Kategori e-government

Alltjämt bristande koll på läget…?

I ett tidigare inlägg berättade jag om Finansinspektionens beslut 11-564 från den 2011-01-19 beträffande anmärkning och straffavgift för Svenska Handelsbanken (se hela beslutet via http://www.fi.se/Sanktioner/Finansiella-foretag/Listan/Straffavgift-for-Handelsbanken/ och inlägget via http://blawblaw.se/2011/03/har-vi-verkligen-koll-pa-laget/). Nästa förvaringsinstitut att bli fällda var SEB genom beslut FI Dnr 11-5466 från den 2011-05-19, se http://www.fi.se/Sanktioner/Finansiella-foretag/Listan/Straffavgift-for-SEB/.

Beslutet, i likhet med det tidigare gällande Handelsbanken, är i sin helhet intressant läsning för den som intresserar sig för gränslandet mellan informations- och kommunikationsteknologi (IKT) och juridik. Bland annat diskuteras risker med manuellt kontrollarbete i relation till ett stort och komplext fondbestånd. Finansinspektionen menar att det typiskt sett medför ”en beaktansvärd risk för fel vid kontrollerna” och att ”Vissa av de brister som har förekommit borde ha kunnat undvikas om kontrollerna hade genomförts med hjälp av lämpliga system och med mindre omfattande manuella inslag”.

Vad innebär egentligen detta? Är det att manuella kontroller, när information uppnår viss grad av omfattning och komplexitet, inte kan anses tillräckliga och ändamålsenliga för att uppfylla de lagstadgade kraven? Hur gör man i så fall den bedömningen och var går gränsen för när informationen skall anses ha uppnått relevant grad av omfattning och komplexitet? Och bör man göra skillnad på olika typer av information som lagstiftningen tar sikte på? Ett systemstött och automatiserat kontrollarbete borde dessutom ha en väsentligen högre kapacitet, varför frekvens och omfattning av kontrollerna borde kunna utökas. Rimlighetskontroller och stickprovskontroller kan istället bli exakta och heltäckande. Kvartalsvisa kontroller och fördjupade kontroller kanske kan ske veckovis, eller t o m varje dag. Om den här typen av möjligheter existerar, innebär det även att begreppen kvalitet, tillräcklighet, systematik och ändamålsenlighet förändras?

Banken framför invändningar med anledning av regelverkets utformning där man anför att ”Några närmare anvisningar om hur, när eller med vilken frekvens etc. som kontroller ska utföras finns inte närmare i lagens förarbeten. Banken framhåller också ”att Finansinspektionen i olika sammanhang har framfört att reglerna om förvaringsinstitut är i behov av förtydligande.” Finansinspektionen tillbakavisar bankens invändning med att regelverket är tydligt nog och ”anser inte att det finns några oklarheter i regelverket som kan påverka bedömningen av de frågor som har behandlats i det här beslutet, mot bakgrund av att ärendet i huvudsak rör systematiken och kvaliteten i de kontroller som förvaringsinstitutet har utfört.”

Om regelverket är otydligt eller inte kan naturligtvis diskuteras. Samtidigt bör påpekas att det i nuläget är tre ledande förvaringsinstitut som i någon mån ansett så vara fallet. Eller i allt fall inte lyckats efterleva kraven. Att materian är komplex och svårförståelig råder nog inget tvivel om. Gränslandet mellan regelverkets krav och vad som i praktiken behöver genomföras i en komplex IKT-värld upplevs som alltmer vidsträckt.

A brief summary of Law & ICT Seminar in Tanzania (27th Sept. 2011)

Law & ICT  seminar in Tanzania, was a seminar organized jointly by the Faculty of Law Mzumbe University and the Swedish Law & Informatics Research Institute, Faculty of Law, Stockholm University.

This seminar was facilitated by the Faculty of Law, Stockholm University. The seminar was held at Giraffe Ocean View Hotel –Dar es salaam, Tanzania.

The objectives of the seminar include among other things:
- To explore ICT Law challenges in Tanzania and identifying possible research areas
- To discuss possible collaboration (in publication, researches, short courses, joint programmes, exchange programme, etc.,) between Mzumbe University & the Swedish Law & Informatics Research Institute (IRI), Faculty of Law, Stockholm University.

The seminar begun with an opening speech from the Vice Chancellor of Mzumbe University, Prof. Joseph Kuzilwa. In his speech, the Vice Chancellor thanked Stockholm University for facilitating the seminar. He also commended the initiative to forge collaboration between the two institutions. The dean of Faculty of Law Mzumbe University, Dr. Eeuter G. Mushi gave an interesting speech touching some of the challenges that Tanzania has to be addressed regarding ICT regulation. Besides that, the director of the Swedish Law & Informatics Research Institute (IRI), Prof. Cecilia Magnusson Sjöberg presented a brief history of IRI and its core activities that include training, research and publication.

Moreover, three doctoral students from IRI presented their ongoing research projects (Mårten Edenroth-Verification of Digital Information, Ubena John-Legislative Techniques and ICT, and Franciskus van Geelkerken-Cybercrimes). Apart from presentations of ongoing doctoral projects, several papers were presented from colleagues from Tanzania. Mr. Innocent Mgeta (from Faculty of Law, Mzumbe University) presented his paper titled “The Legal challenges of Online Social Networks.” Mrs. Patricia Boshe (from Faculty of Law, Open University of Tanzania) presented her paper on “The Approach to Data Protection: The Legal framework in Tanzania.” And, Ms. Pamela Liana- (from Open University of Tanzania) presented her paper titled “Consumer perception on Mobile-Banking in Tanzania.”

Finally, the Deputy Vice Chancellor Administration and Finance, Prof. Faustine Kamuzora gave closing remarks of the seminar. He particularly stressed on the importance of the seminar and initiatives taken by Mzumbe University and IRI, Stockholm University.

IT Law Public Lecture (29th Sept. 2011 at Mzumbe University, Dar es salaam Campus)

Besides the seminar, there was a public lecture.

The public lecture focused on two major areas: e-Government as presented by Prof. Cecilia Magnusson Sjöberg, and Legitimacy spheres by Prof. Peter Wahlgren

Both the seminar and public lecture received extensive media coverage in Tanzania. Television stations (eg. Tanzania Broadcasting Corporation (TBC1), Independent Television (ITV), etc), Radio stations (Radio One, TBC1, etc.), Newspapers (Daily News, Nipashe, The Citizen, Mwananchi, Uhuru, etc.), as well as online media. The links below are of some of the institutions’ websites, state, and privately owned Newspapers and other media that covered the seminar.

http://www.mzumbe.ac.tz/documents/Law%20&ICT%20seminar%20in%20Tanzania.pdf

Dons Gun for ICT Development law

http://allafrica.com/stories/201109290726.html

Dons Gun for ICT Development law

By DAILY NEWS Reporter, 28th September 2011 @ 14:00

http://dailynews.co.tz/business/?n=24064

Academician calls for law to regulate ICT
By DAILY NEWS Reporter, 3rd October 2011 @ 13:30

http://dailynews.co.tz/business/?n=24186

Watanzania waaswa kuhusu sheria za Tehama

http://www.habarileo.co.tz/kitaifa/?n=21644

Mijadala elimu ya juu kuchochea tafiti

http://www.tbc.go.tz/~tbcgo/about-tanzania/2150-mijadili-elimu-ya-juu-kuchochea-tafiti.html

Don: Tanzania must have ICT regulatory laws now
By The Guardian Reporter 4th October 2011

http://www.ippmedia.com/

Tweeting on the job. Tech helps control bad habits. Too much Tech?

Stream of consciousness post: regarding Twitter, technical controls, and … too much technology?

The U.S. State Department is encouraging Twitter diplomacy (in Farsi, too). In Sweden, a military directive encourages the Swedish armed forces to use Twitter while working. But if you’re a U.K. MP, be sure not to tweet in Parliament!

Addicted to your tweets? Have trouble resisting from texting while driving? Want help limiting credit card spending? Do you tend to creep over the speed limit when your music changes to a faster tempo? Some folks are turning to technical solutions to control impulses and bad habits. Or perhaps you’re concerned about the digital lifestyle’s affect on your kids? One mother’s solution – several weeks of living with no electricity, followed by a 6 month restriction on the use of electronic devices.

Putting old government records into online archives

The archived terabytes of digital documents from recent U.S. presidents will have company in the efforts to digitize documents from presidents of yesteryear. While some of these electronic archives are only accessible from specific libraries, one initiative is putting important documents from President John F. Kennedy online. The past four years of work from the library have been launched, and if the library can continue to annually digitize 100,000 pages of documents per year (plus photographs and recordings), all the Kennedy records may be added to the archive … in about 100 years.

Guidelines for the use of Social Media by Public Authorities

The eGovernment Delegation has just published new guidelines for the use of the social media by public authorities. The guidelines can be found at the following link:

http://www.edelegationen.se/nyhet/2010-12-30/riktlinjer-for-myndigheters-anvandning-av-sociala-medier

European Commissioner for Digital Agenda: “Wikileaks compels a more open government”

Governments must be transparent and should be as open as possible, according to European Commissioner for Digital Agenda, Neelie Kroes.
This is both important and practical, for with fewer secrets there can also be less leaked.

This is one of the lessons Kroes draws from the “Wikileaks saga,” as she describes the leak of 250,000 secret U.S. official messages.
Kroes taught her American audience a lesson on the ins and outs of this spectacle, which has dominated the world news now for weeks.

Wikileaks compels openness
The “top secret” telegrams were on SiprNet, a private intranet for the U.S. Defense and Foreign Affairs. But they were not really secret as at least 2.5 million officers and soldiers have access to all files. Private Bradley Manning is suspected of the mega leak, he has been confined to solitary confinement as of May.

Kroes: “From the perspective of cyber security this stresses the necessity of combating the threat of theft of confidential information in our possession.
“But, she stresses: “We, as governments and official organizations should be sure that we are as transparent and open as possible. I think this is important in itself, but it also has an enormous practical advantage: it reduces the amount of information that must be specially protected. ”

DDoS attacks
Kroes notes two other newsworthy events around “Cable Gate”, such as the cessation by Amazon and EveryDNS of the hosting of Wikileaks.
She wonders aloud: “Was there a case of violating the terms of service of the differents providers?

And finally, the numerous cyber attacks through DDoS* attacks on Wikileaks sites, and sites which blocked Wikileaks such as PayPal, Mastercard and Visa**. Even though information on how many PCs took part in these attacks is unreliable, Kroes noted that “it does show that such attacks can be organized by a small group of people.”
On the other hand, the services of the affected firms were hardly affected by the DDoS attacks. According to Kroes these results demonstrate the resilience of cloud architecture***.

Privacy by design
The European Commissioner for ICT matters stressed that trans-Atlantic, public-private partnership is crucial to combating cyber crime and  protecting “the integrity of the internet”. To that end, last month the EU-US Working Group on Cyber Security and Cyber-crime was created.
Besides stressing embedded security Kroes reiterates the importance of “embedded privacy” in technologies and business processes. “Those who only see privacy as a cost are near-sighted: currently it is already a competitive advantage, in the future it will be a necessary condition.”

* A DDoS attack or distributed denial of service attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. (Wikipedia) . Essentially making accessing that webserver impossible.

** See PayPal says it stopped Wikileaks payments on US letter

*** Cloud computing is Internet-based computing, whereby shared servers provide resources, software, and data to computers and other devices on demand, as with the electricity grid. (Wikipedia)

Dutch Labour Party: “Police should be able to “hack back” hackers”

Police should get more leeway to combat cybercrime, amongst others by being able to “hack back” hackers. The Dutch Partij van de Arbeid (Labour Party) wants the minister to change the law.

Jeroen Recourt, MP for the Labour Party, has asked minister Opstelten of Security and Justice questions in response to a recent television broadcast about the combating of cybercrime. The broadcast was made in response to the police actions against the botnet[1] Bredolab[2]. In that broadcast both police and the public prosecutor’s office pleaded for more powers.

“We have to prevent the creation of a sanctuary for criminals in which hackers can simply break in to other people’s computers to steal valuable data” according to Recourt in a statement (Dutch only) on the Labour Party’s website.
Recourt amongst others asks whether such an expansion of powers, as requested by the public prosecutor’s office, is feasible under current legislation. Next to that the Labour Party asks whether the minister wants to increase investigation- and prosecution capacity to combat cybercrime.

Concerns about level of knowledge police

Recourt is concerned though about the necessary knowledge and skill of police and the Public Prosecutor’s office in this field. “Only with sufficient legal grounds, means and knowledge, are police capable of tackling this problem”. As such he also asks the minister whether such knowledge and skill is present.
The discussion about the expansion of police powers erupted after the police actions against the Bredolab botnet.
At that time police issued a warning to the owners of the hijacked computers and towards this goal installed a programme of their on the infected computers.

Protests

Privacy specialists and lawyers are questioning such actions as this goes against both national and international legislation. Police themselves want the power to “hack back” hackers and have already submitted a proposition for law to the minister to this effect.
Scotland Yard does not recommend the “hacking back” of criminals and is not happy about the proposal. National police agencies should instead work together, as this would be much more effective.

[1] A botnet is a collection of software agents, or robots, that run autonomously and automatically. The term is most commonly associated with malicious software, but it can also refer to a network of computers using distributed computing software.
[2]The BredoLab Botnet, also known by its alias Oficla, was a Russia-founded botnet mostly involved in viral e-mail spam.  Before the botnet was eventually dismantled by Dutch police in November 2010 through the seizure of 143 command and control servers, it was estimated to consist of around 30 million “zombie” computers.

Source: webwereld.nl

Europeans worried about on-line privacy and security

45 percent of people fear that personal data on social networking sites are misused.

According to a Eurobarometer survey (pdf – 8.21 MiB) of the European Commission, in which 27,000 households across the EU were asked about their use of Internet, telephone and television, Europeans are becoming more and more “digital”.
More and more Europeans are subscribed to broadband Internet and digital television in bundled ‘packages’ and at a fixed cost. Increased broadband use means that even more Europeans go online, of which 35 percent now use social networking websites.

Yet they are worried about the cost, quality of service and security, and their freedom online. One fifth of the fixed and mobile internet users stated they had experienced problems with blocked content and applications.
In the digital agenda for Europe of May 2010 (PDF – 316 KiB) of the European Commission  not only are ambitious targets  put forward to enable broadband for all citizens of Europe but also outlines for measures to boost competition, confidence, and improving safety.

84 percent of households want to be warned if their personal data is lost, stolen or altered.
45 percent are worried their personal details on social networking sites are being misused but those under the age of 24 are less worried than those over 40. The telecoms package 2009 that has to be implemented by May 26, 2011 contains several provisions forcing  providers of publicly available electronic communications services to inform the national regulator or subscribers of violations of personal data.

Source: informatieprofessional.nl

An overview of published and proposed Swedish guidelines relating to the public sector use of social media

Henrik Nilsson, Bird & Bird, Stockholm

The ever-increasing uptake of the use of social media such as blogs, Facebook and similar services has naturally attracted the attention of Swedish public sector institutions.  Against this background, the Bird & Bird IT Law Bulletin reports on a number of proposed and already published guidelines from various Swedish public sector organisations on the use of social media websites by government.

Sweden recently topped the 2010 global digital economy rankings, which were published on 29 June by the Economist Intelligence Unit (EIU) and IBM’s Institute for Business Value.

A quick search of Facebook shows that over 100 of Sweden’s 290 municipalities and 9 of the 20 regional administrative units (“landsting”) have Community pages on Facebook. YouTube abounds with promotional material uploaded on behalf of Swedish municipalities. Blogs on municipal websites and online video broadcasts of municipal assembly meetings are also commonplace. A leader in this area is the municipality of Katrineholm, where the site maintained by the “Kommunchef”, the head civil servant of the municipal administration, lists its various offices as maintaining some 30 social media outlets.

Sweden regards itself as an orderly, well-regulated country and public officials have expressed some uncertainty over how to apply traditional rules and routines regarding administrative law and communication to the public in a social media context. In response to this uncertainty, the eGovernment Delegation, a central Government in-house think tank, has been instructed to develop guidelines for government agencies’ use of social media such as Facebook and Twitter. In this work, the delegation has been asked to pay particular attention to the legal aspects of such use.[1] The first set of guidelines are expected to be published in the eGovernment Delegation’s scheduled October report.

The social media issue is hot enough, and Swedish public administration is decentralised enough, that other work is being done on developing public sector direction regarding social media. On 12 April the Swedish Data Protection Authority (“Datainspektionen”) announced the launch of an investigation into the application of the Data Protection Act on the communication of personal data within a social media context. Datainspektionen plans to carry out inspections at a municipality and a government authority as well as with private business. It promises to publish guidelines on managing personal data for organisations using social media as a communications channel. At the time of writing, there is no published timeline for Datainspektionen to release these guidelines.

First to publish

One set of guidelines has however already been published. The Swedish Association of Local Authorities and Regions (SALAR) released guidelines directed at the municipalities and regional organisations that make up its membership. SALAR is very influential in organising how its members conduct their affairs, and these guidelines are expected to play an important role.

The SALAR guidelines are not concerned with the operations of independent social media organisations such as Facebook, but focus instead on public sector organisations’ concerns such as the right to access public information, public sector service obligations, archival requirements, maintaining of registries of public documents, secrecy requirements and the privilege of public sector employees to give information to the media under constitutional whistleblowing protection law.

Skirting over more complicated questions – the Guidelines comprise in all 10 pages – SALAR takes a factual approach to the subject, neither endorsing nor warning against the use of social media.

The guidelines’ key findings are that:

  • All texts and other material published on a social medium within the context of a public authority’s operations should be presumed to be official documents, available to the public under freedom of information law and subject to registry and archival regulations as applicable.
  • Documents that do not contain information restricted by secrecy requirements need not be listed in the authority’s official document registry provided the publishing on the online medium is sufficiently searchable.
  • Information subject to secrecy requirements may not be communicated by means of social media.
  • Each authority is recommended to maintain a list of which external websites it publishes material on and to establish a document disposal policy governing the destruction of official documents and online files. It is also recommended to periodically record and archive the contents of dynamic platforms such as blogs and comment forums.

Privacy implications?

The extended scope of the coming guidelines from the eGovernment Delegation and the Datainspektionen will be welcomed by many. A particular concern is the question of the extent to which the restrictions of the Personal Data Act (the Act) apply to social media.

The Act contains an unusual rule for an EU Member State. The greater part of the provisions of the Act need not be applied when processing personal data in what the Act calls “unstructured material”, such as a narrative text format or sound or images published on the internet.

In order for the exemption to apply, the material in question may not be included in or be intended to be included in a document or case management system or any other database. Processing of personal data in unstructured material may, however, not entail a violation of the integrity of a data subject.

Datainspektionen has expressed preliminary doubts over whether the typical social media platform, which is often constructed to facilitate searching for personal data and to find common interests to connect people, precludes application of the exemption for unstructured material.

The Katrineholm Kommunchef for his part states on his blog that “If Datainspektionen arrives at the conclusion that social media staples such as a Facebook ‘friends list‘ constitutes “structured material”, then Official Sweden’s presence in social media becomes impossible”.

Written 1 July 2010.

Advokat Henrik Nilsson henrik.nilsson@twobirds.com

Subscribe to the Bird & Bird IT Law Bulletin or other firm newsletters here: http://subscriptions.twobirds.com/Form.aspx?email=0


[1] http://en.edelegationen.se/

New Dutch key register Act does not protect privacy

According to Richard Engelfriet(1) the new Dutch key register natural persons is not strict enough to prevent municipalities from sharing personal data of citizens with on-line stores. The creation of fines should prevent violations of the right to privacy.
”One would expect that the government does not share personal data of citizens with random companies”.

The current Act leaves too much room for municipalities to share data from the GBA(2) with (on line) shops. The new Act, which is currently open to Internet-consultation, does not seem more strict in that sense.

With this objection Engelfriet responded to the answers (PDF, 27.4 KiB – Dutch only) Secretary of State Ank Bijleveld gave to questions of Jeanine Hennis-Plasschaert (MP for the liberal party). According to Hennis municipalities are currently providing such personal data to commercial institutions, even though the GBA does not provide for this option.

According to Bijleveld; ”The provision [of personal data from the GBA, FvG] to commercial companies and institutions without a public or special societal function falls outside of the scope of the GBA”.

Engelfriet calls it ”reprehensible” that personal data from the GBA are shared with parties not entitled to it. ”Even though I understand the need of stores for monitoring associated with combating fraud, there should be clear rules. For access to the GBA can easily be misused by unscrupulous shopkeepers.

As an answer to the questions of Hennis, Secretary of State Bijleveld noted she was working on a new Act. The proposal for law has, in preparation for deliberation in Parliament, been released for Internetconsultation (Dutch only).

Engelfriet does not see any improvement, and pleads for stricter measures to guarantee the privacy of citizens. ”I think it would be a good idea to implement a system of monetary penalties for the unjust request for and supply of personal data from the GBA. Through this the threshold to violate citizens’ right to privacy might be raised, especially if the penalties have to be paid to the citizen in question.”

Jeanine Hennis-Plasschaert responded she would certainly take Engelfriet’s comments in consideration at the time when the new Act will be under deliberation in Parliament.

(1) Richard Engelfriet is one of the partners of ICTRecht, a firm providing legal advise to private individuals in the fields of Internet-law, ICT-law, and intellectual property.
(2) Municipal population register – Incorporation is mandatory for everybody residing in the Netherlands.

Source: Webwereld.nl

Copyright © blawblaw
Nyheter om, från och kring institutet för rättsinformatik

Byggt på Notes Blog Core
Powered by WordPress