austrian ict strategies - univie.ac.at · austrian ict strategies ... voting. 6 strategic services...
TRANSCRIPT
1
Austrian ICT Strategies
Mag. Alexander Leiningen-Westerburg, MAS
Federal Staff Unit for ICT-StrategiesFederal Chancellery Austria
eEurope 2005• modern online public services
– e-government– e-learning services– e-health services
• a dynamic e-business environmentand, as an enabler for these• widespread availability of broadband access at
competitive prices• a secure information infrastructure
2
E-GovernmentInitiative Österreich
2003 - 2005
E-Government Austria
e-Government PlattformBundeskanzler
Technical working
group of the federal states
IKT BoardCIO Austria
CIOs departments
e-Cooperation Board
Exekutivsekretär
Federal chancelleryTask forces Task forces
Federal Staff Unit for ICT-Strategies
Task forces
political levelpolitical level
technical technical levellevel
working levelworking level
4
online sophistication of public services Austria # 4
Austria made the most remarkable progress of 27 percentage points.
0%
25%
50%
75%
100%
S DK IRL A FIN NOR F UK NL P E I B ISL EL D L
Oct 2003 Oct 2002 Oct 2001
Onlin
e-Ver
fügbar
keit in P
roze
nt
complete electronic case handlingAustria #2
Volls
tändig
e Tra
nsa
ktio
n in P
roze
nt
0%
25%
50%
75%
100%
DK A S FIN IRL UK NOR F I D E P B EL ISL NL L
Oct 2003 Oct 2002 Oct 2001
5
Austrian E-Government Strategy
whereas information services are fully developed, interactions and transactions still lack a European Infrastructure and common understanding
what services do we offer
Information servicesfull coverage
business orientede-gov services
e.g. water, allowances, ...personal transactions
e.g. passport, certificates,…
security related servicese.g. medical, EKIS, .
e-governancee.g. participation, voting
6
strategic services and coordination• Information services cover basically all
institutions• Business oriented transactions can follow
existing models without prior strong identification• „real“ e-government applications need unique
identification• Sensitive government applications need
extended security• E-participation is still to be technically explored
e-government is not a purpose per itself• functional components have to serve the strategic
goals• citizens will not ask why they still have to go somewhere• if it does not pay it will vanish at the end• a solution that can not stand international competition and
interoperate with other solutions will not survive• e-government strategies is about open interfaces
AND HOW TO GET THEM ACCEPTED
7
Austrian E-Government Act• Basis for Identification and Authentication in
Electronic Communications with Public Bodies– Source Identification Number (sourcePIN)– Source PIN Register Authority– Unique Identification in Data files– Sector-Specific Personal Identifiers (ssPINs)– Official Signature– Submission of Electronic Records– E-delivery– E-Voting
http://www.cio.gv.at/egovernment/law/E-Gov_Act_endg_engl_Fassung1.pdf
e-n
oti
fica
tion
e-payment
e-delivery
secu
re s
ignin
g
e-banking with eps 2
filling in
the form
Lodging a new claim
withe-notification
form request
zustellung.gv.at
XML –form
8
Easy access for everyone• e-government forms styleguide
– standardised look and feel across administrative borders
– standard guidelines for forms– easy recognition for citizen– continual improvement by usability tests – http://reference.e-government.gv.at/
• WAI – Web Accessibility Initiative
Mag. Alexander Leiningen-Westerburg, MAS
citizen card concept• Identification
– The main goal with e-signatures in administration is identification
– serving the needs of administration– enhancing privacy
• Authentification• Integrity
– Data must not be modified
• Non Repudiaton
9
Mag. Alexander Leiningen-Westerburg, MAS
citizen card components• Two certificates
– Secure electronic signature– Encryption
• Security layer• Person binding by Source PIN• Data boxes
Mag. Alexander Leiningen-Westerburg, MAS
Source PIN Register Authority• Source PIN
– Personal source identification number is derived from the central register of residents an protected by strong encryption
– Non residents may get their Source PIN at an embassy• Legal persons or other non-natural persons may use
number of– Company Register, Central Register of Associations, or
Supplementary Register • Source PIN must be stored only
– On the citizen card– Source PIN Register authority
• Unique Identification in data files may be represented only in a Sector-specific identifier
10
Mag. Alexander Leiningen-Westerburg, MAS
Sector-specific identifier
Source PIN
Sector-specific identifier
irreversible derivationHASH-function
e.g. finance e.g. driving licence
No dragnet investigation possible
Sector-specific identifier
irreversible derivationHASH-function
Mag. Alexander Leiningen-Westerburg, MAS
identification and e-commerce• If identification serves good purposes in
e-government observing privacy, why should it not be used in the private sector
• Deriving synergies with businesses.• In order to identify natural persons in electronic
communications with a controller in the private sector (Paragraph 5(3) of the Datenschutzgesetz 2000), a specific number may be derived, using the citizen card (wbPK).
11
Mag. Alexander Leiningen-Westerburg, MAS
identification – electronic signature
WEB SERVICE
two components• card (ownership)• PIN (knowledge)
OR
http://meldung.wien.gv.at/egovMB/
Mag. Alexander Leiningen-Westerburg, MAS
making the use of e-signature easier• Europe has not really implemented the e-signature
guideline.• Signature has to be made significantly easier.• Using security tokens people allready have, might
help (banking cards, mobile phones..).• Until 31 December 2007, administrative signatures
may also be used in connection with citizen card functions and shall be treated in the same way as secure signatures.
12
Mag. Alexander Leiningen-Westerburg, MAS
SECURITY SERVER
citizen card functions with mobile phone
WEB SERVICE
three components• mobile (ownership)• PIN (knowledge)• security server (TTP)
Mag. Alexander Leiningen-Westerburg, MAS
how signatures with mobiles work
– the user faces a document to sign
– user chooses his method to sign (e.g. A1.net)
– system checks “this is the entitled user” (SMS-CODE)
– the external security module is enabled and performs signing process. The operator has no access to the keys.
1
2
3
4
5
13
Mag. Alexander Leiningen-Westerburg, MAS
e-payment
• E-payment has to complement the technology suite for e-government.– payment must be electronic to avoid physical
presence– legal procedures require payment to happen on the spot
• There is no special legal regulation needed.• As there are many methods for payment e-
government needs a standard that is open for any applicable method of payment.
EPS2 serves this purpose
Mag. Alexander Leiningen-Westerburg, MAS
e-payment by eps2
• payments are indipendent from applications • every payment system possible (E-Banking, Mobile Payment …)• trustworthy
– confirmation of payment can be printed– Full evidence, even if the e-government transaction failed
• e-business suitable
Application form
Continue the process
Request to pay
E-Payment
14
Mag. Alexander Leiningen-Westerburg, MAS
electronic delivery• NO e-mail delivery
– electronic addresses are transient• no official registry of electronic addresses• the same e-mail address might belong to a different person tomorrow.
• register with delivery – not with application• only one registration
– applications need not maintain delivery data • delivery to non applicants
– e.g. building: notification goes to persons that do not apply• security and trust
– this has to compare to conventional delivery methods
Mag. Alexander Leiningen-Westerburg, MAS
e-delivery
• comfortable• secure
– Encryption possible– Official signature
• cheap– Free (till end of 2005) – [today 7-8 € pro RSA Brief]– No media discontinuity
E-notfication
Public authority https://www.zustellung.gv.at
citizen
SMS, e-mail
Pickup ticketIdentified pickup
Nachrichten-Server
Optional printout
15
Mag. Alexander Leiningen-Westerburg, MAS
official signature• Electronic documents need the potential for being
authentic.• Even if printed on paper such documents must keep
validity.• electronic documents must be valid in various
environments• Electronic documents should look trustworthy to
anyone at first sight
Mag. Alexander Leiningen-Westerburg, MAS
date and time unique form id
logo validity hintsignature
value
signing person(function)
CA and serial number
16
Mag. Alexander Leiningen-Westerburg, MAS
the back office• ELAK im BUND• SAP• ZMR, ADR, GWR, ZVR, ….
Mag. Alexander Leiningen-Westerburg, MAS
ELAK im Bund• avoid paper in standard procedures• allow access – with enhanced identification
– from any place any time• integrate archiving (still to manage)• integrate forms from citizen to allow seamless
scaling• integrate further back office systems
(directories, SAP) for more efficient and moreaccurate application
17
Mag. Alexander Leiningen-Westerburg, MAS
ELAKBrief
Akt
Fax
Telefonat
Elektronisches Anbringen
Einlauf
Kanzlei
EDIAKT
•Registrierung•Scannen•Papierablage•Überprüfung Signatur
Kanzlei
Fachbereich
•Protokollierung•Zuteilung
Fachbereich
Kanzlei
Fachbereich
•Reinschrift•Beglaubigung•Abfertigung in Richtung Zustellsysteme
Elektronische Zustellung
Brief
E-G
overn
men
t S
chn
itts
telle
•Styleguide•Identifikation•Signatur•Zahlungsbest.
Standard-
Dokumenten-
register
•Festlegung von Aktenlauf/Fristen•Bearbeitung •Erledigung oder•Ablage
Mag. Alexander Leiningen-Westerburg, MAS
• goal– trust and security for citizens– quality control– mandatory list of technical documents
• voluntary commitment– free– Conformity may be controlled
• Awarding by the federal chancellary– run of validity - three years– Withdrawal possible
• Arbitration board– Only if technical criteria misatch
www.Guetesiegel.gv.at
18
Mag. Alexander Leiningen-Westerburg, MAS
e-participation
• e-participation – this is where technology meets politics
• there are considerable structural effects– digital divide– threat of manipulation– privacy aspects
• generally the perception of technology does not match the real world – e.g. e-government will face a much stricter security
demand than conventional systems
Mag. Alexander Leiningen-Westerburg, MAS
e-voting the first steps• technical protocols are there• scaling of technology has not really been
challenged• legal mechanisms are still not in sight – at
least in many countries• Which societies are ready?
– and will they stay ready?