Brussels, 04 Nov 2002
In its opinion of the Commission's plans to spend 25 million euro on eEurope in the next 3 years the European Economic and Social Committee (ESC) expressed particular concerns about the balance between liberty and security.
In the Committee's view, an important priority for the programme and one of the key objectives of the information society should be to 'put greater effort into finding the most effective means of reconciling the need for information and network protection, and, more generally, the security of people and property on the one hand, with civil liberties and users' rights to cheap and totally secure broadband access on the other.'
The programme aims to provide a common framework to promote interaction at the various levels: Community, national, regional and local. The programme will include studies on good practices serving the implementation of eEurope 2005 and the organisation of initiatives (seminars, workshops, etc.), particularly to promote cooperation and exchanges of good practice. It will also support the information society forum (network of web-based experts) as a source of advice for the Commission on implementing the information society and finance a range of initiatives on network and information security, particularly in wireless communications. Finally, it will support the cyber security task force and efforts to enhance security at the various levels by promoting exchanges of experience.
The ESC shares the Commission's view that, to fully realise the objectives of a competitive knowledge-based society, the development of high-speed access is a key requirement for Europeans and should be viewed as a service of general interest, readily accessible throughout the Community at affordable cost. Therefore it endorses the priority given to broadband networks in the programme. However the ESC wonders whether the programme funding is commensurate with the considerable number of measures proposed which cover all countries, range from European to local level and are horizontal in nature.
The Committee is particularly concerned by security issues associated with the development of wireless networks: 'According to a recent survey, nearly 80 per cent of French companies using these technologies are not sufficiently aware of the security loopholes found in such communication technologies. For example, in the La Défense area of northwest Paris, where the head offices of the largest companies are located, around 40 per cent of wireless connections are not yet secured effectively.'
While wireless connections offer great flexibility of use, they use waves which may go beyond the confines of the buildings where they are used and which may be picked up from the outside with very simple equipment, thereby giving access to hostile intruders who 'hunt' for non secured connections from vehicles in the street.
The ESC suggests a range of appropriate means to create a real security culture. 'Such a culture must be based first and foremost on the training and accountability of all stakeholders in the information society. The security culture should be conceived in a way which is fully compatible with the freedom of information, communication and expression, economic, social and cultural freedoms and generally with the whole range of human rights.'
It suggests a whole range of concrete measures to promote a substantial increase in society's awareness of security issues (problems specific to each technology, network architecture or software, the protection of personal information or information storage procedures), so that networks and stored information can withstand accidents, natural disasters, hostile attack and crime, such as economic espionage, piracy or terrorism. 'Otherwise we may be jeopardising the future of businesses or the durability of data that is essential to the functioning of the economy and administration.'
However the Committee is concerned by various legislative approaches adopted recently in a number of countries in the aftermath of the 11 September terrorist attacks on the USA. These measures may be effective, but as far as the Internet is concerned, 'go too far in undermining legal rights and may impose a disproportionate financial and material burden, as well as excessive penalties, on providers of access, data storage space or site hosting.'
At the same time, the effectiveness of such measures is debatable as they are not targeted, but rather seek to monitor all communications over long periods (six months to a year). A knock-on effect of this could be a substantial increase in users' connection costs, a development which would be counterproductive for the expansion of the information society.
Related Public Info item:
ESC Opinion on a Proposed Decision the monitoring of eEurope, good practices and information security