After German MEP Cornelia Ernst had recently taken issue over Malta's use of the PISCES border control software, which was donated to the country by the American government in 2004, claiming that Malta's use of the software could constitute a security risk for other EU member states, the European Commission has said that it is, "not aware that Malta has externalised such IT-services".
The PISCES software was developed by the American company Booz Allen Hamilton, the former employer of US National Security Agency whistleblower Edward Snowden. It is one of America's largest security contractors and is seen as a significant part of the constantly revolving door between the US intelligence establishment and the private sector. In fact, many of the files that Snowden eventually leaked had, in fact, been sourced from the company.
Although it had previously been in use in the US and other countries, Malta was the first country to make use of the PISCES system when it was donated by the US government back in 2004. According to this newspaper's research, Malta is still the only EU member state using the software.
The system is in use at international entry-points to the country, which include Malta International Airport, the Sea Passenger Terminal, Ta' Xbiex Marina and the Gozo ferry terminal.
In a European Parliamentary Question, Ms Ernst raised the alarm over Malta's use of the PISCES system, as well as Denmark's use of a similar system developed by another US company, Computer Science Corporation (CSC), that has been implicated in espionage activities.
In her question, Ms Ernst stated: "Both firms are known for their cooperation with the US secret service NSA. This is all the more important because CSC and Booz Allen also install and support IT policing systems for border security/border control (eg in Denmark and Malta).
"How far has the Commission investigated whether IT systems in Malta and Denmark (or, if known, in other countries too) constitute a security risk to other EU member states, because they are installed and operated by Computer Science Corporation and Booz Allen Hamilton?
"What policy is followed by the Commission with regard to the future award of contracts to Computer Science Corporation and Booz Allen Hamilton and what advice will it give to the Member States on this?
"In Commission paper COM(2014) 711, however, the Member States are urged not to award contracts for the operation of the Schengen Information System (SIS II) to 'external suppliers'."
Ms Ernst also asks which member states is the Commission aware of where IT policing systems networked at EU level with each other have been awarded to "external suppliers" and in which of these member states have Computer Science Corporation and Booz Allen Hamilton taken over contracts.
According to the Booz Allen Hamilton website: "We built and deployed worldwide the Personal Identification Secure Comparison and Evaluation System (PISCES), which allows countries to collect, compare and analyse data to secure their borders or other controlled areas. The system provides border-control officials and other interested groups with a tracking system and set of analytical tools to capture and evaluate information of interest, making PISCES a critical tool in the war on terrorism."
At the time of the $1.5 million system's donation to the Maltese government, then US Ambassador to Malta Anthony Gioia had noted how PISCES is a very sophisticated tool forming part of the US Department of State's Terrorist Interdiction Programme, and promoting international cooperation by helping strategic partners restrict the movement of terrorists and other criminals across borders.
He said Malta was invited to make use of PISCES based on three factors: the historically strong bilateral relations between the US and Malta, Malta's strategic position in the centre of the Mediterranean and now as the EU's southern border, and the high volume of travel to Malta. "PISCES is being provided by the United States at no cost to Malta. Assistance will include installation of the system, maintenance and training of immigration officials."
Through the use of PISCES, border control officials have the ability to collect, compare and analyse traveller information quickly and discreetly for the purpose of identifying and intercepting terrorist suspects and other criminals, Mr Gioia said.
"In the world post 11 September, border security challenges are great, but the importance of meeting those challenges is even greater," he had added.
SIS II legal framework 'contains a series of security requirements' - EC
In its reply to the MEP, the European Commission stressed that the new SIS II legal framework, "contains a series of security requirements which must be complied with by Member States.
"These were complemented by recommendations issued by the Commission, including that neither the operational management of SIS II nor any technical copies should be entrusted to third parties.
"If they do use external service providers, Member States must ensure that these providers comply with the security requirements, including security audits and inspections. System security receives a high emphasis within the new Schengen evaluation mechanism where the national security arrangements will be scrutinised by the experts of the Commission, EU-LISA and the Member States."
Although the Commission said it was aware that Denmark and the United Kingdom, which should integrate the Schengen Information System in mid-2015, had outsourced the operational management of their national SIS or its copies used by border control and law enforcement authorities to CSC (Computer Science Corporations) and CGI (Computer Generated Solutions) respectively, it said that it was, "not aware that Malta has externalised such IT-services".