Everybody knows that security is a major success factor of eGovernment and eCommerce. Opinions start to diverge considerably, however, once details are examined. As the last blog focused on the topic “Data security for mobile access” , this blog will deal with “Electronic identities”.
The first keystone in the field of IT security is authenticity. Electronic identities are therefore comparable to previous mechanisms, and thus lend themselves as central pivots of every security concept. However, not every offer can be utilized in a meaningful or economical way.
The proposal by the European Commission to ensure cross-border recognition of national identity systems is also of considerable interest. I do have doubts, though, concerning some of the points raised, and question whether this would enhance the acceptance of eGovernment. Whereas the abolishment of fragmentation would be an improvement to all involved, mutual recognition would significantly increase administrative complexity and the related costs.
Based on the current facts, there is clear potential for improvement:
- So far, no country has implemented widespread usage
- Only a few countries (such as Austria) also provide a solution for the rapidly expanding mobile device market (www.handy-signatur.at)
- A parallel existence of electronic identities and signatures increases the complexity without generating additional benefits
- Out of 27 countries, only 13 are participating in a joint initiative for cross-border recognition of eIDs
Seen from a commercial perspective, substantial costs have already been incurred, but without any benefits. I remain convinced none the less that eIDs are the way forward to ensure authenticity in eGov and eCommerce. The concept is likely to require, nevertheless, further adjustments:
- The utilization of national solutions should be made on the basis of uniform, EU-wide interfaces
- Instead of mutual recognition of various systems, one or several available, flexible, and tried and tested solutions could be used on a cross-border basis
- Overlaps between electronic identities and signatures should be resolved
- Security issues should be addressed on an ongoing basis, commensurate with the prevailing situation, rather than waiting for an ultimate and final perfect solution
Subsidizing countries which are currently financially challenged by supporting the introduction of tried and tested solutions would significantly contribute to improving the services without additional fragmentation. Furthermore, the term ‘tried and tested’ should be clearly defined, for instance as ‘actual successful widespread usage‘.
Considering the financial situation of public administration bodies (such as town councils), additional costs would clearly be most unwelcome., This and other suggestions, therefore, carry the objective of enabling the recycling of components and thus saving costs; the only way to turn electronic identities into blessing – and not a curse – for eGovernment.