Legal and Security Issues expert group

The CEPIS Legal and Security Issues Special Interest Network (LSI SIN) brings together experts from CEPIS Member Societies with the mission of collecting, synchronizing and providing independent professional expertise from CEPIS experts to relevant and interested European parties. It focuses on IT-related legislation and IT security issues. The group’s main activities are developing, discussing and promoting publicly visible statements on issues in the area of IT-related legislation and IT security, formulating CEPIS opinions on current decisions in the cybersecurity field and communicating them to the relevant institutions. The group also actively participates in other cybersecurity-related organisations, such as ENISA and ECSO, among others.
Activities
Statement: Right to Encryption Instead of a Master Key For Encrypted Communication
CEPIS’ Legal and Security Issues Special Interest Network (LSI SIN) calls for the rejection of a planned resolution in the Council of Ministers, which would grant authorities special access to encrypted communication between EU citizens. The special access, or ‘master key’, will weaken end-to-end encryption, and endangers digitisation in Europe, the LSI network warns. For this reason, the LSI Network and CEPIS call on the German Federal Government as the current Council Chair, the European Commission, and the European Parliament to vehemently oppose this proposal to weaken end-to-end encryption and instead advocate a European “right to encryption”.
Open letter on E-evidence Regulation: CEPIS calls for no direct cross-border access to personal data
The European Commission’s draft proposal for a Regulation on cross-border access to electronic evidence in criminal matters includes enabling law enforcement authorities of a Member State (issuing state) to directly oblige providers established in another Member State (enforcing state) to disclose metadata and content data of their customers.
The CEPIS LSI SIN has drafted an open letter which strongly warns against this initiative. The proposal deprives states of the ability to protect the fundamental rights of their citizens. It undermines European data protection law and threatens to damage the existing international system of mutual legal assistance in criminal matters. Only two years after the deadline for implementing the European investigation order, it has not been clarified whether there are any gaps in cross-border criminal prosecution.
CEPIS signs open letter to EU Commissioners on Deep Packet Inspection
Internet access service providers are increasingly using Deep Packet Inspection (DPI) technology for traffic management and differentiated pricing of specific services or applications as part of their product design. DPI inspects in detail the data being sent over a computer network and blocks, rerouts or logs data according to necessity. Most often users are not consulted or informed about the use of DPI.
That is why an open letter to the European Commission was initiated by EDRi and epicenter.works. Another 12 organisations from all over Europe signed the letter in support. These concerns align with those of CEPIS. On the initiative of the LSI SIN, CEPIS has added its voice to the signatories of this letter.
CEPIS calls for really secure ICT hardware and software in Europe
Even in 2018, there are still basic information security deficits in Europe: confidentiality, integrity and also availability of data from authorities, companies and private individuals are still not guaranteed. Moreover, countless security holes are the gateway to successful attacks on data and digital infrastructures. With reference to the research of its German Member Society Gesellschaft für Informatik eV, CEPIS calls for finally ending the decades-long insecurity of marketable PC and server processors and software.
Best Practices for a journey towards secure cyberspace
This statement collects and comments on official documents from EU Member States aiming towards a secure cyberspace. Its main goal is to serve as a backgrounder for the statements on good or bad practice with regard to cybersecurity.
Previous statements
- CEPIS Comments on New regulation on European Union Network and Information Security Agency (ENISA) (2018)
- Critical technological dependency requires a revised privacy policy of major service providers (2016)
- Report on the EU Cloud Security Workshop: Building Trust in Cloud Services – Certification and Beyond (2016)
- Position on the Electronic identification and trust services (eIDAS) (2015)
- Statement on Supporting High-level Decision Making on Cyber Security and Privacy Protection with Reliable Data (2014)
- Assisting EU Citizens with Reliable ICT Security Information (2013)
- Statement on the Future EU Data Protection Regulation (2013)
- Cloud Computing Security and Privacy Statement (2011)
- Letter of support on data protection in the framework of police and judicial cooperation in criminal matters to the European Data Protection Supervisor Peter Hustinx (2009)
- Privacy-Consistent Banking Acquisition Statement (2009)
- Social Networks – Problems of Security and Data Privacy (2008)
- Position paper on data retention (2007)
- Authentication approaches for on-line banking (2007)