Luddites of the 21st century unite, revisited

Some years ago I wrote a post on the fact that I saw the world automate fast and did not see a lot of people worrying about the consequences for their lives. Nobody was smashing automated production lines. Smashing smart phones and laptops. In fact, embrace of new technology by the masses probably never in history went this fast. Several and very different causes, among which globalisation, have led to a level of wealth that made these expensive tools and toys within reach of a vast number of people.

Now early on in 2017 it seems that discontent is all around. The hatred for institutions, experts, politicians, immigrants, the views of “others”, etc., is raging through societies leading to decisions and outcome of elections that, taken at face value, are not what rationality would dictate or even expect. It is time for change. In the following I will try to provide a way forward from the defaitistic future many see in front of us. First a sort of inventory.

The times they are a-changin’
Jobs are disappearing and not just by moving them to cheap labour countries, no, the cheapest form of labour is a machine doing the work of humans. A company like Philips has already moved production back from China to The Netherlands for a fully automated plant. So the work is back, but not the labour. I always wonder who is going to buy that product when everyone is out of work because of work replacement? Owners and shareholders do not benefit from no or little sales.

Isolation and nationalism lead to “me first” in everything. So in the end also to an Internet with high tariffs, little and expensive access, the end of net neutrality: in other words the much feared fragmentation of the Internet, “Balkanisation”, is around the corner more than ever. Now it may be true as a Dutch economy columnist wrote this week that it may offer all sorts of opportunities for EU companies, that are now without chance against major U.S. multinationals. It was not his favourite outcome, but at best second best.

Is this the way then that the Internet and its related products are smashed by 21st century Luddites? Through a movement of democratically elected parties and individuals who, taken from their thoughts and actions, are not so democratically inclined. An analogy with the early 1930s is necessary to make. It was the complacency of German politicians and industrialists that gave Hitler and his NSDAP the option to rule and then let him abolish democratic institutions to install a dictatorship within weeks after being given power. That complacency is all around again. Ideology has withered, capitalism in his loosest form is harmful to most people, religion has withered. Many people don’t belong to anything anymore, except perhaps as supporters of a team, where they see bored millionaires run after a ball here today, gone tomorrow for greener, pardon me, financially more attractive pastures. For many this situation hurts them in ways that are hard to explain, but there seems an urge to belong with many. Nationalistic organisations can be seen as a substitute.

A change in the workplace
We live in a world that is in transition. And that is scary. No one knows where we are going to wind up. In the past years I’ve been able to organise workshops around the theme of changing societies. No matter what experts were involved, no one saw answers, no one saw new jobs around the corner. The new jobs that have always come with transition. Yet they are announcing themselves undoubtedly. To find answers we have to listen better to industries that are in the middle of the transition. If anyone knows what these new jobs are, then it must be here.

For years I am hearing the Dutch technical community saying we have a total mismatch between demand and supply where students are involved. I heard it first in 2012 or 13 and now in 2017 things seem to have changed little. So what are the demands that change, the transitions taking place in our society and industry, asks for of our educational system? What curricula are in demand? And how do we make our children, our workforce of the future understand that it is important to take the courses and classes that will lead to jobs, instead of being educated for jobs that soon do not exist anymore? I know parents who seriously fear whether their children will ever hold a meaningful job.

In those same workshops elected members of parliaments stated that they do not see a vision on that future being discussed in their respective parliaments, that their colleagues do not grasp the transition we are all in. If this is the case, who is to lead before it is too late?

These are giant questions that need to be answered. The current discontent comes from uncertainty, the loss of jobs with no, meaningful, alternative in sight. Add to that the, stirred up, fear caused by the mass influx of refugees and the acts of terrorism. The result is a dangerous brew that drives people towards populist politicians profiting from and heightening that discontent, while feeding that fear without offering any actionable solution to any of the underlying problems.

Leadership comes in twos
It is all nice and fine to be negative about all this, but that does not make sense. So what are the alternatives? Politicians, assisted by their underlying force of policymakers, are chosen by the people to lead. It is time they do so, but not without the urge and assistance of those in the know. With the right information it is possible to change for the better.

Together tracks can be selected that assist people to new jobs that are in line with the demand. With the right information societies must be able to create curricula, courses and classes that match current demand. And when we are at it. Together we must be able to define policies on what is acceptable online and what not. Together we can make a serious start on how to make the Internet a safer place for all. Together we can ….. (fill in your favourite here).

It’s time to start thinking outside of the box, outside of that safe silo, even a little will make a difference. All developers around the Internet are doing that constantly, disrupting existing structures by the day. So all involved can learn here. If relevant parties do not step forward and start cooperating, the democratic world may step into that state of complacency soon and the result may be something I simply do not want to be involved in. So let’s get to work for the better.

Wout de Natris

Haarlem, 25 January 2017

Posted in Cyber education, Cyber ethics | Tagged , , , | Leave a comment

I’ve seen the future and I like/hate it revisited

In the winter of 2014 I wrote a blog post under the title ‘I’ve seen the future and I like/hate it’ (read here). In the post I wondered where the 21st century Luddites were. ICT, automation, artificial intelligence all threatened jobs, yet all those affected embraced smartphones and the Internet in droves. It seems I found them.

Brexit and Luddites
Fast forward to early summer 2016. Brexit is a fact and the world is in confusion, including the Brexit leaders, as my strong suspicion is they never wanted to win, just keep on clamouring. That aside, I have found my 21st century Luddites among the Brexit voters, all the people hoping to have similar referenda in other EU countries and potential Trump voters in the U.S. The people who feel left behind, replaced by foreigners and with little alternative to the jobs lost when mills and mines closed.

1830 and Luddites
In 1830 people lived in small worlds. Unconnected, with little view on the world beyond the next village or market town, let alone on high politics in the capitol. Threats by steam engines, trains and factories were very direct and there was little room for influence. There was no vote, so all that remained was violence towards the landlord, the machines or both. Not so different from present day looting.

Jobs of the past?
In 2016 the same sort of threats become apparent. All sorts of jobs are disappearing and with developments going as they are, more will disappear. Taxi drivers, truck drivers, secretaries, bank employees, caissières, etc., etc. are all up for being let off. As I already pointed to recently, of children now in schools, 65% will be in jobs that do not exist presently.

Access to information
In 2016 people are able to have views, vote, inform themselves, but strangely enough the more access parts of the public has towards information, the more it focus on its own segment, on what it knows, believes. There is less discourse, just coarseness it seems.

Jobs of the future?
In past two centuries new job opportunities opened themselves each and every time. From farm hands, to factories and from rural areas to cities. From factory into services. From services to ?? Entertainment? Pasttime? We do not really know yet. ICT (security) needs millions of people soon, so I’m reading for a few years. So, from services to ICT? As I wrote recently, then education needs to speed up with the relevant curricula, while industry better be very specific of its needs, so that people can be (re-)trained for that shift in jobs.

History and ICT
Another point which I think becomes more and more important is teaching history. People need to know where they come from to better understand where they are now and where they are (most likely) going. No matter the economic slumps in the past 8 years, on average people in the country where I come from and those around me, never had it this good. This depression in no way relates to the one in the 1930s. Yet dissatisfaction is so huge. Disappointment and anger are all around. Teaching history can do something about that. With ICT in classrooms history can be presented in all sorts of modern ways, making it extremely interesting to look at and learn from. There’s no need to leave history to the National Geographic Channel or Discovery.

So again, education is what this world needs. More than ever, I’d say, to make sure that as many people as possible move into the next quarter of the 21st century well prepared for the tasks at hand. Only that way society will make the shift into the Digital Age with all on board, in jobs, leading fulfilling lives.

And now forward
At this point too many people live in fear of globalisation, the Internet, immigration, while this, at least in theory, but often in practice leads to wealthier lives. I ended the previous post on Luddites that it is important to stop fear. This has not changed since 2014. Ending fear starts with leaders. And now I see a challenge. Many leaders lead in fear, not in sound views on the way forward, with explanations and alternatives. Having won the fear battle, they step down as fast as they can. People need alternatives and ICT can offer that. Start making work of it. And, by the way. Who’s stopping industry from leading the pack on educational reforms? We could all benefit.

Posted in International cooperation: IP resources | Leave a comment

The Digital Age and education of the future

For some years I hear people discuss that education needs to transform and adapt to the Digital Age. In one way education has: I am told that so called MOOCs, Massive Open Online Courses, are a huge success. Classes from lecturers at (top) universities are freely available online. But this is traditional education distributed and made accessible in a modern form. The debate ought to focus on education for the jobs and skills of the future. There are a few issues that come by in the discussion on education:

1) The Internet industry demands courses that are not readily available for the jobs on offer;
2) Teachers are not trained to train the pupils on digital skills;
3) Young teachers are demotivated and leave schools for other jobs;
4) Children are more involved with social media and Netflix and (too) easily distracted in class.

This post is not claiming that it has answers to any of these issues, but I will try to come back to each point, with a main focus on the first two.

In the meantime
Since I started writing on this post nearly two weeks week ago, a deluge of messages on the topic has reach me through different media, which I’ve tried to incorporate or mention. To name a few. Liberal party D66 published a report on the need for better digital education. The Economist published an article on post-graduate digital education. A high school student organisation gave off a message that 20% of the students think the digital skills of teachers are below par (with me hoping that the other 80%’s demands are met but dreading that they do not realise the lack of knowledge). The announcement of an intermediate professional school starting a cyber track.

Classroom/school ethics
What surprised me is that the news seems to be that teachers (and parents) have given up on the use of the smartphone in class. “The parents demand it” as the child needs to be reachable or so is the argument I hear. What for, if they are in school? You can reach them in times of distress through school, can’t you? The world may come to face a generation that is not used to not be on social media, not not watching Netflix series any time, not having a distraction every few seconds and not gaming on whatever devices for a lot of time on end.

How hard is it to have a general prohibition of phones in the class room? If that is the problem? If no kid in any classroom has a smartphone on him, the problem is solved. We will just have to wait and see what the end result of children always online and permanently distracted is when they enter higher education and after that the workforce.

The advice seems so simple. A prohibition on phones in the classroom for all. That is including the teacher.

New jobs
More interesting, for me that is, is the debate around new jobs. What are these jobs, I wonder? They tend to run in the millions within a few years, or so I always read. Looking at it from an one dimensional view: If I walk around a data centre I see endless rows of servers connecting something to someone, but what I hardly see is people, excluding the people of the cleaning service. Just machines with lots of lights and loads of wires. Once in operation it seems people are no longer necessary. Looking broader there is a need for software developers, cyber security experts, system administrators, etc. But how many exactly are we talking about and what are demands called for? And what are these new jobs? Another recent publication gives some answers.

The World Economic Forum published a top 10 of jobs that did not exist ten years ago. The top three being: app developer; social media manager and Uber driver. At least two of the three are there because of the surge in technology that smart phones brought to the world. Some claim that 65% of children in school today will end up in jobs that do not exist today. (Note the difference in educational requirements!)

The need to transform education
These facts and figures attest to the need for change, although, interestingly enough, all these jobs came into being without specialised training and education. As demands will change, in numbers and specific requirements, adaptation by educational institutions is called for. This comes with an important question that policymakers have to answer: What is hype and what is not?

Recently news came out that intermediate professional schools in The Netherlands are pumping out game designers by the thousand and then some more a year, while the industry needs something in the order of 10 (ten) a year. All after a hype started by someone from within the branch. Need and hype have to be looked into seriously before education tracks are developed. The answer to the question what are the new jobs of the future? is important to get right for several reasons.

The same goes for higher education programs. Coders, developers, security, lawyers, marketers, etc. For some education already exist or need some amendment, for others perhaps not yet. It is important to define that need as explicit as possible. That way policymakers and schools can set up new education programs that fit demand and numbers.

Impact on the general public
What is obvious is that within a decade it has become virtually impossible to live without accessing the Internet. Even if it is only to do business with your bank or the government. Internet access has become a necessity. In general there undoubtedly is a need to prepare the general public (of the future) for a life with the Internet and all its pleasures and dangers.

There is another aspect and this was an important part of the debate that was held in Workshop #48 that The Netherland’s IGF (NLIGF) organised at the Internet Governance Forum in Brazil in 2015. Several major concerns were voiced here around education. Artificial Intelligence and robotisation will impact society as a whole and bring changes to jobs and job demands. With that comes that it is hard to predict what people need to be trained for, while at the same time it is obvious that several lines of education will become unnecessary soon. Simply because jobs disappear. Higher end jobs as well as skilled labour jobs. Will these people fall by the way side or is there an ambition for re-training them? In comes skilled teachers, again.

So, where to start?
The better children are prepared for the Digital Age the better. This goes for elementary background information as well as basic training in skills like e.g. building a website and basic online security. I think coding should be one of the languages on offer. Children usually do not learn these things as a user. They seem adapt to an older generation because of their gaming skills and speed of typing in messages on the smartphone, this however is not the same as working with the tools on offer. Most are users.

On average these classes would prepare them better for the Digital Age. At best these lessons interest a sufficient number of the pupils to take up tertiary education in this direction and make a career in the digital realm.

These lessons need teachers and they are not trained as well, perhaps even more behind when they are more advanced in age. Can a society afford to not offer its teachers courses here and thus train the new generation? I think it is already long overdue.

A new role for industry?
Is there a role for industry here? Yes, in several ways.

1. Formulate demands
Industry needs to be very specific in what they expect from schools and universities. Only then funds that are scarce can be used most effectively to train the future workforce.
2. Teach
People working in industry may be needed to give some very specialist classes in these education programs.
3. Fund
Industry is able to co-fund education. An example is Cisco that funds a two year cyber security education program with US$ 10 million. There is, claims Cisco, a “digital skills gap” in general and in cyber security more specifically.
4. Identify explicitly
So here it’s possible to identify one specific need for industry (and society as a whole), cyber security.

As said, industry needs to be more specific in its demands on education and could play several roles itself. This is a different way forward then what The Economist reported on post-grad cyber boot camps re-training graduates for universities. The point is not should these commercial companies providing the bootcamp be financed with government money, no, it shows just that what universities fail in: training its students properly for their future. Liberal Arts and ICT? Why not?

5. Teach some more
Why not assist in training the teachers needed in the classrooms?

There are several important ways industry can work with governments and schools to assist in closing the skills gap. All sides need to be open towards transformation of education.

To conclude
With incredible speed we have moved into the Digital Age and may be just at the start of major disruptive developments that change the way we look at our lives, our work, our pastime and thus our education programmes. The developments are not waiting for us to catch up.

How to proceed? From what I hear there is a lot of chicken egg type discussions going about. For industry, it all starts with knowing yourself/your organisation and your needs. From there a dialogue is much more focused and choices easier to be made. Why wait if you know what you need? For government, find out what demands are and facilitate education and, do not hesitate with training teachers so that the curriculum of children in school and universities aligns with expectations. For schools set smartphone rules, now. And teachers, demand a better education for yourself on digital skills from your school and society. Our future depends on your assertiveness and on that happening.

Wout de Natris

Haarlem, 23 June 2016

Posted in Cyber education, International cooperation: IP resources | Tagged | Leave a comment

Keeping the mobile device safe

In a desk and laptop environment it is standard practice to update software. Every other few days some software product announces it needs updating or starts updating itself, depending on settings to mend flaws and/or offer new features. Anyone using these devices is familiar with these procedures.

On a mobile device this is much different. Although I can only speak for the Android variety, I can say from personal experience that I have never been offered a software update in any form from either the hard or software side nor the operator. Some apps, e.g. Whatsapp sends updates regularly, do, but most do not or very irregularly.

ECP workshop on mobile security 2011

In the fall of 2011 I co-organised and moderated a seminar for ecp, the Dutch platform for the information society, on mobile security. It was pointed out in this session that there are many levels of responsibility in the mobile chain and the following question was put to the audience: where lies the responsibility for security and updates? This proved extremely hard to determine as there were many shared responsibilities and little incentive to pick them up exclusively. Quite possibly no one in the chain had the power to take that responsibility exclusively. Fingers were pointed in several directions, including the EU as national level public oversight would certainly not work in a multi national supply chain.

Since 2011

Where since 2011 mobile devices became ever stronger mini-computers and hold ever more personal data and banking details, on the security front things remained quiet. Which in a way is disconcerting. Why? Just some examples. It will probably not be long before banks will force its customers towards mobile banking. Insurance companies actively run commercials to contact them through apps, “app your damage”. Our personal data is gathered through apps by the second. (Let me remind you of De Correspondent’s research on topic of late 2013 .) Social media and tv like functions moved to mobile.

The use of mobile has changed; security has not

Most people run at least parts of their public and private life through their mobile devices. This calls for a different level of security, a security that is not offered at present by the different players in the mobile chain. Yes, the end user is in part responsible for his own security, but can not force providers, the phone industry and software companies to update their operating systems regularly nor tell them to build in privacy by design. Voting with his feet is hardly an option as not participating is to socially exiling oneself or even impossible when an option becomes mandatory in the future.


Who can have influence? Governments could play a more active role it was suggested in 2011, but we can conclude that that has not happened in the past five years. The news that Google will step up its efforts (see e.g.: to have companies that use its operating system Android to update it regularly. It remains to be seen whether Google has the leverage to “enforce” its stand as Google has a dependency on these companies as well. The step is a welcome one though and one that shows owner- and leadership of the security problem.

The more users Android has, at least 1.5 billion, the more attractive it is to hackers, fraudsters, cyber criminals and spies, to work with. This can not be stopped as such, but be made less successful by updating the software regularly and thus stop the bugs from being exploited.

Undoubtedly updating will serve Google, in a few ways, but it will serve its clientèle as well. The initiative could probably use some support from industries that will benefit from a more secure mobile environment. Support from the public side may assist here as well.

Next up is?

This news is a welcome step. Now for all those other pieces of software on mobile devices, not to speak of wifi connections. Who is responsible for making them as secure as possible? Another difficult question that begs an answer, so end users, companies and society as a whole can be more secure when going online through a mobile device. There’s no turning back, but things deserve to get better. Fast.

Wout de Natris            De Natris Consult

Haarlem                        26-05-2016

Posted in International cooperation: IP resources | Leave a comment

Problematical archives in the digital age

When I was in university at a time on the brink of the computer age, doing research meant going into an archive and bring out clusters of maps around a topic. All communications, e.g. missives, letters, internal documents, drafts, media, etc., could be found in such maps, where I could have them copied or could take notes from. On these documents it was completely clear who had added what to the first, the second, etc., draft, all the way up to the minister. That sort of research is no more for future and current scientists of modern history.

When I became a civil servant the work was digitalised, although I still worked with a paper file. What was printed and filed was the outcome document. All the versions in between were in maps on my computer or pieces of paper thrown away after use, later in a central database and probably by now in the cloud. When I stopped being a civil servant I was asked to delete most of my maps. In other words destroyed most of the files of potential interest to future historians.

Communities and archiving

The recent news that local councils have problems with archiving, because of systems or tools they can’t access any more, does not surprise me (see: Any one who lived through the change from Word Perfect to Word, knows that after a while these documents couldn’t be accessed. So if a pc no longer has a floppy driver, first the soft big ones and then the small hard ones, how is someone to access the floppies? It’s nothing new, that happened to older systems as well, but they were not as commonly used. Still, the people with that experience could have sounded some more alarm bells. People just don’t learn it seems.

It’s far worse

As I started with, archiving has in part become a private consideration. What does somebody keep or not? A finger on the delete button is an easy and very private decision for the past two decades. This way a lot of the reasons behind decisions and outcomes in public and private realms are no longer existent. Someone deleted them, by request, through leaving, having too many maps or for whatever reason. This unconscious, perhaps unlawful, deleting prevents organisations from learning lessons from its own past and historians from coming to weighed and informed conclusions in the future.

The world does not have to store everything, but a conscious decision following the local law would be a fair judgement to go by.

Wout de Natris, De Natris Consult

Haarlem, 23 May 2016


Posted in International cooperation: IP resources | Leave a comment

Interesting times call for leadership

This post I’ve been pondering on for a long time, but never found the right angle and perhaps I still haven’t. Basically I have these observations, thoughts, ideas and a truckload of questions. Where to start? With the future prospects of us all. Thomas Picketty showed us the rise of inequality. He was recently joined by Robert J. Gordon who not only joins Picketty, but adds that we live in a period of stagnation, for decades already. “All great inventions lie over 40 years and more behind us”, he points out. In stark contradiction to the jubilant voices of Silicon Valley. The end of Moore’s law was announced for the world to read in The Economist of mid March. So where does that leave the continuous growth of The Internet of Things? Is this ending good for employment? Will that stifle the rise of populism and angry white men feeling left out?

What a job does
That last thing is why the rise of robots, artificial intelligence and algorithms puzzles me so much. In order to spend money (on whatever), people have to make money and most do so through a job. Next to that a job provides a feeling of belonging, a purpose in life, regularity and a sense of fulfilment when something gets done. On top of that money comes in.

The rise of the masses
In the 19th century the slow rise from poverty of the masses started in the western world. Probably urged by the rise of socialism and communism employers gave away some rights, started paying better wages and the world changed in many ways because of that. People all got wealthier and healthier. Governments could levy more taxes, making it possible to work on great projects that made life better again. And employers got richer as well, being able to sell more produce to the workers they paid ever better. Think Henry Ford who not only started the mass production of cars, but also enabled his employees to buy them from him.

Enter the robots
This all stops when people are replaced by things, whether a robot or a machine on algorithms. No pay means poverty, eviction from houses, less health, no education. From an economic point of view it means that less and less products are sold. So where is the economic rationale behind this race to the automated bottom? No demand in the end leads to no supply and no profit for the AI and robot owners and manufacturers. And to economic decline. Gordon seems to be right there.

‘Free money’
So will Patti Smith be right in the end? Will we all get free money (yes, I know it’s a cover, but my favourite version of the song) or helicopter money as they call it in 2016? Aside from the fact that this money has to come from somewhere, it does not take into account the other less tangible features of having a job. Those features that all together lead to grave discontent when they are not met.

The end of Moore’s law.
So is the end of Moore’s law a blessing in disguise? If the rise of processing power is stopped in its tracks, is that a good thing for employment? Especially for the middle class?

There’s no way of telling of course. When Thomas Maltus predicted his disasters for human kind in the late 18th century, the Industrial Revolution came along changing the game as Gordon writes on. Malthus’ prediction became obsolete fast, although it is used often in other ways.

Major breakthroughs?
The world as we know it may be on the brink of major breakthroughs in IT as The Economist article gives a few insights on. A lot is uncertain though as researchers run into great challenges, for years on end already. There’s no predicting a breakthrough as a lot are stumbled upon by accident.

IT breakthroughs do tend to come with a loss of jobs. A reason a lot of people live in fear that their children will not live in a better world. Come in Trump, Pegida, Geert Wilders, Brexit, Marine le Pen, Beppe Grillo, etc., etc. People and movements that feed on and spread fear, but offer not one single solution to one of the major challenges this world faces. Unless you take the shooting of refugees at the border as a serious option of course.

As a question in this category. Recently several chains of department and retail stores keeled over in The Netherlands. There are several reasons attributed to the bankruptcies, but one of them is the rise of webstores. Online shopping is not replacing shopping in general (yet?), but the loss of how many percentages in sales are enough to facilitate the bankruptcy of the physical store? This is an interesting question to answer though. I never read it so far. Thousands of people lost their jobs. Are there new ones for them and in what sector(s)? It’d be interesting to learn this too.

The future seems bleak to many
At the Internet Governance Forum workshop organised by NLIGF, just like the workshop in The Netherlands on this topic, it was hard to find a person who spoke out in favour of current developments, except from a technical point of view. Conclusions were the following. Education runs horribly behind demand, algorithms are a black box in the hands of the private sector, privacy is in danger, as is employment, politicians do not understand the implications of current developments. Most participants, over one hundred at both sessions, saw a bleak future if the current developments do not changed course for the better.

Political leadership?
We live in interesting times, that much is for certain. Where we are heading I just don’t know. What I would appreciate is to have politicians that lead, explain, decide. In short: indicate what they are about. And I don’t mean a strong muscle like in a few countries not too far away from here is the standard. No. I’m looking for leadership in the current politicians in power in the western world. Who stand for what they do, explain in a clear way why their solution is the right one and start making decisions on an ICT world, the second machine age or fourth industrial revolution, whatever you like to call it. What is acceptable and what not, so we all live in a society where we can fulfil our lives in meaningful ways. A form of leadership that is frighteningly missing.

To conclude
Change is scary and certainly for those who fear change the most. These people need to be included and remain included. If not we are heading towards very uncertain times. This is something that leaders in the private and public sector have to start acknowledging and act upon. For me it isn’t hard to picture self-driving cars, surgical machines or fully automated ships, I have a hard time picturing what all the people who have lost these jobs will do instead, while I can easily imagine the discontent.

There’s no denying, things change. They always have, but the past always offered alternatives when the paradigm shifted. From what I hear and read these sort of alternatives are not in sight in 2016. Hence the main question of this post: what is acceptable in the current change and what is not? Leaders, public and private, have to make some important choices that decide on the kind of world we all live in. Times are interesting enough as is, thank you.

Wout de Natris

Leiderdorp, 21 March 2016

Posted in Cyber ethics, Internet governance, Privacy | Tagged , , , , | Leave a comment

Voorwaarden voor succes: Autoriteit Persoonsgegevens. Een ongevraagd advies

Het College Bescherming persoonsgegevens krijgt een nieuwe naam: Autoriteit Persoonsgegevens. Deze nieuwe naam sluit beter aan bij het regime dat de Europese Commissie komend jaar hoopt te introduceren, dat de privacy regulering aanmerkelijk zal verzwaren. Daarop vooruitlopend maakte staatssecretaris Teeven op 24 november 2014 bekend dat het CBp al een uitbreiding van haar sanctionerende mogelijkheden krijgt. Wat betekent dit en wat komt er bij kijken om succesvol te kunnen zijn? Een, zoals gezegd, ongevraagd advies.

Uitbreiding bevoegdheden
Het CBp ziet toe op het beheer van persoonsgegevens, die gegevens die data aan een individueel adres, geloof, geaardheid, telefoonnummer, e.d. van een individu koppelen. Als een instantie, bedrijf vereniging, etc. dit soort gegevens opvragen, dan moet het deze zodanig opslaan, verwerken, dat deze niet ongeoorloofd in handen van derden kunnen vallen of zonder toestemming overgedragen of verkocht worden. Ook mogen dit soort gegevens niet langer worden opgeslagen dan strikt noodzakelijk. Deze regels raken heel veel organisaties direct. Tot op heden kon (en wilde?) het CBp daar weinig meer tegen doen dan een onderzoek instellen en rapporteren. Het had geen sterke sanctionerende bevoegdheden. Dit verandert als het aan de staatssecretaris ligt.

Het CBp mag boetes gaan opleggen tot een hoogte van € 810.000 voor recidivisten, bijvoorbeeld zij die herhaald en opzettelijk handelen in persoonsgegevens. Op het NOS journaal sprak J. Kohnstamm, de college voorzitter, echter al de woorden uit niet onmiddellijk te zullen gaan beboeten. Dat riep bij mij de vraag op: “hoe effectief gaat de Autoriteit Persoonsgegevens zijn”?

In ogenschouwnemende dat de regels nog veel strenger gaan worden vanaf circa 2017, neem ik u tien jaar terug in de tijd. De Onafhankelijke Post en Telecommunicatie Autoriteit (OPTA, nu Autoriteit Consument en Markt) kreeg in 2004 een onderdeel van de Privacy richtlijn in zijn toezichtpakket: spambestrijding.

De OPTA pakte dit voortvarend aan. Direct na inwerkingtreding van de wet werden een aantal onderzoeken ingesteld naar reeds bekende spammers, die na de inwerkingtredingsdatum in mei 2004 nogmaals spam verzonden. Deze onderzoeken leidden tot een aantal boetes in hetzelfde jaar en de eerste maanden van 2005. Het feit dat OPTA een onderzoek op locatie had ingesteld bij deze spammers ging heel snel rond in het wereldje, zo bleek uit gevolgde fora van spammers. Het resultaat was bekend: de organisatie Spamvrij hief zichzelf op, wegens groot succes van de wetgeving in combinatie met direct handhavend optreden: 85% van de identificeerbare, Nederlandstalige spam was binnen een half jaar verdwenen. Iedereen wist dat er een toezichthouder was die tanden had. Op die paar bedrijven na die dit was ontgaan. Daarna zijn het de partijen die bewust en zo anoniem mogelijk, spammen, er alles aan doen om uit zicht te blijven van de autoriteiten en vaak internationaal opereren.

Keuzes in aanpak
Het CBp maakt een andere leuze bekend. Dat is haar goed recht. Persoonlijk zou ik dat echter anders doen en meer gefaseerd te werk gaan.

Veruit de meeste bedrijven, organisaties, etc. zijn van goede wil en willen in het geheel niet met de wet in aanraking komen. Waar het om gaat, is dat deze bedrijven een beeld krijgen van de maatregelen die ze moeten treffen en een besef waarom het anders moet, maar ook een beeld krijgen hoe het anders kan. Daar kan het CBp aan bijdragen door, in tegenstelling tot het verleden, actief mee te werken aan voorlichting en zelf outreach te verrichten naar betrokken partijen toe. Dat kan bijvoorbeeld door een roadshow, aansluiten bij bestaande activiteiten van branche organisaties en koepels en het opstellen van Richtsnoeren. Hier valt enorm veel winst te behalen en tijd en kosten te besparen. Tijd en geld die het CBp aan de volgende categorie kan besteden

Waar het CBp bovenal beducht voor moet zijn, is de recidivist. Partijen die bestaan van handel in persoonsgegevens en/of gebruiken voor hun andere wetsovertredende activiteiten en dit op de achtergrond doen. Dit vergt specialistische kennis van (digitale) opsporing en de bereidheid om medewerkers maanden, wellicht jaren aan zaken te laten werken. Kennis die voorhanden is bij bijvoorbeeld de ACM. Het is niet de eerste keer dat ik pleit om deze kennis samen te brengen. Bestrijding van spam, botnets, online fraude en data mining en verhandeling, etc. zitten zo dicht tegen elkaar aan dat het eigenlijk onzinnig is deze disciplines nog langer bij diverse instanties onder te brengen. Een onderwerp dat het Best Practice Forum over “spam” van het Internet Governance Forum ook aansnijdt en adresseert.

Veel van de partijen die het CBp gaat tegenkomen, opereren internationaal (of hebben hun hoofdkwartier elders en halen hier enkel data weg). Het grote voordeel van het CBp is dat zij een internationaal samenwerkend platform heeft, in tegenstelling tot de spambestrijders. De effectiviteit bij wetenschappelijke onderzoeken heeft zich reeds bewezen. Nu moet gaan blijken of dat ook voor onderzoeken op basis van sanctionerende bevoegdheden gaat gelden. Het CBp zal zijn collega’s hard nodig hebben.

Dit hangt af van wat het uitgangspunt is. Als dit is, in principe worden privacy gevoelige data op juiste wijze verwerkt, tijdig verwijderd, in beginsel niet verhandeld, etc., dan is er sprake van succes als dit op grote schaal zo is ingevoerd. Door overheden, organisaties, bedrijven, verenigingen, etc. Zelfregulering zal hier veel werk weg kunnen nemen. Dit kan een, gestimuleerd, uitvloeisel zijn van de bovengenoemde suggestie tot actieve outreach door het CBp. Een belangrijke les is echter dat zelfregulering wel degenen stopt die van goede wil zijn, maar niet hen die de wet bewust breken. Voor die categorie is het CBp echt nodig en daar helpt een waarschuwing niet. Daar is adequaat en gericht onderzoek voor nodig, leidend tot een (zware) boete. Wat zijn bijvoorbeeld benodigdheden voor succes?

1. Onderzoekers
Medewerkers die de juiste skill set in huis hebben: onderzoekers/rechercheurs die met digitale, forensische apparatuur kunnen omgaan en bewijs op de juiste wijze kunnen vergaren en presenteren.

2. Enforcement tools
De wet mee moet de juiste onderzoeksbevoegdheden meegeven. Als die niet afdoende zijn of zelfs ontbreken, is deze exercitie kans- en doelloos. Daar zijn veel voorbeelden van te vinden in het buitenland.

3. De interne wil
Er moet de wil zijn om door te pakken waar dit nodig is. Die cultuur kent het CBp tot op heden niet en vergt een serieuze omslag.

4. Middelen
Het CBp moet de middelen, geld, mensen en tools krijgen die dit alles ook mogelijk maken op een manier die er toe doet. Zonder gaat het niets of in ieder geval weinig worden.
Naast dit alles valt of staat een internationale zaak met vergelijkbare skills, tools en wil (om samen te werken) bij de collega’s in het buitenland. (En een noodzaak tot harmonisatie, het mogen delen van IP adressen, e.d., etc., etc.)

Daarom een klein advies. Splits de activiteiten in a) actieve voorlichting richting hen die willen (en pak daarna de recidivist of sukkelaar onder hen aan) en b) een direct serieuze aanpak van notoire wetsovertreders. Wacht hier niet mee, maar start op dag een. Er zijn al teveel jaren verloren gegaan bij de gerichte aanpak van deze categorie. En werk samen met iedereen die kan helpen bij het maken van een verschil.

Staatssecretaris Teeven heeft een belangrijke eerste voorwaarde gecreëerd om de verwerking van privacy gevoelige data beter te laten verlopen. Of dit een succes wordt, hangt af van de nagels en tanden van de toezichthouder. De Autoriteit Persoonsgegevens zal zich nu moeten bewijzen. Waarschuwingen kunnen daarbij een mooi middel zijn, maar schrikt de echte overtreder niet af. Die les is reeds getrokken! Op dag een moet deze categorie een van de topprioriteiten zijn. Pas dan wordt Nederland minder interessant om data in te vergaren op ongeoorloofde wijze.

Wout de Natris, De Natris Consult

Leiderdorp, 25 november 2015

Posted in Privacy | Tagged , , , , | Leave a comment