March 13, 2018

CyberScoop quotes Ari Schwartz about a report released calling for legal reform and consistent policies for government vulnerability disclosure within the EU

1 min

Ari Schwartz was quoted on March 13, 2018, in CyberScoop about the need for legal certainty and consistency across the 28 member states of the European Union if all jurisdictions are to hunt for software vulnerabilities, according to a blue-ribbon commission established by the Center for European Policy studies.

Britain and the Netherlands both have equivalent processes to the VEP and "Germany is well on their way" to developing one, Mr. Schwartz told CyberScoop. Schwartz, who helped develop the first iteration of the U.S. VEP, briefed the task force this month.

He said that the policies the U.S. implemented after the Edward Snowden mega-leak revealed the extent of NSA hacking and created a model that transparency advocates in Europe could point to.

The U.S. is "much more transparent" about its intelligence agencies than most European nations, said Schwartz. "That work we did post-Snowden put pressure on the European agencies … to some extent it helped push this work forward."

Schwartz added that because the supranational EU institutions like the European Parliament and the European Commission have no authority over national intelligence and security agencies in the 28-member bloc, pushing the same U.S. model would be challenging.