Recoding Tech Diplomacy into Germany’s Foreign Policy Approach

Germany’s digital technology diplomacy – like that of many of its democratic partners – remains underdeveloped. In part, this is a result of diffused competencies across the German government and the lack of a coordinating unit to draw together the needs of its innovation ecosystem, industrial policy, digital regulation, economic security, and military modernization. The German Council on Foreign Relations (DGAP)’s Digital Grand Strategy report makes the case that integrating all of these aspects is essential to bridge Germany’s domestic and international digital capabilities with its national objectives. Creating this integrated foundation is crucial – especially since the Chancellery has essentially outsourced all digital tech policy to the ministries following the previous government’s disastrous performance in making digital tech policy ​‘Kanzlersache.’

Nowhere is an integrated tech foreign policy more necessary than in Germany’s approach to the Global South. Germany’s 2021 Coalition Agreement states that strengthening the digital sovereignty – which it defines as ​“freedom of choice” – in the Global South will be a key pillar of Germany’s engagement. To its credit, Berlin has already made significant steps to strengthen its international tech policy profile. It has improved capacity building and foreign assistance financing, increasing work that connects the development and tech communities; invested in a multi-stakeholder role and greater transparency for UN negotiations around responsible state behavior in cyberspace; built up cyber-defense capacities in partner states; worked to improve cyber-incident attribution diplomacy concerning cyber-attacks; and looked to establish new digital partnerships with Kenya, Ghana, South Africa, and elsewhere. To this end, the German Development Ministry (BMZ) has launched the open source, modular e‑government initiative GovStack as its lighthouse project. GovStack will provide partner governments with off-the-shelf building blocks for digital public administration services that promote human rights and are in line with European standards.

While these efforts are laudable, the potential to knit Germany’s technology capabilities and foreign policy objectives remains untapped. Here are five areas in which the German National Security Strategy can begin this process. 

Integrated Approach to Tech Foreign Policy

First: the German Federal Foreign Office (GFFO) should reorient its institutional structure to account for all aspects of digital foreign policy. In the near term – as a follow-on to Germany’s National Security Strategy, the GFFO should work with the German Federal Ministry of Digital Affairs and Transport (BMDV), the Economic Ministry (BMWK), and Development Ministry (BMZ) on a coordinated action-plan for what an integrated German tech foreign policy could look like in practice. This bridge between the National Security Strategy and Digital Strategy will have multiplier effects beyond non-industrialized economics to Germany’s overall objectives and capabilities in digital tech policy. 

The institutional structures in the GFFO should match the more integrate digital technology and foreign policy in a meaningful way. While the July 2022 EU Council Conclusions on Digital Foreign Policy offer an important direction, the European Union still lacks a clear structure for EU foreign ministries to establish its international digital identity. One model could be the US’s recently established Cyber and Digital Policy (CDP) Bureau, which formed out of recommendations from the US Cyberspace Solarium Commission. The CDP – which includes an Ambassador-at-Large staffed by three key deputies for international ICT (information and communication technologies) and digital regulation policy, cyber diplomacy, and digital freedom – represents a serious attempt at creating an integrated approach to technology diplomacy. Taken together – and when staffed properly – it reflects the full spectrum of digital and cyber affairs across security, prosperity and human rights in the digital realm. 

Over the past ten years, the ​‘Cyber Ambassador’ model replicated itself across democratic foreign ministries and created the architecture for diplomacy on cyber norms in the UN system and beyond. In a similar fashion, today’s ​‘integrated model’ of digital and cyber diplomacy could create a fit-for-purpose arrangement that corrects some of the deficiencies of previous Digital Ambassadors, such as staff and competency constraints. The GFFO should adopt this integrated structure as part of the security strategy’s institutional reform. Already, the GFFO has tried a superficial fix in the form of a ​“Tech Envoy,” as recommended by Cathryn Clüver-Ashbrook. But Germany’s mixed experience with the Digital Ambassador in the previous government shows that a meaningful reorganization is necessary. Moreover, the GFFO needs professional pathways that incentivizes digital tech expertise. In this vein, the German Foreign Service creates pre-conditions for all diplomats to become conversant in key digital technology dimensions in their field – be it in conflict prevention and stabilization, migration, climate, non-proliferation energy, or the EU. 

Connectivity as a Human Right

Second: Germany’s security strategy should establish safe, secure, privacy-oriented connectivity as a human right that it is prepared to advance through its foreign policy. This should include a blanket commitment to increase funding for virtual private networks (VPNs) and satellite connectivity globally – in low-capacity regions, conflict states and authoritarian spaces. In authoritarian contexts like Russia, modular VPNs are the wormhole through which the population can access information from credible news sources. In addition, core support for satellite internet in low-capacity spaces can also play a role. Such efforts would support the UN Sustainable Development Goal 9c that seeks to ​“significantly increase access to ICT and strive to provide universal and affordable access to the Internet in least developed countries.” This is a worthy goal, as only 54% of the global population – and only 19% of populations in the least developed countries – have access to reliable Internet as of 2020. 

As a matter of geopolitics, Germany – through the EU and with global partners – must support connectivity in authoritarian contexts and conflict zones globally. This is particularly important in light of the rise in internet shutdowns in places like Ethiopia, Kazakhstan, Iran, and Belarus. The EU has announced its Secure Connectivity Programme, with €6 billion for the Infrastructure for Resilience, Interconnection and Security by Satellites (IRIS2) project at its heart. While intended to increase satellite connectivity in the EU, this could also have second order effects on global networks. In addition, connectivity as a right will also play an important role in elevating Germany’s Feminist Foreign Policy.

In the road toward better connectivity, SpaceX is a unique actor – though not always for good. In the wake of Russia’s invasion of Ukraine, internet connection at the edges of occupied territory has been a lifeline for many Ukrainians. Largely, this connectivity is made possible by SpaceX’s Starlink satellite – for which Germany is among the main funders. But this has taken on a new flavor in light of Starlink’s refusal to provide internet connectivity to the Ukrainian military and Musk’s freelance diplomacy with Russia and China. Moreover, there is a land grab taking place right now in low-earth orbit (LEO) – SpaceX and Amazon’s Kuiper are intent on flooding the zone with thousands of satellites, which could create excessive orbital debris. Such a situation would make it impossible to maintain LEO satellites as a global public good. To avoid this, Germany must diversify LEO connectivity with a multi-vendor approach as a matter of resilience. 

Easy Access to Digital Governance 

Third: Germany must leverage EU law to provide greater access to technological instruments for citizens and civil society organizations in partner countries. In some places, this is already happening. US civil society – aided by the EU’s new outpost in California – is focused on how to encourage greater algorithmic and data transparency for third party oversight. One way they are doing so is by looking at GDPR-compliant means for American academics to take advantage of the Digital Services Act’s (DSA) instruments to compel data access – which has become more difficult in the wake of Twitter’s decision to shut down free API access. Civil society in non-industrial economies should also have the tools to analyze platform data usage. While there will be differences and limitations due to the DSA’s provisions on EU territory, Germany should enable greater academic access to platform data in third countries, especially in the Global South. At the same time, Germany should lead efforts to guarantee that authoritarian states do not abuse academic access or trusted flagger statuses to crack open democratic protections for authoritarian purposes. 

In addition, Berlin should look to international applications for future digital governance. For example, Germany should already anticipate how to provide non-industrialized countries with equitable benefits from the G7 ​“free flow of data with trust” initiative – in particular, how to include users in data ownership and governance schemes in the Data Act and Data Governance Act. As a part of these efforts, Germany needs to invest in national instruments that help build the capacity to act in local partner communities. For example, the Sovereign Tech Fund should earmark a significant percentage of its funding to support open-source development of privacy-enhancing technologies by local IT communities in non-industrialized countries. Doing so would mean taking on the ethos of the German political foundations and promoting more participatory arrangements for those impacted by technology. 

Trustworthy Vendors

Fourth: Germany’s National Security Strategy should establish consistency in its approach to trustworthy vendors for key technology applicable in both its ICT development funding abroad and critical infrastructure at home. The EU-US Trade and Technology Council established a set of ICT Principles for Trustworthiness – meant to assess the technological and political reliability of critical infrastructure providers funded by Europe and USAID – which contains criteria that would implicitly shut out suppliers like Huawei and ZTE from ICT development projects in the Global South. However, it is unclear if those same principles apply within Germany itself, where up to 59% of 5G infrastructure is allegedly produced by Huawei (though recent reports allege Germany may be on the verge of a U‑turn in this area). 

In fact, it seems that Germany was unfamiliar with the technological sourcing of it ICT critical infrastructure until very recently – despite the 2020 EU Cybersecurity Toolbox on 5G and the 2021 IT Security Law 2.0. So far, Germany has all but ignored the instruments in these provisions for the sake of stable relations with China and keeping costs low. To correct course, Germany needs a through-line for strategic technology that informs procurement for both domestic and international infrastructure projects like smart cities, smart ports, data centers, AI-powered surveillance, and biometric screening. 

Limit Authoritarian Reach

Finally: Germany must be more forceful in limiting authoritarians’ access to democracy-eroding technology. The Freedom Online Coalition, which Germany chaired in 2018, is looking at the issue of spyware-for-hire this year under its US chairmanship. Recently, revelations have emerged concerning for-hire cyber influence operations in elections and political campaigns in places like Catalonia, Greece, California, Canada, Nigeria, Kenya, and Chad by the Israeli group ​“Team Jorge.” Team Jorge deployed a number of hacking and disinformation tools across the world – including the hand-of-god software Advanced Impact Media Solutions (AIMS), which directs a sophisticated network of social media avatars across all major platforms to amplify hacked information and malicious content online, at times planted within legitimate news outlets. 

Such behavior is not new. The Team Jorge debacle comes on the heels of the discovery that NSO spyware Pegasus – which is available in both authoritarian and democratic contexts, including up to 14 EU member states like Germany – has succeeded in using zero-click exploits to access personal texts, calls, passwords, and geo-locations without user action. The spread of spyware must be a clear agenda item in Germany’s approach to tech export controls in the Hague, at NATO and within the EU. Germany must take a harder line – nationally, at the EU and in multilateral contexts – to decelerate the spread of the most pernicious spyware. 

Taken together, these five steps could re-orient Germany’s foreign policy on digital technology. Germany is finally overcoming the mentality that ​“Europe’s problems are the world’s problems, but the world’s problems are not Europe’s problems.” On digital tech diplomacy, global approaches and European approaches must be one and the same.