Ever since the publication of documents from the Snowden archive, which indicate that the US National Security Agency (NSA) and the UK Government Communications Headquarters (CGHQ) were behind the cyber-attacks on the European institutions, an improvement of the European Parliament’s IT security was to be expected. The report by Civil Liberties Committee Chair Claude Moraes on mass surveillance therefore called on Directorate-General for Innovation and Support (DG ITEC), the service in charge of security in the European Parliament, to carry out a thorough analysis, to make recommendations and to present a final report in June 2015. Unfortunately, the developments have been rather slow so far. Two years after the first revelations, Parliamentarians are still not able to receive or send encrypted communications.

Therefore, on 21 April 2015, EDRi organised, together with EDRi members Liga voor Mensenrechten and Access, the first Privacy Café in the European Parliament (EP). The goal of the Privacy Café was to give Members of the European Parliament (MEPs) and their assistants an overview on the importance of protecting their privacy, and to introduce a selection of practical tools to improve the privacy of their private and professional communications. After the introductory presentation, each participant could join one or several hands-on workshops, to learn about email encryption, mobile messaging or private browsing. The instructors went through the installation of the tools, and offered advice and practical help to the participants. Step-by-step instructions for each tool were also available in printed format.

The European Parliament has a lot to improve from the point of view of privacy and secure communications; the default solutions on the professional devices for browsing the Internet, document sharing and sending internal emails are often not privacy friendly, and installing add-ons or software enhancing privacy (such as GPG4Win) is made difficult or impossible.

The event raised a lot of interest and positive attention. To continue the work to increase awareness of privacy issues within the EP, more Privacy Cafés are being planned. Among the participants were representatives from the DG ITEC, the body responsible for providing IT support to MEPs and Political Groups, and for running of the European Parliament computing and network centre. EDRi is now in contact with them, to investigate the possibilities to discuss for improvements to the current tools and practices in place in the EP.

EDRi-gram: EDRi launches privacy trainings in the European Parliament (28.01.2015)

https://edri.org/edri-launches-privacy-trainings-in-the-european-parliament/

Belgacom Attack: Britain’s GCHQ Hacked Belgian Telecoms Firm (20.10.2013)

http://www.spiegel.de/international/europe/british-spy-agency-gchq-hacked-belgian-telecoms-firm-a-923406.html

Parliamentary question: Regin malware used in cyber attacks on EU institutions and Belgacom (05.12.2014)

http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+WQ+E-2014-010269+0+DOC+XML+V0//EN

Hand-out: What Is Encryption?

https://edri.org/files/PrivacyCafe_20150421_Encryption.pdf

Hand-out: How to use PGP on a Windows PC

https://edri.org/files/PrivacyCafe_20150421_PGPWindows.pdf

Hand-out: How to use RedPhone on Android

https://edri.org/files/PrivacyCafe_20150421_RedPhone.pdf

Hand-out: How to use Signal – Private Messenger

https://edri.org/files/PrivacyCafe_20150421_Signal.pdf

Hand-out: How to use TextSecure on Android

https://edri.org/files/PrivacyCafe_20150421_TextSecure.pdf

Hand-out: How to leave fewer traces while you’re surfing

https://edri.org/files/PrivacyCafe_20150421_FewerTraces.pdf