The Cabinet Office has released their e-Government framework for Information Assurance for draft consultation. The document sets forth guidelines for implementing the transformational government agenda of delivering more effective, more efficient customer-centric public services. These guidelines are intended to inform all transactions (and their supporting infrastructures) between UK government and its citizens.
The document has an interesting list of relevant legislation under appendix B, ‘Related Policy and Guidance’ (cited below).
The principal pieces of legislation that are likely to inform the IA requirements for e-Government service implementations include and are not limited to [links are added]:
- the Human Rights Act and the underlying European Convention on Human Rights set out everyone’s right to privacy in their correspondence;
- the Data Protection Act sets requirements for the proper handling and protection of personal information held within information processing systems;
- the Electronic Communications Act sets the requirements for electronic signatures and their equivalence to conventional signatures;
- the Regulation of Investigatory Powers Act makes it an offence to intercept communication on any public or private network; case and time limited exemptions may be granted subject to warrant;
- the Terrorism Act makes it an offence to take actions which are designed seriously to interfere with or seriously to disrupt an electronic system;
- the Wireless Telegraphy Act controls the monitoring of wireless telegraphy;
- the Police and Criminal Evidence Act defines conditions under which law enforcement may obtain and use evidence;
- the Computer Misuse Act makes attempted of actual penetration or subversion of computer systems a criminal act; the Public Records Act lays down requirements for the proper care and preservation of documentary records of government activities;
- the Official Secrets Act lays down requirements for the proper control of government information;
- the Freedom of Information Act lays down the citizen’s rights of access to government held information.
I’m posting this list because it illustrates what a balancing act information policy is. On the one hand, we fight to preserve open paths of communication to our legislators and civil servants; we encourage all individuals to be involved in their government; we promote citizenship and interaction through digital inclusion of those who might otherwise be marginalised. Similarly, we have charged the same government with protecting us and our communities; we want them to have full access to the ‘bad guys’ and to anticipate — even pre-empt — any threat to us. From those arguments, we should open everything to everyone!
On the other hand, we have agreed that our human rights grant us the freedom to our own confidentiality. We have also agreed, through our democracy, that the government should have some leeway in keeping information from us (particularly about each other) to deliver effective public services to us and our neighbours and to protect us from the bad guys.
Both of these bits of secrecy mean that each party wants to maintain a certain level of control over allowing access into our conversations.
It’s a lot to juggle.
[Consultation on the e-Government framework for Information Assurance runs until 13th March 2007.]