Politech archive on Echelon:
http://www.politechbot.com/cgi-bin/politech.cgi?name=echelon
News coverage:
http://dailynews.yahoo.com/htx/ap/20010905/wl/eu_echelon_1.html
European Parliament OKs Spy Plan
2001-09-05 16:11:06
BRUSSELS, Belgium (AP) - An alleged worldwide spy network dubbed Echelon
and led by the United States does exist - and European nations should set
up an encryption system to guard against it, the European Parliament said
Wednesday. The European Union assembly voted 367 to 159, with 34
abstentions, to adopt 44 recommendations on how to counter Echelon. [...]
********
http://europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=gt&doc=SPEECH/01/368|0|RAPID&lg=EN
_________________________________________________________________
Mr Erkki Liikanen Member of the European Commission, responsible for
Enterprise and the Information Society European Parliament motion for a
resolution on the Echelon interception system EP motion for a resolution on
the Echelon interception system Strasbourg, 5 September 2001
_________________________________________________________________
DN: SPEECH/01/368 Date: 2001-09-05
TXT: EN
PDF: EN
Word Processed: EN
SPEECH/01/368
Mr Erkki Liikanen
Member of the European Commission, responsible for Enterprise and the
Information Society
European Parliament motion for a resolution on the Echelon
interception system
EP motion for a resolution on the Echelon interception system
Strasbourg, 5 September 2001
President and Honourable Members,
I would like to congratulate Mr. Coelho, chairman, and the honourable
members of the Parliament who participated in the work of the
Temporary Committee on Echelon, and especially the rapporteur Mr.
Schmid, with the comprehensive and well written report on the Echelon
interception system.
Context
The Commission has been following the parliamentary work over the past
year with great interest. The issue touches upon complex technological
and political considerations. The report presents a large number of
references to the existence of a global interception system. These
build up a body of evidence.
The Commission already stated on 30 March last year: "It is the very
nature of intelligence activities that those who are not involved in
these activities are not able to confirm, nor deny their existence".
Even though the Commission is not involved in 'intelligence gathering'
activities, we do not put in question the findings of the European
Parliament.
The present report of the ECHELON temporary committee is based on
careful and thorough work.
The European Union is founded on the respect for human rights and
fundamental freedoms (art 6 of TEU and EU Charter of fundamental
rights). As the guardian of the Treaty, the European Commission
attaches the utmost importance to the respect of these principles.
The abuse of large-scale communications intelligence is something that
can make an individual living in a democratic society feel uneasy.
Privacy is a fundamental right. Any derogation from this right has to
be specifically provided for by law, necessary for objectives of
general interest, proportionate, and subject to adequate checks and
guarantees against any form of misuse.
The Commission is determined to look at the practical implications of
the EU Charter of fundamental rights, where, in particular, the
protection of communications and personal data will be further
enhanced. The Commission has already stated that it considers it would
be preferable for the Charter to be integrated into the Treaties for
the sake of visibility and legal certainty.
At the same time, the Community has to act within the scope of the
competencies conferred upon it by the Treaty.
Compatibility with EU law
The findings of the Committee concerning the compatibility of a system
of the 'Echelon type' with EU law distinguish between two scenarios:
* whether such a system is used purely for intelligence purposes,
* or the system is abused for the purpose of gathering competitive
intelligence.
The Commission shares the opinion that operations envisaged in the
first scenario in the interest of State security fall under the scope
of Title V of the Treaty on European Union which sets out the
framework for the establishment of a Common Foreign and Security
Policy.
This lays down no provisions on intelligence activities. Member States
remain responsible for the conduct and supervision of intelligence
operations unless the Council decides otherwise. The EU treaty does
not empower the Commission to exercise its prerogatives as guardian of
the Treaty in this field.
Maintaining an interception system for the purpose of gathering
intelligence in the context of a Member State's defence or national
security is outside the scope of the directives in force on data
protection.
As to the second scenario, gathering of competitive intelligence does
not come within the scope of a common foreign and security policy. It
is not an activity that would be allowed under the guise of the
pursuit of a Common Foreign and Security Policy.
In so far as Community law is concerned, such activity could fall
within the scope of the data protection directives. This is the case
if data gathered by Echelon type systems is collected or subsequently
passed on to commercial undertakings for purposes unrelated to the
prevention of criminal offences and unrelated to State security
matters.
Technological developments in electronic communications
We are all aware that electronic communications play and increasingly
important role in everyday life. Well functioning electronic
communications infrastructures are crucial for our economies.
Europe wants to become the most competitive and dynamic
knowledge-based economy in the world. A pre-condition to achieve this
is the need to build trust in electronic communications. This concerns
both our citizens and our businesses.
The development in technologies can bring protection against
surveillance. It is a comforting finding that the use of fibre optic
cables instead of satellites for trans-continental communications has
decreased the possibilities for large-scale routine interception.
The argument that the rise of the commercial Internet has diminished
significantly the possibilities for interception is convincing. Today,
the majority of Internet communications by cable no longer leave the
European continent.
Commission policy to improve information security
The Commission has taken important steps over the past years in order
to develop a policy to improve the security of electronic
communications.
The availability and free circulation of encryption products and
technologies in the European Union has now been ensured with the dual
use regulation in place since September 2000. The support through the
Community's Research Framework Programme, in particular the
Information Society Technologies program, has improved the conditions
to develop top of the range European encryption products in order to
enable EU citizens, companies and governments to protect their
communications.
However, this is not sufficient to guarantee a wide spread use of
encryption. Especially citizens and small businesses are not always
aware of the potential threats. We need to inform them about the
possibilities of encryption.
In June this year, the Commission adopted a Communication on Network
and Information Security. The purpose is to tackle this awareness
problem and to further develop a European approach on security related
issues. I am very glad to notice that the conclusions of the report we
are discussing here today are very much in line with the approach
adopted by the Commission.
The Honourable Members know that there is already a legal framework in
place at EU level addressing data protection and obligations for
operators. There is also an emerging policy on cybercrime. Network and
Information security is now coming in as a third element, to complete
the picture.
Although the Communication is not meant to contain a fully-fledged
'action plan' we have already identified some broad action lines where
progress needs to be made.
I will highlight some of them:
* to raise awareness public information and education campaigns
should be launched and best practices should be promoted;
* a European warning and information system is needed to strengthen
the activities of Computer Emergency Response Teams (CERTs) or
similar entities and improve the co-ordination amongst them; I
have noted the Parliament's support for this idea;
* examine how to best organise at European level pro-active and
co-ordinated measures to develop forward looking responses to
existing and emerging security threats (e. g. an Information
Security Observatory);
* concerning the legal framework we will set up an inventory of
national measures, which have been taken in accordance with
relevant Community law.
I would also like to mention that further action is needed to support
the development of technology, streamlined standardisation and
certification work, the introduction of security in government use and
better international co-operation.
As a next step it is our intention to develop a roadmap before the end
of this year containing concrete actions with firm deadlines in order
to start putting a European Information Security policy in place.
Commission's own information systems
The Commission is constantly improving the protection of its own
information systems in terms of availability, integrity and
confidentiality, especially in view of the changing nature of the
various existing and potential threats.
The entry point to the Commission network is constantly monitored and
actively tested. Similar efforts are conducted through projects for
secure video conferencing, secure telephone systems and encryption of
databases. Furthermore security audits of Commission information
systems are conducted on a regular basis.
A new Information Systems Security Policy has been drafted and is
currently being prepared for discussion within Commission services. In
addition the Commission is reviewing its overall security policy as a
result of internal reorganisation activities and policy developments
(e.g. Common Foreign and Security Policy, Justice and Home Affairs).
The new internal Commission security provisions, will follow the model
of the Council Security regulation adopted earlier this year, and will
be based on the following principles:
* proportionality of security measures in relation to existing
risks,
* shared responsibility and accountability of staff, management and
security experts,
* integration of all elements into a coherent security strategy
(e.g. personnel, information and physical security)
* close co-operation between European and national security
organisations.
The Commission intends to allocate additional resources to the
security domain. However, scarce technical and human resources,
especially in the field of information security specialists, do hamper
the full deployment of security policies. This concern is common to
most public administrations, including the European Institutions. I
welcome the support in the report to allocate more resources for the
tasks to be undertaken in this field.
I sincerely hope that the budgetary authorities will follow this
position.
Conclusion
President, the trust of European citizens and businesses in electronic
communications and the well functioning of information infrastructures
has become crucial for our economies.
Let me reiterate once more in this perspective that the Commission
attaches the utmost importance to the respect of Human Rights and the
respect of Rules of Law.
Thank you.
-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------
Received on Sep 06 2001
Intro
