual-use technologies.10 Differentiating between uses for civilian and military operations should focus on how data will be mined and drive algorithms at both levels.11 NATO and the European Union should lead in facilitating these discussions and regulations.
According to the European Commission’s February 2020 white paper on artificial intelligence, “Europe’s current and future sustainable economic growth and societal well-being increasingly draws on value created by data…. AI is one of the most important applications of the data economy.”12 However, the report concludes, for AI to “work for people and be a force for good in society” it must be trustworthy.13 It highlights “trustworthy AI” 27 times in its 26 pages.
Governance of data is key to this trust.14 The EU General Data Protection Regulation (GDPR) was a step in the right direction, but it needs to be expanded to cover AI and ML data collection and use in national and international security contexts. Close consultation and data coordination between the European Union and NATO is integral in this regard.
An understanding of who drives the development of AIdriven technologies for European security and how they are funded can illuminate the political, technical, and social, and legal bottlenecks confronting EU and NATO data regulation, both in the member states and at a supranational level. While the defense sector has traditionally driven technology innovation, private companies have taken the lead in recent years. 15 According to the OECD, Google, Microsoft, Amazon, and Intel have spent more than $50 billion a year on digital innovation.16 This sum dwarfs the ‚Ç¨13 billion budgeted by the European Defense Fund (EDF) for 2021-27 – for defense spending in general, not solely for AI-driven technologies.17 NATO and the European Union should pay particular attention to these private-sector actors when developing policies for data protection and strategies to encourage US and European technological innovation. NATO and the European Union should work with the CCW GGE to determine clear operational distinctions between the commercial and military uses of data for AIdriven technologies.18 NATO and the European Union need comprehensive, legally enforceable AI strategies to regulate the use of data and the integrity of information networks to better protect their citizens while keeping the Alliance agile.
The Way Forward
In EU and NATO contexts, the development and implementation of dual-use technologies and cyberprotection policies remain fragmented. This fragmentation could undermine the ability to respond to evolving threats to European security and stability. Examples abound: Cambridge Analytica’s involvement in Britain’s Leave Campaign, radicalization via social media, the politicized use of data via hybrid-use platforms to influence behavior (from political participation to violent action), and targeted cyber-attacks and disinformation campaigns in the Visegrad Four and the Baltic states.19 Therefore, coherent EU and NATO AI strategies require the regulation of the data that drive emerging technologies. Regulation to promote network integrity and protect data access must be key tenets of EU and NATO strategies to deploy AI that can react faster and more effectively in the face of new security threats.
AI and ML systems are valuable, as demonstrated by their use in contact tracing and knowledge sharing in the search for a cure during the Covid-19 pandemic.20 For the transatlantic relationship to thrive, NATO and the EU must work together to develop coordinated AI strategies that address appropriate use and misuse of data. As the EU and NATO develop these strategies, they should focus on five activities:
Govern the use of data in dual-use technologies.
While AI strategies may sound exciting and innovative to policymakers and the general public, responsible data use sounds less so. Yet it is essential. EU and NATO strategies need to distinguish between high- and low-risk technologies, dual- and hybrid-use platforms, and the types, limits, and mediums by which data can be collected and anonymized (or at least kept confidential) for civil and military uses. These limits need to be developed and regulated in discussions with civilian and military actors who are mining data across sectors, from the traditional security and military arena to healthcare, logistics, and entertainment companies. Discussions should include how the rights of citizens and those residing in NATO and EU countries-e.g., lawful migrants, asylum seekers, refugees-will be protected.
Acknowledge bias in datasets.
There should be a comprehensive discussion on how bias in datasets influences the training of algorithms, which in turn influences security targets and undermines the integrity of a system. Policymakers, human rights actors, and technology developers should be in the room for this discussion. An awareness of these biases within security forces can help them better evaluate the outcomes the algorithms produce, interpret targets with caution, avoid errors, and generate more effective responses.
Ensure purpose-limited data collection and sharing.
Personal data collected and tracked for specific purposes (e.g., contact tracing during a pandemic) should generally not be shared and used for other purposes. Where an overlap in data collection is deemed necessary for EU-NATO security purposes, tight regulations for civilian protection should spell out where, with whom, and for how long the data can be stored, with strong legal and operational deterrents for backdoor access to data. Private-sector companies should limit how data are used to influence behavior: Should they be used in political campaigns the same way that they are used to nudge consumer behaviors on what to buy? The European Union’s GDPR sets up important rules in this regard. It can be viewed as the cornerstone of an EU-NATO strategy for the development and regulation of AI for security and defense.
Adapt traditional defense and deterrence strategies to the digital age.
The evolving nature of security threats in the digital age calls into question traditional strategies of defense and deterrence. Collaboration between NATO, the European Commission, the European Defence Agency (EDA), the Permanent Structured Cooperation (PESCO), the Coordinated Annual Review on Defense (CARD) and technology developers should focus on efficiency-trimming current weapons systems and technologies used by the European Union on the battlefield and in the cyber realm while using AI and ML to inform strategy. The weaponized use of social media data must be addressed, not solely via counternarratives but by working in concert with social media companies to develop AI and ML techniques to identify and shut down fake news at the source. The integrity of networks set up by actors outside of NATO member states needs to be raised as a security concern as well, including incentives to drive the local business development of such networks.
Build trust via counter-AI agencies to protect citizen rights and detect AI-driven forgeries.
Agencies that currently promote the responsible use of AI need to work in tandem with NATO and EU agencies to develop comprehensive AI strategies. The strategies should promote digital literacy, advance critical thinking through online modules, and publicize the precautions NATO and the European Union are taking to protect citizen data in order to build public trust. Partnerships between EU, NATO, and such agencies need to go beyond traditional NGO-security agency relationships to integrate AI protection mechanisms into security policy itself. Ideally, these organizations would work with NATO partner countries to better identify targets, weaknesses, and priorities to build resilient intelligence architectures.
Map the development and use of AI-driven technologies across EU and NATO member states.
NATO security operations are in place at member state borders. However, most of the AI technologies being developed, test, or adapted are deployed within France and Germany, key EU member states. AI-driven security threats differ across states, especially disinformation. For example, the content, medium, and speaker of disinformation shared in the Czech Republic may differ considerably from disinformation shared in Germany. Adapting traditional deterrence strategies to the digital age requires an understanding of the contextbased nature of these threats. It is therefore integral to include experts across the EU and NATO member states in the development and implementation of AI strategies. A comprehensive mapping of the security threats faced-and development and use of AI-driven technologies to combat such threats across EU and NATO member states-can help better train personnel and develop more targeted solutions and localized data protection policies.
The digital industry is already transforming the Alliance. NATO is essential to setting up a coordinated structure to develop and regulate AI- and ML-driven technologies for NATO members’ security and defense. While sociopolitical and economic priorities in the development and regulation of AI vary across sectors and countries, awareness of the use and misuse of data in driving AI-and ML-driven technologies is a common thread that binds these debates together. The use of data fed into a system run by AI and ML technology can have vast implications for the nature of future security threats and the development of technologies to combat them. Cohesive EU and NATO strategies for AI will determine how strong and agile the Alliance will become.
Pedro Domingos, The Master Algorithm: How the Quest for the Ultimate Learning Machine Will Remake Our World (New York: Basic Books, 2015).
See Daniel S. Hoadley and Nathan J. Lucas, Artificial Intelligence and National Security (Washington DC.: Congressional Research Service,
2018); Greg Allen and Taniel Chan, Artificial Intelligence and National Security (Cambridge, MA: Belfer Center for Science and International Affairs, 2017). Artificial intelligence comprises a vast number of fields, including machine learning, natural language processing, robotics, computer vision, and knowledge representation and reasoning. In this policy brief, the authors largely refer to the use of AI- and ML- driven technologies for EU and NATO security and defense.
Steven Feldstein, The Global Expansion of AI Surveillance (Washington, DC: Carnegie Endowment, September 2019).
The Cybersecurity Strategy of the Visegrad Group Countries Coronavirus, Artificial Intelligence web page (April 12, 2020).
Raluca Csernatoni, An Ambitious Agenda or Big Words? Developing a
European Approach to AI, Egmont Security Policy Brief No. 117 (Brussels: Egmont Royal Institute for International Relations, November 2019).
Michael Chui et al., Notes from the AI Frontier: Insights from Hundreds of Use Cases (New York: McKinsey Global Institute, 2018).
Philipp Gr√ºll, “Germany’s Plans for Automatic Facial Recognition Meet Fierce Criticism,” EURACTIV (January 10, 2020).
Ajay Agrawal, Joshua Gans and Avi Goldfarb, Prediction Machines: The Simple Economics of Artificial Intelligence (Cambridge, MA: Harvard Business Press, 2018).
See the UN’s 1980 Convention on Certain Conventional Weapons.
German Federal Foreign Office, Chair’s Summary: Berlin Forum for Supporting the 2020 Group of Governmental Experts on Lethal Autonomous Weapons Systems (Berlin: German Federal Foreign Office, April 2020).
United Nations Institute for Disarmament Research, The Human Element in Decisions About the Use of Force (Geneva: UNIDIR, March 2020).
European Commission, On Artificial Intelligence: A European
Approach to Excellence and Trust, white paper, COM (2020) 65 final (Brussels: European Commission, February 19, 2020), p. 1. See also European Commission, A European Strategy for Data, COM (2020) 66 final (Brussels: European Commission, February 19, 2020).
EC, On Artificial Intelligence, p. 25.
Dieter Ernst, Competing in Artificial Intelligence Chips: China’s Challenge amid Technology War, Special Report (Center for International Governance Innovation, March 26, 2020).
Organization for Economic Cooperation and Development, Private Equity Investment in Artificial Intelligence (Paris: OECD, December 2018).
European Commission, European Defence Fund (Brussels: European Commission: March 20, 2019). Arguably, Washington would do well not to view the EDF with suspicion and skepticism but rather as a vehicle to stimulate more transatlantic discussion on “home-grown” innovation and development.
Daniele Amoroso et al., “Autonomy in Weapon Systems: The Mili-tary Application of Artificial Intelligence as a Litmus Test for Germany’s New Foreign and Security Policy,” Democracy Vol. 49 (Heinrich B√∂ll Foundation, 2018).
Marek G√≥rka, “The Cybersecurity Strategy of the Visegrad Group
Countries,” Politics in Central Europe Vol .14, No. 2 (2018), pp. 75-98. See also Alistair Knott, “Uses and Abuses of AI in Election Campaigns,” presentation, N.d.
Council of Europe, AI and Control of Covid-19.