The debate over regulation of the IT security industry is as fierce as ever.
At the RSA Security Conference in Amsterdam representatives of the EU Parliament and Council of Ministers clashed over the proposed European Network and Information Security Agency, which would devise Europe-wide security policy and communicate it to business.
The European Parliament approved a proposal this week to set up the agency but now faces a battle with the Council over its structure. The proposed agency is slated to begin on 1 January 2004 and last until the end of 2008, with a budget of €24.3m.
"We are in the process of fighting with the Council," said Wim van Velsen, member of the European Parliament.
"The Council wants a ruling board with a representative from each member state and six representatives from business. For a 20-person agency this is ridiculous, but I think on this the council will not give up."
But the Council of Ministers is concerned that any new agency setting standards would need to be kept under close supervision. There were also fears of getting sufficient involvement from member states to make the agency effective in all countries.
"[Member] states need to feel they have total buy-in, that's driving our position," said Geoff Smith of the UK Department of Trade and Industry.
"There is some nervousness about ceding responsibility to an outside agency. This could be what is behind the 25 states wanting representation on the board."
With over 80 per cent of Europe's computer networks in private hands, the co-operation of business is seen as key by both sides.
But while many firms in the security industry have praised the progress that has been made, there are fears that over-regulation could suppress innovation.
"I'm concerned that governments get overzealous in trying to regulate how security works," said Art Coviello, chief executive of RSA Security.
"They don't know enough about the topic to regulate it, move much more slowly than the security industry and legislation can't acknowledge that different companies have different security profiles."
Two more meetings are scheduled between the Council of Ministers and representatives from the European Parliament. If plans are not approved on the first reading the process will be delayed until after 2005, because of the next round of European elections slowing the process.
Meanwhile, the law enforcement sector is becoming more forceful in its recommendations for dealing with cyber-crime. While they acknowledge that there have been great steps forward to find a unified approach to pan-European investigations there is still a great way to go.
"We need a global harmonised law to fight cyber-crime," said Bernhard Otupal from Interpol.
"Problems occur if we ask for different countries to provide evidence of computer crime and some of those countries have no laws against this. We need laws that cover the whole world. If crime happens anywhere someone has to fight it."
But, he added, any measures enacted should be compatible with a free society and not undermine individual liberties.
Microsoft receives a 30 per cent cut of all purchases on the Xbox digital store
Credit card thieves used Apple ID accounts to buy and sell virtual currency for Clash of Clans and Clash Royale and Marvel Contest of Champions
$5.1bn fine further evidence that the EU is anti-US, claims Trump
New cable will connect Virginia to France