Risk
6/12/2013
09:47 AM
Connect Directly
RSS
E-Mail
50%
50%

NSA Prism Fallout Delays EU Airline Database Vote

Accusations of "paranoia" and discrimination against non-U.S. citizens aired in Brussels this week -- though the importance of working with America on security was also a theme.

Though British political leaders on Tuesday expressed a relaxed attitude about the safety of citizen data in their country, other European lawmakers seem to be a lot less happy, as the aftershocks from last week's U.S. NSA Prism program revelations continue.

In a sometimes-heated session in the European Parliament, members of that body not only expressed deep concerns about possible loss of privacy by their constituents, but also agreed to delay a vote about possible sharing of airline passenger data.

Specifically, according to the Parliamentary timetable, there should have been a vote Tuesday on plans to let law enforcement agencies access stored European Union (EU) airline passenger name register (PNR) data in cases where travelers are being investigated for possible criminal or terrorist activities. The idea is to build a PNR database on flights within Europe; a program already exists that shares such data between the U.S., Australia and the EU.

[ What do we know about Edward J. Snowden, the NSA contractor who leaked details on Prism? 9 Facts About NSA Prism Whistleblower. ]

However, British member Tim Kirkhope succeeded in referring the issue back to Brussels' civil liberties and justice committee, LIBE. The plans had been somewhat controversial before Prism made worldwide headlines, but Kirkhope's move is seen as the best way to eventually get them passed, as the current mood is deeply against anything perceived as so invasive. Kirkhope wrote in April that he feels objections to the proposals are "hypocritical."

"The failed vote means that up to 16 EU countries will still collect passenger data, but with completely different rules and procedures in place for handling and storing it, and no ability to share it when tackling cross-border offenders. Not only could this hamper cross-border criminal detection, it could also put at risk the security of passengers' data," Kirkhope wrote.

But airline passenger data is far from the only online privacy and security issue, as far as European Parliament speakers from across the political spectrum were concerned. Most speakers condemned Prism as they understand it, finding the fact that only non-Americans were targeted to be a particular problem. German member Manfred Weber, declared: "It is completely unacceptable that the U.S .has different rules [for its] citizens and citizens of other countries." Another lawmaker, Britain's Claude Moraes, characterized the Prism affair as denoting "a major breach of trust" between the two nations.

The most colorful expression of this feeling, though, was probably from Dutch representative Sophie in 't Veld, who said, "Obama said to his citizens: 'Don't worry, we are not spying on you, we are only spying on foreigners.' But this is us [i.e., Europeans]. What kind of special relationship is that?"

For Slovakia's Jaroslav Paska, "The paranoid behavior of our American partners is regrettable."

However, Parliament also agreed that the value for Europe of maintaining tight security links with Washington remains as high as ever. Thus for Weber, even though the U.S. approach is "not our approach," we still "work together as partners."

The European Commission, the body that represents Europe as a whole, also said it will raise the Prism issue at the upcoming EU-U.S. joint ministerial meeting set for in Dublin on Friday.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.