Wednesday 30 June 2010

The Email Incident of 7th December 2007

The Activity Report of the Joint Supervisory Body of Eurojust for the year 2009 (PDF) was sent to the Council last week. I was taking a look through it to see if there was anything on preparations on data protection, particularly on anything SWIFT-related towards the end of 2009. The report does mention co-operation between Europol and Eurojust, and that the Lisbon Treaty will impact on data protection - however, the analysis of the impact of data protection provisions in the treaties will be in next year's report.

A section heading did jump out at me, though - "Email Incident of 7th December 2007":

"...a disruption of the e-mail service at Eurojust had taken place on 7 December 2007, as a side effect of an attempt to solve a problem caused by an accident in the use of the system the previous day. This incident had been investigated by the JSB in 2008 and a report presented to Eurojust. Eurojust’s final response to the JSB’s evaluation... was presented by the Acting Administrative Director of Eurojust, Mr Jacques Vos, at the meeting in February 2009. He outlined the measures that were being taken by Eurojust on the basis of the JSB’s recommendations to restore the trust of users in the integrity and inviolability of the e-mail system. Eurojust admitted that mistakes in judgement had been made at the time and recognised the considerable operational consequences that this incident created, but it was hoped to put this issue aside, to learn from it, to follow the JSB’s recommendations and to be better prepared to deal with future incidents."

What happened? Was it just a downed system? A hacker? Was information lost?

I looked up the previous year's report to see if it could shed more light on what exactly happened and what recommendations were made. The 2008 report (PDF) stated:

"Upon the request of the President of Eurojust, an ‘on the spot’ check was carried out at Eurojust on 17 March... The members of staff involved in this incident were interviewed and the log files were inspected. Subsequently, a report was submitted to the College of Eurojust on 24 April making several recommendations."

The report? "Confidential document."

It sounds like a security matter rather than a simple system failure, though I can't say for sure. I wonder how much information was lost, and how sensitive it was?

No comments:

Post a Comment