Risk
6/12/2013
09:47 AM
Connect Directly
RSS
E-Mail
50%
50%

NSA Prism Fallout Delays EU Airline Database Vote

Accusations of "paranoia" and discrimination against non-U.S. citizens aired in Brussels this week -- though the importance of working with America on security was also a theme.

Though British political leaders on Tuesday expressed a relaxed attitude about the safety of citizen data in their country, other European lawmakers seem to be a lot less happy, as the aftershocks from last week's U.S. NSA Prism program revelations continue.

In a sometimes-heated session in the European Parliament, members of that body not only expressed deep concerns about possible loss of privacy by their constituents, but also agreed to delay a vote about possible sharing of airline passenger data.

Specifically, according to the Parliamentary timetable, there should have been a vote Tuesday on plans to let law enforcement agencies access stored European Union (EU) airline passenger name register (PNR) data in cases where travelers are being investigated for possible criminal or terrorist activities. The idea is to build a PNR database on flights within Europe; a program already exists that shares such data between the U.S., Australia and the EU.

[ What do we know about Edward J. Snowden, the NSA contractor who leaked details on Prism? 9 Facts About NSA Prism Whistleblower. ]

However, British member Tim Kirkhope succeeded in referring the issue back to Brussels' civil liberties and justice committee, LIBE. The plans had been somewhat controversial before Prism made worldwide headlines, but Kirkhope's move is seen as the best way to eventually get them passed, as the current mood is deeply against anything perceived as so invasive. Kirkhope wrote in April that he feels objections to the proposals are "hypocritical."

"The failed vote means that up to 16 EU countries will still collect passenger data, but with completely different rules and procedures in place for handling and storing it, and no ability to share it when tackling cross-border offenders. Not only could this hamper cross-border criminal detection, it could also put at risk the security of passengers' data," Kirkhope wrote.

But airline passenger data is far from the only online privacy and security issue, as far as European Parliament speakers from across the political spectrum were concerned. Most speakers condemned Prism as they understand it, finding the fact that only non-Americans were targeted to be a particular problem. German member Manfred Weber, declared: "It is completely unacceptable that the U.S .has different rules [for its] citizens and citizens of other countries." Another lawmaker, Britain's Claude Moraes, characterized the Prism affair as denoting "a major breach of trust" between the two nations.

The most colorful expression of this feeling, though, was probably from Dutch representative Sophie in 't Veld, who said, "Obama said to his citizens: 'Don't worry, we are not spying on you, we are only spying on foreigners.' But this is us [i.e., Europeans]. What kind of special relationship is that?"

For Slovakia's Jaroslav Paska, "The paranoid behavior of our American partners is regrettable."

However, Parliament also agreed that the value for Europe of maintaining tight security links with Washington remains as high as ever. Thus for Weber, even though the U.S. approach is "not our approach," we still "work together as partners."

The European Commission, the body that represents Europe as a whole, also said it will raise the Prism issue at the upcoming EU-U.S. joint ministerial meeting set for in Dublin on Friday.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4725
Published: 2014-07-27
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

CVE-2014-4726
Published: 2014-07-27
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.

CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-2625
Published: 2014-07-26
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

CVE-2014-2626
Published: 2014-07-26
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.