Risk
6/12/2013
09:47 AM
50%
50%

NSA Prism Fallout Delays EU Airline Database Vote

Accusations of "paranoia" and discrimination against non-U.S. citizens aired in Brussels this week -- though the importance of working with America on security was also a theme.

Though British political leaders on Tuesday expressed a relaxed attitude about the safety of citizen data in their country, other European lawmakers seem to be a lot less happy, as the aftershocks from last week's U.S. NSA Prism program revelations continue.

In a sometimes-heated session in the European Parliament, members of that body not only expressed deep concerns about possible loss of privacy by their constituents, but also agreed to delay a vote about possible sharing of airline passenger data.

Specifically, according to the Parliamentary timetable, there should have been a vote Tuesday on plans to let law enforcement agencies access stored European Union (EU) airline passenger name register (PNR) data in cases where travelers are being investigated for possible criminal or terrorist activities. The idea is to build a PNR database on flights within Europe; a program already exists that shares such data between the U.S., Australia and the EU.

[ What do we know about Edward J. Snowden, the NSA contractor who leaked details on Prism? 9 Facts About NSA Prism Whistleblower. ]

However, British member Tim Kirkhope succeeded in referring the issue back to Brussels' civil liberties and justice committee, LIBE. The plans had been somewhat controversial before Prism made worldwide headlines, but Kirkhope's move is seen as the best way to eventually get them passed, as the current mood is deeply against anything perceived as so invasive. Kirkhope wrote in April that he feels objections to the proposals are "hypocritical."

"The failed vote means that up to 16 EU countries will still collect passenger data, but with completely different rules and procedures in place for handling and storing it, and no ability to share it when tackling cross-border offenders. Not only could this hamper cross-border criminal detection, it could also put at risk the security of passengers' data," Kirkhope wrote.

But airline passenger data is far from the only online privacy and security issue, as far as European Parliament speakers from across the political spectrum were concerned. Most speakers condemned Prism as they understand it, finding the fact that only non-Americans were targeted to be a particular problem. German member Manfred Weber, declared: "It is completely unacceptable that the U.S .has different rules [for its] citizens and citizens of other countries." Another lawmaker, Britain's Claude Moraes, characterized the Prism affair as denoting "a major breach of trust" between the two nations.

The most colorful expression of this feeling, though, was probably from Dutch representative Sophie in 't Veld, who said, "Obama said to his citizens: 'Don't worry, we are not spying on you, we are only spying on foreigners.' But this is us [i.e., Europeans]. What kind of special relationship is that?"

For Slovakia's Jaroslav Paska, "The paranoid behavior of our American partners is regrettable."

However, Parliament also agreed that the value for Europe of maintaining tight security links with Washington remains as high as ever. Thus for Weber, even though the U.S. approach is "not our approach," we still "work together as partners."

The European Commission, the body that represents Europe as a whole, also said it will raise the Prism issue at the upcoming EU-U.S. joint ministerial meeting set for in Dublin on Friday.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7266
Published: 2015-02-01
Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigger colliding hash-table keys. NOTE: this vulnerability exists because of an incomplete fix for CVE-2...

CVE-2014-7269
Published: 2015-02-01
ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376....

CVE-2014-7270
Published: 2015-02-01
Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earl...

CVE-2014-8630
Published: 2015-02-01
Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shel...

CVE-2014-9200
Published: 2015-02-01
Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X8...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.