Patrice Riemens on Wed, 5 Dec 2001 00:04:24 +0100 (CET)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> European Commissionner Liikanen's speech to the Cybercrime Forum Plenary



(From the EFF-Europe list, bwo Caspar Bowden <[email protected]>)

___________________________________________________________


http://europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=gt&doc=SPEE
CH/01/589|0|RAPID&lg=EN&display=
..

SPEECH/01/589

Mr Erkki Liikanen

Member of the European Commission, responsible for Enterprise and the
Information Society

"Network Security - Policy Development in the European Union"

Opening Statement at the EU Forum on Cybercrime

Brussels, 27 November 2001

Ladies and Gentlemen,

On behalf of the European Commission, I would like to welcome all of you
to the first plenary session of the European Union Forum on Cybercrime.

I would particularly like to welcome the many distinguished speakers who
will address us today, including the honourable Members of the European
Parliament Charlotte Cederschiold and Marco Cappato.

The European institutions and the Member States face the challenging task
of developing an effective policy to stimulate cybersecurity and combat
cybercrime. This task involves balancing varying societal interests, such
as network security, law enforcement powers, privacy protection and
economic priorities.

I believe an open exchange between the various stake-holders is vital to
achieve an effective, coherent and balanced policy approach, and to assure
confidence and trust among European citizens in the Information Society.
Today's discussions are an important step in this consultation process,
and I am pleased to see that you have come in such great number to
participate.

The achievements of the Information Society

When discussing security threats, we should not forget that it is actually
the success of the Information Society that also attracts criminal
activities and threatens network security. The new information and
communication technologies are having a revolutionary and fundamental
impact on our economies and societies.

Electronic commerce is paving the way for a new global electronic
marketplace, and drives a re-invention of the very concepts of companies
and marketplaces. It creates new business models, opens up new markets,
enables reaching marketplaces without consideration of distances and time,
reduces time-to-market, improves quality, and brings about significant
cost savings. It brings to the consumer goods and services unreachable
without information society technologies. The value of E-commerce,
business-to-business as well as business-to-consumers, is growing.

The risks facing the Information Society

The more networks are used for legitimate economic and social purposes,
the more potential they offer for illegal activities either directly or in
providing information and communication support to traditional crimes.

Damages and disruptions to the emerging new economy need to be prevented
and circumscribed. Measures need to be developed which will both reinforce
the security of the networks in terms of prevention and help fighting
subversive activities.

The eEurope response

The adoption last year of the comprehensive eEurope Action Plan by the
European Council highlights the importance of network security and the
achievement of trust amongst businesses and consumers. Among the
objectives of eEurope are increasing security through preventive measures
and stepping up the fight against cybercrime. The communications networks
and information technology have become a critical part of the
infrastructure of our economies.

The European Union has taken a number of initiatives to confront harmful
and illegal content on the Internet, and to protect copyright and personal
data. The improved legal framework of electronic commerce with the
directives on e-commerce and electronic signatures will provide the means
to accelerate electronic commerce, with the appropriate safeguards. The
European Commission has also stimulated preventive measures to enhance
network security, for example by encouraging the introduction of common
standards for smartcards.

The Commission Communication

In January this year, the European Commission issued its Cybersecurity and
Cybercrime Communication, which has been sponsored jointly by Commissioner
Antonio Vitorino and me. It is the first comprehensive policy statement of
the European Commission on cybercrime.

In March, the Commission organised a public hearing in this same room.
Over 400 people came to Brussels to attend this event and participate in
the discussion.

Policy initiatives

The Communication has announced a number of initial initiatives to be
taken by the Commission.

Firstly, the Commission issued a proposal for a Framework Decision that
includes measures to combat child pornography.

At the technical level, as part of the Information Society Technology
Programme, the Commission has been promoting R&D to understand and reduce
vulnerabilities and stimulate the dissemination of know-how. IST projects
focus in particular on the development of confidence-building
technologies.

In a short time, the Commission will adopt a proposal for a Framework
Decision on combating serious attacks against information systems. This
initiative addresses acts like hacking, denial-of-service attacks, and
spread of viruses.

In June, the Commission issued a Communication on Network and Information
Security, which went into greater detail on some of the issues addressed
in the January Communication, and particularly on preventive
organisational and technical measures. This approach is complementary to
the Framework Decision: the one deals with prevention of crime, the other
with ex-post criminal investigations.

The EU Forum on cybercrime

The Cybersecurity & Cybercrime Communication also announced a Forum in
which the relevant parties would have the opportunity to discuss various
issues. The Forum is now operational and consists of three parts:


First of all, there is a website, where information and discussion papers
are published, and where interested parties have the opportunity to post
their opinions on various aspects.

Secondly, there are expert meetings on selected issues. These expert
meetings take place in small groups, so as to make detailed discussion and
exploration of common ground possible. In June, such an expert meeting
took place on hacking, denial-of-service attacks and release of malicious
code. Earlier this month, we had an expert meeting on data retention.

And thirdly, there are the plenary sessions of the Forum in Brussels,
which enable participants to meet in person, and to elucidate their
written comments with oral statements. Today we are together for the first
of these plenary sessions. Retention of traffic data - the legal context

The main item for discussion today is retention of traffic data, a topic
that has received new attention since the terrible events in the United
States on September 11.

This debate does not take place in a legal vacuum. Quite the contrary.
Since 1995 the European Union has a general regulatory framework that
provides legal safeguards for the protection of personal data and privacy,
in line with the 1950 European Convention on Human Rights.

In this context, we have established as one of the basic principles that
personal data may only be processed for legitimate purposes and only for
as long a necessary for these purposes. This principle was also applied to
the telecommunications sector in the 1997 Telecommunications data
protection Directive. It says that operators may only process traffic data
for as long as necessary to provide the service and for the billing of
that service. After that, traffic data must be erased. The European Court
on Human Rights in Strasbourg has ruled that traffic data merit the same
level of protection as the content of a communication.

Nevertheless, both our EU data protection directives and the European
Convention on Human Rights also provide a possibility for Member States to
take measures which derogate from this principle where this is necessary
inter alia to safeguard public security or defence interests or to
prevent, investigate and prosecute criminal activities. The Strasbourg
Human Rights Court has produced a substantial body of case law setting the
criteria which any national derogatory measure must meet in order to be
compatible with the European Convention.

Key questions

While traffic data are essentially a by-product of electronic
communications services they are also very useful for criminal
investigations and other law enforcement purposes. This is why law
enforcement authorities, particularly in the light of increased flat rate
billing, regret that the storage and deletion of traffic data is in
principle determined by the needs of operators and the rights of the users
which for many new services results in hardly any storage of traffic data
at all. Wider and longer ex-ante storage of traffic data would provide
more basic material for prevention and investigation of crime and for
other state activities for national and public security purposes.

This raises a number of fundamental questions. How does general traffic
data retention fit within a democratic society? How could general traffic
data retention measures for law enforcement purposes be made compatible
with existing law? Which traffic data would need to be stored and for how
long? Would this be feasible for operators? Who should bear the costs?
Which effect will such measures have on the development of the information
society? And there are other questions also.

With the debate of today we hope to enrich the ongoing reflection about
this most difficult and sensitive topic. We hope that you will provide us
with your comments and insights. We want to listen and to learn. This
forum is meant to be a vehicle to achieve that.

Conclusion

The Commission fully supports and encourages a constructive dialogue. I
very much hope that the discussion here today will play its part in
helping us understand and bridge our various interests, and that it will
help the Commission to assess the need for any legislative or
non-legislative actions at EU level.

Thank you.






----- End forwarded message -----




#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: [email protected] and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: [email protected]