description of medication


Information security for the UK: making everyone happy?

The Cabinet Office has released their e-Government framework for Information Assurance for draft consultation. The document sets forth guidelines for implementing the transformational government agenda of delivering more effective, more efficient customer-centric public services. These guidelines are intended to inform all transactions (and their supporting infrastructures) between UK government and its citizens.

The document has an interesting list of relevant legislation under appendix B, ‘Related Policy and Guidance’ (cited below).

The principal pieces of legislation that are likely to inform the IA requirements for e-Government service implementations include and are not limited to [links are added]:

  • the Human Rights Act and the underlying European Convention on Human Rights set out everyone’s right to privacy in their correspondence;
  • the Data Protection Act sets requirements for the proper handling and protection of personal information held within information processing systems;
  • the Electronic Communications Act sets the requirements for electronic signatures and their equivalence to conventional signatures;
  • the Regulation of Investigatory Powers Act makes it an offence to intercept communication on any public or private network; case and time limited exemptions may be granted subject to warrant;
  • the Terrorism Act makes it an offence to take actions which are designed seriously to interfere with or seriously to disrupt an electronic system;
  • the Wireless Telegraphy Act controls the monitoring of wireless telegraphy;
  • the Police and Criminal Evidence Act defines conditions under which law enforcement may obtain and use evidence;
  • the Computer Misuse Act makes attempted of actual penetration or subversion of computer systems a criminal act; the Public Records Act lays down requirements for the proper care and preservation of documentary records of government activities;
  • the Official Secrets Act lays down requirements for the proper control of government information;
  • the Freedom of Information Act lays down the citizen’s rights of access to government held information.

I’m posting this list because it illustrates what a balancing act information policy is. On the one hand, we fight to preserve open paths of communication to our legislators and civil servants; we encourage all individuals to be involved in their government; we promote citizenship and interaction through digital inclusion of those who might otherwise be marginalised. Similarly, we have charged the same government with protecting us and our communities; we want them to have full access to the ‘bad guys’ and to anticipate — even pre-empt — any threat to us. From those arguments, we should open everything to everyone!

On the other hand, we have agreed that our human rights grant us the freedom to our own confidentiality. We have also agreed, through our democracy, that the government should have some leeway in keeping information from us (particularly about each other) to deliver effective public services to us and our neighbours and to protect us from the bad guys. security
Both of these bits of secrecy mean that each party wants to maintain a certain level of control over allowing access into our conversations.

It’s a lot to juggle.

[Consultation on the e-Government framework for Information Assurance runs until 13th March 2007.]

2 Comments Add Yours ↓

  1. Kate #

    The U.S. already has a “Freedom of Information Act” affectionately called FOIA (“Foi-ya”) for accessing federal records, and many states have enacted similar laws for state and local records. Pennsylvania’s is called the “Open Records Law” and is also informally called the “Right to Know” law. I’m not as familiar with FOIA, but under Pa’s Right To Know, the government unit that recieves a request for records can only refuse to provide them to the requester if they are deemed to be “non-public” documents, and there are guidelines for determining what kinds of documents are non-public, things like reports of certain types of investigations, etc. There are also short turn-around periods in the statute so that the government can’t sit on your request. I believe they have 10 days to either turn over the documents or state the reason for thier denial of your request. If the request is denied, it can be appealed up through the state courts and the parties can argue about whether the documents are really non-public. Interestingly, the law does not require the requestor to state why they are requesting the document or to provide any background information about themselves beyond that they are a resident of the state. Non-residents of the state cannot utilize the Open Records Law, but can get around this problem by hiring an in-state attorney to make the request for the desired documents. FOIA has a list of exceptions listing the things that agencies are not required to turn over. Again, a denial can be appealed, first within the agency and then through the federal courts. There are also laws in the U.S. restricting public access to certain records held by the Federal Energy Regulatory Commission and by the Nuclear Regulatory Commission, and some state and federal transportation agencies. Basically, the general public does not have open access to specs or maps of the country’s infrastructure, like bridges, tunnels, gas pipelines, electric or nuclear facilities.

  2. 2

    This seems to be a universal issue then, doesn’t it. I do remember hearing a few years ago, when the Mayor of London was holding a contest to affordably air condition the Underground network, that they guard the exact map of where the tube tunnels are (for the same infrastructure reasons).

    Thanks for sharing the US legal perspective, counselor!

Your Comment