Written by Peter Ide-Kostic
What are the risks and opportunities for European information society?
Context
After the strong accusations by Edward Snowden in 2013 concerning the illicit use of mass surveillance by the US government and its partners worldwide; the LIBE committee launched an enquiry. The final report confirmed that, according to all publicly available evidence on the subject, the fundamental right to privacy of EU citizens had effectively been breached illicitly on a massive scale. The final EP resolution was successfully adopted in Strasbourg on 12 March 2014 at the same time as the first reading of the new regulation on Data Protection. As part of the enquiry, the LIBE committee asked STOA to conduct a Technology Assessment Study on the Mass Surveillance of EU citizens. The lead STOA Panel member for this study is Ms Eva Kaili.
Objectives
The objective of the STOA study on Mass Surveillance was twofold:
- Analyse the security risks of the current generation of internet services and applications and propose measures to reduce the risks identified with the current generation of networks and services.
- Identify long-term technology oriented policy options for a better, more secure and more privacy friendly internet, whilst at the same time allowing governmental law enforcement and security agencies to perform their duties, and obtain quickly and legally all the information needed to fight crime and to protect national security interests.
Results
The first part of the study concludes with a list of security solutions to help citizens protect themselves from illicit mass surveillance activities. It emphasises that the use of encryption over the internet is a good solution if the two communication ‘end-points’ are secured, if there are no flaws or backdoor in the software and protocols used, and finally, if the configuration parameters are set correctly. The use of end-to end encryption over email for example is not as easy and poses obstacles to most users. STOA released, as part of the study, the document ‘How to protect privacy on the internet‘ which proposes a range of security solutions for PCs, smartphones or tablets (for voice, email, chat and video communications). Some considerations are given (amongst others) to the use of solutions such as the TOR network and existing cryptographic solutions to protect privacy of voice, email, video, chat communications as well ensure anonymous browsing.
The second part of the study concludes with the proposal of several policy options, classified in four themes, with different levels of public intervention and technological disruption:
- The first theme addresses current good practices to adopt,
- the second proposes approaches to build and restore confidence among users,
- the third concerns the advantages and disadvantages of the implementation of more technology-disruptive approaches such as an ‘EU Internet’ or an ‘EU certification scheme’, and
- the fourth focuses on enabling long-term innovation.
Please refer to the STOA option brief for an overview.
The two studies have been released with two annexes (part 1 & Part 2) answering with more technical details the critical privacy and security oriented concerns addressed in the STOA main reports.
Next steps
The study was approved by the STOA Panel on 18 December. The results will be presented to the major IT conference organised by the LIBE committee during the first half of 2015 entitled ‘How to protect online privacy by enhancing IT security and EU IT autonomy’, and will be formally distributed to LIBE, ITRE, AFCO and IMCO committees.
