Srpska verzija
Nedavno je u Skupštini republike Srbije usvojen Zakon o informacionoj bezbednosti. Tekst usvojenog zakona se može pronaći na sajtu parlamenta. Tokom leta je bila u toku javna rasprava o zakonu, tokom koje sam se i ja uključio sa mojim komentarima. Moji komentari se mogu videti niže u embedovanom PDF dokumentu (telefone i email adresu sam sakrio, dok je ostatak originalni dokument koji je bio poslat i ministarstvu nadležnom za zakon). Iz ministartsva sam dobio povratnu informaciju da su moji komentari korisni i da će biti uzeti u obzir. Radi poređenja, ovde se može naći nacrt zakona u formi od jula 2015., kada su komentari i nastali.
Neću mnogo komentaristati usvojen zakon, osim toga da se nije suštinski izmenio od perioda kada su komentari poslati i da dalje mislim da ima nejasno definisane nadležnosti tela koje se osnivaju, što će prouzrokovati mnoge probleme. Promene u zakonu su pre sintaktičke nego semantičke. Takođe, napomenuću ovde da sam više pristalica bezbednosti i privatnosti po dizajnu softvera i sistema, pre nego bezbednosti i privatnosti po regulativi, jer regulativa neće nikad biti u koraku sa tehnologijom, često se menja i može da se zaobiđe i uruši.
English version
Recently the Parliament of the Republic of Serbia adopt a new law on Information security. Text of adopted law can be found of the website of the Parliament. During the summer, there was a public discussion about the law, on which I took part by sending the comments. My comment (in Serbian) can be found in embeded PDF (with hidden phone numbers and emails, but otherwise it is original document that was sent to the competent ministry). From the ministry I got information that my comments were taken into account and that they were useful. For comparison, the text of the proposition for which I sent comment can be found here.
I won’t be commenting the adopted law too much here, apart from stating the fact that the text was not changed much from the time comments were sent and I still think that jurisdiction of the newly created bodies is not defined well which may cause many problems. Changes in the text are more syntactic than semantic. I will also state that I am more fan of the security and privacy by the design of software or system than by the regulation, because regulation as we can see is not able to keep up with technology, is changeable, can be bypassed or can break.