On the surface, it would appear that the member nations of the EU function in a similar manner to states in the U.S., but on closer examination there are many differences. The member nations are more autonomous, and there are language barriers and cultural differences to deal with. This poses significant challenges for EU agencies, especially the one that has the job of managing cyber security, the European Network and Information Security Agency (ENISA).
With its headquarters based in Heraklion on the Greek island of Crete, ENISA seeks to be a technical expert in information security. Founded in 2005, the agency works with business, government, consumer groups and academia to develop policies and practices for protecting member nations’ data.
ENISA is conducting a study that deals with Trust Service Providers (TSP) and is working on protocols and standard practices that safeguard sensitive information. TSPs are entities regulated by government that provide digital certificates and other secure authentication mechanisms. The protection is critical for transactions including private companies doing business with government, legal proceedings between two parties in different countries and e-health services provided across borders.
The study found that a mutual assistance program should be set up and that end-to-end encryption needs to be used when client applications use a TSP and government services. Digital signatures and audit trails were other encouraged practices.
Not everyone agrees with ENISA’s findings. One of the more outspoken opponents is Amelia Andersdotter, a Swedish Member of the European Parliament. On Andersdotter’s eID blog, she writes that as far as trust services go, “trust in a system is built by making it transparent and accountable for its failures.” She goes on to state that a certificate of qualification issued by a government to a TSP is unlikely to meet the transparency and accountability that future systems require.
With more of our daily lives being automated or going digital, the need for secure protocols is undeniable. Information is so valuable and must be protected from corruption and security breaches. Andersdotter has a point in arguing that government approval of an organization by itself does not guarantee reliability. Without transparency and accountability it would be meaningless.