Patrice Riemens on Tue, 4 Dec 2001 06:11:01 +0100 (CET)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Nettime-bold] European Commissionner Liikanen's speech to the Cybercrime Forum Plenary


(From the EFF-Europe list, bwo Caspar Bowden <cb@ipr.org>)

___________________________________________________________


http://europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=gt&doc=SPEE
CH/01/589|0|RAPID&lg=EN&display=
..

SPEECH/01/589

Mr Erkki Liikanen

Member of the European Commission, responsible for Enterprise and the
Information Society

"Network Security - Policy Development in the European Union"

Opening Statement at the EU Forum on Cybercrime

Brussels, 27 November 2001

Ladies and Gentlemen,

On behalf of the European Commission, I would like to welcome all of you to
the first plenary session of the European Union Forum on Cybercrime.

I would particularly like to welcome the many distinguished speakers who
will address us today, including the honourable Members of the European
Parliament Charlotte Cederschiold and Marco Cappato.

The European institutions and the Member States face the challenging task of
developing an effective policy to stimulate cybersecurity and combat
cybercrime. This task involves balancing varying societal interests, such as
network security, law enforcement powers, privacy protection and economic
priorities.

I believe an open exchange between the various stake-holders is vital to
achieve an effective, coherent and balanced policy approach, and to assure
confidence and trust among European citizens in the Information Society.
Today's discussions are an important step in this consultation process, and
I am pleased to see that you have come in such great number to participate.

The achievements of the Information Society

When discussing security threats, we should not forget that it is actually
the success of the Information Society that also attracts criminal
activities and threatens network security. The new information and
communication technologies are having a revolutionary and fundamental impact
on our economies and societies.

Electronic commerce is paving the way for a new global electronic
marketplace, and drives a re-invention of the very concepts of companies and
marketplaces. It creates new business models, opens up new markets, enables
reaching marketplaces without consideration of distances and time, reduces
time-to-market, improves quality, and brings about significant cost savings.
It brings to the consumer goods and services unreachable without information
society technologies. The value of E-commerce, business-to-business as well
as business-to-consumers, is growing.

The risks facing the Information Society

The more networks are used for legitimate economic and social purposes, the
more potential they offer for illegal activities either directly or in
providing information and communication support to traditional crimes.

Damages and disruptions to the emerging new economy need to be prevented and
circumscribed. Measures need to be developed which will both reinforce the
security of the networks in terms of prevention and help fighting subversive
activities.

The eEurope response

The adoption last year of the comprehensive eEurope Action Plan by the
European Council highlights the importance of network security and the
achievement of trust amongst businesses and consumers. Among the objectives
of eEurope are increasing security through preventive measures and stepping
up the fight against cybercrime. The communications networks and information
technology have become a critical part of the infrastructure of our
economies.

The European Union has taken a number of initiatives to confront harmful and
illegal content on the Internet, and to protect copyright and personal data.
The improved legal framework of electronic commerce with the directives on
e-commerce and electronic signatures will provide the means to accelerate
electronic commerce, with the appropriate safeguards. The European
Commission has also stimulated preventive measures to enhance network
security, for example by encouraging the introduction of common standards
for smartcards.

The Commission Communication

In January this year, the European Commission issued its Cybersecurity and
Cybercrime Communication, which has been sponsored jointly by Commissioner
Antonio Vitorino and me. It is the first comprehensive policy statement of
the European Commission on cybercrime.

In March, the Commission organised a public hearing in this same room. Over
400 people came to Brussels to attend this event and participate in the
discussion.

Policy initiatives

The Communication has announced a number of initial initiatives to be taken
by the Commission.

Firstly, the Commission issued a proposal for a Framework Decision that
includes measures to combat child pornography.

At the technical level, as part of the Information Society Technology
Programme, the Commission has been promoting R&D to understand and reduce
vulnerabilities and stimulate the dissemination of know-how. IST projects
focus in particular on the development of confidence-building technologies.

In a short time, the Commission will adopt a proposal for a Framework
Decision on combating serious attacks against information systems. This
initiative addresses acts like hacking, denial-of-service attacks, and
spread of viruses.

In June, the Commission issued a Communication on Network and Information
Security, which went into greater detail on some of the issues addressed in
the January Communication, and particularly on preventive organisational and
technical measures. This approach is complementary to the Framework
Decision: the one deals with prevention of crime, the other with ex-post
criminal investigations.

The EU Forum on cybercrime

The Cybersecurity & Cybercrime Communication also announced a Forum in which
the relevant parties would have the opportunity to discuss various issues.
The Forum is now operational and consists of three parts:


First of all, there is a website, where information and discussion papers
are published, and where interested parties have the opportunity to post
their opinions on various aspects.

Secondly, there are expert meetings on selected issues. These expert
meetings take place in small groups, so as to make detailed discussion and
exploration of common ground possible. In June, such an expert meeting took
place on hacking, denial-of-service attacks and release of malicious code.
Earlier this month, we had an expert meeting on data retention.

And thirdly, there are the plenary sessions of the Forum in Brussels, which
enable participants to meet in person, and to elucidate their written
comments with oral statements. Today we are together for the first of these
plenary sessions.
Retention of traffic data - the legal context

The main item for discussion today is retention of traffic data, a topic
that has received new attention since the terrible events in the United
States on September 11.

This debate does not take place in a legal vacuum. Quite the contrary. Since
1995 the European Union has a general regulatory framework that provides
legal safeguards for the protection of personal data and privacy, in line
with the 1950 European Convention on Human Rights.

In this context, we have established as one of the basic principles that
personal data may only be processed for legitimate purposes and only for as
long a necessary for these purposes. This principle was also applied to the
telecommunications sector in the 1997 Telecommunications data protection
Directive. It says that operators may only process traffic data for as long
as necessary to provide the service and for the billing of that service.
After that, traffic data must be erased. The European Court on Human Rights
in Strasbourg has ruled that traffic data merit the same level of protection
as the content of a communication.

Nevertheless, both our EU data protection directives and the European
Convention on Human Rights also provide a possibility for Member States to
take measures which derogate from this principle where this is necessary
inter alia to safeguard public security or defence interests or to prevent,
investigate and prosecute criminal activities. The Strasbourg Human Rights
Court has produced a substantial body of case law setting the criteria which
any national derogatory measure must meet in order to be compatible with the
European Convention.

Key questions

While traffic data are essentially a by-product of electronic communications
services they are also very useful for criminal investigations and other law
enforcement purposes. This is why law enforcement authorities, particularly
in the light of increased flat rate billing, regret that the storage and
deletion of traffic data is in principle determined by the needs of
operators and the rights of the users which for many new services results in
hardly any storage of traffic data at all. Wider and longer ex-ante storage
of traffic data would provide more basic material for prevention and
investigation of crime and for other state activities for national and
public security purposes.

This raises a number of fundamental questions. How does general traffic data
retention fit within a democratic society? How could general traffic data
retention measures for law enforcement purposes be made compatible with
existing law? Which traffic data would need to be stored and for how long?
Would this be feasible for operators? Who should bear the costs? Which
effect will such measures have on the development of the information
society? And there are other questions also.

With the debate of today we hope to enrich the ongoing reflection about this
most difficult and sensitive topic. We hope that you will provide us with
your comments and insights. We want to listen and to learn. This forum is
meant to be a vehicle to achieve that.

Conclusion

The Commission fully supports and encourages a constructive dialogue. I very
much hope that the discussion here today will play its part in helping us
understand and bridge our various interests, and that it will help the
Commission to assess the need for any legislative or non-legislative actions
at EU level.

Thank you.






----- End forwarded message -----

_______________________________________________
Nettime-bold mailing list
Nettime-bold@nettime.org
http://amsterdam.nettime.org/cgi-bin/mailman/listinfo/nettime-bold