UK withdraws proposed updates to the Electronic Communications Code

On 22 January 2015, the UK Government withdrew its proposed changes to the Electronic Communications Code.

As the changes were unexpected, more time for consultation is not entirely unwelcome.

However, as the changes in large part were positive, I hope that this is only a delay and the proposals will be brought forward in due course.

Posted in Broadband, Fixed, Government policy, Mobile, Regulatory action, Telecoms, UK | Tagged | Leave a comment

UK proposes surprise changes to the Electronic Communications Code

Fibre optic trenchIn a surprise move, on 13 January the UK government announced plans to update the elderly (and, even to the House of Lords, rather incomprehensible) Electronic Communications Code which deals with the rights of telecoms operators to access public and private land.

Whilst the proposed changes in large part adopt the recommendations of the Law Commission’s report on the current Electronic Communications Code, the timing at the end of a coalition parliament and method (being part of a rather hotch-potch Infrastructure Bill) has come as something of a surprise.

The Government’s intention is to reduce the barriers to infrastructure investment and so expects that operators will benefit, relative to landowners, from the changes.

With thanks and acknowledgement to Warren Gordon, the key issues in the draft are:

  1. Better drafting. The plain English approach in the new draft is very welcome.
  2. Clearer interaction with the Landlord and Tenant Act 1954 in relation to seeking to recover possession. The proposed Code amends the 1954 Act to  provide that tenancies, the primary purpose of which is to grant Code rights, cannot benefit from the security of tenure rights under the 1954 Act.
  3. Conferring of Code rights. Code rights are only conferred by written agreement between the occupier and the operator, and the agreement only binds the occupier’s landlord if he agrees to be bound. However, there is a power for the court to impose an agreement by order if: (i) any prejudice caused is capable of being adequately compensated by money; and (ii) the public benefit in access to a choice of high quality electronic communications services, likely to result from the making of the order, outweighs any prejudice. However, an order may not be made if the court thinks that the relevant person intends to redevelop all or part of the land to which the Code right would relate, or any neighbouring land, and could not reasonably do so if the order were made.
  4. Consideration and compensation. Any court-imposed agreement must deal with the consideration to be paid, being an amount representing the market value of the relevant person’s agreement to confer or be bound by the Code right. The market value is assessed on the basis of the value to the operator of the agreement (note, not to the relevant person such as a landowner) and having regard to the use which the operator intends to make of the land. The court may also order compensation for loss or damage and the legislation sets out the bases for compensation. At the core of the new Code is the change to the wayleave valuation regime, which essentially moves valuation away from pure free market principles by requiring the use of the RICS Red Book. According to the Government’s Impact Assessment, this is expected to lead to a 10% reduction in wayleave payments (such as lease payments) from operators to landowners. It is expected that this will result in landowners’ revenue from wayleave payments decreasing by £30 million per year.
  5. Interim agreement. The new code allows an interim order to be made, with presumably matters such as compensation decided at a later and fuller hearing.
  6. Assignment of Code rights/upgrading or sharing use of apparatus. Operators can assign Code rights (although can be required to enter into an authorised guarantee agreement), upgrade or share the use of electronic communications apparatus subject to certain conditions and anti-avoidance provisions.
  7. Continuation of Code rights and bringing agreement to an end. A site provider who is a party to a Code agreement may bring the agreement to an end by giving a notice to the operator. The notice must state the end date, which must fall no earlier than after the end of 18 months from the day on which the notice was given,and also state the ground on which the site provider proposes to bring the agreement to an end (this includes that the site provider intends to redevelop all or part of the land to which the agreement relates or any neighbouring land, and could not reasonably do so unless the agreement comes to an end). Where such a notice is given, the Code agreement comes to an end in accordance with the notice unless within three months from the day on which the notice is given, the operator gives the site provider a counter-notice, and within three months from the day on which the counter-notice is given, the operator applies to the court for an order. However, if the court decides that the site provider has established the redevelopment or other ground, the court must order that the agreement comes to an end. Otherwise, the court can make one of a number of orders specified in the legislation. The operator may be required to make interim payments. There is also a procedure for changing an agreement, which again may involve applying to court for an order (it appears that there is no equivalent of the existing paragraph 20 “lift and shift” right).
  8. Removal of apparatus. There are also rights for a landlord to require the removal of apparatus if one or more of five conditions are satisfied, including the apparatus is no longer used for the purposes of the operator’s network; or there is no person with a Code right to keep the apparatus on the land. There is a procedure to enforce removal of the apparatus.
  9. Not retrospective. The new Code will not be retrospective.
  10. Code rightsCode rights may be granted to wholesale providers as well as service operators. Existing rights do not become Code Rights if an operator is later granted Code Operator status.

For more (and more learned) detail, see Warren’s update here.

Posted in Broadband, Fixed, Government policy, Mobile, Telecoms, UK | Tagged , , | Leave a comment

Will ISO 27018 help cloud customers to comply with Singapore’s data protection laws?

A key challenge for organisations who want to use cloud services is to do so in a way that is compliant with the organisations’ obligations under data protection laws.

This guest post by Matt Hunter (@matthew1hunter) and Daniel Jung explains how ISO 27018 is relevant and why companies considering cloud solutions should look to cloud providers who meet this standard.

Around the world, companies are coming under increasing pressure to comply with data protection laws.  Singapore is no different.  In July 2014, Singapore’s Personal Data Protection Act (PDPA) came into force.  Will the new international standard, ISO 27018, help customers in Singapore to overcome the data protection challenge when using cloud services?  Our conclusion is yes.  If a cloud customer engages a cloud service provider (CSP) that complies with ISO 27018, the cloud customer can be confident that the CSP’s cloud solution will help the cloud customer to comply its key legal obligations under the PDPA relevant to the use of cloud services.  Similarly, if a CSP complies with ISO 27018, the CSP can be confident that it can offer a cloud solution that will help its customer comply with its key legal obligations under the PDPA.

Background

The PDPA places obligations on companies when it comes to the collection, use and disclosure of personal data.  One of the consequences of the PDPA is that companies in Singapore who want to engage the services of a CSP must consider how the cloud solutions will comply with the relevant obligations under the PDPA.  Similarly, CSPs who want to offer cloud solutions to customers in Singapore must consider how their cloud solutions will comply with the relevant obligations under the PDPA.

In August 2014 the International Organization for Standardization (ISO) published a new standard specifically applying to how CSPs protect and managed data on behalf of their customers. “ISO/IEC 27018 – Information technology – Security techniques – Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors” (widely known as ISO 27018).  One of the main intentions of ISO 27018 is to help public CSPs to comply with applicable obligations when holding personal data for their cloud customers.

So, how do the key legal obligations in the PDPA compare to the requirements of ISO 27018?  Can ISO 27018 help cloud customers and CSPs alike to ensure compliance with PDPA requirements?  In this blog we compare the key legal obligations in the PDPA relevant to the use of cloud services to the requirements in ISO 27018 and look at the practical steps that cloud customers and CSPs can take to ensure compliance.

How do ISO 27018 and the PDPA compare?

  • Consent and Purpose.

PDPA requirement: An organisation must obtain the consent of an individual in order to process personal data about the individual.

Does ISO 27018 help? Yes. ISO 27018 will help the customer to comply with this obligation because it requires the CSP to process personal data in accordance with the customer’s instructions and prohibits processing for any other purposes.  This requirement will help the customer because it will provide assurance to the customer the CPS will not use its personal data for purposes that are inconsistent with the consent the customer has obtained from individuals.

  • Notification.

PDPA requirement: An organisation must notify individuals about the purposes for which their data will be processed.

Does ISO 27018 help? Yes. ISO 27018 will help the customer to comply with this obligation because it requires the CSP to process personal data in accordance with the customer’s instructions and it requires the CSP to disclose information about sub-processors and data location to the customer.  These requirements will help the customer because it will provide assurance to the customer the CPS will not use its personal data for purposes that have not been notified to individuals and the customer can provide extra information in its notice to individuals about sub-processors and locations of processing.

  • Data retention.

PDPA requirement: An organisation must cease to retain personal data as soon as the purpose for which the personal data was collected is no longer being served by the retention of the personal data.

Does ISO 27018 help? Yes. ISO 27018 will help the customer to comply with this obligation because it requires the CSP to implement a policy under which the CSP ensures that personal data is erased as soon as it is no longer necessary for the specific purposes of the customer.

  • Data subjects’ right of access and correction.

PDPA requirement: An organisation must, upon the request of an individual, provide the individual with access to the personal data that an organisation holds about the individual and correct the personal data.

Does ISO 27018 help? Yes. ISO 27018 will help the customer to comply with this obligation because it requires the CSP to assist its customer to comply with a data subject’s access requests and correction requests.

  • Security.

PDPA requirement: An organisation must make reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.

Does ISO 27018 help? Yes. ISO 27018 will help the customer to comply with this obligation because it requires the CSP to take certain types of security measures, to adopt and implement security awareness policies and to subject their services to independent information security reviews at regular intervals.

  •  Sub-contracting. 

PDPA requirement: An organisation has the same obligations in respect of personal data processed on its behalf and for its purposes by a third-party, as if the personal data is processed by the organisation itself.

Does ISO 27018 help? Yes. ISO 27018 will help the customer to comply with this obligation because it requires a contract to be executed between the data controller (the customer) and the data processor (the CSP), that contains minimum security arrangements and an obligation to process data in accordance with the data controller’s requirements. Further, it also requires the CSP to seek consent from the customer before engaging any sub-contractors.

  • International transfer restrictions.  

PDPA requirement: An organisation must not transfer personal data outside of Singapore unless the transfer is made in accordance with the requirements of the PDPA to ensure that the organisation provides a standard of protection to the personal data so transferred that is comparable to the protection under the PDPA.

Does ISO 27018 help? Yes. ISO 27018 will help the customer to comply with this obligation because it requires the CSP to specify and document the countries in which the personal data may be processed and, no matter where the personal data is located, all of the other requirements in ISO 27018 will apply to the Personal Data, so the customer can be sure that its personal data will be protected to the same standard of protection.

  • Policies and procedures. 

PDPA requirement: An organisation must implement policies and procedures in order to meet their obligations under the PDPA and shall make information about its policies and procedures publicly available.

Does ISO 27018 help? Yes. ISO 27018 will help the customer to comply with this obligation because it requires the CSP to execute a contract with the customer to ensure that data is processed in accordance with the customer’s instructions (including instructions as to policies and procedures that are adopted by the customer).

Put simply, the comparison shows that the key legal obligations are matched by the standard’s requirements.

What about other countries?

The same conclusion appears to us to apply in other countries as well.  The PDPA is similar to the data protection laws in many other countries, including Australia, European countries, Hong Kong, Japan, Korea, Malaysia and New Zealand.  If a cloud customer in any of these countries engages a CSP who complies with ISO 27018, the cloud customer can be confident that the CSP’s cloud solution will help the cloud customer to comply its key legal obligations under the data protection laws in its country.

How can a CSP demonstrate compliance with ISO 27018?

There are a few options:

  1. A CSP can contractually commit to comply with ISO 27018.  This will show a commitment to comply but it does not demonstrate compliance.
  2. A CSP can consider third party certification against ISO 27018. This can currently only be done through a  ISO 27001 certification that incorporates, as part of the controls that the CSP is being certified against, the controls in ISO 27018.
  3. A CSP can do a compliance self-audit against ISO 27018.  There are also good arguments that a self-audit by a provider under ISO 27018 is accepted as proof of compliance with technical and organisational measures (as required, for example, under EU law for data processing agreements).
  4. Certification against a standard that includes ISO 27018.  In November 2013, the Infocomm Development Authority of Singapore (IDA) launched a Multi-Tiered Cloud Security Standard (MTCS) in order to encourage CSPs to implement strong risk management and security practices through certification.  This standard is currently being updated by the IDA.  It would be sensible (and beneficial to customers and CSPs) if the IDA included by reference ISO 27018 or included equivalent requirements in any revised MTCS.  This would mean that a CSP that is MTCS certified, would also be ISO 27018 certified.

Conclusion

There is no silver bullet to ensure overall compliance with an organisation’s obligations under privacy laws. However, in relation to cloud solutions, ISO 27018 is a welcome step towards ensuring that such cloud solutions are compliant with relevant privacy law obligations, including those in Singapore’s PDPA, and thereby further boosting customer confidence in cloud solutions.  Customers should check that their CSPs (existing or potential) comply with ISO 27018.  This will help customers to be confident that the cloud solutions (existing or potential) comply with the relevant obligations under the PDPA (or the relevant laws in other countries).  CSPs should demonstrate compliance with ISO 27018 in order to be confident that their cloud solutions will help their customers to comply with the relevant obligations under the PDPA (or the relevant laws in other countries).

 

Posted in ASEAN, Cloud computing, Data protection, Outsourcing, Regulatory action, Services, Singapore, Software, Technology | Tagged | 1 Comment

Are Singapore’s Monetary Authority’s proposed outsourcing rules clear enough?

The Monetary Authority of Singapore  (“MAS“) is consulting on a new notice and guidelines on outsourcing. Having already commented on its positive message for cloud services, this post addresses the rest of the consultation.

In summary, we think:

  1. MAS’s proposals are generally positive and helpful.
  2. However, in some areas more clarity could be provided.

Background

MAS first issued its ‘Guidelines on Outsourcing’ in 2004 (and updated them in 2005).  Under this consultation:

  1. MAS proposes to issue a Notice that defines a set of minimum mandatory standards for outsourcing. The Notice is in addition to the Guidelines.  The Notice sets out requirements for the assessment of service providers, access to information, conduct of audits on a service provider, protection of customer data, and termination of and exiting from an outsourcing arrangement.
  2. MAS has also proposed updated Guidelines.  The MAS has focused on certain areas, including the responsibility of boards and senior management, monitoring, notification, employee screening, audit and registries of outsourcing arrangements.

Interested parties should submit views and comments to MAS by email to outsourcing@mas.gov.sg by 7 October 2014.

What we like

  1. The consultation is, in and of itself, a good thing.  The original Guidelines are now nearly 10 years old.  The MAS recognises that practices have changed and there are risks that need to be addressed.
  1. MAS recognises the value that outsourcing can bring.  Outsourcing shouldn’t always be about cost reduction.   It is also be about improvement and innovation.  The MAS recognises therefore that outsourcing is fundamentally important to the financial industry but wants to make sure that the risks involved are properly dealt with.
  1. MAS embraces cloud computing.  There’s plenty to be relieved about (and grateful for):   see here.
  1. Clarity in relation to the application of the Technology Risk Management (TRM) and Business Continuity Management (BCM) guidelines.  Financial Institutions (“FIs“) are required to evaluate their outsourcing arrangements against these frameworks.  It’s good to see a clear link to these guidelines which were developed after the original Outsourcing Guidelines.  However, the MAS could add a helpful line by saying that not all of the TRM and BCM guidelines are relevant for each and every outsourcing arrangement (but this is probably clear enough).
  1. Emphasis on the responsibility of local boards/management.  This will encourage local branches and entities of international banks to think locally as well as internationally.  It’s not always good enough to roll out a global solution without thinking about local impact.
  1. Emphasis on staff awareness.  There’s a new line in the guidance that staff must be made aware of the policies and procedures for an FI’s outsourcing arrangements.  Increased awareness within FIs will be helpful.
  1. Contracts must be legally enforceable and have exercisable rights during a breach.  MAS stresses the importance of good legal contracts.  FIs must make sure their legal teams are vested in their outsourcing processes.

Some important points we would like to see MAS clarify

  1. The existing Technology Questionnaire on Outsourcing.  It’s not clear what will happen to this.  The questionnaire is not expressly mentioned in the new documents.  The questionnaire is a helpful document for FIs to use and helps with internal processes.  It would be useful if the MAS would express how the questionnaire will fit into the new (and more detailed) guidelines on notifying MAS of outsourcing arrangements (even if there is to be a new questionnaire, a mention of it would help).
  1. Definition of “outsourcing arrangement”:  An outsourcing arrangement must be something that is “integral to the provision of a financial service by the FI”.  This wording isn’t helpful.  It was in the old guidelines and is in the new guidelines.  It is hard to say that a lot of outsourcing is “integral” to financial services provided by FIs e.g. a printing service, a facilities management service or a cloud service for document storage.  These are “back of house” services.  However, it would seem that these will nevertheless  be regulated because they are services that may involve access to customer data (for example).  This definition seems contradictory (especially when you read the list (in the annex) of examples of outsourcing arrangements).
  1. Definition of material outsourcing.  The definition has changed and now includes the following line: “any outsourcing that adversely affects the ability to manage risk and to comply with laws/regulations or which involves customer information”.  It’s hard to think of many outsourcing arrangements that don’t fit this part of the definition.  Does the MAS intend that all of these kinds of arrangements would be deemed “material” and therefore subject to the additional requirements? 
  1. FIs must notify adverse developments.  There is currently no materiality threshold which suggests that “any” adverse development or breach of law must be notified.  This could be too onerous for FIs.
  1. The notification process (or lack thereof).  What happens after the notification process?  It has often been unclear for FIs undertaking outsourcing in the past how long their “discussion/consultation” process with MAS will last, or what the outcome is. It would more transparent and helpful if the MAS could provide a clearer idea of the timelines/process expected.
  1. MAS says that FIs “may” want to make Service Providers (SPs) contractually liable for their subcontractors.  How can MAS be sure FIs will be monitoring everything and complying with all obligations if an SP has no liability for acts of subcontractors?  This seems like a missing link in the chain, and we would expect that FIs will in practice ensure that their SPs are liable for their sub-contractors.
  1.  Audit.  MAS deals with annual reviews and audits in multiple different places in these proposals (and in its existing guidelines e.g. TRM guidelines).  Clarification for how these audits fit together would be helpful.  Can they be consolidated?  What if the information is made available by a SP so an audit doesn’t need to be carried out?  Can a SP impose limits on the audit e.g. no access to other customers’ information?  What about independent third party audits?
  1. Termination rights.  We think that the termination requirements are tough.  Not every breach is a material breach or one that would warrant a termination.  It will be tough for FIs to include this kind of right in negotiations with CPs.  The MAS could add a qualification to this requirement that breaches must be material (or that a series of repeated breaches may be material) and trigger a termination right.
  1. Requirements of written confirmations from supervisory authorities of the SP if the SP is an overseas FI. (a) It is not clear if this requirement applies to all outsourcing arrangements or material outsourcing arrangements.  (b) Is the MAS confident that overseas supervisory authorities will provide such written confirmations?  The concerns that the MAS lists are sensible but the practice for this kind of written confirmation from overseas supervisory authorities is not yet common.  Perhaps the MAS could state that this requirement is something that the MAS may ask for, but, for the moment, it is not a default requirement (until the practice becomes more common internationally).

Some less important points that could helpfully be clarified

  1. Requirement that SP can isolate and identify customer data.  The MAS could clarify that this can be achieved through technical means.
  1. Due diligence on staff of SP.  This is referred to in new guidance as the “fit and proper” criteria.  FIs must ensure that employees of the SP (and subcontractors) are not subject to disciplinary proceedings, not convicted, are financially sound.  In itself, this is a sensible rule and most FIs will do this already to some extent.  However, as it is a new rule, the MAS could help by more clearly saying that this criteria should be applied depending on the job that is being performed.
  1. RPO and RTO requirements.  How do these requirements apply to a SP who operates two active sites?  The MAS could say  that the RPO and RTO requirements are necessary where an immediately available alternative active site is not available.
  1. Clarification of whether or not SP is responsible for FIs compliance with rules.  The MAS seems to suggest that the SP is also to be held responsible for complying with these rules that apply to FIs.  IT should be clear that FIs are responsible for complying with the rules and that FIs should pass down the relevant obligations to the SPs in the outsourcing contract, where necessary for the FI to ensure that it has complied with the rules.  To say that the SP must comply with all of the same rules is not clear and in fact, unhelpful because it is too general an obligation.
  1. Application of the rules to overseas branches of FIs.  The new rules suggest that an overseas branch of an FI must comply with the rules.   If a branch in Singapore outsources services to an overseas branch, and the overseas branch further outsources some or all of the same services to a SP, then it is right that the rules should still apply.  However, if the overseas branch outsources services that are not connected to the Singapore operations or Singapore customers, then why would the MAS rules apply?
  1. Indemnity requirement.  The MAS has included a new requirements for FIs to obtain indemnities from SPs in favour of the MAS if the MAS exercises an audit/review right.  This isn’t something that regulators commonly ask for.  First, is it really necessary?  How often would a SP take action against the MAS?  Who else might bring a claim against the MAS in this situation?  Indemnities are often difficult to negotiate.  The MAS has not set out what the scope of the indemnity should be – which will make it more difficult to negotiate the indemnity with SPs.  We think that this requirement isn’t really necessary and could be dropped without harm to the MAS.

Next steps:

Customers, suppliers and advisors have until 7 October to submit a reply to the MAS.

Let’s see to what extent they address the points noted above.

Posted in ASEAN, Outsourcing, Regulatory action, Singapore, Technology | Tagged , , ,

MAS Embraces Cloud: A Silver Lining

There should be relief at the moment felt by financial institutions and cloud service providers alike, following the release of the MAS’s consultation on the proposed new outsourcing notice and updated guidelines as mentioned in Rob’s previous post.

The MAS doesn’t use the word “cloud” expressly in its consultation.  However, the MAS has made important changes to the outsourcing guidelines.  The changes are relevant to cloud services and, most importantly, there are positive references to cloud services.  Cloud is OK provided you follow MAS’s rules.

  1. An OK for SaaS, PaaS and IaaS. In Annex 1 of the proposed updated guidelines, the MAS expressly lists “SaaS, PaaS and IaaS” as kinds of services that, when performed by a third party, would be regarded as outsourcing arrangements (and therefore subject to the MAS’s notice and guidelines on outsourcing).  Therefore, the MAS is saying that cloud is a type of service that falls within outsourcing.  The implication must be that financial institutions can use cloud services as long as the cloud services they adopt comply with the notice and guidelines on outsourcing.
  1. An OK to multi-tenancy arrangements.  In sections 5.6.2 and 5.7.2 of the updated guidelines, the MAS makes express reference to “multi-tenancy arrangements”.  In a footnote the MAS explains that “Multi-tenancy generally refers to a mode of operation adopted by service providers where a single computing infrastructure (e.g. servers, databases etc.) is used to serve multiple customers (tenants).”  The MAS goes on to say that if a financial institution is using a multi-tenancy arrangement then it should pay particular attention to the ability of the arrangement to isolate and clearly identify the financial institution’s documents, data, information etc.  Again, therefore, the implication must be that financial institutions can use cloud services as long as the cloud services they adopt comply with the notice and guidelines on outsourcing.  In sections 5.6.2 and 5.7.2, the MAS has picked out certain areas where the financial institutions should pay particular attention if they are using cloud services.  So this isn’t a “no” to cloud services but rather a “yes, but be careful”.
  1. An OK to transfers of customer information.  The definition of a “material outsourcing arrangement” in the updated guidelines now expressly includes an arrangement “which involves customer information”.  Most cloud services will involve customer information.  The implication is that financial institutions can enter into outsourcing transactions that involve customer information and, therefore, can use cloud services, as long as the cloud services they adopt comply with the notice and guidelines on outsourcing.  This means that the MAS will consider most cloud services as a “material outsourcing arrangement” and so the additional requirements will apply to cloud services (e.g. notification to the MAS, prior to committing to the cloud services).
  1. An OK to outsourcing outside of Singapore.  In section 5.10 of the updated guidelines the MAS deals with outsourcing outside of Singapore.  This section has not really changed but it is noteworthy that the MAS recognises that “the engagement of a service provider in a foreign country… exposes an institution to country risk”.  The MAS does not say that a financial institution cannot outsource outside of Singapore. The MAS points out that an outsourcing outside of Singapore carries additional risks that the financial institution must address.  Many cloud services will (to varying extents) be provided from locations outside of Singapore.  The implication is that a financial institution can carry out outsourcing outside Singapore, and therefore can use cloud services that are provided from locations outside of Singapore, as long as the cloud services they adopt comply with the notice and guidelines on outsourcing.  This means that financial institutions must address the additional “country risks”.

In summary, these are positive steps for customers and service providers of cloud services.  As the proposed new guidelines currently stand, the MAS has decided not to call out cloud services in much detail.  Instead the MAS seems to be moving towards accepting cloud services as just another service delivery model, rather than as something that needs additional regulation or treatment.  This is good news.

Apart from cloud, the new notice and update guidelines should be welcomed.  There are some points that the MAS should be asked to clarify and now’s the time to do that – more on these points in our next blog.  However, overall, these proposals are good for cloud and good for the financial services industry in Singapore.

Posted in ASEAN, Data protection, Government policy, Hardware, Outsourcing, Regulatory action, Services, Singapore, Software, Technology | Tagged , ,