20 October 2021 at 16:00 CEST - Online
Privacy and Security - The unexpected Digital Game-Changer of COVID
Privacy and Security - The unexpected Digital Game-Changer of COVID (challenges and avenues for public administrations)
At least in Europe both on a national and on a coordinated European level we had and have ample programs for the digital transformation and at least until the crisis started we had principles to follow. Just to give a few very important ones:
(a) Security – administration is holding many many information about citizen and companies as well as other entities and has to take responsibility that this information is used the way legislation advises.
(b) There is a big difference between public administrations and private companies. People cannot escape the administration and therefore of prime importance is the principle “ADMINSTRATION CAN ONLY PROCESS AND MANIPULATE DATA THE WAY LAWS EXPLICITELY ALLOWS”. In contrary “THE PRIVATE SECTOR CAN PROCESS AND MANIPULATE DATA AS LONG AS NO LAW IS AGAINST”. There is a big gap between these two approaches.
When COVID started it became apparent that administrations in the best case are in the midst of implementing their programs and strategies but COVID will not wait. This has led to situations where many were stating that the private sector has tools and programs – why not using them. But these tools follow the principles for the private sector. As an example just take the simple case of videoconferencing which – for COVID reasons – has been used to approach the administration, for teleteaching … Who asked the questions?
How can I make sure that this is the right person on the other side – private sector tools do not provide eID the public sector can take the needed liability for – and within short time periods we also noticed quite some abuse.
How can the system make sure that inherent personal data is not going just somewhere?
A further example is the “Green Pass”. Initially designed for border control to enable “free movement” it is used like everywhere. And it is potentially transferring sensitive medical and personal information.
Why should a restaurant know my name?
Why should my employer know that I had COVID?
Just imagine companies like McDonalds using this to build and maintain customer profiles – eventually profiles of move. Technology would allow to avoid this extensive QR-Code transferring only the information GO or STOP. It is not so much the complexity but much more the “need” to make quick money out of the crisis which drives the scene.
How do we get knowledgeable civil servants able to understand what is behind?
How do we avoid this functionality first? With data protection, security … coming later to stay in the mind as this attitude proves “success”?
Who tells the administration to follow the laws??? – at least when we are back to a new normality.
COVID is an important factor when it comes to principles with digital technology, Big Data, AI, ... and it is doing its job without really involving the society.
We must take extreme care that technologies serves both the purpose and the society.
Expression of interest
About the host
Reinhard Posch as founder of the Institute of Applied Information Processing and Communications at Graz University of Technology headed the institute from its very beginning and has become emeritus on October 1st 2019. His research interests include applied information processing with a focus on IT security, eGovernment and IoT.
As the CIO for the federal government since 2001 he is primarily involved in the strategic coordination of activities in the field of information and communications technology that concern all levels of government. As scientific director of the Austrian Secure Information Technology Centre the main efforts are computer security, cryptography, secure hard- and software and eGovernment.
He is chairman of the board of trustees of the non-profit foundation Stiftung Secure Information and Communication Technologies SIC which has been donated by Graz University of Technology. As such he participated in many large scale pilot. One outstanding result in this context is the "Handy-Signatur" a most successful instance of the Austrian Citizen card that was also used as a model for the remote Signature of eIDaS.
He acted also as Chair of the Board of ENISA, the European Network and Security Agency. He took part in various groups installed by the European Commission to elaborate ICT and security strategies (e.g. „Future Internet Visionaries“, RISEPTIS). He was a member of the "Rat der IT Weisen" he is providing advice to the Commissioners Kroes and Sefkovic in the area of IT-Security to assist the implementation of the Digital Agenda. Helping Greece to recover from the economic crisis he worked with the Reichenbach Group to assist implementing innovation in the Greek eGovernment. He also participates as an advisor of the European Bank for Reconstruction and Development in the IT advisory board.
Reinhard Posch got awarded the Grand Decoration of Honor in Silver for Services to the Republic of Austria.