Let me explain why UKIP MEPs (and their allies in other member states) may well determine the future of EU Internet regulation and what is at stake if they do.
I have attended a number of recent meetings on the EU Cyber Security strategy. There is almost unanimous agreement with the objectives and almost unanimous condemnation of the means. For example, we need to make it much easier to report attacks, whether or not they are successful, in formats which enable rapid collation and response, as well as intelligence. The reporting of breaches, which may not be actually known until long after the event, is of historic interest only and diverts effort. Mandatory public reporting, as opposed to personally warning those known to be at risk via channels they can trust, is worse than useless. It is not merely a job creation programme for lawyers and compliance officers. It actively gets in the way of good practice in tackling threats as they emerge. More-over it penalises well run organisations which know what has happened, while protecting those which are unaware that their customer and personel files are in use by fraudsters.
The timing of the consultation is also very important. This Directive is unlikely to be scrutinised by the current crop of MEPs. We are moving into a period of interregnum when Commission initiatives will gather momentum while the politicians are away. There is nothing quite so dangerous as ignorance in motion and this Directive will be up to speed when the new crop of MEPs arrives, to be manipulated at will: save that half the new crop from the UK are likely to be members of UKIP or will have have done deals with them. Many other member states will have elected members of similar “a plague on all your houses” parties. In looking to educate those MEPs who will scrutinise this Directive we need to intercept the selection processes of the parties to educate the candidates, including those of UKIP. This may also be the type of cause which will appeal to those UKIP members who wish to do something useful while they are in Brussells or Strasbourg.
In educating them we will, hopefully, also educate the Commission officals as to the changes they need to make for the European Union to survive the pressures for “democratisation not bureaucratisation”. This directive could be the touchstone because the vast majority of Internet users appear to agree that something must be done to improve on-line security. Unfortunately this is not the “something” that should be done. In the meantime make sure you respond to the BIS call for evidence so that, with luck, we can get the Directive re-written before the start of the inter-regnum.
You do not have much time. The Call will close on 21st June. Evidence can be submitted anonymously but the more public you are and the more channels you use, including direct to the Commission and via allies and partners in other member states, the louder your voice will be heard.
Also make sure to join and use the Digital Policy Alliance working groups to help the follow through, including that on the Digital Single Market which Malcolm Harbour MEP chairs and those on the Data Protection and Electonic ID Regulations. If they did not already exist this would be the cause to invent them. Lord Erroll is in the process of restructuring the Alliance to handle the issues of the future. This is one of them and I anticipate a coming together of the above groups to try to bring about a similar coming together of the EU initiatives. But first we have to kill off the Commission plans to fight the electronic equivalent of the Boer War.