Integrity
The pirate party wants to stop mass surveillance. Surveillance must only take place in the event of justified, concrete suspicions against particular persons. An information consent law is needed, which prohibits the passing on of information without the consent of the person concerned. Authorities must limit the amount of data stored, and social security numbers are abolished.
Overview – The Pirate Party wants to:
- The social security number is being reformed
- Minimize the coordination of registers between authorities
- Minimize the personal information collected by authorities
- Government e-identification that is not dependent on individual private actors is used
Introduction – Systematic surveillance harms democracy
The Pirate Party cares about the rights of individuals to a satisfactory private life. Individuals have the right to information about what data is disclosed to authorities and companies in order to be able to appeal when improper data collection takes place.
A satisfactory privacy and a democratic society are not compatible with systematic surveillance.
1. Social security number
The fact that we all have social security numbers in Sweden may seem like something good, but they are directly linked to three different groups that are systematically discriminated against in our society, create a basis for identification between different systems and are a major risk in the event of data leaks.
Our social security numbers identify age, gender and in some cases foreign place of birth. All factors open the door to discrimination in various contexts, especially in the labor and housing markets.
We believe that each authority should use its own system for identification and that the individual himself should be the only one who has full knowledge of which identifying codes are connected to him. In this way, we reduce the risk of systems running together without our knowledge. When a system leaks information, the damage from the leak is minimized.
Therefore, we believe that the social security number should be reformed. We believe that the state, county council and municipalities, regardless of whether the social security number remains or not, should use their own identifying codes when they recruit staff, which do not identify anything about the individual.
Therefore, we want to:
§1 Each digital system within Swedish authorities uses its own system for identifying codes;
§2 The individual citizen is the only one who has the right to know which codes are linked to them;
§3 Persons whose social security number still identifies them as foreign-born or shall not be given the opportunity to change their social security number;
§4 The ninth digit of the social security number shall no longer identify the gender of the person;
§5 The social security number shall no longer identify the person’s year of birth.
2. Authority control
In order to protect our personal integrity, we believe that there should be an authority whose task is to ensure that the data that other authorities have collected about us as individuals is stored and given access to in a secure and controlled manner. It should also have the task of ensuring that there is no merging of different registers between authorities without the public being clearly informed that this is happening, and when there are registers that have not been developed to be merged, verifying that consent has been obtained for this of each individual. This authority must also be where residents can turn if they believe that a crime has been committed against their personal privacy.
The Privacy Protection Authority should be given resources and mandate so that it can be this authority in the future.
Therefore, we want to:
§4 Minimize convergence of records between agencies;
§5 The Privacy Protection Authority is given sufficient resources and mandate to supervise the use of personal information by other authorities.
3. Data minimization
The biggest risk we have regarding records is that they end up in the wrong hands. In order to minimize the damage caused by these leaks, authorities should not require and store such information that is not directly required for the exercise of their authority. When the information is no longer needed, it must be destroyed. If data is to be stored for reasons of convenience and/or simplification of data management, active consent needs to be obtained.
State institutions and authorities must be able to offer an opportunity to visit them, physically or digitally, for general advice or information, without leaving any digital footprints that can be linked to an individual.
Therefore, we want to:
§6 All authorities must practice data minimization;
§7 All authorities must offer the possibility of visiting them without leaving footprints, whether digital or physical.
4. Digital signature
Today, we have a great many agreements that need to be signed, but we have no national system to do so, which inhibits social development. We have Bank-ID today which has become a de facto standard, but we see problems with this as Bank-ID requires you to have a bank account. In addition, Bank-ID is operated by a consortium of banks, which means that they have great control over your ability to sign agreements digitally. As mobile Bank-ID takes over, using Bank-ID also requires you to sign an agreement with either Apple or Google.
Therefore, the Pirate Party believes that Swedish authorities should use digital signing that is not directly controlled by an individual private actor.
Therefore, we want to:
§8 The state e-identification must work for signing digital agreements with the public sector;
§9 The government e-identification must be free and open software, without the user being forced into private agreements with individual companies.