-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

För ett halvår sedan antog JURI ett pilotprojekt som är tänkt att finansieras ur EU-budgeten (se nedan).

Jag tror att det vore en bra idé om DFRI kunde hjälpa till med att följa upp detta så att det blir av! Särskilt i samband med konferensen nästa vecka.

Det är annars lätt hänt att det rinner ut i sanden.

//Erik

Pilot Project: A Threat Model for MEPs

Every citizen needs to understand how to use new technology in a safe way[1]. MEPs are not different in that regard. They too need to master both their internal and external communications in a way so that they do not put anyone or anything at risk, including themselves[2].

The purpose of this Pilot Project is to increase the understanding of threats to safe communications. It will do so by developing a threat model for MEPs that takes into account EP specific procedural, institutional and constitutional constraints[3] as well as the threat from internal and external adversaries both at work, during travel and at home. Further, the threat model shall be construed so that its assessments can be independently verified and validated by any third party[4].

The threat model will be accompanied with a recommendation with regards to measures MEPs can take to mitigate identified threats, in particular measures including the use of Free Software, Open Standards and Encryption. In addition, the recommendation shall include an overview of which of the measures that could enable European businesses and institutions to better master their internal and external communications.

The Pilot Project will also make a comparative study of how the average MEP communication tools inventory performs further to the recommendation in comparison with a reference inventory strictly based on Open Standards and purely built from Free Software, and, if possible at the time, Open Hardware[5].

The Legal Affairs Committee is responsible for better law-making[6] and has a particular interest in new technologies[7] that this Pilot Project contributes to by increasing the understanding of threats to safe communications under the constraints of the Rules of Procedure of the European Parliament.

References: [1] Surveillance Self-Defense https://ssd.eff.org/en/glossary/threat-model [2] LIBE Committee Inquiry on Electronic Mass Surveillance of EU Citizens (see e.g. point 101) https://polcms.secure.europarl.europa.eu/cmsdata/upload/7d8972f0-e532-4b12-8... [3] Ensuring utmost transparency - Free Software and Open Standards under the Rules of Procedure of the European Parliament http://www.greens-efa.eu/fileadmin/dam/Documents/Studies/eut-print.pdf [4] Software verification and validation according to Wikipedia https://en.wikipedia.org/wiki/Software_verification_and_validation [5] FreedomBox v0.3 Released! https://www.freedomboxfoundation.org/news/FreedomBox-0.3/index.en.html [6] JURI workshop - Legal aspects of free and open source software http://www.europarl.europa.eu/document/activities/cont/201307/20130708ATT693... [7] Rules of Procedure ANNEX VI : Powers and responsibilities of standing committees http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+RULES-EP+20...

On 03/12/15 14:47, Linus Nordberg wrote:

Hej listan!

På tisdag och onsdag nästa vecka anordnar EU-parlamentet en tvådagars konferens/workshop med titeln "Protecting online privacy by enhancing IT security and strengthening EU IT capabilities" [1] som jag tror kommer bli mycket intressant.

[1] http://www.europarl.europa.eu/stoa/cms/cache/offonce/home/events/workshops/p...

Anledningen till att jag tror att det här är något att bry sig om är deltagarlistan [2] som innehåller många personer som kan något, bl.a. Jacob Appelbaum, Joanna Rutkowska, Chris Soghoian, Susan Landau, Seda Gürses, Karsten Nohl, Frank Rieger, George Danezis, Steven Murdoch, Christian Grothoff, Claudia Diaz, Paul Syverson, Daniel J. Bernstein, Stephen Farrell, Ian Goldberg.

[2] http://www.europarl.europa.eu/stoa/webdav/site/cms/shared/2_events/workshops...