7 Jul, 2013

European Parliament to probe US surveillance, seeks more whistleblower protection

=========

Brussels, 04-07-2013, European Parliament Media release – Parliament’s Civil Liberties Committee will conduct an “in-depth inquiry” into the US surveillance programmes, including the bugging of EU premises and other spying allegations, and present its results by the end of this year, says a resolution passed by the full House on Thursday. Parliament’s President and political group leaders formally confirmed the launch of the inquiry. MEPs also call for more protection for whistleblowers.

In the resolution, approved by 483 votes to 98 with 65 abstentions, MEPs express serious concern over PRISM and other surveillance programmes, strongly condemn spying on EU representations and call on the US authorities to provide them with full information on these allegations without further delay.

Parliament also expresses grave concern about allegations that similar surveillance programmes are run by several EU member states, such as the UK, Sweden, The Netherlands, Germany and Poland. It urges them to examine whether those programmes are compatible with EU law.

Civil Liberties Committee inquiry

The Civil Liberties Committee inquiry will gather information and evidence from both US and EU sources and present its conclusions in a resolution by the end of the year. It will assess the impact of the alleged surveillance activities on EU citizens’ right to privacy and data protection, freedom of expression, the presumption of innocence and the right to an effective remedy.

MEPs involved in the inquiry will table recommendations to prevent similar cases in future and step up IT security in the EU institutions, bodies and agencies.

Protecting whistleblowers

MEPs stress the need for “procedures allowing whistleblowers to unveil serious violations of fundamental rights” and the importance of providing such people with the protection they need, including at international level.

Suspend air passenger and bank data deals?

MEPs call on the European Commission, the Council of Ministers and EU countries to consider possible recourse to all levers at their disposal in negotiations with the US, including suspending the current air passenger and bank data deals (Passenger Name Record and Terrorist Finance Tracking Programme, respectively).

Trade talks should not undermine data protection

EU data protection standards should not be undermined as a result of the EU-US trade deal, warns the resolution, adding that it would be “unfortunate” if EU-US trade talks were to be affected by such allegations.

Stronger data safeguards urgently needed

Parliament calls on EU countries to speed up their work on the whole data protection package and urges the Commission and the US authorities to resume negotiations on the data protection agreement without delay. The final deal must ensure that EU citizens’ access to the US judicial system is equal to that enjoyed by US citizens, it adds.

Cyber attacks: Parliament adopts stricter EU-wide penalties

Plenary Session Justice and home affairs − 04-07-2013 – Cyber criminals will face tougher penalties in the EU, under new rules adopted by Parliament on Thursday. The draft directive, already informally agreed with member states, also aims to facilitate prevention and to boost police and judicial cooperation in this field. In the event of a cyber attack, EU countries will have to respond to urgent requests for help within eight hours.

The draft directive requires EU countries to set their maximum terms of imprisonment at not less than two years for the crimes of illegally accessing or interfering with information systems, illegally interfering with data, illegally intercepting communications or intentionally producing and selling tools used to commit these offences. “Minor” cases are excluded, but it is up to each country to determine what constitutes a “minor” case.

“Botnets”

The text sets up a penalty of at least three years’ imprisonment for using “botnets”, i.e. establishing remote control over a significant number of computers by infecting them with malicious software.

Attacks on critical infrastructure

Attacks against “critical infrastructure”, such as power plants, transport networks and government networks, can lead to a five-year prison sentence. The same applies if an attack is committed by a criminal organisation or if it causes serious damage.

Eight-hour deadline for urgent requests

Member states will be required to respond quickly to urgent requests for help in the event of cyber attacks, so as to render police cooperation more effective. They will have to make better use of the existing 24/7 network of contact points to respond to urgent requests within eight hours.

Liability of legal persons

Legal persons, such as firms, would be liable for offences committed for their benefit (e.g. for hiring a hacker to get access to a competitor’s database). Penalties could include exclusion from entitlement to public benefits or closure of establishments.

Next steps

The text, adopted by 541 votes to 91, with 9 abstentions, is expected to be formally adopted by the Council very shortly. The new directive builds on rules that have been in force since 2005. Once adopted, member states will have two years to transpose it into national law.

The UK and Ireland have decided to apply this directive but Denmark will not be bound by it.