Ross Anderson, Rainer Böhme, Richard Clayton, and Tyler Moore have published a major report on security and economics: “Security, Economics, and the Internal Market,” published by the European Network and Information Security Agency (ENISA). It’s 114 pages long, and I just printed it out to read.
Entries Tagged "EU"
Page 2 of 2
Canada comes in first.
Individual privacy is best protected in Canada but under threat in the United States and the European Union as governments introduce sweeping surveillance and information-gathering measures in the name of security and border control, an international rights group said in a report released Saturday.
Canada, Greece and Romania had the best privacy records of 47 countries surveyed by London-based watchdog Privacy International. Malaysia, Russia and China were ranked worst.
Both Britain and the United States fell into the lowest-performing group of “endemic surveillance societies.”
EDITED TO ADD (1/10): Actually, Canada comes in second.
This ban is annoying for the travellers and a large cost for society, and we need to examine if the benefits are in relation to the cost.
And the European Parliament agreed:
The House adopted a resolution with 464 votes in favour, 158 against and 70 abstentions on the restrictions imposed by the EU on liquids that passengers can take on board aeroplanes. MEPs call upon the Commission to review urgently and — if no further conclusive facts are brought forward — to repeal Regulation (EC) No 1546/2006 (introduction of liquids onto aircraft). The particular amendment on the possible repeal was adopted with 382 votes in favour, 298 against and 15 abstentions.
Security is a trade-off; makes sense to me.
EDITED TO ADD (10/11): Unfortunately the European Parliament is powerless; their decisions are regularly ignored. In this case, the European Commission has the real power.
A recently completed Dutch study of 242 Islamic radicals convicted or accused of planning terrorist attacks in Europe from 2001 to 2006 found that most were men of Arab descent who had been born and raised in Europe and came from lower or middle-class backgrounds. They ranged in age from 16 to 59 at the time of their arrests; the average was 27. About one in four had a criminal record.
The author of the study, Edwin Bakker, a researcher at the Clingendael Institute in The Hague, tried to examine almost 20 variables concerning the suspects’ social and economic backgrounds. In general, he determined that no reliable profile existed — their traits were merely an accurate reflection of the overall Muslim immigrant population in Europe. “There is no standard jihadi terrorist in Europe,” the study concluded.
In an interview, Bakker said that many local police agencies have been slow to abandon profiling, but that most European intelligence agencies have concluded it is an unreliable tool for spotting potential terrorists. “How can you single them out? You can’t,” he said. “For the secret services, it doesn’t give them a clue. We should focus more on suspicious behavior and not profiling.”
This is a good summary of the SWIFT privacy case:
This week, the Article 29 group — a panel of European Commissioners for Freedom, Security, and Justice — ruled that the interbank money transfer service SWIFT (Society for Worldwide Interbank Financial Telecommunication) has failed to respect the provisions of the EU Data Protection directive by transferring personal financial data to the US in a manner the press release describes as “hidden, systematic, massive, and long-term.”
Interesting story of a British journalist buying 20 different fake EU passports. She bought a genuine Czech passport with a fake name and her real picture, a fake Latvian passport, and a stolen Estonian passport.
Despite information on stolen passports being registered to a central Interpol database, her Estonian passport goes undetected.
Note that harder-to-forge RFID passports would only help in one instance; it’s certainly not the most important problem to solve.
Also, I am somewhat suspicious of this story. I don’t know about the UK laws, but in the US this would be a major crime — and I don’t think being a reporter would be an adequate defense.
Fascinating essay about how EU law would treat the NSA’s collection of everyone’s phone records.
From the ACLU:
In 2003, the United States and the European Union reached an agreement under which the EU would share Passenger Name Record (PNR) data with the U.S., despite the lack of privacy laws in the United States adequate to ensure Europeans’ privacy. In return, DHS agreed that the passenger data would not be used for any purpose other than preventing acts of terrorism or other serious crimes. It is now clear that DHS did not abide by that agreement.
From Europe, although I doubt it’s any different in the U.S.:
- One in five workers (21%) let family and friends use company laptops and PCs to access the Internet.
- More than half (51%) connect their own devices or gadgets to their work PC.
- A quarter of these do so every day.
- Around 60% admit to storing personal content on their work PC.
- One in ten confessed to downloading content at work they shouldn’t.
- Two thirds (62%) admitted they have a very limited knowledge of IT Security.
- More than half (51%) had no idea how to update the anti-virus protection on their company PC.
- Five percent say they have accessed areas of their IT system they shouldn’t have.
One caveat: the study is from McAfee, and as the article rightly notes:
Naturally McAfee has a vested interest in talking up this kind of threat….
Based on its survey, McAfee has identified four types of employees who put their workplace at risk:
- The Security Softie – This group comprises the vast majority of employees. They have a very limited knowledge of security and put their business at risk through using their work computer at home or letting family members surf the Internet on their work PC.
- The Gadget Geek – Those that come to work armed with a variety of devices/gadgets, all of which get plugged into their PC.
- The Squatter – Those who use the company IT resources in ways they shouldn’t (i.e. by storing content or playing games).
- The Saboteur – A very small minority of employees. This group will maliciously hack into areas of the IT system to which they shouldn’t have access or infect the network purposely from within
I like the list.
Sidebar photo of Bruce Schneier by Joe MacInnis.