09:47 AM

NSA Prism Fallout Delays EU Airline Database Vote

Accusations of "paranoia" and discrimination against non-U.S. citizens aired in Brussels this week -- though the importance of working with America on security was also a theme.

Though British political leaders on Tuesday expressed a relaxed attitude about the safety of citizen data in their country, other European lawmakers seem to be a lot less happy, as the aftershocks from last week's U.S. NSA Prism program revelations continue.

In a sometimes-heated session in the European Parliament, members of that body not only expressed deep concerns about possible loss of privacy by their constituents, but also agreed to delay a vote about possible sharing of airline passenger data.

Specifically, according to the Parliamentary timetable, there should have been a vote Tuesday on plans to let law enforcement agencies access stored European Union (EU) airline passenger name register (PNR) data in cases where travelers are being investigated for possible criminal or terrorist activities. The idea is to build a PNR database on flights within Europe; a program already exists that shares such data between the U.S., Australia and the EU.

[ What do we know about Edward J. Snowden, the NSA contractor who leaked details on Prism? 9 Facts About NSA Prism Whistleblower. ]

However, British member Tim Kirkhope succeeded in referring the issue back to Brussels' civil liberties and justice committee, LIBE. The plans had been somewhat controversial before Prism made worldwide headlines, but Kirkhope's move is seen as the best way to eventually get them passed, as the current mood is deeply against anything perceived as so invasive. Kirkhope wrote in April that he feels objections to the proposals are "hypocritical."

"The failed vote means that up to 16 EU countries will still collect passenger data, but with completely different rules and procedures in place for handling and storing it, and no ability to share it when tackling cross-border offenders. Not only could this hamper cross-border criminal detection, it could also put at risk the security of passengers' data," Kirkhope wrote.

But airline passenger data is far from the only online privacy and security issue, as far as European Parliament speakers from across the political spectrum were concerned. Most speakers condemned Prism as they understand it, finding the fact that only non-Americans were targeted to be a particular problem. German member Manfred Weber, declared: "It is completely unacceptable that the U.S .has different rules [for its] citizens and citizens of other countries." Another lawmaker, Britain's Claude Moraes, characterized the Prism affair as denoting "a major breach of trust" between the two nations.

The most colorful expression of this feeling, though, was probably from Dutch representative Sophie in 't Veld, who said, "Obama said to his citizens: 'Don't worry, we are not spying on you, we are only spying on foreigners.' But this is us [i.e., Europeans]. What kind of special relationship is that?"

For Slovakia's Jaroslav Paska, "The paranoid behavior of our American partners is regrettable."

However, Parliament also agreed that the value for Europe of maintaining tight security links with Washington remains as high as ever. Thus for Weber, even though the U.S. approach is "not our approach," we still "work together as partners."

The European Commission, the body that represents Europe as a whole, also said it will raise the Prism issue at the upcoming EU-U.S. joint ministerial meeting set for in Dublin on Friday.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-08
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Published: 2015-10-06
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.

Published: 2015-10-06
Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270.

Published: 2015-10-06
mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006.

Published: 2015-10-06
The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.