European prosecutors probe Russian role in buying software for sensitive EU border system

hotznplotzn@lemmy.sdf.org

Archived

[...]

The French IT group Atos used staff in Russia to buy software in 2021 for the highly sensitive project [of EU’s new electronic border system], which aims to gather and store biometric data on all non-EU visitors to the EU.

The disclosure of Russian involvement has raised significant security questions about the ambitious overhaul of the EU’s border infrastructure. Its launch remains uncertain after the EU scrapped several target dates due to technical issues.

The leaked papers suggest Atos’s branch in Moscow operated under a licence that would grant Russia’s FSB security service access to its work in the country. Four people with knowledge of the events said Moscow-based staff were directly involved in buying software for the border system, work that would typically require an EU security clearance.

The European Public Prosecutor’s Office (EPPO) is looking into the involvement of Atos Russia in the border project, according to two people with knowledge of the probe.

The EPPO is responsible for investigating and prosecuting criminal offences affecting the financial interests of the EU. The EPPO said it does not comment on cases or publicly confirm the investigations it is pursuing. No charges have been brought to date.

The EU’s so-called Entry/Exit System (EES) will collate data tracking the movements of every foreign traveller entering or exiting the bloc, recording biometric and personal information as well as their visa status. Atos Belgium won the EES contract, now worth €212mn, together with IBM Belgium and Italy’s Leonardo in 2019.

Olaf, the EU’s anti-fraud watchdog, last year investigated allegations regarding the involvement of Atos Russia, a probe that has not been previously disclosed. It found that measures taken internally by EU-Lisa, the agency implementing the EES, to address “security issues” were not sufficient, according to one person with direct knowledge of the inquiry.

[...]

The Atos branch, since 2016, operated under a licence granted by the FSB, one of the successor agencies to the Soviet Union’s KGB. This covered the “development, production, distribution of encryption (cryptographic) tools, information systems and telecommunication systems”, according to Russian public records.

Andrei Soldatov, an author and expert on Russia’s security services, said such a licence grants the FSB a “back door” into Atos Russia’s activities. “They can look at everything this company is working on,” Soldatov said.

[...]

Atos has said that it divested from its Russian business in September 2022 following the invasion. Atos, IBM and Leonardo declined to comment.

One European official said the revelations about Atos Russia raised urgent questions about access to such a sensitive project. “The security issue immediately comes to mind because of the enormous amount of data that [the EES] would contain,” they said.

[...]