[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DFRI-listan] Privacy-konferens i Bryssel

To: listan@xxxxxxxxxxxxx
Subject: Re: [DFRI-listan] Privacy-konferens i Bryssel
From: Erik Josefsson <erik.hjalmar.josefsson@xxxxxxxxx>
Date: Thu, 03 Dec 2015 15:15:13 +0100
In-reply-to: <87bna71w6a.fsf@nordberg.se>
References: <87bna71w6a.fsf@nordberg.se>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.8.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

För ett halvår sedan antog JURI ett pilotprojekt som är tänkt att
finansieras ur EU-budgeten (se nedan).

Jag tror att det vore en bra idé om DFRI kunde hjälpa till med att följa
upp detta så att det blir av! Särskilt i samband med konferensen nästa
vecka.

Det är annars lätt hänt att det rinner ut i sanden.

//Erik

Pilot Project: A Threat Model for MEPs

Every citizen needs to understand how to use new technology in a safe
way[1]. MEPs are not different in that regard. They too need to master
both their internal and external communications in a way so that they do
not put anyone or anything at risk, including themselves[2].

The purpose of this Pilot Project is to increase the understanding of
threats to safe communications. It will do so by developing a threat
model for MEPs that takes into account EP specific procedural,
institutional and constitutional constraints[3] as well as the threat
from internal and external adversaries both at work, during travel and
at home. Further, the threat model shall be construed so that its
assessments can be independently verified and validated by any third
party[4].

The threat model will be accompanied with a recommendation with regards
to measures MEPs can take to mitigate identified threats, in particular
measures including the use of Free Software, Open Standards and
Encryption. In addition, the recommendation shall include an overview of
which of the measures that could enable European businesses and
institutions to better master their internal and external communications.

The Pilot Project will also make a comparative study of how the average
MEP communication tools inventory performs further to the recommendation
in comparison with a reference inventory strictly based on Open
Standards and purely built from Free Software, and, if possible at the
time, Open Hardware[5].

The Legal Affairs Committee is responsible for better law-making[6] and
has a particular interest in new technologies[7] that this Pilot Project
contributes to by increasing the understanding of threats to safe
communications under the constraints of the Rules of Procedure of the
European Parliament.

References:
[1] Surveillance Self-Defense https://ssd.eff.org/en/glossary/threat-model
[2] LIBE Committee Inquiry on Electronic Mass Surveillance of EU
Citizens (see e.g. point 101)
https://polcms.secure.europarl.europa.eu/cmsdata/upload/7d8972f0-e532-4b12-89a5-e97b39eec3be/att_20141016ATT91322-206135629551064330.pdf
[3] Ensuring utmost transparency - Free Software and Open Standards
under the Rules of Procedure of the European Parliament
http://www.greens-efa.eu/fileadmin/dam/Documents/Studies/eut-print.pdf
[4] Software verification and validation according to Wikipedia
https://en.wikipedia.org/wiki/Software_verification_and_validation
[5] FreedomBox v0.3 Released!
https://www.freedomboxfoundation.org/news/FreedomBox-0.3/index.en.html
[6] JURI workshop - Legal aspects of free and open source software
http://www.europarl.europa.eu/document/activities/cont/201307/20130708ATT69346/20130708ATT69346EN.pdf
[7] Rules of Procedure ANNEX VI : Powers and responsibilities of
standing committees
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+RULES-EP+20140701+RESP-JURI+DOC+XML+V0//EN&language=EN&navigationBar=YES

On 03/12/15 14:47, Linus Nordberg wrote:
> Hej listan!
> 
> På tisdag och onsdag nästa vecka anordnar EU-parlamentet en tvådagars
> konferens/workshop med titeln "Protecting online privacy by enhancing IT
> security and strengthening EU IT capabilities" [1] som jag tror kommer
> bli mycket intressant.
> 
> [1] http://www.europarl.europa.eu/stoa/cms/cache/offonce/home/events/workshops/privacy
> 
> Anledningen till att jag tror att det här är något att bry sig om är
> deltagarlistan [2] som innehåller många personer som kan något,
> bl.a. Jacob Appelbaum, Joanna Rutkowska, Chris Soghoian, Susan Landau,
> Seda Gürses, Karsten Nohl, Frank Rieger, George Danezis, Steven Murdoch,
> Christian Grothoff, Claudia Diaz, Paul Syverson, Daniel J. Bernstein,
> Stephen Farrell, Ian Goldberg.
> 
> [2] http://www.europarl.europa.eu/stoa/webdav/site/cms/shared/2_events/workshops/2015/20151208/List%20of%20participants_01-12-2015.pdf
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJWYE5xAAoJEEQJK+0DIPSk0ywIAKr9VMnZeZq7ocXV00fnrmHF
DSIndGjUQLXMiEYsV2Dp1xiWP2pMnIRoeqgSedzuU7BUd0mQjEBKHxHftB6Y8fUC
G51WPACEncsl9svbUsHBUYBBW2lETBx5qTs8kLZ5o/muP1XpQ6+9oNq141UQ+clQ
LR06pmTOOCImoEBTi+FbWzjZn16aefnpM/ScFPBrGybLLKroAoo+wQlnjVdyFFU9
O42KK4VjMYmv2Szmpm74oTm0+00RG0tpQJfp7gGBE6WyZTWJXoWC/RnVoWBUGPAA
Bc8tPifwjdU8GkTf7+on2MRXFlksvhbpa9ghOqdaerUGprZhifJwdO4+bk9vI3I=
=ah/R
-----END PGP SIGNATURE-----

-- 
DFRI-listan är öppen för alla.
Listan arkiveras och publiceras öppet på internet.
Arkiv: http://dir.gmane.org/gmane.org.user-groups.dfri
Listpolicy: https://www.dfri.se/regler-for-listan

References:
- [DFRI-listan] Privacy-konferens i Bryssel
  - From: Linus Nordberg

Prev by Date: [DFRI-listan] Privacy-konferens i Bryssel
Next by Date: Re: [DFRI-listan] Blockera fjärrstyrning av elevdator i hemmanätet
Previous by thread: [DFRI-listan] Privacy-konferens i Bryssel
Next by thread: [DFRI-listan] Ska DFRI skriva remiss?
Index(es):
- Date
- Thread