In This Issue

• Executive Director’s Message
• CSIA Testifies Before House Armed Services Committee Panel
• National Electronic Health Records: How Close Are We?
• FBI and Partners Create Website to Help Prevent Cyber Scams
• Global Perspectives
• CSIA Member Spotlight
• About Citrix
• Delivering Secure Access for Healthcare
• Congressional Spotlight
• Senator Christopher Dodd (D-CT)
• Health IT: A Crucial Step Towards Safer and Better Health Care
• Nominate the Excellence in Public Policy Award Winner!
• Legislative Update
• CSIA in the News
• Upcoming Events
• Member List
• Archives
• Contact Us

Global Perspectives

i2010

The American Chamber of Commerce to the European Union (AmCham EU) published a position paper on i2010 on 13 October 2005. The paper states that "ensuring secure networks will be crucial to the provision of user-friendly value added services. The 2006 review of the Electronic Communications Directives provides the opportunity to further explicitly acknowledge the difference between legitimate e-marketers that can be effectively regulated by privacy legislation and spammers who need to be tackled by cybercrime legislation and related agencies.

The continued pressure to develop a competitive broadband market should be complemented by equally important actions for broadband content and service to encourage regional authorities to develop ePublic services, which will be a key factor in strengthening economic and social cohesion."

Link to AmCham EU’s position paper:
http://www.amchameu.be/Pops/2005archive/i201010132005.pdf

On 7 November 2005, the Working Party on Telecommunications and Information Society issued draft Council conclusions, which will be debated at the Telecoms Council meeting on 1 & 5 December 2005. The draft conclusions invite the Commission to launch a strategy for developing a secure and safe European Information Space, and to concentrate in particular on two questions:

• What are the key strategic ICT issues that need to be the focus of attention in 2006 and beyond at a) European and b) national level?



• How do we ensure that the economic and social benefits of ICT are taken into account in other European and national policy areas, in particular in implementing the Lisbon strategy?

Link: http://register.consilium.eu.int/pdf/en/05/st13/st13961.en05.pdf

The Council also invites all stakeholders "to continue to participate in an open dialogue with Member States and the Commission to identify actions that need to be taken to achieve a globally competitive, innovative and inclusive information society; identify new business models, innovative technological solutions and effective self-regulation…"

The draft conclusions can be found in Annex 1 of the following document:
http://register.consilium.eu.int/pdf/en/05/st13/st13962.en05.pdf

The European Parliament will review i2010 early next year, after the Council has met. Reino Paasilinna, a Finnish Socialist Member of the European Parliament, will be responsible for drafting a report on i2010. He hopes to schedule the final vote in Parliament for March 2006. A short biography of Paasilinna can be found in Annex 1.

Data Retention

The most important development is that UK Prime Minister and current President of the Council, Tony Blair addressed the European Parliament on 26 October 2005 and hinted at a political compromise. Specifically, they want "to propose measures for a counter-terrorism strategy in order to get agreement to those measures at the December Council. Those should focus on the radicalisation of people inside the European Union, the protection of our infrastructure, and in particular how we exchange information and protection better, how we retain that, and how we get cooperation between the different security and police services inside the European Union in order to protect our people better."

Link to Tony Blair’s speech:
http://www.number-10.gov.uk/output/Page8384.asp

Alexander Alvaro, MEP, did not have support from his fellow MEPs for the three-month retention periods he was proposing. This is much less than the periods proposed by the European Commission (12 months for fixed and mobile telephony data and six months for IP based communication data). He was also proposing that Internet data should be removed from the scope of the Directive.

Jonathan Faull, the Director General for Justice, Freedom and Security at the European Commission has argued that three months would not be long enough for the type of investigations in question.

The Justice and Home Affairs Ministers met on 12 October 2005 and discussed the two data retention proposals currently on the table: the Proposal for a Framework Decision and the Proposal for a Directive. The Ministers concluded that the Framework Decision will remain on the table as there is still support among a number of delegations, but the majority of delegations were also open to the idea of adopting a Directive. They also agreed that any measure must reflect a number of elements (see below) relating to costs, scope, retention periods and review.

The whole process is subject to negotiation with the Council keeping their proposal on the table as a tool for securing a directive that looks similar. Retention periods now look closer to the Commission's proposal but costs remain controversial. The review clause is probably more satisfactory for Parliament since it is circumvented with a comitology procedure.

UK Home Secretary Charles Clarke reported to the Parliament’s Civil Liberties Committee on 13 October 2005 and he argued that "there must be flexibility for the member states” on how long data should be retained for and who should pay the cost of introducing it. He warned Parliament not to “believe the commercially-motivated propaganda that some telecommunications lobbies are putting out". He reiterated his determination to have a political agreement on the text by the end of 2005.

Link to Minutes of Council meeting:
http://ue.eu.int/ueDocs/cms_Data/docs/pressData/en/jha/86570.pdf

On 20 October 2005, the European Parliament’s Conference of Presidents (made up of the chairs of the political groups and the President of the European Parliament) backed the stance taken by its Civil Liberties Committee of continuing negotiations with the Council and Commission on this issue.

The Justice and Home Affairs Counsellors of the 25 member states are responsible for the technical discussions on the data retention dossier and the outcome of their discussions has been published (dated 3 October 2005).

Link: http://register.consilium.eu.int/pdf/en/05/st12/st12894.en05.pdf

The Article 36 Committee (which is made up of member state representatives and prepares the ground for Council deliberations on police cooperation and judicial cooperation in civil matters) issued an opinion on the draft framework decision on data retention that has just been made public (dated 27 September 2005).

Link: http://register.consilium.eu.int/pdf/en/05/st12/st12660.en05.pdf

On 21 October 2005, the Article 29 Data Protection Working Party (made up of representatives of the national data protection authorities of the 25 member states) adopted an opinion on the Commission proposal for a directive on data retention: "Traffic data retention interferes with the inviolable, fundamental right to confidential communications."

Restrictions to the fundamental right to private communications must be "based on a pressing need, should only be allowed in exceptional cases and be the subject of adequate safeguards." The Opinion asks whether the justification for obligatory data retention is grounded on "crystal clear evidence"; and whether the proposed retention periods in the Commission draft text are "convincing".

The Working Party suggests limiting the purposes of data retention to fighting terrorism and organised crime, rather than undetermined "serious crime". They also propose the "quick freeze procedure" (i.e., data preservation) as an option that would be less privacy intrusive and imposing a limit on the term of the legislation, e.g., three years. Finally, they list 20 other issues to consider, including judicial/independent scrutiny of requests for access and separation of the systems for storage of data for public order purposes from the systems that are used for the business purposes of providers.

Link to the Article 29 Data Protection Working Party Opinion:
http://www.europa.eu.int/comm/justice_home/fsj/privacy/docs/wpdocs/2005/wp113_en.pdf

The European Parliament’s Civil Liberties Committee met on 14 November 2005 and discussed the draft report on the Commission’s proposed directive on data retention. Parliament is under pressure from the Council to deliver its opinion on this draft directive before the end of 2005. Alexander Alvaro, the German Liberal responsible for data retention in the Parliament, said it is likely that mandatory data retention will be adopted by member states. He would rather it were done with the European Parliament having a role.

Alvaro drafted Parliament’s report on the Commission proposal for a directive on data retention and proposed 43 amendments. Other members of the committee proposed a total of 194 amendments. The Committee must agree which amendments to propose to the full Parliament and then Parliament as a whole must adopt a report (vote due for the plenary session of the week of 12 December 2005).

The leaders of the political groups in the European Parliament decided in October to push for a deal with the Council and ensure the directive can be adopted in one reading.

Link to the draft report by Alexander Alvaro and the proposed amendments to the Commission’s draft directive:
http://www.europarl.eu.int/meetdocs/2004_2009/documents/pr/583/583793/583793en.pdf
http://www.europarl.eu.int/meetdocs/2004_2009/documents/am/586/586350/586350en.pdf

UNICE, the trade association representing the national employers’ federations of the EU member states, issued its preliminary comments on data retention on 31 October 2005.

It argues for a thorough impact assessment of any measure to evaluate the consequences of possible requirements for industry and consumers; analyse if and to what degree a harmonised European data regime would help to ensure effective and judicial co-operation; agreement on the legal basis (i.e. , whether it should be pillar 1 or pillar 3), but does not advocate either; restriction of data types to what is proportional; limitation of retention periods to six months maximum; cost compensation by member states to include incremental infrastructure costs and annual operational expenses; scope of application should be limited to serious crime.

Link: http://www.unice.org

The American Chamber of Commerce to the European Union, AmCham EU, sent a letter to Antoine Duquesne, Member of the European Parliament (MEP) on 9 November 2005 to follow-up on a meeting AmCham EU had with him in Strasbourg. The letter provides information about the specific problems related to retaining email data (see wording in European Commission draft directive, Annex, section (b) part (3)).

Link: http://www.amchameu.be/Pops/2005archive/dataretentionletter11092005.pdf

ENISA Update

The October 2005 ENISA Quarterly announces ENISA three departments: Technical department led by Dr Alain Esterle; Cooperation and support department led by Ronald de Bruin; and Administration department led be José Carreira.

ENISA will have a total of 44 full time members of staff when it finalises recruitment. Tim Mertens has been appointed as new Senior Expert for Coordination of Activities with member states and European bodies.

http://www.enisa.eu.int/doc/pdf/publications/enisa_quarterly_10_05.pdf

ENISA also issued a report on risk management. "A road map — from objectives to achieve practical results" examines ENISA’s objective of promoting and developing best practices for risk assessment and interoperable risk management solutions, as set out in the Regulation establishing ENISA.

The work is currently conducted within an ad hoc working group on risk management, which consists of a team of nine experts. ENISA’s work programme for this year includes an inventory of risk management and risk assessment methods currently in use (at member state and international levels). The working group’s mission is to generate information packs for different types of organisations to help them in selecting and applying suitable methods for performing and managing information security related risks.

Link to Report: http://www.enisa.eu.int/doc/pdf/deliverables/risk_management_enisa.pdf

Online Public Procurement

On 11 October 2005, the European Commission moved to make it easier to advertise large public contracts on the Internet. New standard forms were adopted for public contract notices mainly for use online. This is part of a wider EU strategy on computerising public procurement procedures in the EU. The forms will be available in all EU languages by the end of October at http://europa.eu.int/comm/internal_market/publicprocurement/e-procurement_en.htm.

Study on the Digital Divide in the EU

A digital divide has appeared among Europeans, with age, income and education determining whether the continent's citizens use the Internet, according to a new European Union study released on 10 November 2005. Eurostat, the EU's statistics agency, conducted a survey that found that 85% of school or university students aged 16 to 24 used the internet, while only 13% of people aged between 55 and 74 went online during the survey. The poll was conducted across the 25 countries of the EU between April and June 2004, questioning 204,029 people. Only 25% of those who had not completed high school used the Internet, with the figure rising to 52% for those who attained a secondary school diploma and to 77% for college or university graduates.

Eurostat, Statistics in Focus, Industry, Trade & Services, 38/2005, "The digital divide in Europe". The publication is available free of charge in PDF format on the Eurostat website. Link: http://epp.eurostat.cec.eu.int/portal/page?_pageid=1073,46587259&_dad=portal&_schema=PORTAL&p;_product_code=KS-NP-05-038

European Commission Legislative and Work Programme 2006

The Commission published its legislative and work programme for 2006 on 25 October 2005. It focuses on the key strategic objectives which the Commission set out at the start of its mandate. On security, it states that "trustworthy, secure and reliable communication networks and information systems also need to be assured as crucial prerequisites for the take-up of converging digital services".

The work programme also includes a Communication on the functioning of the regulatory framework for electronic communications and services and a Communication on eGovernment.

Link:  http://europa.eu.int/comm/atwork/programmes/docs/wp2006_en.pdf

New European Commission Expert Group on e-Commerce

On 24 October 2005, the European Commission created a new independent advisory body on e-commerce issues, made up of representatives of the EU member states. The group will discuss problems in the application of the e-commerce directive and emerging issues in the area of e-commerce. The expert group will also set up temporary working groups to report on specific issues.

Link to full text of decision: http://europa.eu.int/eur-lex/lex/LexUriServ/site/en/oj/2005/l_282/l_28220051026en00200021.pdf

The New European Software Association

On 26 October 2005 a group of 26 European independent software vendors announced the creation of the European Software Association. This trade association aims to become the principal interface with the EU institutions, the media and the general public on matters impacting the software industry. Jeremy Roche, CEO of CODA, is chairman of the board of directors; other members are: 1C, Abacus, AFAS BUSINESS SOLUTIONS, Beta Systems Software AG, Business Objects S.A., CCS, S.A., CEGID, Dassault Systemes, Fenestrae B.V., F-Secure Corporation, Hogia AB, S.C. Info World S.R.L., KTW, Lexware GmbH & Co. KG, LogicaCMG, Mamut ASA, Microsoft, msg systems ag, Northgate Information Solutions, SAP, UCS Software Manufacturing, Unicorn, Unit 4 Agresso, Vidus.

Link to website: http://www.europeansoftware.org

Anti-Phishing

The European Internet Services Providers Association, EuroISPA, has issued a website dedicated to anti-phishing. The site was developed with the support of eBay. EuroISPA states that the site was created because "We aim to inform users how to avoid falling victim to phishing attacks. At the same time, we are working with law-makers at the national and EU levels to fight against cybercrime." The site includes information about the tell tale signs of phishing and guidelines about what to do if you suspect phishing.

Link to a press report: http://ipandit.practicallaw.com/3-201-5499

UK Phishing Conviction

On 1 November 2005, David Levi was jailed for four years by a UK Court for committing fraud and perverting the course of justice through a phishing scheme that netted around £200,000 from Internet users in one year. Levi and his accomplices set up a network of computers that sent e-mails to eBay customers, purporting to be from eBay.

Link to EuroISPA Anti-Phishing website: http://www.euroispa.org/antiphishing

Task Force on ICT Competitiveness

On 5 October 2005, the European Commission adopted a Communication on a new integrated industrial policy in which it identifies a number of new political sector-specific initiatives. A task force with stakeholder representatives will provide a supportive environment for the competitiveness of this sector. The task force will identify key obstacles to competitiveness and possible policy responses in terms of better regulation, technological skills, IPR, and standardisation.

Link to Commission Communication "Implementing the Community Lisbon Programme: A Policy Framework to Strengthen EU Manufacturing – towards a more integrated approach for Industrial Policy EU Industrial Policy":
 http://europa.eu.int/comm/enterprise/enterprise_policy/industry/com_2005/com_2005_474.pdf

Copyright ©2005 Cyber Security Industry Alliance. All rights Reserved.