Liveblog! You know the drill by now. Take my summaries with a pinch of salt, and don’t attribute the summary here to the original speakers as direct quotes, por favor.

Moderator Agustí Cerrillo, director of Law & Political Sciences at UOC, introduces this session on policies for a safe Internet. We have seen, across this conference, that some of the risks associated with social networking cannot be tackled by the law alone – other mechanisms must be resorted to. Co-operation between companies is an increasingly important factor, especially when there is tacit recognition of such by international authorities. Self-regulation of social network safety is the issue that we hope to be informed about over the course of this session, with speakers considering the various policies from the vantage point of their current positions.

Oscar Martinez – Information Society Services, Ministry of Industry, Spain – is new to his current position, but has a lot of experience in these policy areas. There is a division within his department between legal and policy development. The work in both areas is very influenced by developments within the European Union, but also the recommendations of relevant international organisations such as the OECD. In policy terms, there have been two ‘Avanza‘ plans adopted (executive summary in English), dealing with issues like online education, e-health (interoperability being a particular issue) – this builds trust in the network as important public services are rendered through Internet. DNA, electronic billing and more represent emerging challenges. The 2007 law on citizen access to services on the web is important – but there is no ‘punishment’ for a failure to provide services online. However, online services facilitate a ‘critical mass’. There is also an developing need to addressing the needs of SMEs. The next Spanish presidency of the EU will take forward: safety on the network, e-commerce, copyright protection as priorities. As Spain moves from plan 1 to plan 2, the development of the ICT industries is very important.

There is a common theme that it is important to reassure users regarding security and safety. “Confidence, security and accessibility” with a budget of €11m is one of the five core goals, intending to generate greater confidence in ICTs through public policy. This includes services and technologies to foster trust as well as guidance, education and the protection of children. However, it is important to situate this work in the context of recommendations of the Council of Europe, the OECD, the ITU and others, who have published guidelines on different aspects of safety – in terms of national security and critical infrastructure as well as data protection, spam, malware and so on.

Nacho Alamillo (INTECO page) is currently a lawyer with ‘ASTREA: La Infopista Jurídica’ and has involvements as an expert and/or consultation in Catalan, Spanish and European projects and working groups on security issues, particularly electronic signatures. The topic of his talk is the information security planning of Catalonia, but extracting some points of general interest from a close consideration of such.

SMEs not aware of the dangers unless actually attacked – and they can be turned into the instrument for other attacks without their knowledge. INTECO research shows 18% have written documentation on security – we can see that the security risk is real. Anti-virus software is poorly updated and has a limited role. The European legislative instruments have attempted to foster a culture of safety, in three strands: privacy, security, electronic administration. Given that Catalonia is deploying electronic government services, there is a need to ensure protection of various sorts – for the system as well as for the data. Private sector plays a role, there is alignment with various levels of government, and regions need to collaborate.

There is quite some focus right now on the protection of critical infrastructure. Electronic administration is itself a critical infrastructure – and that means that protecting it should and will not be entirely in the hands of industry. The Catalan administration, like others, will bring together experts in policing issues and fight all forms of cyber crime; also an ‘electronic evidence laboratory’ in the Catalan cases. Safety has multiple target audiences and the plan must recognise this.

There was a brief Q&A session at the end of this session, for which I point you to Ismael’s summary.