This document is hard to comment in detail because of its implicit assumption that security is only about dealing with crime and the solution is given as more surveillance and controlware.

The strenght of internet "distributed architecture, which cuts across a high number of actors both public and private,"
is attempted converted into the problem "and the distributed sharing of responsibility along the Internet chain also makes Internet open to all kind of attacks.".

The document dont deal with problems with neither problems nor solutions.

Instead it turns into a first-order-syndrome PR-argument for surveillance claiming that the only key to "confidence" is to be "tough on crime". The "solutions" is paranoid overkill without recognicing nor taking responsibility for the massive problems in terms of both crimes, inefficienies and market distortions, the approach is creating.

Problem is that the implicit cure (e.g. eIdentification) kills the patient as it turns citizens, devices, systems etc. into easy defenseless targets whilæe regulation and technology standards prevent solutions and create legacy that kill innovation and prevent value creation to solve the financial problems through economic growth.

The headline of Digital Agenda is supposedly "Empowerment", but this document does not link security to either of the goals nor does it realise that its implicit assumption is counter-productive to Trust & Security.

The key to solving the problems are
a) true empowerment and isolation of digital transactions as part of a preventive strategy to built fault tolerant ICT and strenghening the value creators (provides) and evaluators (citizens) at risk,
b) but also supporting this with semantic resolution of interoperable security to enable a security market and
c) knowing when and how to scale in times of emergencies.
d) Doing this require change in regulation both to
1) eliminate regulation that prevent security (require identification such as Data Retention, payment regulation, eIdentification) and
2) enable solutions (open ICT standards to replace gatekeeper kartel standards , empowering identity as legal tender for all services, a citizens right to historic data and control reuse out of context, requiring e.g. digital cash enabled in payments, putting strong restrictions on the posibility of using control of infrastructure to control transactions and market making,) while
3) realising that basic identity is a public sector delivery which has to enable contextual identity or fail by design. Key is to separate between minium that has to be provided by the public sector and how to allow the cerate ICT markets to scale and innovate solutions that is constantly improving and can change @runtime.

Identity is the root of everything - get it wrong, you get everything wrong. And eidentification, seuveillance and controlware thinking is getting it 100% wrong. We need to move beyond single id into structured identities WITHOUT "total-trust" providers turnng into Digital Aristocrazy takiung ownership of people.

The present approach will continue to do serious damage to the Single Market as it is based on a pre-internet Command & Control paradigme instead of creating resilience and enabling constant upgrade and customisation of negitiating security to context.

Regards

Stephan Engberg

Computer Internet security is an area where e-accessibility and e-inclusion must be 100 %.
Today almost every computer security program , even the big ones, is not accessible for visually impaired persons.
The swedish national system for e-identification has currently been made unaccessible for people with assistive programs, due to version update from the contractor, who is obviously working with very weak specifications.