 Good morning. My name is Marie Kjeschaka. I'm a member of the European Parliament for the Dutch Democratic Party, and we're part of the Alliance of Liberals and Democrats for Europe. I'm very sorry I cannot join you in person today in Dublin for the IIEA Cybersecurity Conference, but I'm very happy to share some of my thoughts via this video. In the parliament I focus on the EU's foreign policy, on international trade, but also on human rights and digital freedoms. And the way that technologies change our societies, democracies, rights and freedoms is a central theme to all of my work. After my election in 2009 to this parliament, there was a strong focus on the financial and then looming euro crisis. It almost looked like the digital revolution had not really reached the parliament, at least not its implications and the role for policymakers. Very few were working on issues related to digital rights and freedoms, including on cybersecurity and defense. And this even prompted me to organize seminars where geeks would explain the basics of how ICTs work to colleagues. Without an understanding of how technologies work, it is difficult to make relevant legislation. And I'm sure these seminars helped, but many global events and discussions have put digital freedoms and cybersecurity in the spotlight of our political agendas. The Arab uprisings, the publications of diplomatic cables by WikiLeaks, Stuxnet and the recent NSA revelations have put cyber on top of our agenda. But also in the public debate we see global opposition against laws or agreements to enforce intellectual property rights online, such as the protest against the US bills called SOPA and PIPA and against the ACTA Treaty in Europe. And I have no doubt that technology related topics will play a major role during the upcoming European elections. This increased focus means that almost everything is related to cyber nowadays. And I think we should be wary of this kind of hype. The good news is that we don't need a cyber democracy to guarantee cyber security. Our prime objective has to be that digital freedoms and fundamental rights need to be enforced and not eroded in the face of vulnerabilities, attacks and crime. The rule of law should apply online as it does offline. Essential and difficult questions on the implementation of the rule of law, historically placed bound by jurisdiction, rooted in the nation state, while living in a context of a globally connected world, need to be addressed. First, we need to make sure that we don't over-regulate. I'm sorry to say, but some policymakers have a reflex to come up with rules to regulate issues that are out of their control. The open internet should not be over-regulated. However, technical developments are moving so rapidly that laws and regulations that we debate today were already old and outdated yesterday. Additionally, public authorities increasingly rely on private players in order to perform their basic duties of public order, security and defence. So we need to have transparent and open debates on the respective roles that governments and companies play and where responsibilities and accountability are ensured. Secondly, in Europe we need to have our own house in order to be a credible advocate for digital freedoms globally, and this is in our own interest. The big debate about data protection, privacy and digital freedoms following the NSA revelations is timely and necessary. Something that's been missing from the discussion is the role that European technology companies play in facilitating such mass surveillance programs. In fact, European companies are front-runners in developing, exporting and employing the very tools and technologies used for mass surveillance, monitoring, mass censorship, hacking, tracking and tracing. And the same goes for software vulnerabilities or zero-day exploits. This doesn't only enable governments to harm the rights and freedoms of citizens whether it's in Iran, Zimbabwe, Syria or Bahrain, or closer to home. These technologies can also harm our strategic interests and the interests of our businesses. It is incomprehensible that this grey market full of risks to the public interest is intransparent and unregulated so far. That's why I've launched a campaign against the export of digital arms and you can join the effort and find information on stopdigitalarms.eu. And thirdly, we need to seek lean and relevant policies and laws to ensure cyber security and the protection of people's digital freedoms. Several legislative initiatives are currently pending before the parliament. The data protection package, the new telecom package recently announced by Commissioner Cruz but also important is the network information security directive. This NIS directive is part of the EU's cyber security strategy that also focuses on preventing and going against cyber crime and the protection of the global open internet and the digital freedoms of users. The directive is aimed at a high level network and information security policy for the EU. And while the NIS directive is still under consideration of the internal market committee there are three clear issues that are important for the parliament. One is the scope. There seems to be an understanding that the NIS directive should not apply to all infrastructure but for the moment only to a stricter part of critical ICT infrastructure such as use for energy, transport, health and financial services. And two, the notification obligation. The main novelty of the directive is the obligation by market operators to notify breaches or incidents that have a significant impact on the security of core services. And we need clear rules and criteria on what is a significant incident. This especially affects SMEs. And three is sanctions. We should make sure that sanctions for non-compliance do not become disincentives for companies to notify undermining the very substance of the directive. And this may require a possibility for confidentially reporting security breaches. Our technological developments and the open internet have led to revolutionary changes and the potential of emancipating individuals bottom up. But increasingly technological possibilities also put the spotlight back on top-down responsibilities. They prompt serious questions about power, governance, security and fundamental freedoms. And policies are lagging behind in ensuring a relevant regulatory framework. While over-regulation should not be desired, we need more robust mechanisms to protect the fundamental rights of internet users. Too often the public value and the public interest are not protected well enough. And I believe that must change. And hopefully your conference offers concrete results to that end as well. Thank you very much.