€15.8 million more for EU institutions' security

"Following the November 2015 attacks in Paris and those of March 2016 in Brussels, all institutions have reviewed their security needs in the short to medium term. The draft budget for 2017 incorporates additional elements related to security for almost all institutions. However, in some cases the need to accelerate the reinforcement of security measures and installations requires additional resources in 2016 already. 

Draft amending budget (DAB) No 3 for the year 2016 proposes to reinforce the budget for security for a total of EUR 15,8 million."

Source: COM(2016)310

The secret five - observations on the COSI meeting of 30 April 2010

COSI, the Standing Committee on operational cooperation on internal security, has met on 30 April to discuss issues like the protection of the EU's external borders or the cooperation between the internal security agencies of the EU.

What we see in the summary of discussions of the meeting is that the public is not trusted to know what the committee is working on in detail.

Take the summary of agenda item 5:

"The meeting reached consensus on the Presidency proposal (doc. 8852/10 COSI 24 ASIM 48 FRONT 57 COMIX 321) regarding the involvement of COSI in the implementation of 5 out of the 29 measures set out in the above-mentioned Council Conclusions. The COSI Support Group was invited to submit to the next COSI meeting concrete proposals for COSI's involvement in the identified measures and delegations were invited to indicate their willingness to participate in the elaboration and implementation of these proposals."

In this summary, we are directed to a non-public "Presidency proposal" (I've added the link) that seems to give guidance on how to deal with 29 measures proposed by the Council in February (see the Council conclusions).

But instead of telling us which are the 5 of the 29 measures to will be dealt with, COSI keeps it secret from us.

In other words: The ministers have agreed on a public list of 29 measures regarding FRONTEX, but the non-elected officials sitting in COSI keep secret from us what they are doing with these measures. Brilliant!

Joe Biden proposes OSCE reform

Joe Biden spoke in front of the European Parliament yesterday (see my post), and so we almost missed that he has also proposed a reform of the OSCE on the same day.

The vice president of the United States has published his proposal for OSCE reform - the US is a member of the OSCE - in the International Harald Tribune, a proposal which sound a little like a reaction to the Russian position, and may be kind of the US proposal for the "Corfu Process".

Different to Russian foreign minister Lavrov, Biden doesn't propose that OSCE takes over the functions of NATO to provide hard security on the European continent. That is no surprise, to be honest. To the contrary, he underlines that there is "the right of all countries to choose their own alliances freely" which is a clearly against Russian demands that NATO should not be enlarged towards the east.

What Biden proposes is a "OSCE Crisis Prevention Mechanism" that seems to be mainly a conclusion from the Russian-Georgian war and it is definitely a much smaller reform proposal than what Russia is envisaging.

I even have difficulties to see the difference to what OSCE already does today, for instance in the cases of Nagorno Karabakh (a frozen conflict between Azerbaijan and Armenia), Transnistria (a breakaway region of Moldova) or regarding the tensions between Turkey and Armenia.

So now we kind of have positions from Russia and from the USA - will we get an official EU position this year or while they try to wait for the Lithuanian OSCE presidency next year...?

Picture: © european_parliament / CC BY-NC-ND 2.0

Biden in the European Parliament: All quiet on the Western front

Joe Biden gave a 30 minutes speech in the European Parliament today.

Most of it was charming Brussels, Europe and the European Parliament, mixed with statements supporting human rights, privacy, peace and individual freedoms. But all this was intertwined with the obligatory "triple axis" as @martiadroher put it: "Security, Security, and Security".

He underlined that he wants to use Passenger Name Record (PNR) data and financial transaction data (SWIFT) to fight terrorism. He supported this with the success US authorities had in capturing the alleged Time Square terrorist thanks to PNR data (and probably other intrusive measures that are used against citizens who are not terrorists every day).

And he defended the need to be in Afghanistan, totally in line with the CIA recommendations (published by Wikileaks) on how to get more public support from Europe for this war (e.g. focus on civilian and policing aspects). His final sentence ended with the words "... and may God protect all our troops" which shows that this was his actual focus, these were the words he wanted us to be remembered: Troops, troops, troops.

It is not some God who should protect "our" troops, it should be politicians protecting them by not sending them to fight, especially not to places where you are not providing actual help for more security or democracy (Afghanistan is not peaceful at all after 9 years and Karzai is definitely not a democrat) but costing our societies so much money that one can rightfully blame these expenses as part of the debt problem that many European countries and the US are facing today.

Well, Mr Biden, that was a nice speech, but I'm not convinced, not a bit, that you actually bring the change you are advocating...!

PS: A German MEP has a picture on how Biden's speech looked from the plenary.

Update: Conor has also written about Biden's speech. Erin has reacted to the content of Biden's speech.

COSI - A new important Council body on EU internal security

http://www.flickr.com/photos/muehlinghaus/ / CC BY-NC-ND 2.0

On 11 March 2010, the newly established Standing Committee on operational cooperation on internal security (COSI) of the EU Council met for the first time.

This working party composed of member states experts from the capitals (thus not from the permanent representations in Brussels; source) was formally set up by the Council on 25 February and is regarded by the Council as part of the major changes of its working structures in Justice and Home Affairs (JHA) after the Lisbon Treaty ratification.

COSI will have the task to

facilitate, promote and strengthen coordination of operational actions of the authorities of the Member States competent in the field of internal security. (Article 2)

Citing from Article 6 of the Council decision, the European Journal remarks that

[w]hereas the committee is required to report its activities to the Council, the Council solely is required to “keep the EP and national parliaments informed.” Hence, such committee will not be subject to a proper parliamentary control.

The scope of the work of the committee looks pretty broad, including a number of controversial security issues discussed in the member states and the EU.

From the summary of discussions of the first COSI meeting we learn that one of the tasks of the committee could be to deal with mutual assistants of member states in case of terrorist attacks as well as in case of natural or man-made disasters (cf. Article 222 TFEU).

Other fields of activity concern "the exchange of personal data for law enforcement purposes", "counter-terrorism measures", "PNR" (Passenger Name Records), all topics on the agenda before the summer, as well as the plan for an EU "internal security strategy" which the Commission wants to propose after the summer of 2010. In this regard, the committee is also interested in the co-operation of the EU internal security agencies CEPOL, Eurojust, Europol and FRONTEX whose representatives can be allowed to participate in COSI meetings.

This new committee looks like one of the new major players in the EU's internal security policies on the side of the EU governments - and I hope the European Parliament and national parliaments will be able to counterbalance its weight in the years to come.

Supplement: In the Council search you can find, for example, the latest agendas or summary of discussions in which COSI is mentioned.

Supplement 2: 16 member states have issued their comments regarding the tasks that COSI should take over. Unfortunately, the documents are only partially public so you don't see which country has sent which questionnaire.

Spanish EU Council website is not secure?! (Updated 6x)

---

Update (Tuesday, 00:10): According to a statement of the Spanish government, there has been an XSS weakness in the presidency website.

However, this resulted not in a manipulation of the content of the site itself but in a manipulation of what the user was seeing on the screen (as you can see on the screenshots below). These manipulated websites are supposed to be only accessible through the specific URLs they are linked with and are thus no general threat for the users, the officials say in the statement. I hope I have translated this correctly; the original version applies.

There is also a very informative blog post in Spanish explaining the factual and technical background of this story (via a tweet of the Spanish state secretariat for communication), including the shortcomings and misinterpretations in the coverage of this story.

Update (20:10): The Spanish secretary of state for communication has been issuing a message on Twitter saying that the pictures below are photomontages.

However, these are original screenshots from subpages (not the frontpage!) of the presidency website (the links to these subpages are below in the text although they don't reproduce the original shots anymore). Other users on Twitter confirm this here and here.

More important than the Mr. Bean photo that has been taken up by many was the "hi there" window that opened in my browser when opening the second link provided below - this was definitely some kind of code because it triggered a direct browser activity, and I then had to close the little window that you see on the screenshot.

As I have said in my post, I am no technical expert and I cannot say how grave such kind of things are, but they happened in front of my eyes.

Update (12:00): Presidency website is down right now. (Back online; may have been a short problem but occurred here and in Brussels, and after it re-appeared, the "What is going to happen" category is empty again)

Update (11:30): It seems like the problem has been fixed, both the picture of Mr Bean and the "hi there" message have been removed, the links provided below just show ordinary "no results" pages now.

---

I am no expert in IT security, but it seems like the website of the Spanish EU Council Presidency is not secure, despite the fact that Spain spends almost 12 million Euros Spain spends 9.65 million Euro for web services (including security) during its presidency.

At the following web discussions - here, here and here - people say that the site can be attacked due to XSS, and they provided two links - here and here - that brought the following two results on the actual web page of the presidency (though on sub-sites, not on the frontpage), apparently externally embedded code showing a picture of Mr Bean and a message saying "hi there" (both screenshots made at 03/01/2010 23:00):

I suppose that this is no minor problem and needs rapid fixing.

PS.: I was made aware of this problem by alvaromillan on Twitter.

Update: I tried to send an email informing about the issue to the contact address of the Telefonica web team - ue2010 [..at..] telefonica.es - as provided on the Contact site of the presidency website, but the email was returned as "Unknown user". Very, very strange...

Update: At around 10 am I have sent an email to the Communication Advisor of the Spanish Representation informing about the issue.

Kazakhstan leading the OSCE in 2010 (updated)

In 2010, Kazakhstan under President Nazarbayev will chair the OSCE, the Organisation for Security and Cooperation in Europe including 56 European, Central Asian and some other countries, taking over the presidency from Greece.

And this is what Human Rights Watch told about freedom of expressions in its December 2008 report titled "An Atmosphere of Quiet Repression:

In Kazakhstan, journalists operate in an environment of anxiety, faced with constant intimidating lawsuits and, not infrequently, direct threats to their person. Libel continues to be a criminal, rather than a civil, offense and carries stiff penalties. Even when journalists do not admit to outright self-censorship, they speak privately of the tightly regulated environment and topics they do not dare to cover. Threatening phone calls, visits by the police, and successive lawsuits are common. There are no independent television stations, and websites critical of the government are often blocked by the authorities.

Yet let's not just focus on one single dimension. But since I am no expert on Kazakhstan, I should point to last year's special issue of the academic journal Security and Human Rights on the upcoming Kazakh OSCE chairmanchip that is worth reading for anyone interested.

In one of the articles of this issue, Freedom House programme manager Jeff Goldstein asks a question that I find quite relevant:

"The importance of who holds the Chairmanship was brought home during the August 2008 Russian invasion of Georgia, when the Chairman-in-Office, Finnish Foreign Minister Alexander Stubb, travelled to Georgia, met with the parties and strongly criticized Russia’s recognition of South Ossetia and Abkhazia.

Would a Kazakhstani Chairman-in-Office have done the same?"

This is just one of the possible questions to be asked, and I suppose that the next year will be a very interesting year for the OSCE.

It is good that for the first time a former Soviet Union country takes over the presidency, but Kazakhstan will have to prove that they can serve all dimensions of the OSCE, including peace in Europe and the protection of human rights and civil freedoms.

In any case, the Kazakh chairmanship shows that organising human security in Europe is not limited to EU countries, and that joining forces in pan-European organisations has to be possible under the leadership of Western as well as under Eastern European countries (and beyond), a fact many in the EU tend to forget.

Update (01/01/2010): There is now the press release for the start of the Kazakh presidency, and the Chairman-in-office website has also been updated.

Why is the OSCE involved in Afghan matters?

I just saw this press release of the OSCE.

Why does the OSCE need to engage in the training of Afghan custom officers? Isn't there enough to do within the member states of the OSCE, ranging from the ever continuing Russian-Georgian conflict and other frozen conflicts like the one in Nagorno-Karabakh, close-to-fraud elections, and unclear definitions of the actual goals of the organisation?

I saw in the press release that these are extra-budgetary activities, but it still means that the OSCE administrative body is involved in these Afghanistan-related activities, that time will be spent on the diplomatic level to discuss these things, and that this will distract from more important intra-OSCE questions.

If you ask me, the OSCE should not involve in Afghan matters, not even the training of their custom officials!

OSCE remains divided after Corfu informal meeting

The Swedish foreign minister Carl Bildt who will co-lead the EU-Council presidency from Wednesday concludes in his blog - not very surprisingly - that the OSCE remains divided over the concept of security after the informal foreign ministers meeting on Corfu.

The disagreement that one could already see at last year's Helsinki summit is a division mainly between Russia and the EU (plus the USA).

Russia wants to replace NATO by a NATO-like OSCE - which means influence for Russia - that does not care for human rights, democracy, and non-military security issues which seems unacceptable to the Union.

I have doubts that the newly launched "Corfu Process" will change anything, in particular after the continuing division over the Russian-Georgian war in 2008.

No joke: Armed robbery in the European Parliament

Nosemonkey, European Voice and EUobserver report about an armed robbery in the European Parliament yesterday.

This shows how much entrance controls make our lives more secure - as much in the EP as on airports, train stations and other public places...

Security is an illusion, and those who try to raise state and supra-state competencies in the field of police and army are just wrong, because their restrictive measures do not bring more security, but just less freedom!