Dugie Standeford

EU Digital Agenda Commissioner Neelie Kroes Tuesday continued to lobby for quick approval of her proposal for a single European telecom market (CD Sept 12 p7) but faced nearly universal push-back from speakers at a Brussels conference hosted by the Financial Times and European Telecommunications Network Operators’ Association (ETNO) in Brussels and via webcast. Kroes urged the telecom sector not to cherry-pick the legislative package but to accept the “sweet” with the “sour.” Despite her plea, panelists drawn from the public and private sector disagreed with various parts of the measure, with many saying it doesn’t go far enough. Moreover, there was huge disagreement among speakers about what’s wrong with the sector and what’s needed to fix it.

"Governments and industry can do more” to tackle cyberattacks, European Network and Information Security Agency (ENISA) Executive Director Udo Helmbrecht said in an interview Wednesday. ENISA’s interim threat landscape review for mid-year 2013, an analysis of 50 reports covering the first half of this year, to be published Thursday, will show significant changes since its last full report in 2012, it said. Among those are the growing shift from botnets to malicious URLs, and the use of peer-to-peer and TOR-based botnets, it said. This first “taste” of current developments is intended to warn stakeholders as early as possible so they can take countermeasures, Helmbrecht said in a press release. In addition, he told us, a bit more regulation is needed because industry self-regulation isn’t working.

The massive cash injection from Vodafone’s sale of its share in Verizon Wireless could have implications for spectrum and mergers and acquisitions strategies of Vodafone’s European rivals, said analysts, a telecom association and a commercial user’s group in interviews last week. Vodafone will get $130 billion, $84 billion of which it expects to return to shareholders, it said Sept. 2 (CD Sept 4 p1). It’s also starting “Project Spring” to accelerate 4G network buildout to cover 90 percent of its five main European markets by 2017, expand 3G coverage and make other enhancements, it said. This could lead to more M&A in a market that’s already seeing heightened interest in deals, more consolidation of providers to the benefit of major telecom players and better services for business customers, said experts. They said it also could hit Vodafone rivals hard.

One of the key issues in the debate over U.S. spying is what powers the EU and its citizens actually have to redress privacy violations, said Jacob Kohnstamm, chairman of the EU Article 29 Data Protection Working Party (WP) and the Netherlands Data Protection Authority. He appeared Thursday at the second hearing on electronic mass surveillance held by the European Parliament Civil Liberties, Justice and Home Affairs (LIBE) Committee. The first part of the hearing was a private briefing on talks between EU and U.S. data protection experts in July. It’s unclear what rights Europeans have to fight back against collection of their personal data, since Americans themselves have scarcely any redress, Kohnstamm said Thursday. The WP, members of which are national privacy watchdogs, wants an international accord on redress, he said. The only possible actions at this point are political, involving the safe harbor, passenger name records and Society for Worldwide Interbank Financial Telecommunication agreements, he said. They're all based on trust in how people’s personal data is used, and if it’s being leaked by the National Security Agency and other secret services, in the end the EU has done a lot of work without coming to the desired result, he said. Referring to the discussion between the EU and U.S. on mass spying, he said there’s a “serious problem.” If it’s true that national administrations in Europe are doing more or less what the U.S. is, the EU must look at what the balance should be between intelligence services and data protection as a fundamental right, he said. It would be helpful if U.S. Foreign Intelligence Surveillance Act material were declassified, he said. Documents arrive with mostly white pages, he said. Kohnstamm listed the information the WP wants, as set out in an Aug. 13 letter to Justice, Fundamental Rights and Citizenship Commissioner Viviane Reding and other EU officials (CD Aug 21 p18). Among the questions were what information is being collected on Europeans; when the U.S. considers personal data to be “inside” the country; and what procedures the FISA Court uses to target information collection. Several LIBE members said safe harbor should be suspended and questioned the point of having any such agreements with the U.S. Data protection authorities will meet in Warsaw in two weeks to discuss a possible protocol to reinforce the right to privacy on an international level, Kohnstamm said. He urged lawmakers to get on with their work on proposed data protection overhaul legislation as quickly as possible. The first LIBE hearing on surveillance took place Friday (CD Sept 6 p7).

The “Connected Continent” telecom overhaul package approved Wednesday by the European Commission would enshrine net neutrality into law, bar incoming roaming charges and require governments to coordinate their spectrum assignment plans. If adopted by the European Parliament and Council, the EC said it will be a major step toward creating a single European telecom market that could one day include an EU e-communications regulator. The proposal, subject of intense debate as various draft documents leaked, is likely to face strong opposition, based on early criticism. Before the final version emerged Wednesday, it was attacked by the Fiber to the Home (FTTH) Council Europe, German Association of Telecommunications and Value-Added Service Providers (VATM) and French citizens’ advocacy group La Quadrature du Net.

The Echelon interception system was a child’s toy compared to the National Security Agency’s Prism, the U.K.’s Tempora and other mass spying systems, said Jacob Appelbaum, a member of the Tor Project and investigative journalist. Speaking Tuesday at the first of a series of hearings on electronic mass surveillance of EU citizens before the European Parliament Civil Liberties, Justice and Home Affairs (LIBE) Committee, Appelbaum described the various spy systems, including another program, not yet revealed, that involves sending operatives to people’s homes to break into their wireless networks.

Mobile operators should take a three-step approach to creating heterogeneous networks (hetnets) to boost coverage and capacity to meet user demand for data-hungry services, said Ericsson Mobile Broadband Director Hanna Maurer Sibley in an interview. The first is to “improve” existing macro cells with more spectrum, advanced antennas and advanced radio base stations, she said. Operators should then “densify” the macro network with a small number of strategic cells to improve capacity, she said.

EU privacy chiefs will investigate the U.S. spy program Prism, the U.K.’s Tempora and other intelligence-gathering systems, they said in an Aug. 13 letter to Justice, Fundamental Rights and Citizenship Commissioner Viviane Reding made public Monday (http://bit.ly/14XqCHR). The Article 29 Data Protection Working Party (WP29), whose members are national data protection authorities, said it’s particularly alarmed at recent revelations about the U.S. National Security Agency’s XKeyscore, which allegedly permits the collection and analysis of the content of Internet communications from around the world. Although the U.S. has offered some clarifications, “many questions as to the consequences of these intelligence programs remain,” the group said. The WP29 is part of the joint EU-U.S. panel established to discuss mass surveillance (CD June 20 p10), but it “considers it its duty to also assess independently to what extent the protection provided by EU data protection legislation is at risk and possibly breached and what the consequences of PRISM and related programs may be for the privacy of our citizens’ personal data.” The WP29 wants answers to several questions, including: (1) What information is actually collected through the intelligence programs of the U.S. Patriot Act, the Foreign Intelligence Surveillance Act (FISA) Amendment Act, Executive Order 12333 and related measures; (2) Whether metadata on non-U.S. individuals collected as a by-product of investigations of U.S. citizens may then be used to investigate the non-U.S. individuals and, if so, under what provisions; (3) Since data may apparently only be accessed if it comes from non-U.S. persons and is collected from sources inside the U.S., when U.S. authorities consider personal data to be inside the U.S., given the use of cloud and other online services; (4) What the FISA Court’s involvement is in terms of procedures, and whether its processing of personal data aligns with the data protection principle of purpose limitation; (5) What the relationship is between the intelligence programs and organizations’ compliance with third-country personal data transfer rules such as Safe Harbor; (6) Whether American intelligence programs are in line with European and international law. Reding welcomed the WP29’s “strong support” for European Commission efforts to build an ambitious EU data protection regulation to safeguard fundamental rights, including in relation to third countries. She urged WP29 members to “exert their influence” in their respective nations to help ensure that governments “support unequivocally a robust level of data protection in the new EU data protection regulation that is also effectively enforceable in PRISM-type situations.” Privacy authorities should help get the new regulation approved “as soon as possible and at the latest in spring 2014,” she said in a written statement.

Media reports on mass surveillance by telcos “have demonstrated a misunderstanding of the basic facts of European, German and UK legislation and of the legal obligations set out within every telecommunications operator’s licence,” said Vodafone UK in a written statement Friday. It responded to Privacy International’s (PI) threat of legal action against providers that have allowed the U.K.’s Government Communications Headquarters and U.S. spy program Prism to tap into undersea fiber cables (CD Aug 9 p10). Cables carrying international communications traffic pass through multiple jurisdictions, Vodafone said. Within the EU, the legal protections and obligations regarding those communications are defined under relevant EU law as well as the European Convention on Human Rights (ECHR), it said. Vodafone complies with the laws of all its countries of operation, including, in the case of its European businesses, the EU privacy and data retention directives, it said. Its U.K. branch complies with national measures derived from the EU directives and subject to the ECHR, it said. In all countries, operators must meet the legal obligations set out in their licenses by national governments, said the company. “Whilst Vodafone must comply with those obligations (as must all operators), we do not disclose any customer data in any jurisdiction unless legally required to do so.” Questions on national security are a matter for governments, not telecom operators, it said. Verizon Business, also named, declined to comment on PI’s statement.

European spectrum regulators are beginning to think, albeit tentatively, about whether incentive auctions could be used to allocate 700 MHz “second digital dividend” spectrum, they said. The U.K. Office of Communications (Ofcom) appears to be out ahead, having consulted earlier this year on the potential use of incentive or “overlay” auctions for the band. The EU Radio Spectrum Policy Group (RSPG), a high-level group drawn from national spectrum authorities that advises the European Commission on spectrum policy, hasn’t addressed the issue head-on but recently published reports on spectrum for mobile broadband and long-term consideration of the future of the UHF band.