Guten Morgen! 

Welcome to another edition of the Krautshell! We hope you enjoyed last week’s “excursion” into some of the lighter aspects of our work over the years, because we’re back on the cold hard ground of political realities (though we’ll cheer you up along the way). This week, Max reflects on the sixty-year anniversary of the Cuban Missile Crisis and draws some uncomfortable conclusions about Putin’s recent nuclear threats. In our main articles, we discuss President Biden’s most recent initiative on transatlantic data transfer and how it has been received in Europe, the German liberal party’s struggles following yet another election defeat, and the latest scandal involving the Federal Office for Information Security and some shady Russian contacts. Also, Szilvia’s WOOM takes a closer look at the scandal around German cybersecurity and how big of a scandal it actually is. We hope you enjoy this week’s episode of the Krautshell.

As always, have a great weekend!

Anna                                Christian

One (Executive) Order of Privacy Shields, Please!

Back in March, we reported that a provisional agreement had been reached between the US and EU regarding the transfer of data between the two continents. We promised more details in due time, and due time it is! So, as the French say: voilà.

First, in case you missed it and have no idea what we’re talking about, in a [Kraut]shell: the US and EU have had two agreements over the years to facilitate data transfer across the Atlantic. Both times a very ambitious Austrian came along and struck them down in court. This made using US-based services in Europe quite the headache.

Therefore, a few days ago President Biden swooped in with one large executive order-sized painkiller to rekindle the 7.1 trillion-dollar EU-US economic relationship. In this executive order, the Biden administration introduced a number of safeguards to protect European citizens’ data when stored in the US which, according to US officials, directly address previous queries. For example, one major complaint from the European side over the years has been that US intelligence services theoretically have unfettered access to private data. The solution: intelligence services may only access EU citizens’ data in pursuit of clearly defined US national security objectives. Also, European citizens can now file lawsuits against US authorities if they believe their privacy rights are unlawfully being breached.

Finally, the really interesting part: as per this new agreement, US authorities can turn the tables and evaluate protection of US data in Europe. After years of Europeans’ holier-than-thou attitude, you can expect some in-depth audits from the US side to see whether European actors follow their own bible of data privacy, the GDPR. To be honest, given the complexity of GDPR we’re not so sure that’s always the case – there will surely be some Schadenfreude.

And then I’ll Make My Party… *Disappear*

Last weekend, the Free Democratic Party (FDP) failed to reach the 5% hurdle in the Lower Saxony state elections. This poor showing offers the perfect opportunity to critically analyze where the FDP went wrong, as the party, which is part of the current federal governing traffic light coalition, has been tanking in the polls.  

Historically speaking, you can say the magic number for the FDP is 8% (we’re not data scientists so but just roll with us here…). Anything above this is considered “positive,” and anything below it is a disappointment. Currently, the FDP can’t convince its traditional base to vote for the party, much less bring in undecided voters into the boat. Long-time FDP supporters will point to a laundry list of problems, mostly aimed at the FDP’s federal politicians, to explain why they’re pulling back their support: broken promises about COVID measures, increasing levels of government debt, and failure to lighten the taxation burden on the general population.

Those from outside the FDP looking in (and also partially those inside the party) see two very clear developments: a party that is rapidly losing its raison d’être, and a party that, in an effort to stick to some last remnants of its identity, constantly throws obstacles in the Traffic Light Coalition’s way. The FDP seems to believe that the only way to bolster support is by sticking to its traditional positions at all costs, but many see this choice as their Achilles’ heel.

FDP Chairman and Finance Minister Christian Lindner is the embodiment of this choice – as he has clearly chosen a war path. After the measly state election performance this weekend, he made it apparent he believes sowing division is the path towards increased support: “[I]t’s not the FDP that has a problem, but the traffic light as a whole that has to face the challenge of achieving more support in Germany for its policies.” Agree to disagree, Mr. Lindner.

German Cybersecurity – A Joke with Hardly Anything to Laugh About

As you know, we have a counterpart to every good US format. With his show “ZDF Magazin Royale”, Jan Böhmermann is our version of John Oliver’s Last Week Tonight (where Böhmermann was actually once featured, even though without being explicitly named). The show works together with investigative journalist teams and brought up a spicy piece about German cybersecurity last weekend. 

The BSI (Federal Office for Information Security) with its 1,100 employees is mainly responsible for cybersecurity in Germany. For instance, it certifies security applications developed by private companies that want to sell them to other companies or even government agencies. The president of the BSI, Arne Schönbohm, is now about to be sacked as Böhmermann’s show indicated he has too close ties to Russian intelligence. In 2012, four years before he became president of the BSI, Schönbohm founded the “Cyber Security Council of Germany e.V.”, which sounds very official but is actually only an industry association. Schönbohm’s industry association is now headed by a good friend of his who seems to have close ties to former Russian KGB officials and generally promoted the idea of working closely together with Russian intelligence services. 

Böhmermann made his case by referring to a company called “Protelion” which is a member of the dubious industry association. Protelion was actually called “Infotecs” until March 2022 and is the subsidiary of a Russian cybersecurity company (also called Infotecs #surprise) which was founded by former KGB member Andrey Chapchaev and is allegedly working with the FSB. Especially these days, the developments are embarrassing for the federal government, even though – to be fair – we need to acknowledge the decision to make Schönbohm head of German cyber security wasn’t made by the current government.

Source: Statistisches Bundesamt

by Max

Cuba Revisited

Sargasso Sea, 27 October 1962. Depth charges shake the hull of a Soviet Foxtrot-class submarine on route to Cuba. The crew huddles in fear as oxygen runs low and temperatures rise above 100 degrees. Anxious whispers: “Has the war already begun?” The vessel finally surfaces across from a destroyer tasked with enforcing the American blockade of the island. Search lights are crossing above the waves. Expecting an imminent attack, the Soviet captain orders a nuclear torpedo prepared for launch. As the Soviet officers slide back down to the bridge, towards nuclear war, the signals officer gets stuck in the conning tower with his searchlight. In the nick of time, a 23-year-old sailor aboard the American destroyer realizes what’s happening and flashes a reassuring signal just as the Soviet ship submerges. Last to leave the conning tower, naval officer Arkhipov sees the signal and cancels the order. Armageddon averted.

Yesterday marked the sixtieth anniversary of the beginning of the Cuban Missile Crisis. As a history student in London, I never tired of reading harrowing stories in which a stuck searchlight or brave insubordination brought the world back from the nuclear brink – in the knowledge that these were safely buried in the past. But the threat we face in October 2022 is as great as any in living memory, and leaders in Europe and the US seem woefully unprepared to deal with it. Time for some unpleasant realities. 

Russian forces are currently in retreat across large parts of the front line, driven back by a Ukrainian military equipped with western arms and guided by western battlefield intelligence. In response to these setbacks, Vladimir Putin has threatened to use “all forces and means” to defend annexed regions in eastern Ukraine. Since most experts agree that Putin would not survive a military defeat, these threats are more than hollow phrases. Even President Biden – a firm supporter of Ukraine – has warned about “Armageddon” should Russia break the nuclear taboo. But warning of nuclear war does not amount to a policy, and there is no discernible western strategy should Russia do the unthinkable and fire the first shot in Ukraine. (À propos unthinkable: Not even Zelensky believed Putin would start a war this year.)

Let’s start with the unthinkable: What are Putin’s nuclear options? Russia has around 1,900 so-called Non-Strategic Nuclear Weapons (NSNWs), battlefield nukes with a yield of up to 100 kilotons (think Hiroshima x 7). There are two ways Putin could use them outside the battlefield: by overtly preparing NSNWs without firing them – i.e., as a propaganda weapon – or by launching a performative “test” on Russian territory. More reckless options include a nuclear strike in the sky above Ukraine, creating an electromagnetic pulse (EMP) which could destroy the enemy’s command and communications structure, or even a limited nuclear attack on Ukrainian infrastructure and battlefield formations – with horrendous losses and incalculable results. These possibilities may seem extremely far-fetched (let’s hope they are), but the West must understand that they are not imaginary.

So far, policymakers seem more concerned about punishing than preventing Russian nuclear action. Little has come from Europe, apart from Olaf Scholz’s warning of a “third world war”, but – with all due deference – American proposals have hardly been more productive. Worst idea first: Former CIA Director General Petraeus has suggested that NATO “take out every Russian conventional force that we can see” in case of an attack, which sounds like a one-way road to civilizational suicide. The Biden administration meanwhile appears to be pursuing the “strategic ambiguity” approach it used to criticize in Trump. While Jake Sullivan threatens “catastrophic consequences”, the President stated clearly that he is concerned and does not believe Putin is bluffing. One can only speculate how the West could react: Beyond direct military strikes, experts have floated “non-kinetic” options – cyber-attacks aimed at disrupting Russian infrastructure. But if NATO has a plan, no one outside the White House knows about it. 

The House’s View: Back From the Brink

Instead of struggling to devise a military response, western leaders should do everything in their power to defuse this powder keg of a conflict. (“Western” in this case means American, much as the EU is striving to play a larger role.) If Putin is looking for a face-saving exit, Biden is the only one who can provide it. And since Zelensky is wholly dependent on US support to sustain his counteroffensive, political pressure for a provisional ceasefire would allow both sides a much-needed breathing space. Ukraine may feel powerful now; but Russia’s vast untapped military potential (not just the 300,000 drafted reservists) could bring a new and dangerous dynamic to the battlefield. With Russia – barring Putin’s ouster – fully committed to enforcing what it considers vital national security interests, we must recognize that difficult negotiations offer the only viable way out of this conflict. The likely alternatives would either be the collapse of Ukraine or a desperate Putin with his finger on the nuclear trigger, two extremely dangerous outcomes. Unfortunately, President Biden has just rejected the Russian leader’s offer to meet at the G20 next month. 

As so often, history offers guidance in dangerous times. During the Yom Kippur War of 1973, the United States – a firm Israeli ally – took the unpopular but correct approach of balancing the main combatants, Egypt and Israel, in the greater interest of sustainable peace. Kissinger understood that Egyptian dominance would likely trigger Israel’s nuclear deterrent, but when the tables dramatically turned and the IDF broke through towards Cairo, Washington imposed a ceasefire. As Martin Indyk argues in his brilliant study, pushing both sides to make painful compromises was not just the right decision at the time, but has preserved peace between the two countries for almost fifty years. One can only hope that today’s leaders possess the wisdom and foresight that Kennedy and Khrushchëv demonstrated sixty years ago. 

The odds for nuclear war may be very slim – but we shouldn’t bet mankind’s survival on a sailor getting stuck with his searchlight. 

Max holds a Master of Science (MSc) from the London School of Economics and Political Science, where he studied international relations and history with a focus on Cold War nuclear policy.

• Berlusconi’s Cyber Skills: Following the right-wing victory in last month’s Italian elections, 86-year-old Silvio Berlusconi has made several cyber policy proposals – including vouchers and tax deductions for cybersecurity-related expenses. The Krautshell team was pleasantly surprised to learn that Italy’s most famous political fossil has discovered what a computer is. 
• Prank Calls, Volume III: After similar incidents involving the mayors Franziska Giffey (Berlin) and Vitaly Klitshko (Kyiv), a pro-Russian prankster duo has tricked Ukraine’s Foreign Minister, Dmytro Kuleba, into thinking he was talking to an ex-US ambassador. Apparently, security services have yet to figure out a method against this new form of “hybrid warfare”.
• Greens Party Convention: As Germany’s governing Greens will come together for their annual party convention this weekend, expect a fair bit of drama about the party’s current energy and foreign policies. We hope things remain calm this year; suffice it to say that the last time the Greens were in government, things got a little out of hand.

  How blind are we?

⬆️ Up there you have read this week’s biggest news on German cybersecurity: The Chief Cybersecurity Officer of the federal administration could have close (?) ties (?) with Russian intelligence services. If you some up the Böhmermann-Show, however, you will end up with fewer facts than what could pillar a house of cards. 

While most of the reporting is still speculating about when Federal Minister of Interior Nancy Faeser (SPD) will sack the BSI-president, Arne Schönbohm, cybersecurity professionals and those who know what good investigative journalism looks like are just piling up evidence against the accusations. They also point out that Schönbohm was actually a pain in the ass for the ministry in recent years as his BSI just did not want to give up professional arguments against political dogma, like in the case of exploitation of IT vulnerabilities for surveillance and state hacking.

We are not the ones who will tell you whether or not president Schönbohm has made some major mistakes or even broke the law. As the chief of the Green Party, Omid Nouripur said: if there is something to investigate, the Office of the Federal Attorney General will definitely take the chance to go after it. As long as there is no case, however, we just would like to point out that trust in the central German cybersecurity institution has been seriously damaged.

In times of (cold) war we should be very alert on anything that divides us apart. It is a pity that the German political elite reacted to allegations from an investigative journalist a showman in a way that blanked out the presumption of innocence for a high-ranking German official. Let’s hope that at least the end of this scandal will be a reassuring one and we all will be informed about the details uncovered.