[Freedombox-discuss] DRAFT Pilot Project: A Threat Model for MEPs

JOSEFSSON Erik erik.josefsson at europarl.europa.eu
Tue Apr 14 11:30:21 UTC 2015

Dear all,

Please find below a draft text for proposing that the EU should allocate money under the Pilot Project budget line for developing a threat model for MEPs.

A glimpse of what was decided to spend money on last year can be found in the first Commission interim report on the implementation of Pilot Projects and Preparatory Actions 2015:


Comments on the text below are most welcome , in particular if made in public on hub at icg.greens-efa.eu<mailto:hub at icg.greens-efa.eu>

Budget estimates for the Pilot Project as described would also be very helpful.

Thank you for your time.



A Threat Model for MEPs

Every citizen needs to understand how to use new technology in a safe way[1]. MEPs are not different in that regard. They too need to master both their internal and external communications in a way so that they do not put anyone or anything at risk, including themselves[2].

The purpose of this Pilot Project is to increase the understanding of threats to safe communications. It will do so by developing a threat model for MEPs that takes into account EP specific procedural, institutional and constitutional constraints[3] as well as the threat from internal and external adversaries both at work, during travel and at home. Further, the threat model shall be construed so that its assessments can be independently verified and validated by any third party[4].

The threat model will be accompanied with a recommendation with regards to measures MEPs can take to mitigate identified threats, in particular measures including the use of Free Software, Open Standards and Encryption. In addition, the recommendation shall include an overview of which of the measures that could enable European businesses and institutions to better master their internal and external communications.

The Pilot Project will also make a comparative study of how the average MEP communication tools inventory performs further to the recommendation in comparison with a reference inventory strictly based on Open Standards and purely built from Free Software, and, if possible at the time, Open Hardware[5].

[1] Surveillance Self-Defense https://ssd.eff.org/en/glossary/threat-model

[2] LIBE Committee Inquiry on Electronic Mass Surveillance of EU Citizens (see e.g. point 101) https://polcms.secure.europarl.europa.eu/cmsdata/upload/7d8972f0-e532-4b12-89a5-e97b39eec3be/att_20141016ATT91322-206135629551064330.pdf

[3] Ensuring utmost transparency - Free Software and Open Standards under the Rules of Procedure of the European Parliament http://www.greens-efa.eu/fileadmin/dam/Documents/Studies/eut-print.pdf

[4] Software verification and validation according to Wikipedia https://en.wikipedia.org/wiki/Software_verification_and_validation

[5] FreedomBox v0.3 Released! https://www.freedomboxfoundation.org/news/FreedomBox-0.3/index.en.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20150414/a36a6388/attachment.html>

More information about the Freedombox-discuss mailing list