Trust in the Information Society - Conclusions

Download the Conclusions

Conference Trust in the Information Society
10-11 Feb, 2010

The participants to the Conference Trust in the Information Society, together in León on 10 and 11 Feb 2010, representing public administrations, industry, research organisations, universities and societal stakeholder groups, from Europe and abroad.

Having seen the Ministerial Declaration on e-Government of Malmoe, 2009 in which EU ministers responsible for e-Government declared that public administrations should "enable and support the creation of seamless cross-border eGovernment services [whilst increasing] the trustworthiness, security and interoperability of eGovernment services and systems in the Single Market" and "will emphasise respect for privacy and data protection with regard to the use of personal data since it is crucial for enhancing confidence and trust."

In the wake of the Safer Internet Day, 9 Feb. 2010, which aims to promote safer and more responsible use of online technology and mobile phones, especially amongst children and young people across the world, recognizing the role that education plays in fostering trust and responsibility within the online community and thus promoting eInclusion.

Recognising the intention of the new European Commission to develop a European Digital Agenda with concrete steps towards the completion of an Online Single Market.

Being aware of the upcoming conference in Barcelona on European Cooperation in e-Health (March 2010) that will give attention to common approaches to identification, authentication and access of health professionals accessing personal health data, and the safe exchange of medical data across national borders respecting data protection and personal integrity of the patient.

Recognizing the importance of security and trust in the rollout of a Digital Europe, as promoted by the "Granada Strategy" which will be launched next April focusing on ICT technologies for productivity and quality of life.

Realising the World Conference on IT (WCIT 2010, May, Amsterdam) provides an excellent platform to discuss Security, Trust and Identity in relation to e-Government, e-Health and e-Inclusion in a cohesive way, including also awareness and education.

Noting the documents at the basis of the discussions of this Conference:

• Industry Partnership Contribution to the Spanish Presidency Digital Europe Strategy, stating: "In order for e-commerce, e-government, e-health and other e-services to flourish, users must have trust in the Internet. To achieve this trust requires, among other measures, a harmonised regime that protects consumers across the EU’s 27 member states under a coherent system of laws and agreements; robust data privacy protection, including a balanced and workable mandatory breach notification system and improved cooperation among government agencies, industry and privacy organizations; and strengthened security, achieved by incentivising R&D into security technologies, promoting the development of security best practices; and strengthening public-private partnerships."
• Report of the RISEPTIS Advisory Board: "Trust in the Information Society" that emphasises: "technological developments in trustworthy systems will be most effective if they are implemented through strong interplay with social and business perspectives, as well as robust policy and regulation. Likewise, the latter will strongly benefit from technological insight and support. Governments are best placed to take responsibility for leading this process of interplay. " RISEPTIS presents important recommendations addressing research, innovation and infrastructural development, but also the legal framework, societal acceptance and the need for international cooperation, to demonstrate the interdependencies in the quest for a free, democratic, safe and citizen-friendly Information Society.

Summarising their discussions which demonstrated an urgent need to:

• Continued cooperation and stimulation at European and International levels of interdisciplinary research and technology development and deployment addressing trust and security in heterogeneous network infrastructures and services (incl. the Future Internet) and cloud computing environments.
• Support for development of products and services based on ICT with trust being an integral part of the architecture and design of these products and services, even before they come to the implementation stage. Tools as well as guidance and support for their deployment need to be available through all layers (through a "reference framework").
• Collaboration between all stakeholders to develop a European Framework for electronic Identity management (eID) in full respect of privacy and the protection of personal data. Enabling "just enough" disclosure of personal data through minimal data disclosure technology, and making profile aggregation difficult at European-wide and national level through proper processes between relying parties and identity service providers (e.g. by use of attribute based certificates and their strong credentials that reduce the needs for on-line checking of claims presented to relying parties. An eID Framework must assure management of identity across society, including in e-Government, e-Health and the private sector (e.g. banking and web applications) and be applicable, no matter where a specific eID was issued, thus ensuring reasonable synergies to reach cost effectiveness and take-up.
• Ensure a mutual beneficial cooperation between Technology and Law leading to a balanced approach between technological development for the benefit of society and protection of citizens' privacy and dignity. Policy makers must be made fully aware of technology consequences and opportunities. Organisations that process and store data must provide assurances and be transparent and accountable for compliance with data protection and privacy law, thus providing citizens with greater legal certainty and control over their personal data. Moreover, collection and categorization, through proprietary algorithms hidden from the user, of implicit and incidental data collected e.g. in browser sessions must be controlled through proper technology and policies.
• Encourage international cooperation to effectively fight cyber crime and other abuse of the borderless cyber space through joint research and policy development, interoperability, standardisation and governance. Priorities are in areas related to internationalization of data: its monitoring, processing, storage and transfer and ID management. It includes data collection and sharing for monitoring and countermeasures to attacks. The need is for global Security and Privacy policies for quantifying threats and a global basis for trust accountability and governance.

Come to the following conclusions: