30 March 2000


From: "Axel H Horns" <horns@t-online.de>
To: eucrypto@fitug.de
Date: Thu, 30 Mar 2000 18:43:52 +0100
Subject: [FYI] European Commission makes blurry statement on Echelon

http://www.heise.de/bin/tp/issue/dl-artikel.cgi?artikelnr=6702&mode=html

Telepolis, March 30, 2000

European Commission makes blurry statement on Echelon

Jelle van Buuren

Carte blanche for secret services while new ENFOPOL-plans are still  in the making

Activities of the intelligence agencies fall outside the scope of Commissions competence; Commission doesn't confirm, nor denies the  existence of Echelon; Council is still working on the updating of the interception requirements (IUR). 

Today, European Commissioner Erkki Liikanen, responsible for Enterprise and Information Society, made a very blurry statement on Echelon. The commision was asked by the European Parliament if they could confirm the existence of Echelon, as described in the report of Duncan Campell [http://www.iptvreports.mcmail.com/stoa_cover.htm]. 

Mister Liikanen responded by stating first that the Commission has no competence on intelligence matters. It's the sole responsibility of the member states. The commissioner stated the Commission had sought clarification from the United Kingdom on Echelon. In a letter, received from the United Kingdom, it says according to commissioner Likanen, British intelligence services work within a legal framework which sets out explicitly the purposes for which interception may be authorised, namely national security, safeguarding the nation's economic well-being and the prevention and detection of serious crime. 

Commissioner Liikanen also mentioned a lettre from the United States government, it received a day before. According to Liikanen, the United States says its intelligence community is not engaged in industrial espionage and do not collect proprietary, technical or financial information for the benefit of private firms. 

Commissionair Liikanen didn't make a clear statement on whether the Commission thinks Echelon exists or not. He just mentioned that by nature, those involved in intelligence matters are not able to confirm or deny their existence. Liikanen admitted the existance of technological possibilities to intercept electronic communications, and added: "There is no evidence to say that the available technologies are not used." 

By stressing the Commission has no competences in the field of intelligence, it is clear the Commission is obtaining an advance in a possible  inquiry by the parliament [http://www.heise.de/tp/english/inhalt/co/6696/1.html] on Echelon. "The Greens want to know if the EU Commission and the Council have done enough to protect EU citizens from being spied on in their professional and private lives," Green member Lannoye yesterday explained the purpose of the inquiry on a press conference. 

The Portuguese minister Gomez of Home Affairs stated in the European Parlimaent that the European justice ministers will be discussing the matter during their next meeting of the Council of Justice and Home Affairs on the end of may. According to the Austrian online-magazine Futurezone [http://futurezone.orf.at/futurezone.orf?read=detailid=23462] Gomez also acknowledged the existence of Echelon and critizised it, but the Internet-News-Channel of the ORF falls short of any direct quotations. 

For the same purpose, Liikanen stressed the European Commission is promoting actively the use of encryption to safeguard the electronic communications of bussines and citizens. "The Commission considers that enhancing the security of communications over Internet by using encryption is a priority," Liikanen told parliament. 

But he also underlined the need of some sort of control on encryption, by defending the Wassenaar-agreement and the dual-use export control regime of the European Union on encryption products. "The Commission recognises the need to balance availability of encryption products with concerns of public security and fight against crime." Likannen added that "the European Commission is working on a better encryption system to protect its own communication structures". 

The same line of reasoning Liikanen used in a explanation on the Commissions policy on dataprotection. The Commission promotes according to Mister Liikanen a high level of data protection, but activities in the field of intelligence gathering and police and justice cooperation are excluded from this, because the Commission doesn't have competence in this field. He explicitly mentioned an article of the telecommunications data protection directive, which says the directive does not apply to activities of the Common Foreign and Security Policy and Justice and Home Affairs of the European Union. This article mentiones "economic well-being of the member states when the activities relate to State security matters" as excluded from the rules on data protection. 

One particular line of Mister Liikanen is of interest. He confirmed that the Council on Justice and Home Affairs is still working on the "updating of the Council Resolution of 17 january 1995", the so called  Enfopol 98 documents [http://www.heise.de/tp/english/special/enfo/default.html] Telepolis revealed. He dind't mention how far the work is underway, or when decisions on this are expected. 

The Enfopol-Papers

[http://www.heise.de/tp/english/special/enfo/default.html]

Copyright © 1996-2000 All Rights Reserved. Alle Rechte vorbehalten Verlag Heinz Heise, Hannover 

--

This message comes from the eucrypto mailing list.  To unsubscribe yourself from this list, say "unsubscribe eucrypto" to <majordomo@fitug.de>.


From: "Axel H Horns" <horns@t-online.de>
To: eucrypto@fitug.de
Date: Thu, 30 Mar 2000 18:44:34 +0100
Subject: [FYI] M. Erkki LIIKANEN European Commissioner on ECHELON

http://europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=gtdoc=SPEECH/00/107|0|RAPID&lg=EN

Speech by M. Erkki LIIKANEN European Commissioner responsible for Entreprise and Information Society Commission statement on Echelon European Parliament Brussels, 30 March 2000 

DN: SPEECH/00/107     Date: 2000-03-30

     TXT: EN
     PDF: EN
     Word Processed: EN

SPEECH/00/107

Speech by M. Erkki LIIKANEN
European Commissioner responsible for Entreprise and Information Society 
Commission statement on Echelon
European Parliament
Brussels, 30 March 2000

Commission statement in the European Parliament on 30 March 2000 under agenda point "D#233#clarations du Conseil et de la Commission syst#232#me 'Echelon', sur l'existence du syst#232#me d'intelligence artificielle permettant aux Etats-Unis d'Am#233#rique d'intercepter et de surveiller toutes les communications t#233#l#233#phoniques et #233#lectroniques de l'Union europ#233#enne" 

The Commission has taken note of the recent debate with concern.

We received a letter by Madame Fontaine to Mr. Prodi last night, asking the Commission to concentrate its statement on certain questions. I try to cover most of them. 

The respect of Human Rights and the Rule of Law constitute the foundations of the European Union. The European Convention on Human Rights recognises the right to privacy as one of those rights. All member states of the European Union are signatories of the Convention.

The specific competencies attributed to the Community are defined in the Treaty. The Commission can only act within the limits of the powers conferred on it by the Treaty. 

The Community has a clear competence in the field of data protection and in research and technological development. The Union has competencies under the so-called third pillar framework with regard to law enforcement and fight against crime. National security questions belong to the exclusive competence of the Member States. 

* * *

The Lisbon Summit last week set out ambitious targets to turn Europe into the most competitive and dynamic knowledge-based economy in the world. Exploiting the full potential of information technology and Internet are key elements in achieving this goal. 

Electronic communications play an increasingly important role in everyday life of European citizens. Well functioning electronic communications infrastructure has become crucial for our economies. 

A pre-condition for achieving the Lisbon targets is that citizens and enterprises can trust in electronic communications. 

A key tool to secure the confidentiality of electronic communications is encryption, or cryptography. Encryption means the transformation of data into a form unreadable by anyone without a decryption key. When the European Parliament considered the issue of interception of telecommunications in 1998, its resolution underlined the importance of encryption. 

The European research efforts and relatively open access to markets have created conditions that have enabled European enterprises to develop a world-class expertise and high-quality encryption products.

It is worth noting that the United States government has recently taken steps to relax its export controls regime for encryption products. 

The current rules for intra-community trade are laid down in the so-called dual-use regulation. For external trade, the Wassenaar arrangement imposes export controls on strong encryption products. The aim of export controls is to try to avoid undesired proliferation of these products to certain countries and to criminal organisations. The Commission recognises the need to balance availability of encryption products with concerns of public security and fight against crime. 

The Lisbon European Council called on the Council and the Parliament to adopt - as rapidly as possible - the dual-use export control regime. The Commission hopes that the revision of dual-use regulation can be completed during the Portuguese presidency. 

Moreover, the budget for research for security and confidence enhancing technologies has been increased under the 5th Framework Programme. 

The Commission considers that enhancing the security of  communications over Internet by using encryption is a priority. The introduction of such products is not without complexities: Software whose source code is not open, leaves the user in uncertainty: the possibility of built-in circumvention of encryption can not be excluded. Secondly, effective use of encryption requires a safe key management system. 

As far as the Commission's own communications infrastructure is  concerned, the Commission is working on introducing stronger European encryption products for its electronic communications. 

* * *

And then on data protection.

The data protection directive of 24 October 1995 requires Member States to protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data. In addition, Member States are under obligation to set up a Supervisory Authority responsible for monitoring the application of provisions of this Directive. 

The data protection Directive is complemented by the Directive for data protection and privacy in the telecommunications sector. This Directive also concerns legal persons and requires providers of public telecommunications services to ensure the security and confidentiality of communications. 

Both of these directives exclude from their scope activities that fall outside of Community competence. Article 1 of the telecommunications data protection directive reads: "This Directive shall not apply to the activities which fall outside the scope of Community law, such as those provided for by Titles V and VI of the Treaty on European Union, and in any case to activities concerning public security, defence, State security (including the economic well- being of the State when the activities relate to State security matters) and the activities of the State in areas of criminal law." 

As you know, the titles V and VI referred to the Common Foreign and Security Policy and to Justice and Home Affairs in the Maastricht Treaty. 

These provisions of the Directives reflect the wording of article 8 of the European Convention of Human Rights. 

When adopting these Directives, the Council and the Parliament sought to strike a balance between the right to privacy and the legitimate needs of law enforcement and public security. At the same time, activities outside Community competencies had to be excluded. 

The Commission has not been entirely satisfied with the transposition of the data protection Directives. As regards the general data protection directive, the Commission has launched infringement procedures against 6 member states. With regard to the telecom data protection directive, the Commission has also opened infringement proceedings against 6 member states. 

As to the activities under the so-called Third Pillar, a number of actions are under way with regard to law-enforcement and fight against crime, which include the issue of lawful interception of telecommunications for the purposes of criminal investigations. (The Convention on Mutual Legal Assistance in Criminal Matters, updating of the Council Resolution of 17 January 1995) 

* * *

As mentioned, the communications intelligence activities by Intelligence agencies of member states fall outside the scope of Community Law. 

The Commission has been asked whether it can confirm the existence of the activities described in the report of Mr. Campbell. 

It is the very nature of intelligence activities that those who are not involved in these activities are not able to confirm, nor deny their existence. 

However, it is clear that technological possibilities to intercept electronic communications exist. And there is no evidence to say that the available technologies are not used. 

Due to the recent allegations presented in the public debate, the Commission has sought clarification from the Member State that been mentioned in this context. 

We have received a letter from the Permanent Representative of the United Kingdom to the European Union. The letter states that the British intelligence agencies work within a legal framework laid down by the United Kingdom Parliament, and which sets out explicitly the purposes for which interception may be authorised, namely national security, safeguarding the nation's economic well-being and the prevention and detection of serious crime. Further, the letter states that European Commission of Human Rights has held that the system set out in the British law is in conformity with the European Convention on Human Rights. The UK legislation also foresees a special Parliamentary oversight committee. 

The Commission has also sought clarification from the United States government. We have yesterday received a letter from the United States Department of State, which states that the U.S. intelligence community is not engaged in industrial espionage. Further, the letter states that the United States government and the intelligence community do not accept tasking from private firms and do not collect proprietary commercial, technical, or financial information for the benefit of private firms. 

* * *

President, let me reiterate that the Commission attaches utmost  importance to the respect of Human Rights and Rule of Law. 

The Commission will not fail to fulfil its obligation under the  Treaty if the Community law is breached. 

--

This message comes from the eucrypto mailing list.  To unsubscribe yourself from this list, say "unsubscribe eucrypto" to <majordomo@fitug.de>.



[Thanks to DI]

Wall Street Journal Europe

March 30, 2000

Spies Like Us

By Kenneth Neil Cukier

Every now and then the issue of "friendly spying" -- the practice of snooping among allied countries -- hits the media, causing a little uproar that usually dies down fast. Now the pot has been stirred again by reports that the U.S. and Britain spy on Europe using an extensive surveillance system called "Echelon." The European Parliament, which last month issued a report on Echelon, is scheduled to hear testimony today from the European Commission and representatives of member-state governments on the matter. The Parliament is also likely to establish a special investigative committee next month.

Of course, U.S. monitoring of communications abroad has long been a well-established fact. During the Cold War, many a Warsaw Pact communique landed on the U.S. president's desk the morning after it was issued. Today, U.S. officials claim the eavesdropping is aimed at more modern threats to security, such as terrorism and drug trafficking, though a former head of the CIA has admitted that it's also used to stop bribing by European companies. The Europeans suspect it is also used to help U.S. companies gain a competitive edge abroad.

Missing from the allegations, however, is one overlooked aspect of the debate surrounding friendly spying, namely, who else does the same thing? The short answer is everyone, to varying degrees of magnitude and success. A more specific answer is France.

Call it "Frenchelon": An international system of spy satellites and surveillance stations spread throughout France and its overseas territories that systematically eavesdrops on communications traffic in the U.S. and elsewhere. Monitoring stations reportedly exist in French Guyana, New Caledonia, and the United Arab Emirates, in addition to four points in mainland France and Corsica. The country admits such technology exists and that it regularly performs international surveillance activities, although it claims the system is aimed at preventing security threats such as international terrorism.

Although we do not know the official name of "Frenchelon," one French intelligence official familiar with the operation privately confirmed that the program does exist, but on a "vastly smaller scale" than Echelon. The French system intercepts roughly two million messages per month, compared with Echelon's "billions of messages per hour" as Duncan Campbell, the author of the European Parliament's study, claims. (The French official put Echelon's interceptions significantly under that amount, at around three million messages per minute.)

Part of the momentum propelling "Frenchelon" along is France's fear of the U.S.'s overwhelming superiority in surveillance capabilities. The French intelligence establishment has made no secret of its outrage that the country depends on U.S. surveillance information, as in the case of U.S. satellite imagery during the conflicts in Kosovo and Iraq. What's more, French politicians have continually voiced suspicion about U.S. espionage within its borders. The country went so far as to reverse its long-standing ban on encryption technology last year partly as a measure to protect French corporate data from the prying eyes of other nations.

But "Frenchelon" may not be France's alone. The espionage system could well serve as the start of a program for pan-European intelligence cooperation, intended to counter-balance the Anglo-American Echelon. Such high-tech spy gadgetry is expensive, and a single country like France lacks the financial means to foot the bill itself. Germany is said partially to fund France's surveillance initiative in return for access to the information it collects. It shouldn't come as a surprise, considering that the two countries already cooperate on military reconnaissance satellites systems.

If everybody is guilty of friendly spying to a greater or lesser extent, the question becomes what happens to the information that is retrieved. James Woolsey, director of the Central Intelligence Agency from 1993 to 1995, recently acknowledged in these pages that the U.S. regularly collects economic information in cases such as commercial bribery and overseeing the sale of so-called "dual-use" technologies that have both civilian and military applications, like supercomputers. As for passing along trade secrets to American firms, Mr. Woolsey dismissed the idea: "most European technology," he wrote, "just isn't worth stealing."

Despite such denials -- or perhaps because of them -- the Europeans remain irked. The French, poised to investigate "Echelon" with a commission of their own, are quick to recall that in December 1995 a number of U.S. Embassy personnel were expelled from France under accusations of spying during a period of French-U.S. trade negotiations. Two years later, a U.S. official was forced to leave Germany under a similar cloud of suspicion.

As for the French, it's not as clear what happens to the data once it's intercepted. According to Jean Guisnel, a respected journalist covering intelligence activities for the French weekly Le Point, the information obtained from "Frenchelon" goes directly to the heads of French companies, who share cozy relations with the state. And in terms of economic espionage in general, France has been a prime suspected violator for some time.

Now that the broad question about Echelon has been raised, European countries will likely prefer to handle it on a bilateral inter-governmental basis with the U.S. and Britain, where their ability to influence policy is stronger than among the media microphones at the European Parliament. In fact, the Parliament is prevented from addressing issues of national security, which is why all the complaints about Echelon have focused on privacy rights and the economic consequences, where the Parliament does have jurisdiction. Once the national-security card is played, the Parliament will be forced to stand down.

Yet to some degree, Echelon will not follow the trend of other friendly spying incidents; it can never be shunted away entirely. Fueled on by the Parliament's committee of inquiry, the issue will linger, providing ample fodder for privacy advocates to raise the important questions about how advanced technologies threaten individual freedom. But as Europeans beat their breasts about Echelon, they might do well to look up to the heavens and consider that France, among others, watches and listens to them too.

___________________

Cukier is international editor for Red Herring magazine, which covers technology and business.