(Re-)defining software defined networks under the European electronic communications code

This article assesses some aspects of innovative developments in the deployment of electronic communications networks in the European Union: software defined networks (SDN) and network functional virtualization (NFV). The overall research for this article focuses on the re-regulation of the 2018 European Electronic Communications Code (EECC), and the 2018 Body of European Regulators for Electronic Communications (BEREC) Regulation. It addresses the Commission's desire to promote innovation to compete better on the global communications and technology markets, whilst also mitigating network security risks. After an introduction of the technological aspects, this Article discusses: (i) the innovation that the deployment of SDN and NFV by software suppliers or service providers may bring to, predominantly, mobile electronic communications networks; (ii) the legal status of SDN and NFV, and, possible rights and obligations for the suppliers; and (iii) the allocation of the responsibility and liability for and costs of network and information security where SDN and NFV are deployed in electronic communications networks. The context is the network deployment of 5G frequencies in the period 2020–2022.     

Introduction of a national electronic patient record in The Netherlands: some legal issues

The electronic patient record (EPR) is a major technological development within the healthcare sector. Many hospitals across Europe already use institution-based electronic patient records, which allow not only for electronic exchange of patient data within the hospital, but potentially also for sharing medical data with external healthcare providers, involved in the patient's care, such as general practitioners or pharmacists. In this article, we discuss the attempt made by the Dutch government to introduce a nationwide electronic patient record (n-EPR). Describing and analyzing the new legislation that is currently being developed to establish the infrastructure for the n-EPR and the related legal issues, we conclude that the introduction of a n-EPR give rise to some substantial concerns. These vary from technical and quality issues such as the reliability of patient data and sufficient standardization and interoperability of the systems used, to issues in the field of data security and confidentiality. For a successful introduction of the n-EPR within the healthcare sector, a condicio sine qua non is that the related legislation provides sufficient safeguards and clarity with respect to the responsibilities and liabilities of its main users: the healthcare professionals.     

Knowledge management and administration of justice

Legal knowledge management is probably, taking aside legal reasoning, the most important activity in legal systems. Usually only treated as an important support factor, a deeper analysis shows that knowledge management improves efficiency in knowledge handling and offers important support for legal reasoning. In addition, standard cases may be solved using such methods. With knowledge management, the industrialization of the intellect has entered the field of administration of justice. The main applications are legal information systems, electronic registers and electronic communications.     

Restrictions on cryptography in India – A case studyof encryption and privacy

The developments of technology in communications industry have radically altered the ways in which we communicate and exchange information. Along with the speed, efficiency, and cost-saving benefits of the digital revolution come new challenges to the security and privacy of communications and information traversing the global communications infrastructure. As is with any technology the misuse of technology is noticed similarly the encryption technology. Encryption and other advanced technologies may be used, with direct impact on law enforcement and therefore some restrictions are necessary in the interests of national security. The problem, however, is ensuring that the restriction is legitimate and solely for in the interests of national security, the state not being allowed to interfere and keep a track on individuals' activities and private lives without sufficient cause. The individual needs encryption to protect their personal privacy and confidential data such as medical information, personal financial data, and electronic mail. In a networked environment, such information is increasingly at risk of being stolen or misused. Therefore, encryption is critical to building a secure and trusted global information infrastructure. Digital computers have changed the landscape considerably and the entire issue, at its simplest level, boils down to a form of balancing of interests. The specific legal and rights-related problems arising from the issue of cryptography and privacy in the Indian context are examined in this paper.     

International mutual legal assistance in criminal law made redundant: A comment on the Belgian Yahoo! case

This article offers a critical examination of the court judgements in a recent Belgian case against Yahoo!. It examines the challenges related to the establishment of jurisdiction for Internet-based services and the role that procedures of mutual legal assistance should play. Belgian law obliges providers of “electronic communications services/electronic communications networks” to cooperate with Belgian law-enforcement authorities and to handle over communication and personal data. Although the terms are derived from the EU Electronic Communications Regulatory Framework, a much broader interpretation to them was finally given by the Belgian Supreme Court. Seemingly this implies that, from now on, a US-based company such as Yahoo! is, at least under Belgian law, under a legal obligation to directly comply with an order issued by Belgian law-enforcement authorities.     

The USPS as an OSP: A Remedy for Users’ Online Privacy Concerns

New digital technologies, and a legal system that has failed to keep pace, are allowing government and the private sector to engage in unparalleled unauthorized surveillance of online personal data contained in emails and in the aggregation of users’ online searches. This article argues that the U.S. Postal Service — compelled to protect communications privacy by its enabling statute, the Fourth Amendment, and other federal laws — should provide email and browser-search engine services to shield users from unauthorized online behavioral marketing and tracking by the private sector and metadata collection by government, and, just as important, give users legal remedies against such abuses. To that end, this article provides a legal analysis and rationale to support the USPS's authority to offer such nontraditional postal services.     

在押被告与律师会见通信权的保障与限制——以欧洲人权法院裁判为借镜

在押被告能够接触辩护律师并在不受监察的情况下进行会见通信,是达成有效辩护的关键,但基于监所秩序管理与刑事程序保全,又不能一概排除限制会见通信的措施。这里涉及不同目的之间的冲突和调和,在此欧洲人权法院裁判关于会见通信保障与限制的解释与运作值得参考。我国《刑事诉讼法》应确立自由交流权的立法基点,在押被告与辩护律师之间,应以会见通信不受监察为原则,限制会见通信为例外。监察措施应贯彻必要性和比例性原则,构建防止监察手段滥用的程序担保措施。     

Russian data retention requirements: Obligation to store the content of communications

This paper presents an analysis of Russian data retention regulations. The most controversial point of the Russian data retention requirements is an obligation to keep the content of communications that is untypical for legislation of European and other countries. These regulations that oblige telecom operators and Internet communication services to store the content of communications should come into force on July 1, 2018.The article describes in detail the main components of the data retention mechanism: the triggers for its application, its scope, exemptions and barriers to its enforcement. Attention is paid to specific principles for implementation of content retention requirements based on the concepts of proportionality, reasonableness and effectiveness.Particular consideration is given to the comparative aspects of the Russian data retention legislation and those applying in different countries (mainly EU member states). The article focuses on the differences between the Russian and EU approaches to the question of how to strike a balance between public security interests and privacy. While the EU model of data retention is developing in the context of profound disputes on human rights protection, the Russian model is mostly concentrated on security interests and addresses mainly economic, technological aspects of its implementation.The paper stresses that a range of factors (legal, economic and technological) needs to be taken into account for developing an optimal data retention system. Human rights guarantees play the key role in legitimization of such intrusive measures as data retention. Great attention should be paid to the procedures, precise definitions, specification of entitled authorities and the grounds for access to data, providing legal immunities and privileges, etc. Only this extensive range of legal guarantees can balance intervention effect of state surveillance and justify data retention practices.     

公安机关电子数据司法鉴定的现状与挑战

电子数据取证是信息时代公安机关重要的基础工作,是打击涉及互联网各类违法犯罪的“杀手锏”。电子数据鉴定是公安机关电子数据取证工作的重要组成部分,起到最终判定案(事)件性质,为侦查与诉讼提供依据的重要作用。公安机关电子数据鉴定与信息技术共同飞速发展,其领域不断延伸扩展、技术要求越来越高,面对的挑战也越来越多。概要介绍了公安机关电子数据鉴定的法律要求、鉴定资质、鉴定流程等内容,阐述了其面临的挑战。     

Energy Security and the Division of Competences between the European Community and its Member States

Abstract: Securing energy supply for Europe has been for decades at the forefront of the energy policies of individual European Community member countries. However, dealing with energy issues in general and securing energy supply in particular is a new phenomenon within the EU's regulatory framework. One important issue which has not yet been discussed by legal scholars and which has been questioned repeatedly by energy experts, is the question who is actually responsible to guarantee security of energy supply in Europe? Is it the European Community alone? Is it the Member States alone? Or is it both? This question cannot be answered without a detailed legal analysis of the EU law in general, and EU law on division of competences between the Community and the Member States in particular. This article seeks to highlight the complications of this area of law within the EU and expand it to cover the energy sector in order to determine who and under what circumstances is responsible for guaranteeing security of energy supply for the consumers within the EU borders.     

The two judgments of the European Court of Justice in the four cases of Privacy International,La Quadrature du Net and Others,French Data Network and Others and Ordre des Barreaux francophones et germanophone and Others: The Grand Chamber is trying hard to square the circle of data retention

On 6 October 2020, the Grand Chamber of the European Court of Justice rendered two landmark judgments in Privacy International, La Quadrature du Net and Others, French Data Network and Others as well as Ordre des barreaux francophones et germanophone and Others. The Grand Chamber confirmed that EU law precludes national legislation which requires a provider of electronic communications services to carry out the general and indiscriminate transmission or retention of traffic data and location data for the purpose of combating crime in general or of safeguarding national security.In situations where a Member State is facing a serious threat to national security which proves to be genuine and present or foreseeable, such State may however derogate from the obligation to ensure the confidentiality of data relating to electronic communications by requiring, by way of legislative measures, the general and indiscriminate retention of this data for a period which is limited in time to what is strictly necessary but which may be extended if the threat persists.¹ In respect of combating serious crime and preventing serious threats to public security, a Member State may also provide for the targeted retention of this data and its expedited retention. Such an interference with fundamental rights must be accompanied by effective safeguards and be reviewed by a court or by an independent administrative authority. It is likewise open to a Member State to carry out a general and indiscriminate retention of IP addresses assigned to the source of a communication where the retention period is limited to what is strictly necessary or even to carry out a general and indiscriminate retention of data relating to the civil identity of users of means of electronic communication. In the latter case, the retention is not subject to a specific time limit.     

Critiquing the regulation of private security in the United Kingdom: views from inside the sector

ABSTRACT

The UK Private Security Industry Act 2001 provided the legal mechanism for the statutory regulation of parts of the private security sector with the explicit aim of reducing criminality in the industry and raising standards. It created the Security Industry Authority as the regulator which commenced operation in 2003. Since then, it has received mixed reviews, and proposals have been forwarded to change its status and the way it works. This paper provides insights from two groups most affected by regulation: security specialists who buy security, and managers and directors of security companies who are subject to regulation and work with its strengths and weaknesses. The paper reports on their views of both the existing regime and some proposed changes. It suggests that the regulator and the industry share similar views albeit there has been a lack of emphasis on what it takes to enhance the ability of the industry to support the public generally rather than just those who pay.     

The evolution of security industry regulation in the European Union

ABSTRACT

The European private security sector has grown from a handful of small companies at the end of the Second World War into a multibillion Euro industry with thousands of firms and millions of security staff. In Europe, the demands for security is not just expressed notionally but also officially in The European Agenda on Security stating the European Union (EU) aims to ensure that people live in an area of freedom, security, and justice. This article will begin by exploring the role of private security in society. It will then move on to consider the main phases in the development of private security regulation in Europe. Following on from this, some of the main areas of policy development will be considered, such as European bodies, initiatives, and standards. Finally, the article will explore some of the potential options for the future in better regulating the European private security sector. From a historical perspective, the evolution of private security regulation can be divided into three phases: the laissez-faire, the centrifugal, and the centripetal era – each with its own distinct characteristics and impact on the concurrent industry. In the EU where there is the legal framework for the development of a single market in services, the key social partners have been at the forefront of developing a series of standards and guidance documents which promote standards across borders at the European level. However, the institutions of the EU have been reluctant to intervene at a European level in setting minimum standards of private security regulation. Thus, the changing terrain of the EU relating to security, regulation, and the private security industry means the current trajectory may be in need of an injection of more radical thought and consideration.     

Cross-border certified electronic mailing: A European perspective

Certified mail is the tool of choice in business processes and proceedings to deliver mail items in a secure and susbstantiated way. By returning a receipt, the sender has proof that a document has been delivered to the designated recipient at a certain point in time. Standard electronic communication systems like e-mail do not have the same evidential value as certified mail for traditional postal mail delivery. To benefit from the security advantages of certified mail delivery in the electronic world, in recent years governments have made several certified mail systems available on the Internet. Like postal certified mail delivery of documents in administrative or judicial matters, the certified electronic mail delivery in these systems is regulated by law. With ongoing (digital) globalization and the continuously increasing Digital Single Market in the European Union, there is a strong need for cross-border certified electronic mail. In the past the European Community has started several interoperability initiatives to couple existing certified electronic mail systems. Even if these systems can be made interoperable on a technical level, a harmonized legal basis is still missing. Therefore, the European community is currently working towards a new regulatory framework for trusted services including certified electronic mail. This article sheds light on both aspects and discusses the current state of affairs of cross-border certified electronic mail from both a technical (security) and legal perspective and explains the proposed new regulatory framework.     

OTT regulation framework in the context of CJEU Skype case and European Electronic Communications Code

The telecommunications services sector is one of the most dynamically developing segments of the contemporary economy. At the same time, it is undergoing constant change, the result of its adaptation to the needs of modern digital services and the expectations of users. In practice, traditional telecommunications services are being increasingly replaced by those that offer equivalent functionality but are provided via the Internet. Examples of this type of service are VoIP telephony, instant messengers and online chat. This group of services is collectively referred to as OTT.The growing popularity of OTT services not only affects the shape of the telecommunications market, but, from the point of view of legislatures and market regulators, has also led to a number of practical problems. One of them is how to apply a EU regulatory framework established for the electronic communications sector to modern OTT services. Recently, this problem has become an object of interest to both the CJEU and the EU legislature.The purpose of this article is to discuss the effects of the recent Skype adjudication on the regulation of the OTT sector, including the pending entry into force of the European Electronic Communications Code. The analysis considers the technical and regulatory background of issues relating to the judgment, the ongoing legislative work and the importance of the judgment in practice. Ambiguities in interpretation are also identified and discussed, in particular those relating to the attempt to apply the Skype judgment and the entire regulatory framework to OTT services.These aspects will be discussed from the perspective of the protection of users' privacy, an important part of the provision of electronic communications services. The choice of this aspect of OTT services regulation would seem to be particularly apt in light of the ongoing reform of the EU data protection model, which will include the new e-privacy regulation currently being drafted.     

Data retention and the future of large-scale surveillance: The evolution and contestation of judicial benchmarks

Recent and upcoming judgments of the Court of Justice of the European Union (CJEU) have resurfaced a much-debated topic on the legal limitations of law enforcement authorities and intelligence services under EU law in implementing surveillance operations. In its decisions, the CJEU has reinstated and at times remoulded its case-law on data retention, unearthing a variety of legal issues. This article aims to critically analyse the legal limitations of (indiscriminate) surveillance measures, the role of the private sector in the scheme, and the line between the competence of the Member States and that of the EU on national security matters. It also aims to remark on the latest developments on the reception of the decisions by the Member States and the EU legislator, as well as on the ongoing dialogue between the CJEU and the European Court of Human Rights (ECHR).     

WTO与中国社会主义市场法律制度建设问题

世界贸易组织规则及各种协议、协定是国际经济贸易法的重要组成部分。中国现行的经济法律 ,如市场主体法律制度、物权法律制度、合同法律制度、社会保障制度等 ,与世界贸易组织的规则是相通的。但是 ,对与国际经贸规则接轨、国民待遇、公平竞争、法律透明度及法制统一等理念还要进一步深化到经济立法中去。同时 ,要加紧制定民法典 ,加强电子商务等促进知识经济发展的立法 ,进一步完善商事法律体系 ,改进行政执法和司法。     

Legal Security from the Point of View of the Philosophy of Law

Abstract. The author analyses the concept of legal security from its historical evolution to its main structural aspects. In the first part he argues that legal security is a historical and cultural concept of the modern world. He considers a series of factors which lead from the general concept of security generated by an ideological monism and the social rigidity characterizing the Middle Ages to the concept of legal security protected by the legal monism of the modern state, where legal security, understood as formal or procedural justice, has become a principle inspiring the entire legal system. Then he considers legal security in the social state as the expression of the relationship between man and his social needs. In the second part the author makes a structural analysis of the concept of legal security in a modern legal order, identifying the different spheres in which it can be found: state,—focusing on procedural guarantees as limits to power—, law—considering the internal functioning of the legal system—, society—stressing the effects of the action of the social state on the idea of legal security.     

The politics and policies of enhancing trustworthiness for information systems

This article describes how the integration of computing and communications complicates policy choices for protecting information systems. The technical challenge in the aggregate can be labeled “trustworthiness.” Its dimensions include information security, privacy of personal data and system safety and reliability. Although a holistic technical approach is promising, forging a consistent policy solution is another matter. Proposals for new institutions recur, while calls for public‐private partnership are a new theme. Yet industry signals growing discomfort with government programs associated with national security and law enforcement, fueling conflict and controversy over cryptography policy. Meanwhile, more federal agencies are addressing relevant issues, and more private sector organizations have entered the advocacy game. The article describes multiple policy legacies, key players and perspectives and policy trends. It outlines issues that shape the context for policy that responds to dependence on networked information systems.