Samenvatting

This research paper concerns itself with the technical and political obstacles of securing the EU cyber space against espionage and surveillance both amongst the member states and particularly those emerging from foreign powers. The scope of the research is limited to signals intelligence (SIGINT) related measures used by states to retrieve intelligence about state and non-state actors.
One major finding is that both mass surveillance and espionage are difficult to address from a legal point of view. International human rights law, is supposed to guarantee a right to privacy, however has no extraterritorial applicability for states, which made sense during the 1970s, but not in the age of cloud computing and social media. Espionage during peace time on the other hand is not even addressed by international public law.
Mass surveillance is also difficult to prevent because a lot of popular internet services are located in the USA and are thus subject to laws that require them to release user data to authorities under conditions which do not meet European data safety standards.
A particular issue in regards to European states counter-espionage capabilities is that these are underdeveloped due to a lack of competence in signals intelligence matters. This could be a direct result of the reliance on NATO and UKUSA signals intelligence sharing, which meant that European states gained cheap access to security related information, however, without considering that the means used to obtain this information could be turned against them in the form of espionage programs.
The author comes to the conclusion, that the EU member states should seek closer inner European collaboration in intelligence matters and particularly SIGINT sharing. The strategy vis-à-vis the US intelligence apparatus should be reconsidered and should not just comprise elements of collaboration, but also such of counter-intelligence. Subsequently, the creation of a European SIGINT agency under the provision of voluntary member state participation is recommended. In regards to tackling the problem of mass surveillance, the author finds that by requiring foreign enterprise to comply with EU Law even when operating abroad and by subsequently imposing direct and indirect financial penalties on enterprise in case of non-compliance, the EU and its member states have already taken appropriate steps in the recent past. However, the situation could be further improved through investment in research and development of domestically produced, safety-related IT products and services.