• Media Enquiries

    07505 448925(24hr)

Your data on 500,000 terminals across the EU

SIRENE-SIS It emerged this weekend that large amounts of confidential personal information held about British citizens is currently being stored on a giant computer network spanning the European Union, and can be accessed through more than 500,000 terminals. Once again, the two things that aren’t being given proper consideration are privacy and security. 

As reported over at the Guardian:

The figure was revealed in a Council of the European Union document examining proposals to establish a new agency which would manage much of the 27 EU member states' shared data. The sheer number of access points to the Schengen Information System (SIS) – has triggered concerns about the security of the data.

Half a million access points – that’s more than the population of Luxembourg. It goes without saying that the SIS system has already been subject to serious breaches of security. Statewatch, a civil liberties outfit that follows security related issues across the EU, claim that personal information was extracted from the system by an official in Belgium – and was subsequently sold to an organised criminal gang.

As EU business report, the official line, sounds all too familiar:

“The second generation Schengen Information System (SIS II) will be a large-scale information system containing alerts on persons and objects.” “It is a communication infrastructure between the central system and the national systems providing an encrypted virtual network dedicated”.

In reference to the expansion of the SIS database, Tony Bunyan, director of Statewatch, endorses two principles with which we can all agree:   

"The greater the points of access, the greater the number of people who have access and the greater the chance that data will be misplaced, lost or illegally accessed." Furthermore, "the idea that mass databases can be totally secure and that privacy can be guaranteed is a fallacy."

Sound logic, Mr Bunyan.

By Edward Hockings

Posted on February 8, 2010 by Big Brother Watch Posted in Europe, Losing data
  • ERM

    So pleased that I always lie on all official forms I’m forced to fill in. They’ll find my personal data absolutely useless for anything apart from providing conflicting, duplicated data which will hopefully, help clog up the system.

  • http://denny.me Denny

    I’ve been informed on Twitter that British data isn’t on this database (yet, at least):
    http://twitter.com/euonymblog/status/8806815272

  • http://alastairs-place.net alastair

    While Mr. Bunyan is technically correct, I don’t accept the implication behind his statement which is that mass databases cannot be *acceptably* secure if properly designed.
    For example, there is no need to allow staff to access the data directly in bulk form in such a way that they could extract it and give it to a third party, and staff should not have direct access to the database files or to backup copies of the database files without some form of safety mechanism. Also, such databases should be designed with a proper audit trail, and preferably with mechanisms to detect unauthorised access.
    Some of these things do already happen (for instance, HMRC regularly disciplines individuals for accessing celebrities’ tax information), but it’s very dependent on having competent IT staff and DBAs dealing with the database design, and I’m afraid that government on the whole has demonstrated a somewhat lackadaisical attitude to this issue, with the resulting loss of data on CDs and laptops, where it should never have been in the first place had the staff responsible for implementing the databases in question been doing their jobs properly.
    In summary, perhaps the problem is not mass databases per se, but the competence of IT staff responsible for them?

  • Winston Smith

    ” Statewatch, a civil liberties outfit that follows security related issues across the EU, claim that personal information was extracted from the system by an official in Belgium – and was subsequently sold to an organised criminal gang.”
    No mention of the organised criminal gangs which built the systems and collected the information in the first place.
    What’s the difference between government and organised crime?
    WS

  • anonymouse

    When a single unit within a single department of a single public body can’t even work properly with data, what hope for an EU-wide system. Nonsense.