No overall plan for IT related legislation
I have many times as an advisor to the Swedish Government in IT issues been asking for an overall plan for the new legislation related to IT and Internet. Reason for my questions the last couple of years is that the various legislations:
- Is not coordinated, and in some cases conflicting
- It does not solve the problems one want to solve
- It has implications on how we fight crime
- It has implications on production costs on networks
- It is unclear who should do what
At a hearing yesterday it was clear many people where not up to date on the legislation. I hope people (specifically the persons representing copyright holders) understood I am not against their interests when I say I am against the legislation. I am pointing out the legislation does not solve the problems they want to solve. Legislation is broken.
Let me take a few examples:
The ISP Bahnhof in Sweden is in media pointing out that the new IPRED legislation is not effective. This because they according to the Swedish Implementation of the Electronic Communications Directive is forced to anonymize or delete data when they do not have any use for it anymore. On TV4 this morning they got a question why do you do this which is an interesting question, as they are only following the law.
With an implementation of the Data Retention Directive the situation would be different, but in Sweden we do not have that implemented yet.
Regarding solutions to the problems we in Sweden have the Data Retention Directive (not yet implemented), and also the so called FRA-lagen. They are pretty weird if you look at them from a technical perspective, they are partly overlapping, but there are also gaps. And the FRA legislation has many many gaps, and will not be (overall) cheap to implement. While not everyone that have the need for the data get access to it.
But IPRED have broader implications. It moves the fight of crime from being a case for the police and law enforcement agencies to the private sector. It changes things from the way we normally do it in Sweden to a system more like in the US. And I have not seen any large discussion whether we want that change. People have only argued that IPRED have implications of privacy (which might be true) but they have to a large degree missed the change of who is using the legislation.
And the HADOPI proposal in France is a third way of using legislation. To create a special agency that can make decisions normally courts and police make.
Last, we have in Sweden at the moment a big discussion on what the current telecom package actually say. Some people say the amendment 138 must be included, while the official Swedish representatives in the negotiation say it is not needed. Which is for me a sad discussion as the overall goals the debating parties has is the same. We should coordinate and spend energy on working in the same direction, not fight each other, when we so have the same view (which is very different from what others think).
No, it is time to stop.
I got the question yesterday at the hearing what was needed to get effective modern view on copyright, and my answer was simple. We need:
- Modern products
- Modern legislation
- Modern law enforcement agencies
Unfortunately I think we are missing at least the first two, and without those it is hard to complain on the work that is done by for example the police.
If I just look at the legislation, I think we have to (not easy, but still) just throw out the Data Retention Directive, the review of the Telecom Package, IPRED, the FRA legislation and some more. Then we have to first talk about what problem we want to have solved (fight criminals), who is to fight the crime (police), who is to collect what data, and who can access that information, under what circumstances and finally what the auditing and appeal process looks like so that we protect privacy interests.
Like any interest in the final Version 1.0 of software, when we sit with Version 0.73b – which I think we do. Until then, we do have legislation that is not perfect, and we have to live with it. Unfortunately, and do the best we can.