Yesterday I went to an interesting SAAB seminar "Virtual Integrity and e-espionage. Can we tame the internet?" with very intriguing guest speakers.

Paul Nemitz, Director Fundamental Rights & Union Citizenship at the European Commission was having an intense discussion with Dorothee Belz, Associate General Counsel for Europe at Microsoft, over why the cyber space is insecure and who, and how should tame it and ensure its security.

From one side Mr. Nemitz was defending the rule of law position, stating that policy makers determine the direction nowadays technology takes and industry should follow (the rule of democracy) and from the opposite side, Mrs Belz defending the position that since current laws are lagging behind with the so needed amendments, the “wild, wild west” principle, naturally turns technologies into law makers.

Some curious questions about how to establish a balance between the technological development and democratic lawmaking without damaging techno progress, derived from their argumentations. Statements that current rules obviously need moderation and transformation to deliver real protection was also heard, and how industry and legislators can work together towards building stable long term protection policies was one of the main topics.

Since technological development is outrunning and therefore changing the rules, and as Mrs Belz also accurately pointed, personal data has become the currency in the business-citizen relationship, is cyber security governable at all? Were the so called “customers” aware they are using services free of charge, only because they are paying them with their very personal information, before the NSA scandals? But is that the real question, at all?

A lot was also said by Mr. Nemitz, following the thesis that the industry is usually opposing potential regulations by lobbing their proposals in favor of their own businesses, of course, and by often requesting postponements when the final results are not what they wanted.

And he was speaking the truth.

In 2002 The European Commission issued a Directive, adopted by the member states, where tracking online user’s activity (like installing cookies) without their consent, is not allowed. Since then, a working group has been set for defining the technical mechanisms. Representatives of the advertising industry as well as the software industry are also part of this group. It is 2013 and there are still no mechanism negotiated. This is the type of postponing Mr Nemitz was talking about.

In the meantime thanks to whistleblowers like Chelsea Manning, Edward Snowden and others that delivered to the public knowledge information about the dimensions of the biggest massive collection of personal data in human history, we realized what really was going on. Companies delivering their customers’ data to the secret services. Companies, deliberately building up backdoors in their own systems, softwares and hardwares, allowing undisturbed monitoring of common citizens, politicians, ministers, policy makers, entrepreneurs … simplified: everyone.

Of course, the Microsoft representative denied it all. But if Linus Torvalds, the developer of Linux, was approached by NSA and asked to build backdoors into GNU/Linux, why would Microsoft be an exception?

I should also mention that just 12 hours later (not too long after) the French newspaper Mediapart published a list with names of MEPs whose emails have been hacked, thanks to the mare fact that since Microsoft system does not allow encryption, their emails can never be entirely secure. And European Parliament is barely the only European Institution using Microsoft products and services.

It was just few months ago, when another spying scandal shook EU – GCHQ  has hacked Belgacom’s system, successfully installing a malware and mining data for at least 6 months. Belgacom is Belgium's largest telecom operator and all Brussels-based EU institutions are its clients, hence the majority of people working in those institutions.

Of course, Belgacom denied having enough evidences that UK secret services were involved, but they very clearly pointed out, “the people that developed the software used for the attack have very detailed, deep and broad knowledge, with highly sophisticated knowledge base and technology. And obviously the hackers have the kind of a solid financial power behind them, that only governments can posses.”

Belgacom could not point GCHQ as the perpetrator, but the documents leaked by Snowden provide us with enough evidences that not only UK secret services were involved in this cyber attack, but once again they played the Trojan horse in the European Union by serving NSA and US interests with anything they want.

Wrapping it up: Member States spy on each other, selling data to 3^rd parties (secret services); Secret services blackmailing corporations for purposely building insecure services; Industry collecting people’s online activity for “advertising and marketing” purposes also ends up selling it to the secret services…

In those circumstances, is building a real adequate policy protecting citizen’s data a goal at all?

The real question is, is there anybody that really wants protected data?

Do governments want it? Does the industry want it?

And who is ruling the world? The secret services?