1 JRC – IPTS Seville

e-Government Europe 2004Noordwijk aan Zee, NL, 1-3 March

Institute for Prospective Technological Studies (IPTS)Seville, Spain

http://www.jrc.es http://www.jrc.cec.eu.int

Identity Management Systems (IMS)Challenges and Opportunities for e-Government

2 JRC – IPTS Seville

CONTENTS

E-Government services: a new paradigm A ‘trusted’ environment for e-Government services Identity, Identity Management and applications Identity Management requirements e-Identification and the Public Sector Discussion Topics

3 JRC – IPTS Seville

E-Government services: a new paradigm

ICTs increasingly used to reduce cost, improve efficiency of e-Government services through: (a) back-office re-engineering; (b) one-stop-shop approach; (c) interoperable systems & interfaces.

However, important social and technological developments act as drivers for change: e.g. (a) enlarged and aging population in need of personalised services; (b) increased socio-cultural & religious diversity; (c) flexible, mobile living + working + consumption patterns; (e) pervasive computing, ubiquitous communication, intelligent interfaces (Ambient Intelligence environment).

In addition, renewed interest in the role of the public sector in encouraging demand and the part that e-services can play.

The issue of e-Government wider-adoption sets new requirements on public e-services (from supply-side issues to demand-side and societal factors).

Future Challenge: From more efficient e-Administration to personalised e-Government services to e-Governance based on Knowledge Management in an AmI environment

4 JRC – IPTS Seville

A ‘trusted’ environment for e-Gov. services

Rising crime, lack of security, trust and privacy protection impacts, inherent computer interface complexity, and cost of solutions seem to be the main barriers to the wider adoption of ‘trusted’ physical and knowledge networks, required to transform Europe into a Knowledge Society (Lisbon objectives).

The deployment of identification technologies as a panacea for ‘trust’ problems raise some concern since emerging technology and other social and financial factors, affect their application in ways that requires further understanding.

Also e-Governance in an AmI environment requires that new risks be assessed and managed, especially regarding the public/private sphere boundaries.

Solutions related to identification and authentication need be devised so as to efficiently secure the e-services and promote citizens’ confidence in them.

Future Challenge: Identification, Authentication, Identity management, Liability, Security, Privacy, legal aspects and social implications ought to be carefully addressed.

5 JRC – IPTS Seville

Identity, Identity management and applications People are skilful in mastering identity,

which is a complex social concept, in the real world, but not yet in the virtual world

Technologically supported Identity Management gives users control over the amount and nature of their personal data that should be released.

IM is driven by security/access management needs, but also seen as a tool to enforce security and privacy protection.

IM is a layered problem that needs a comprehensive solution dealing with all layers at once.

IM needs a flexible, cost-aware, public-lead & market-driven evolution path

6 JRC – IPTS Seville

Identity Management - Requirements

Specific Functionality (depending on the scenario)

Basic Usability

Security

Privacy

Specific Law Enforcement - legal regulations

Objective Trustworthiness

Affordability

Interoperability

“ IMS Identification and Comparison Study ” Hansen, M., ICPP Schleswig-Holstein, DE, Sep.03

Technology & identity-attribute independent requirements

7 JRC – IPTS Seville

e-Identification and the Public Sector Identification used in the physical world varies as to: (a) the medium/support

type; (b) geographic and sectorial scope; (c) the process to issue, re-new, authenticate; and (d) the security and data protection mechanisms.

Various e-identification processes exist at local and national level with significant variation as to the scope, purpose and mechanisms.

Secondary use of the result of the process, extended use beyond sector and geographical borders and the security and privacy risks involved indicate that problem is thornier than technical or legal interoperability alone.

IMS with the following min functionality: usability, multi-lateral & multi-channel security and law enforcement limitations, privacy protection, offering users transparency and control over their data, can help enhance trust and thus acceptance of such an environment.

However users will be expected to develop new skills related to the online world and be prepared to upgrade them as time and technology progresses.

Future Challenge: For the Public sector policy and governance issues are thornier than the technical e-identification capability.

8 JRC – IPTS Seville

Policy questions for further discussion (1)

• How to develop interoperable IMS from the heterogeneous, autonomous, authentication systems that exist and operate today?Cooperation among all levels of Government (cross-country + intra-country) especially when considering legal impacts of standardisation of both data and processes of issuing, verifying, revoking source identity documents leading to data + function interoperability. Cooperation among public/private actors on authentication issues related to security, privacy protection, liability, non-repudiation, centralised vs. distributed/federated IMS, etc.

• CONVERGENCE questions: ?Geographical and sectorial convergence will bear new problems such as: increased inter-dependence as a result of single sign-on, technical & legal interoperability needs, increased security and privacy risks (Identity theft, data aggregation/profiling).

Private sector, mainly banks, which have experience on secure e-identification solutions over a variety of remote channels (phone & mobile, PC & Internet banking, Interactive TV and payment cards) need to share experience in assessing risk and developing and deploying security/privacy compliant IMS. This may result in sharing of costs and an easier learning process leading to widespread adoption of services.

• PARTNERSHIP questions: ?

9 JRC – IPTS Seville

Policy questions for further discussion (2)

ICT can play an important role in this by aiding in the managed transfer of control from the hands of an unaccountable central administration to the hands of appropriately skilled citizens, through the wider adoption of Identity Management Systems. Also, an appropriate e-governance structure will have to be developed / implemented.

The essence of the question relates to who will have control over what data and what processes will be in place to aid in the implementation of the IMS to be used.

• Is it desirable to require a single national ID for all citizens? Is it necessary to avoid such a scheme so as to prevent inevitable misuse and abuse?

Depending on the specific application and thus the need for weak or strong identification the role of such technologies in authentication processes and in protecting identity information should be better understood.

• The role of biometric and DRM technologies? Who will pay for/control them?

• Governments’ role in identity management is to properly balance the competing interests of legitimate public and private business activities, law enforcement and state intelligence while protecting citizens and consumers’ privacy. How can they play this role effectively?

10 JRC – IPTS Seville

Thank you !

Any Questions ?

Contact DetailsIoannis Maghiros

Cyber-Security Project Officer

EC – DG JRC – IPTS – Seville

ioannis.maghiros@jrc.es