VVD Eurofractie on-line

Speech "Cyber security"
to the occasion of the 3rd Virtual Opportunity Congress Sydney , 16 December 2003
by Elly Plooij- van Gorsel

Chairman, distinguished guests, ladies and gentlemen, George :

It is a special privilege for a Member of the European Parliament to address you today on a theme which is increasingly central to the development of Europe 's information society. Indeed, I think it is fair to say that nowhere else in the world are the issues of cyber security and cyber risk so deeply embedded in the social and cultural context, with the result that these issues are also deeply and unavoidably political.

It is therefore as an elected politician with a direct personal role in the evolution of European cyber policy and regulation that I offer three initial observations which – to cite instructions to panellists - I trust you will find both “thought provoking” and “short”. I should also make clear that I am a member of the Dutch Liberal party, and the Liberal group in the European Parliament. As will become clear, we Liberals have a particular commitment to the defence of individual citizens' rights and liberties, and an ingrained scepticism of any claims by the state to curtail them. You see, I turn already to the political dimension of our theme . . . and make no apology for it !

My first observation is that cyber security and cyber risk are worrisome issues for politicians for the simple reason that they are so little understood by citizens, despite the fact that – at least in the OECD world – most citizens now routinely connect to and navigate the cyber world beyond the borders of their own computers. This is a bit like wandering around in a primeval forest with no idea that carnivorous creatures lurk in the shadows.

This is not, of course, an original observation. Virtually every official and unofficial treatise you can find on how to improve cyber-security calls for investment in downstream user education. OK. Hands up everybody here who has been through that sort of education, or even knows where to find it. So there is a point we might wish to discuss further here today.

But the particular point I wish to make about this general ignorance is more specific to my life as a legislator, and my own political convictions. Even assuming that we legislators are ourselves reasonably well-educated on cyber-security and risks (a risky assumption in itself), how can our publics participate effectively in the democratic process to advance their interests and defend their liberties if they haven't any idea what the risks really are, nor what measures are available to reduce them?

In this regard, what seems to be missing, in Europe at least – perhaps less so in the United States , is the emergence of citizens interest and action groups as major actors in cyber-politics. 'Big brother' is close when democratic resistance is not mobilised . Too often in Europe it is left to supply-side industry interests to challenge claims by the state of the need for greater invasion of individual privacy in the name of security. And by the same token, supply-side industry sectors may not be the most reliable witnesses when it comes to consumer or user protection. So, question : What can we do about this democratic deficit in cyber-space ?

My second observation is a more specific follow-on from my first : Governments will always, under any circumstances, be inclined to give priority to the interests of the state over the freedom of citizens. Now in these times of heightened insecurity, calls to strengthen the powers of governments to intervene grow even stronger, especially for intelligence gathering.

Indeed, in Europe our political debate on cyber security and risk continues to be centred on a search for the proper balance between the privacy of citizens and the efficiency of state security services and the combat of crime. That balance is clearly lost when large-scale government bugging or data mining possibilities are introduced.

It will not surprise you by now to hear that I believe Europe's citizens need more - not less - protection to restore the necessary balance, and that it is the task of national parliaments and the European Parliament to help restore the balance. Who else can ? Who else will ?

It is clear that the technical skills of the government to fight terror and crime can be improved, but this must not be confused with a broad expansion of state surveillance powers. We have had to confront this fundamental issue over the past couple of years in the European Parliament over the course of the adoption of an EU data privacy directive. As finally adopted, our member state governments now have the right to adopt their own national legislation obliging telephone companies to keep traffic data for an indefinite period of time. This is permitted when judged necessary for criminal investigation or for the maintenance of national or public safety.

The European Parliament has consistently supported the view that holding this data for a period longer that strictly necessary is a violation of privacy. As a result, the final Directive makes clear that governments can now mandate the storage of telecom traffic data only in so far as this is necessary, reasonable and proportional to the security objective. Moreover, such measures must completely be in line with all principles of European law. A significant minority of my parliamentary colleagues wanted to go much farther – to establish a European-level prohibition on member states to require telecom date retention beyond a few months. We will now see in the next few years how well our member state authorities are able to navigate these turbulent waters.

Let me now offer a third and final introductory observation, more in line with theme of business opportunity, which is not only a major focus of our time here together but also a major interest of Dutch and European Liberal politicians.

Over the past few years, an important dialogue has developed between Members of the European Parliament from all parties active on cyber-issues, and our opposite numbers in the United States House and Senate. This dialogue also involves the relevant governmental agencies on both sides.

When we Europeans visited Washington last July, we had one particularly valuable meeting with the newly appointed leadership of the newly created cyber-security division of the newly created Department of Homeland Security. Two messages from our American friends were very clear : First, the only practical way to make progress was through an entirely new paradigm of cooperation and collaboration between government and the private sector, and second, that ICT technologies will be a strategic resource for enhancing security throughout our economies and societies.

Now flash forward to the decision taken a few weeks ago by the European Union to establish our own network security Agency to begin to coordinate and cumulate work already underway in all of our member states. One of the most important issues leading up to the final decision was precisely the extent to which the private sector will be permanently associated with the work of this new Agency. The European Parliament has been a consistent champion of a new collaborative public-private-partnership paradigm for security - let's call it a ppp...p !, and I am pleased to report that the final decision now reflects this.

So there you have it : the foundations for a pppp for cyber-based securityhave now been laid both in the United States and Europe . But of course we are essentially talking about the same security threats, the same risks, and ultimately in many cases the same technologies and solutions, not only in a transatlantic market framework, but worldwide.

Chairman, to these liberal Dutch ears, that begins to sound like major opportunity !


  Vorige Home