[Interview: conducted by Ilda Matos; edited by Ilda Matos and Carlos Costa]
What kind of work does the OECD Information Security and Privacy WP produce?
M.P.B: The WP has a programme (resulting from contributions of the OECD Member-States and Secretariat) including issues related with security and privacy which have serious impact in terms of cooperation and economical development. As for the issues presently under discussion, one should refer the management of the digital identity, e-authentication, international cooperation in terms of privacy, RFID, malware, spyware, spam, trends associated with security of networks and privacy of information systems and, last but not least, the preparation of the forthcoming Interministerial Conference.
How does the WP function?
M.P.B: The WP meets twice a year, usually in March and October, and is supported by a Permanent Secretariat that also participates in the meetings. The works are directed and boosted by a yearly elected bureau composed by a President and several Vice-Presidents.
Does the validation of the tasks fulfilled by the WP need to be always at Interministerial level?
M.P.B: Not always. There is the Council of Ambassadors, where agreements may be arranged between Member-States. At the WP level, important works are also prepared and subject to declassification to be available to the general public.
What are the main priorities of the WP for this year?
M.P.B: The Interministerial Conference that will take place next year is the fundamental goal. We have to prepare a wide set of issues that are now of increasing importance, especially the digital identity issue (that the conjunction of data, in a virtual framework, used to identify an agent, conferring this agent the capacity to fulfil an array of actions) and the stealing of the digital identity.
Other important issue in the preparation of the Interministerial Conference is the future of the internet, which will gradually be seen as the “Internet of things”, beyond the interpersonal communication and towards a communication supported in devices, controlled by a computing programme, that interact recurring to the internet.
We are also working in the revision of the guidelines for the security of networks and of information systems, which date back to 2002, to see whether those can be considered updated, if new questions arise and what must be specifically reviewed.
Naturally, all this work has to be produced between the meetings of the W.P.
M.P.B: In general, beyond the participation of OECD Member States in the W.P., there is also the adhesion of experts from the industry, EPIC, Council of Europe, European Union, APEC and others. Regarding the protection of critical infrastructure, the W.P. is developing studies comparing the policies for the development of critical infrastructure protection.
How does Europe compare with the USA and Japan in issues such as network security, critical infrastructure protection and digital identity?
M.P.B: The situation varies, for each of these topics there are different layers where the relative development is variable.