Date: Wed, 5 Dec 2001 06:14:48 +0100
From: Patrice Riemens <[log in to unmask]>
To: [log in to unmask]
Subject: Euro-commissionner Liikanen's speech to the Cybercrime Forum
Plenary
(fwd)


BWO the EFF-Europe list, and Caspar Bowden <[log in to unmask]>



From: "Caspar Bowden" <[log in to unmask]>
To: <[log in to unmask]>
Subject: [EFF Europe] Commissioner Liikanen's speech to Cybercrime Forum

plenary
Date: Mon, 3 Dec 2001 13:56:22 -0000



http://europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=gt&doc=SPEE

CH/01/589|0|RAPID&lg=EN&display=
..

SPEECH/01/589

Mr Erkki Liikanen

Member of the European Commission, responsible for Enterprise and the
Information Society

"Network Security - Policy Development in the European Union"

Opening Statement at the EU Forum on Cybercrime

Brussels, 27 November 2001

Ladies and Gentlemen,

On behalf of the European Commission, I would like to welcome all of you
to
the first plenary session of the European Union Forum on Cybercrime.

I would particularly like to welcome the many distinguished speakers who

will address us today, including the honourable Members of the European
Parliament Charlotte Cederschiold and Marco Cappato.

The European institutions and the Member States face the challenging
task of
developing an effective policy to stimulate cybersecurity and combat
cybercrime. This task involves balancing varying societal interests,
such as
network security, law enforcement powers, privacy protection and
economic
priorities.

I believe an open exchange between the various stake-holders is vital to

achieve an effective, coherent and balanced policy approach, and to
assure
confidence and trust among European citizens in the Information Society.

Today's discussions are an important step in this consultation process,
and
I am pleased to see that you have come in such great number to
participate.

The achievements of the Information Society

When discussing security threats, we should not forget that it is
actually
the success of the Information Society that also attracts criminal
activities and threatens network security. The new information and
communication technologies are having a revolutionary and fundamental
impact
on our economies and societies.

Electronic commerce is paving the way for a new global electronic
marketplace, and drives a re-invention of the very concepts of companies
and
marketplaces. It creates new business models, opens up new markets,
enables
reaching marketplaces without consideration of distances and time,
reduces
time-to-market, improves quality, and brings about significant cost
savings.
It brings to the consumer goods and services unreachable without
information
society technologies. The value of E-commerce, business-to-business as
well
as business-to-consumers, is growing.

The risks facing the Information Society

The more networks are used for legitimate economic and social purposes,
the
more potential they offer for illegal activities either directly or in
providing information and communication support to traditional crimes.

Damages and disruptions to the emerging new economy need to be prevented
and
circumscribed. Measures need to be developed which will both reinforce
the
security of the networks in terms of prevention and help fighting
subversive
activities.

The eEurope response

The adoption last year of the comprehensive eEurope Action Plan by the
European Council highlights the importance of network security and the
achievement of trust amongst businesses and consumers. Among the
objectives
of eEurope are increasing security through preventive measures and
stepping
up the fight against cybercrime. The communications networks and
information
technology have become a critical part of the infrastructure of our
economies.

The European Union has taken a number of initiatives to confront harmful
and
illegal content on the Internet, and to protect copyright and personal
data.
The improved legal framework of electronic commerce with the directives
on
e-commerce and electronic signatures will provide the means to
accelerate
electronic commerce, with the appropriate safeguards. The European
Commission has also stimulated preventive measures to enhance network
security, for example by encouraging the introduction of common
standards
for smartcards.

The Commission Communication

In January this year, the European Commission issued its Cybersecurity
and
Cybercrime Communication, which has been sponsored jointly by
Commissioner
Antonio Vitorino and me. It is the first comprehensive policy statement
of
the European Commission on cybercrime.

In March, the Commission organised a public hearing in this same room.
Over
400 people came to Brussels to attend this event and participate in the
discussion.

Policy initiatives

The Communication has announced a number of initial initiatives to be
taken
by the Commission.

Firstly, the Commission issued a proposal for a Framework Decision that
includes measures to combat child pornography.

At the technical level, as part of the Information Society Technology
Programme, the Commission has been promoting R&D to understand and
reduce
vulnerabilities and stimulate the dissemination of know-how. IST
projects
focus in particular on the development of confidence-building
technologies.

In a short time, the Commission will adopt a proposal for a Framework
Decision on combating serious attacks against information systems. This
initiative addresses acts like hacking, denial-of-service attacks, and
spread of viruses.

In June, the Commission issued a Communication on Network and
Information
Security, which went into greater detail on some of the issues addressed
in
the January Communication, and particularly on preventive organisational
and
technical measures. This approach is complementary to the Framework
Decision: the one deals with prevention of crime, the other with ex-post

criminal investigations.

The EU Forum on cybercrime

The Cybersecurity & Cybercrime Communication also announced a Forum in
which
the relevant parties would have the opportunity to discuss various
issues.
The Forum is now operational and consists of three parts:


First of all, there is a website, where information and discussion
papers
are published, and where interested parties have the opportunity to post

their opinions on various aspects.

Secondly, there are expert meetings on selected issues. These expert
meetings take place in small groups, so as to make detailed discussion
and
exploration of common ground possible. In June, such an expert meeting
took
place on hacking, denial-of-service attacks and release of malicious
code.
Earlier this month, we had an expert meeting on data retention.

And thirdly, there are the plenary sessions of the Forum in Brussels,
which
enable participants to meet in person, and to elucidate their written
comments with oral statements. Today we are together for the first of
these
plenary sessions.
Retention of traffic data - the legal context

The main item for discussion today is retention of traffic data, a topic

that has received new attention since the terrible events in the United
States on September 11.

This debate does not take place in a legal vacuum. Quite the contrary.
Since
1995 the European Union has a general regulatory framework that provides

legal safeguards for the protection of personal data and privacy, in
line
with the 1950 European Convention on Human Rights.

In this context, we have established as one of the basic principles that

personal data may only be processed for legitimate purposes and only for
as
long a necessary for these purposes. This principle was also applied to
the
telecommunications sector in the 1997 Telecommunications data protection

Directive. It says that operators may only process traffic data for as
long
as necessary to provide the service and for the billing of that service.

After that, traffic data must be erased. The European Court on Human
Rights
in Strasbourg has ruled that traffic data merit the same level of
protection
as the content of a communication.

Nevertheless, both our EU data protection directives and the European
Convention on Human Rights also provide a possibility for Member States
to
take measures which derogate from this principle where this is necessary

inter alia to safeguard public security or defence interests or to
prevent,
investigate and prosecute criminal activities. The Strasbourg Human
Rights
Court has produced a substantial body of case law setting the criteria
which
any national derogatory measure must meet in order to be compatible with
the
European Convention.

Key questions

While traffic data are essentially a by-product of electronic
communications
services they are also very useful for criminal investigations and other
law
enforcement purposes. This is why law enforcement authorities,
particularly
in the light of increased flat rate billing, regret that the storage and

deletion of traffic data is in principle determined by the needs of
operators and the rights of the users which for many new services
results in
hardly any storage of traffic data at all. Wider and longer ex-ante
storage
of traffic data would provide more basic material for prevention and
investigation of crime and for other state activities for national and
public security purposes.

This raises a number of fundamental questions. How does general traffic
data
retention fit within a democratic society? How could general traffic
data
retention measures for law enforcement purposes be made compatible with
existing law? Which traffic data would need to be stored and for how
long?
Would this be feasible for operators? Who should bear the costs? Which
effect will such measures have on the development of the information
society? And there are other questions also.

With the debate of today we hope to enrich the ongoing reflection about
this
most difficult and sensitive topic. We hope that you will provide us
with
your comments and insights. We want to listen and to learn. This forum
is
meant to be a vehicle to achieve that.

Conclusion

The Commission fully supports and encourages a constructive dialogue. I
very
much hope that the discussion here today will play its part in helping
us
understand and bridge our various interests, and that it will help the
Commission to assess the need for any legislative or non-legislative
actions
at EU level.

Thank you.

************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************