Patrice Riemens on Wed, 5 Dec 2001 00:04:24 +0100 (CET) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
<nettime> European Commissionner Liikanen's speech to the Cybercrime Forum Plenary |
(From the EFF-Europe list, bwo Caspar Bowden <[email protected]>) ___________________________________________________________ http://europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=gt&doc=SPEE CH/01/589|0|RAPID&lg=EN&display= .. SPEECH/01/589 Mr Erkki Liikanen Member of the European Commission, responsible for Enterprise and the Information Society "Network Security - Policy Development in the European Union" Opening Statement at the EU Forum on Cybercrime Brussels, 27 November 2001 Ladies and Gentlemen, On behalf of the European Commission, I would like to welcome all of you to the first plenary session of the European Union Forum on Cybercrime. I would particularly like to welcome the many distinguished speakers who will address us today, including the honourable Members of the European Parliament Charlotte Cederschiold and Marco Cappato. The European institutions and the Member States face the challenging task of developing an effective policy to stimulate cybersecurity and combat cybercrime. This task involves balancing varying societal interests, such as network security, law enforcement powers, privacy protection and economic priorities. I believe an open exchange between the various stake-holders is vital to achieve an effective, coherent and balanced policy approach, and to assure confidence and trust among European citizens in the Information Society. Today's discussions are an important step in this consultation process, and I am pleased to see that you have come in such great number to participate. The achievements of the Information Society When discussing security threats, we should not forget that it is actually the success of the Information Society that also attracts criminal activities and threatens network security. The new information and communication technologies are having a revolutionary and fundamental impact on our economies and societies. Electronic commerce is paving the way for a new global electronic marketplace, and drives a re-invention of the very concepts of companies and marketplaces. It creates new business models, opens up new markets, enables reaching marketplaces without consideration of distances and time, reduces time-to-market, improves quality, and brings about significant cost savings. It brings to the consumer goods and services unreachable without information society technologies. The value of E-commerce, business-to-business as well as business-to-consumers, is growing. The risks facing the Information Society The more networks are used for legitimate economic and social purposes, the more potential they offer for illegal activities either directly or in providing information and communication support to traditional crimes. Damages and disruptions to the emerging new economy need to be prevented and circumscribed. Measures need to be developed which will both reinforce the security of the networks in terms of prevention and help fighting subversive activities. The eEurope response The adoption last year of the comprehensive eEurope Action Plan by the European Council highlights the importance of network security and the achievement of trust amongst businesses and consumers. Among the objectives of eEurope are increasing security through preventive measures and stepping up the fight against cybercrime. The communications networks and information technology have become a critical part of the infrastructure of our economies. The European Union has taken a number of initiatives to confront harmful and illegal content on the Internet, and to protect copyright and personal data. The improved legal framework of electronic commerce with the directives on e-commerce and electronic signatures will provide the means to accelerate electronic commerce, with the appropriate safeguards. The European Commission has also stimulated preventive measures to enhance network security, for example by encouraging the introduction of common standards for smartcards. The Commission Communication In January this year, the European Commission issued its Cybersecurity and Cybercrime Communication, which has been sponsored jointly by Commissioner Antonio Vitorino and me. It is the first comprehensive policy statement of the European Commission on cybercrime. In March, the Commission organised a public hearing in this same room. Over 400 people came to Brussels to attend this event and participate in the discussion. Policy initiatives The Communication has announced a number of initial initiatives to be taken by the Commission. Firstly, the Commission issued a proposal for a Framework Decision that includes measures to combat child pornography. At the technical level, as part of the Information Society Technology Programme, the Commission has been promoting R&D to understand and reduce vulnerabilities and stimulate the dissemination of know-how. IST projects focus in particular on the development of confidence-building technologies. In a short time, the Commission will adopt a proposal for a Framework Decision on combating serious attacks against information systems. This initiative addresses acts like hacking, denial-of-service attacks, and spread of viruses. In June, the Commission issued a Communication on Network and Information Security, which went into greater detail on some of the issues addressed in the January Communication, and particularly on preventive organisational and technical measures. This approach is complementary to the Framework Decision: the one deals with prevention of crime, the other with ex-post criminal investigations. The EU Forum on cybercrime The Cybersecurity & Cybercrime Communication also announced a Forum in which the relevant parties would have the opportunity to discuss various issues. The Forum is now operational and consists of three parts: First of all, there is a website, where information and discussion papers are published, and where interested parties have the opportunity to post their opinions on various aspects. Secondly, there are expert meetings on selected issues. These expert meetings take place in small groups, so as to make detailed discussion and exploration of common ground possible. In June, such an expert meeting took place on hacking, denial-of-service attacks and release of malicious code. Earlier this month, we had an expert meeting on data retention. And thirdly, there are the plenary sessions of the Forum in Brussels, which enable participants to meet in person, and to elucidate their written comments with oral statements. Today we are together for the first of these plenary sessions. Retention of traffic data - the legal context The main item for discussion today is retention of traffic data, a topic that has received new attention since the terrible events in the United States on September 11. This debate does not take place in a legal vacuum. Quite the contrary. Since 1995 the European Union has a general regulatory framework that provides legal safeguards for the protection of personal data and privacy, in line with the 1950 European Convention on Human Rights. In this context, we have established as one of the basic principles that personal data may only be processed for legitimate purposes and only for as long a necessary for these purposes. This principle was also applied to the telecommunications sector in the 1997 Telecommunications data protection Directive. It says that operators may only process traffic data for as long as necessary to provide the service and for the billing of that service. After that, traffic data must be erased. The European Court on Human Rights in Strasbourg has ruled that traffic data merit the same level of protection as the content of a communication. Nevertheless, both our EU data protection directives and the European Convention on Human Rights also provide a possibility for Member States to take measures which derogate from this principle where this is necessary inter alia to safeguard public security or defence interests or to prevent, investigate and prosecute criminal activities. The Strasbourg Human Rights Court has produced a substantial body of case law setting the criteria which any national derogatory measure must meet in order to be compatible with the European Convention. Key questions While traffic data are essentially a by-product of electronic communications services they are also very useful for criminal investigations and other law enforcement purposes. This is why law enforcement authorities, particularly in the light of increased flat rate billing, regret that the storage and deletion of traffic data is in principle determined by the needs of operators and the rights of the users which for many new services results in hardly any storage of traffic data at all. Wider and longer ex-ante storage of traffic data would provide more basic material for prevention and investigation of crime and for other state activities for national and public security purposes. This raises a number of fundamental questions. How does general traffic data retention fit within a democratic society? How could general traffic data retention measures for law enforcement purposes be made compatible with existing law? Which traffic data would need to be stored and for how long? Would this be feasible for operators? Who should bear the costs? Which effect will such measures have on the development of the information society? And there are other questions also. With the debate of today we hope to enrich the ongoing reflection about this most difficult and sensitive topic. We hope that you will provide us with your comments and insights. We want to listen and to learn. This forum is meant to be a vehicle to achieve that. Conclusion The Commission fully supports and encourages a constructive dialogue. I very much hope that the discussion here today will play its part in helping us understand and bridge our various interests, and that it will help the Commission to assess the need for any legislative or non-legislative actions at EU level. Thank you. ----- End forwarded message ----- # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: [email protected] and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: [email protected]