On November 14th and 18th, the European Parliament held two hearings on their ongoing investigation of mass electronic surveillance of European citizens in Brussels.
In the 10th and 11th hearings held by the committee for civil liberties (LIBE), Members of the European Parliament (MEPs) focussed on the IT security of the EU Institutions and a possible discussion between the European Commission and the Council of the EU on mass surveillance.
Investigating and investing in IT security
At the 10th hearing, members of the LIBE committee debated the IT security of the EU institutions.
IT experts advised MEPs on possible technical measures to step up IT security in the EU institutions in order to prevent and remedy unauthorised access and the disclosure or loss of information and personal data. However, Ronald Prins, Director and co-founder of Fox-IT, explained that it is technically very difficult and costly to search for all possible security breaches inside of a network. He also added that if an attack was coming from the USA, given their strength, it would be very difficult for an average Western government to resist this attack.
In terms of IT security, the real question might then be “how much can you spend on it?” rather than “What are the efficient measures to adopt?”
Some members of the European Commission came to the hearing to explain the existing IT security system in the EU institutions. Members of the European Parliament (MEPs) took the opportunity to ask them about the ongoing Belgacom case. Belgacom, the Belgian ISP in charge of providing internet connection to the European Institutions, recently discovered the presence malware. However, the company explained that no data breaches have been detected and it seems like there were no data stolen or communication intercepted. A large number of MEPs found it difficult to believe that someone ready to pay millions of dollars to install malware in the systems of Belgacom would have not been able to steal anything, especially because this malicious software was detected very late.
The panel experts then said that when Belgacom informed them of the problem, they looked for unusual activities and didn’t find any evidence that the IT security of the EU institution had been compromised. So far, this data breach is just alleged and they have not been able to determine if it happened or not.
European Parliament asking for information from European Commission and Council
The 11th hearing of the LIBE inquiry was held in Strasbourg and suffered several hours of delay due to a plenary session in the European Parliament that was longer than expected. For this reason, the programme was substantially shorten.
An important point was brought up by the MEP Sophie In’t Veld (NL/ ALDE) regarding a discussion between the European Commission and the Council of the EU on the mass surveillance programs during the last Justice and Home Affairs (JHA) council on October 8th. Although this topic was not in the official agenda for the JHA, it was apparently discussed during the lunch break. MEPs are now asking for a written and public report on that discussion. In the case of denial from the Council, Mrs In’t Veld asked the chair of the LIBE committee, Juan Fernando Lopez Aguilar (ES/S&D) to address a letter to the Commission and the Council in name of the LIBE committee asking for this report.
The 12th and 13th hearing of the LIBE inquiry will take place on December 2nd and 5th. The draft report will then be presented together with the working documents on democratic oversight of intelligence services.
Stay tuned for updates on the developments of this historical investigations. We’ve been cataloguing each hearing in a special series, we will be uploading the rest of the posts soon.
LIBE Series Posts