Along with more malware, phishing, ransomware and mobile platform malware, cybercops can look forward to more infiltration of large corporations by criminals hacking into the law, accounting and other firms serving them, said Europol Assistant Director Troels Oerting in an interview Monday. The center is also seeing a hike in the volume of mainstream crime by average people who can now easily buy hacking tools, he said. Carrier grade network translation (CGN) on IPv4 networks is one of several challenges to tracking cybercriminals, said Oerting, who heads Europol’s European Cybercrime Centre (EC3). Other experts have said CGN may hamper investigations (CD June 11 p5).
Dugie Standeford
Dugie Standeford, European Correspondent, Communications Daily and Privacy Daily, is a former lawyer. She joined Warren Communications News in 2000 to report on internet policy and regulation. In 2003 she moved to the U.K. and since then has covered European telecommunications issues. She previously covered the U.S. Occupational Safety and Health Administration and intellectual property law matters. She has a degree in psychology from Duke University and a law degree from the University of Tulsa College of Law.
The European Commission expects “swift and concrete answers” to questions about Prism, Justice, Fundamental Rights and Citizenship Commissioner Viviane Reding told U.S. Attorney General Eric Holder in a letter dated Monday. The two officials will meet Friday at a ministerial meeting in Dublin. Respect for fundamental rights and the rule of law form the basis of the EU-U.S. relationship, Reding wrote. “This common understanding has been, and must remain, the basis of cooperation between us in the area of Justice,” she said. In that context, the EC has already questioned the scope of laws such as the Patriot Act, which can lead to European companies being forced to hand over data to the U.S. in breach of EU and national law, she said. The U.S. should, to the greatest extent possible, use already agreed-upon formal channels of cooperation such as mutual legal assistance agreements to exchange data for crime prevention and investigation, she said. Giving U.S. law enforcement authorities direct access to information on EU citizens on servers of U.S. companies “should be excluded unless in clearly defined, exceptional and judicially reviewable situations,” she said. Programs such as Prism could undermine the trust of Europeans in the Safe Harbor system now under review, she said. Reding asked Holder to clarify: (1) Whether Prism, similar programs and the laws under which such programs may be authorized are aimed only at the data of citizens and residents of the U.S. or also, even primarily, at non-U.S. individuals. (2) Whether access to and collection of data under Prism is authorized in specific and individual cases and, if so, under what criteria. (3) Whether individuals’ data are accessed, collected or processed in bulk regularly or occasionally. (4) Whether the scope of Prism and similar programs is restricted to national security or foreign intelligence or broader. (5) What judicial or administrative avenues are available to EU citizens to be informed of whether they're affected by Prism or other programs, and how those avenues compare to what’s available to U.S. citizens. (6) What mechanisms are available to companies in the U.S. or EU to challenge access to data. (7) How EU citizens or companies can challenge access to personal data under Prism and how those compare to mechanisms available to U.S. citizens and residents. “Given the gravity of the situation and the serious concerns expressed in public opinion on this side of the Atlantic, you will understand that I will expect swift and concrete answers to these questions on Friday 14 June,” Reding said. The EC is accountable to the European Parliament, “which is likely to assess the overall trans-Atlantic relationship in the light of your responses,” she wrote. Data protection is top of the list of agenda items for Friday’s ministerial meeting, a Thursday EC memo said. The EU and U.S. are negotiating a personal data protection agreement in the context of fighting terrorism and crime that aims to ensure strong safeguards for information such as passenger or financial data transferred through a trans-Atlantic cooperation, it said. The EC will stress again that the pact should set enforceable rights for people whose data are being exchanged for law enforcement purposes and treat U.S. and EU citizens equally, it said.
If reports about mass U.S. surveillance of Europeans’ Internet and telecom data are true, the situation could have a significant impact on existing and future U.S.-EU agreements on data-sharing, said European Data Protection Supervisor Peter Hustinx, in an interview Wednesday. The “mind-blowing story” has already put Europeans’ trust in their right to privacy under “great strain,” he said. There’s a “profound need” at this point for clarification, explanation and justification, he said. The executive body of the Council of Europe separately Wednesday adopted a resolution urging members to ensure that digital tracking and spying don’t breach human rights. The CoE represents 47 European nations.
Programs such as Prism and the laws which authorize them “potentially endanger” Europeans’ rights to privacy and data protection, European Commissioner for Health and Consumer Policy Tonio Borg told the European Parliament Tuesday. The Prism case, as reported by the media, is also likely to boost concerns about the use of personal data online and in the cloud, he said. Most European Parliament political party representatives who spoke at the session were fuming, but several, like Borg, urged lawmakers not to jeopardize the special relationship with the U.S.
European Commission-proposed legislation to boost European network and information security won general backing from telecom ministers Thursday, but they split over whether the approach should take the form of regulation, self-regulation or a mix. All EU members accept the importance of network and information security and that cyberattacks seriously affect national economies, the EU Irish Presidency said at the Telecommunications, Transport and Energy Council meeting in Brussels. There’s also widespread support for finding a global solution that stresses high standards to create a level playing field for European operators, it said. Whatever governments decide, they must move fast, said Digital Agenda Commissioner Neelie Kroes.
The European Commission is about to act to ensure net neutrality, Digital Agenda Commissioner Neelie Kroes said Tuesday at a European Parliament forum on guaranteeing competition and the open Internet in Europe. While governments have largely taken a hands-off approach to Internet regulation, there are clearly problems on today’s Internet, she said. Studies show that online services are blocked or throttled for many Europeans, and that people aren’t getting the speeds or quality they paid for, she said.
EU lawmakers must push through a final telecom single market legislative package by Easter 2014, Digital Agenda Commissioner Neelie Kroes said Thursday. Speaking to the European Parliament Internal Market and Consumer Protection Committee (IMCO), Kroes said she hopes the package will include plans to end mobile roaming charges in Europe and, for the first time, guarantee net neutrality. The “open and neutral character of the Internet is carved in stone” for Kroes, she said. She asked committee members if they would join her “in building something special between now and the European elections” next year. “I want us to show citizens that the EU is relevant to their lives” and that it made digital rules catch up with their legitimate expectations, she said. She promised to spend the next year building a bridge with Parliament to European citizens, saying they “need this reform.” Everyone loves the benefits of cheaper roaming prices, which couldn’t have happened without the EU, she said. That fact is also a challenge, she said. While her mandate is the source of the “incredibly popular” policy, “we struggle to push other telecoms and digital issues to the top of the political agenda,” she said. Kroes called for a “radical legislative compromise” that puts in place all the pieces in the puzzle, not just everyone’s personal favorites or the “visible and sexy changes.” Kroes said she’s passionate about reform because it’s useless for her to rock the boat on her own, and because although there’s support from the highest levels in the EU institutions to move forward, she can’t do it without Parliament. All the political building blocks are there, she said. Citizens want their frustrations dealt with; more companies will invest if artificial barriers drop; and national governments are telling the European Commission to proceed, Kroes said. “This is the opportunity to stand up and be counted.” IMCO members flagged several issues they'd like to see tackled, such as ensuring that libraries have access to e-books and creating a system for online dispute resolution. European telecom network operators, meanwhile, said this week that a full revision of the regulatory framework must be an integral part of the digital single market initiative. When the European Telecommunications Network Operators’ Association met in Milan Tuesday, the association said the objective of reform should be to spur growth, innovation and employment and to guarantee that citizens continue to enjoy the benefits of technological progress. That can only happen if investment in the ICT sector increases, ETNO said. Investment lags in Europe because of fragmented markets and an “unpredictable and non-harmonised regulatory environment, which still favours access seekers over investors, focuses mainly on the number of players in the markets as an indicator for competition and places too little attention to a sustainable market structure,” ETNO said in a written statement Thursday (http://xrl.us/bo6mb7). Less-intrusive regulation will stimulate investment, it said. The telecom industry must “evolve or die,” and 2013 is the tipping year, said European Internet think tank IDATE on Thursday in the 2012 edition of its DigiWorld Yearbook (http://xrl.us/bo6mdi). The digital world had a 2.7 percent revenue drop last year, after two steady years of recovery, it said. Equipment markets were battered and the TV market was the hardest hit, dragging the entire consumer electronics market down 7 percent, it said. But more competition in the smartphone and tablet markets offers a glimmer of hope for the other two sectors, it said. Services markets appear to have weathered the storm but likely won’t ever go back to the high growth rates of the 1990s and mid-2000s, it said. The only exception is Internet over-the-top services, which continue to grow by an average 20 percent per year, said IDATE. Telecom companies have some leverage to deal with the change, such as by creating more value from network access now that OTT services are raising user consumption, it said. Next-generation network technologies let telcos boost speeds and introduce quality improvements to differentiate their offerings, said IDATE. “It is clear 2013 is a pivotal year and telcos must embrace innovation. A simple Darwinian case of evolve or die!” Digital innovation is far from over, and is being pushed by mobile, cloud computing and big data, IDATE said.
A U.K. government request for input on a draft EU measure on network and information security sparked a warning Friday from a conservative think tank that failure by the information technology industry to respond could leave important Internet issues in the hands of the euroskeptic U.K. Independence Party (UKIP). The Department for Business, Innovation and Skills (BIS) consultation document (http://bit.ly/Zi7eSG) seeks comment on a Feb. 7 European Commission legislative proposal (http://bit.ly/123IEH0) aimed at ensuring a “high common level of network and information security.” The directive would require EU countries to develop national cybersecurity strategies, establish computer emergency response teams, and share information with each other. It would mandate that public and private operators of critical infrastructures take steps to manage security risks and report incidents “that have a significant impact on the security of core services they provide” to national regulators.
How the world navigates the IPv4 “exhaustion mess” will “set the direction of the next few decades of the Internet,” said Geoff Huston, chief scientist for Asia Pacific regional Internet registry APNIC. This is a “major pivot point” for the ongoing tension between carriage and content in communications, he told us. So far, the Internet has “bred massive content industries at the expense of the fortunes of the carrier folk,” but if Internet companies persist in using IPv4, carriers may find themselves in a new role -- brokering Internet Protocol addresses between content providers and users, he said.
Despite persistent efforts to speed transition from IPv4, “the proportion of IPv6 traffic on the Internet remains very small,” said a draft opinion expected to be adopted Thursday at the ITU World Telecommunication/ICT Policy Forum (WTPF) in Geneva. Internet operators are clinging to the legacy technology, sometimes by using network address translation, but increasingly by buying IPv4 addresses from organizations that don’t need them. There’s growing interest in leasing IPv4 addresses, said regional Internet registry (RIR) American Registry for Internet Numbers (ARIN). A proposed policy under discussion in European RIR Réseaux IP Européens Network Coordination Centre (RIPE NCC) could make IPv4 addresses more transferable by removing the existing requirement that address allocations be needs-based. It’s unclear whether other RIRs will buy into the concept.