Risk
6/12/2013
09:47 AM
50%
50%

NSA Prism Fallout Delays EU Airline Database Vote

Accusations of "paranoia" and discrimination against non-U.S. citizens aired in Brussels this week -- though the importance of working with America on security was also a theme.

Though British political leaders on Tuesday expressed a relaxed attitude about the safety of citizen data in their country, other European lawmakers seem to be a lot less happy, as the aftershocks from last week's U.S. NSA Prism program revelations continue.

In a sometimes-heated session in the European Parliament, members of that body not only expressed deep concerns about possible loss of privacy by their constituents, but also agreed to delay a vote about possible sharing of airline passenger data.

Specifically, according to the Parliamentary timetable, there should have been a vote Tuesday on plans to let law enforcement agencies access stored European Union (EU) airline passenger name register (PNR) data in cases where travelers are being investigated for possible criminal or terrorist activities. The idea is to build a PNR database on flights within Europe; a program already exists that shares such data between the U.S., Australia and the EU.

[ What do we know about Edward J. Snowden, the NSA contractor who leaked details on Prism? 9 Facts About NSA Prism Whistleblower. ]

However, British member Tim Kirkhope succeeded in referring the issue back to Brussels' civil liberties and justice committee, LIBE. The plans had been somewhat controversial before Prism made worldwide headlines, but Kirkhope's move is seen as the best way to eventually get them passed, as the current mood is deeply against anything perceived as so invasive. Kirkhope wrote in April that he feels objections to the proposals are "hypocritical."

"The failed vote means that up to 16 EU countries will still collect passenger data, but with completely different rules and procedures in place for handling and storing it, and no ability to share it when tackling cross-border offenders. Not only could this hamper cross-border criminal detection, it could also put at risk the security of passengers' data," Kirkhope wrote.

But airline passenger data is far from the only online privacy and security issue, as far as European Parliament speakers from across the political spectrum were concerned. Most speakers condemned Prism as they understand it, finding the fact that only non-Americans were targeted to be a particular problem. German member Manfred Weber, declared: "It is completely unacceptable that the U.S .has different rules [for its] citizens and citizens of other countries." Another lawmaker, Britain's Claude Moraes, characterized the Prism affair as denoting "a major breach of trust" between the two nations.

The most colorful expression of this feeling, though, was probably from Dutch representative Sophie in 't Veld, who said, "Obama said to his citizens: 'Don't worry, we are not spying on you, we are only spying on foreigners.' But this is us [i.e., Europeans]. What kind of special relationship is that?"

For Slovakia's Jaroslav Paska, "The paranoid behavior of our American partners is regrettable."

However, Parliament also agreed that the value for Europe of maintaining tight security links with Washington remains as high as ever. Thus for Weber, even though the U.S. approach is "not our approach," we still "work together as partners."

The European Commission, the body that represents Europe as a whole, also said it will raise the Prism issue at the upcoming EU-U.S. joint ministerial meeting set for in Dublin on Friday.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-4403
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.ph...

CVE-2012-2930
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers...

CVE-2012-2932
Published: 2015-04-24
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the (1) selitems[] parameter in a copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/...

CVE-2012-5451
Published: 2015-04-24
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888.

CVE-2015-0297
Published: 2015-04-24
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methos via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.