Accountable and transparent e-security : Austria – a role model for the EU ?

Del No 311

WP6 Transparency and Accountability

Working paper produced for the Challenge project CITI-CT-2004-506255

01/ 2009

Contact j.e.lodge@leeds.ac.uk

www.leeds.ac.uk/jmce www.jmecelab.wordpress.com

CONTENTS

SUMMARY

I. INTRODUCTION

II. E-INFORMATION EXCHANGE- THE GENERAL LEGAL FRAMEWORK CONCLUSION

Accountable and transparent e-security

Austria – a role model for the EU ?

SUMMARY

Austria and - in particular - the Austrian Administration of Justice can be seen as a European model when it comes to promoting the ideal of cross-departmental and secure cross border e-information exchange.

Many different legal measures have been initiated in order to further develop the existing legal framework for e-governance, secure processing of e-information, electronic legal communication, electronic documentation, electronic paperwork administration as well as e-information exchange. In addition, databases have been set up both for public and internal use and the expenditure on not only the general Austrian e-infrastructure but also on equipment and facilities for the public sector have reached a remarkable sum if compared to official figures such as the gross domestic product of Austria.

This paper reviews the major achievements of Austria regarding setting up a legal framework for e-information exchange for displaying options for other European states on how to proceed in respect to implementing a successful framework for e-information exchange with a view to realising inter-operability and further enhancing the discussion on the improvement of e-information exchange within Europe.

INTRODUCTION

As an authentication token and personal data source, a national eID card is a gateway to personal information. Any unwanted disclosure of personal information as a result of the issuance or use of the card constitutes a violation of the citizen’s privacy rights. Apart from considerations of fundamental rights, this is also a serious obstacle to the adoption of eID card schemes and to their cross-border interoperability.

Privacy Features of European eID Card Specifications

European Network and Information Security Agency (ENISA, 2009)

Introduction

The norms and values associated with the practice of transparency and accountability in democratic states in the EU have been severely tested and challenged by the steps and technologies introduced to facilitate communications and transactions in what was once called cyber-space. In particular, many governments have rolled out ‘egovernment’ and a series of measures on border controls that challenge our understanding of ‘border’, ‘personal data’, ‘control’ and legitimate exceptions to the practice of openness in the name of security. At the same time, the paradoxical implications of introducing ICTs to do one thing – augment the efficiency and expedite government service delivery to citizens – and their linkage to other purposes, partly as a result of the multifaceted functionalities of the technologies employed, places strains on the capacity and willingness of government authorities to minimise security exceptions. This is exemplified by the discourse of securitization, human rights and data protection. It is reflected at European level most clearly by rolling legislative proposals at EU level to define and redefine our understanding of technical terms and common terms like privacy used in new technological settings [1], the work of the European Data Protection Supervisor’s Office, and projected most robustly by the European Parliament, notably through its LIBE committee.

For their part, the EU member states’ governments have rolled out an e-agenda in very different ways, many claiming to have found the ‘magic’ solution to the problems associated with criminal activity to deceive and defraud through identity theft and malevolent intrusions and attacks on ICT systems and critical infrastructures. Several have proved themselves weak in managing the process of implementing egovernment, slack in oversight and ignorant of the potential of the new technologies and the cost of their continuing upgrading. Some proceed in the face of opposition to introduce technologies like e-identity cards on an ad hoc basis with inbuilt function creep. Others have tried to balance efficient, speedy service delivery with trust and transparency. This paper, drawing on a series of interviews conducted with Austrian officials, provides an example of one EU member state that, earlier this decade, had the potential to provide a model for the EU in this regard.

Austria took a holistic approach to rolling at egovernment, managed by a special ICT Unit (IKT-Bund) in the Federal Chancellery, coordinating egovernment at national, regional, provincial, municipal and local levels. The help of the „Kooperation-Bund-Länder-Städte-Gemeinden"unit was vital to boost cooperation and prepare the way for exploring interoperability. Initially, deicisions were regularly published (and can be accessed in the archives) but this is no longer common practice. Decisions are published to ensure compliance with the principle of transparency, at least of procedure and intent.

The provinces set up a reference server [2] to facilitate transparent communication between all levels on the technical issues, methodologies, and exchange of views. Austria’s federal set-up means that coordination among the lower levels is imperative to ensure effective, uniform implementation of egovernment, set priorities, and produce consensus before decisions are finally adopted.

Austria consciously sought to develop IT solutions for the development of a citizen card based on state of the art technology maximising tamper-proof design and personal data privacy and voluntary opt-in whereby a card becomes active when the citizen chooses to activate it. The aim was to minimise the possibility of malevolent or accidental data linkage, re-use and sharing. The objective was to allow the citizen to feel that he was in control of his personal data. The idea of a citizen card was not peculiar to Austria. Across the EU states (and further afield) states were supporting research into e-IDs for all citizens that would facilitate inter-operable use across services and, crucially, across borders. These were developed on an ad hoc basis among different member states according to very different designs and different emphasis on the balance between security and technical functionality [3]. Much attention centred on border management applications, machine readable chipped biometric visas and passports [4] for example, RFIDs and cryptography.

By 2009, half of the EU’s member states had some form of eID. The problem for all, however, is that once inter-operability is facilitated, the balance between security and privacy and between transparency of intent and transparency of effect are upset. Even the strongest systems on all counts are compromised by the weakest in the line. Moreover, the speed of technological innovation and changing government agenda exacerbate the problems of technical obsolescence. Whereas a few years ago, one state may have led the field, it can be rapidly overtaken. This mirrors the Austrian case. While governments may agree on the need for pan-European services and privacy enhancing technologies, their deliberations lag far behind the research and innovation. Their foresight roles, and the amount of support, they have been prepared to offer major pan-European government service projects (PEGS) [5] and especially STORK [6], are readily eclipsed by how the information exchange systems are built, secured and – above all – managed.

Effective management at all levels is the sine qua non of security : from the point at which a data inputter is recruited and throughout his working day, to the in-house, cross-company, local, regional, national and supranational data management practices. This is an extremely important cultural aspect of creating a balance between security of information and its exchange and personal data protection that is all too often overlooked. The ‘transparency culture’ creates expectations among data managers and citizens and projects technical conditions that industry developers have to address in order to win contracts. That has not been the case to date with the result that ‘security features’ on ID cards to minimise multi-purpose data re-use (without the data subject’s explicit consent) have not been sufficiently addressed or ‘baked-in’. This means that different technical specifications for cards make the data on them more or less vulnerable to theft (and therefore to being used for secondary, criminal purposes) and to being used for purposes other than those for which they were first created. Multi-purpose use of e-Ids for accessing different services is wanted by some governments, and for different, sometimes mixed purposes, by private sector agencies. What the Austrian example reveals is an attempt to construct a system which met the ideals but which, latterly perhaps for want of sufficient continuing government commitment of resources and political will, slipped from being a model for Europe, to being a lesson in how swiftly the lead position shifts, and how long it takes to move from initial innovative ideas to facilitating operational interoperability.

Overall, this means that there must be political guidance, bolstered by legal norms and appropriate laws, to determine technical requirements that prioritise personal data privacy over large-scale inter-operability with all that implies for multi-purpose eIDs. This in turn demands constant vigilance and updating of the law, strong oversight over continuous updating of existing systems and a politico-management culture that enforces this on a daily basis. The reality today, however, remains one of ad hocism and incremental glue-ons. Joined-up thinking has been elusive. This happens not because of any conspiracy or because of the primacy of commerce over common sense applications of technology, but because of ignorance, sloppy management and a sometimes casual approach to risk coupled with an unwillingness to put sufficient resources behind shoring up personal data privacy. In the rush to get citizens online, often as a prelude to introducing eIDs, successful information management was a low priority. Yet, Austria shows that ethical information management culture are an essential precondition to having due regard to both technical security and personal data privacy – to balancing security with liberty.

THE STARTING POINT

Getting Austria online

In 2003, more than a third of Austrian households had internet access. A recent study shows that this number has experienced exponential growth, doubling to 67 per cent within the past four years. [7] Among internet users in 2003 over a third already used e-government applications. [8] This number has risen considerably in the meantime as well. [9] Several federal infrastructure measures, such as the special directive «Broadband Initiative» or the «WLAN Initiative» of the Federal Chancellery, can be seen as the driving force for the latter increase, and initiative to boost internet accessibility from the 2003 level to 80 per cent coverage. [10] With government support, Austria topped the league of European states in terms of online readiness in 2006, and was among the top in terms of public internet access. This is all the more remarkable if one takes the geographic realities into account, namely the fact that Austria has many scarcely populated remote rural areas, the population of which nevertheless amounts to a considerable part of the whole Austrian population. In order to achieve a uniform development, group and coordinate the different measures and campaigns, collect the respective information and involve all relevant players, Austria’s Federal Chancellor Dr. Schüssel initiated the task force «Digital Platform Austria» in 2003. [11] While major organisational change typically takes a relatively long time to implement [12], Austria’s ‘readiness’ suggested it would be among the first to be able to achieve interoperability both within Austria regarding civil transactions (taxation, vehicle registration, land registration, etc) and across border through its early involvement in cross-border e-information exchange designed to test out the feasibility of and barriers to interoperability.

However, internet access and actual use of egovernment services are not the same thing. The first is perhaps a necessary but not sufficient condition for citizens to use egovernment portals in order to conduct egovernment transactions of the kind that governments across the EU have applauded as essential to enhancing efficient, cheaper and more effective and convenient e-administration service delivery. The levels of use of e-government by Austrian households has increased, but so crucially has the scope and availability of governmental online services, databases and information. This is due to the fact that the Austrian government and, first and foremost, the Austrian Administration of Justice have initiated several projects that further e-information exchange.

These projects embrace several levels of e-information exchange which fall into two core sub-categories. On the one hand, are projects that fall into the category of e-information exchange between private households and Austrian authorities. This occurs through the provision of information and public or governmental services by the Austrian government. On the other hand, is internal e-information exchange among government departments and public authorities, sometimes called ‘e-administration in the large’.

This paper first outlines the legal framework that enables e-information exchange within Austria in general. It then attempts to clarify e-information exchange between Austrian government departments, drawing on the extensive variety of current developments in e-information exchange. It is not possible to list them conclusively. [13] The following examples provide an overview of the existing framework.

II. E-INFORMATION EXCHANGE- THE GENERAL LEGAL FRAMEWORK

A secure and efficient use of e-government applications requires both high-level technical functionality and a legal framework which guarantees that government services are available and, on the other hand, that their use is secure. Hence, the implementation of the technical environment had to be preceded by the promulgation of the necessary legal provisions. A key consideration is that of transparency and openness. This is reflected both in the law, practical administration and implementation of egovernment services and in the administrative civic and political cultures [14]. The Govenment has been receptive to the inclusion of user-generated content, using Web2.0 features, and to implementing and promoting state-of-the-art technologies to provide effective, best-possible and transparent egovernment. This spirit of openness to technological innovation in the name of transparent government was both exemplary and conditional. Exemplary in avoiding the suspicion of egovernment as an intrusive tool of a ‘surveillance society’ (as in the UK); and transparent in encouraging easy-to-access and easy-to-use services making at least one aspect of government business open, trackable and transparent to users. It was conditional, however, on both continuing financial investment in the essential, ongoing technical upgrading and attendant innovation, and in a shared, cross-party commitment to facilitating that for as long as egovernment service delivery rolled into the future.

Over the past eight years, several laws providing the spokes for the umbrella of a secure, transparent and efficient e-information exchange have entered into force. Supplementary initiatives are initiatives underway designed to make their reach more comprehensive.

All initiatives are based on the predominant federal principle and thus provide for an equal distribution of competences and responsibilities at different levels. The purpose is to maintain as much efficiency and transparency while enabling a fast processing of requests. This is to be achieved through optimising communication both between authorities and the population on the one hand, and on the other among inter-departmental or intra- departmental levels respectively.

The 2004 Austrian E-Government Act [15] provides the foundation for the legal framework of e-information exchange in Austria. It was approved by the Council of Ministers in October 2003 and entered into force on 1 March 2004. It contains a definitive regulation of all aspects of e-government. It aims to ensure and promote the provision of effective services, and to maintain transparency. It has a clear focus on citizen needs : the needs of the respective customers - namely the Austrian population. Furthermore, it is based on three guiding principles:-

freedom of choice in respect to communication with official authorities;

provision of security and data protection in respect to electronic communication via the development of effective technical tools such as a citizen card. It verifies the identity of the citizen user when he accesses the public service interface; and the provision of access to information and services free of barriers for handicapped citizens by securing the compliance with international standards in respect to web access. [16]

Accordingly, Article 1 of the Austrian E-Government Act stipulates that the Act seeks to promote legally relevant electronic communication as the predominant principle. Part II of the Act addresses the identification and authentication in electronic communications with public bodies. This part provides for the introduction of a citizen card which, according to Article 4 of the Austrian E-Government Act, serves to validate the unique identity of a person making a submission and the authenticity of a submission made electronically in procedures for which a controller in the public sector has set up a technical environment in which the citizen card can be used. This creates a source identification number which, under Article 5 of the Austrian E-Government Act, is derived from a person’s registration number in the Central Register of Residents and so helps to uniquely identify the respective user. This serves two purposes : first that of verifying the authenticity of the implied claim of the user to be who he claims to be, and second that of protecting his number and the personal information associated with it against any form of undue disclosure. This therefore respects the ethical principles of data minimisation and purpose limitation.

Part III and IV of the Austrian E-Government Act deal with the use of the citizen card functions in the private sector and the electronic validation of data.

Two components of this Act can in particular be seen as a major achievement: the citizen card and the establishment of an electronic file which enables a one-stop principle in respect to any contact citizens may have with public authorities. [17] The underlying objectives of creating e-administrative public service delivery that is secure, accessible and transparent are observed. The implicit facilitator – the Central Register of Residents – having already been set up, simplifies the adoption and implementation of the necessary tools, including the citizen card. Indeed, this is a pre-requisite for ready acceptance of the tool, and one which is undoubtedly helped by the permissive acquiescence of the public towards public administration. That is something that is absent in other states where a more cynical or sceptical view of public administrations exist.

The permissive acquiescence arguably means that citizens are less concerned about potential data protection risks inherent in the roll-out of new services and ICT automatic information exchange.

Apart from the obvious dangers of weak, imperfect, obsolete data storage, processing or inadvertent or deliberate disclosure of personal data, the risks of personal data being used fraudulently or abused by aggressive mining and/or marketing techniques cannot by under-estimated. While government processes should be transparent and open in the sense of being understandable and easy to follow by citizens having to follow them in order to access public services, the counterpart concept and realisation of the fully transparent citizen does not boost the security and integrity of individual e-identity, as captured by the e-tool of the citizen card.

The Austrian E-Government Act seeks to provide legal protection against data abuse by government authorities by regulating access rights procedurally and technically. Procedurally, the Act limits the right to handle personal data to a few authorised, ‘competent’ authorities. Technically, access is regulated through encryption. Data is encrypted and each authority can only combine the data by virtue of a specific code (the so-called source pin : ssPIN). This is a derivation of the source code (which in turn is the unique identification code of a natural person). It does not allow for de-cryption by non-authorized authorities. Article 12 of the E-Government Act guarantees protection of personal identity. Inter alia, it stipulates that ‘the use of the source identification number of natural persons in order to generate the ssPIN may not give rise to any storage of the source identification number outside of the generation process’. Furthermore, the ssPINs are generated by irreversible derivations from the source identification number according to Article 13 of the E-Government Act. Hence, even an accidental or deliberate disclosure of data by one authority would not entail the possibility of readily and easily matching this data to a natural person. [18]

A further technical and procedural check is provided by authenticating and validating the identity (and hence the legitimacy) of the person in the public authority seeking to access a citizen’s data. The E-Government Act is based on the regulations of the Austrian Data Protection Act 2000 [19]. In the context of electronic communications with controllers in the public sector within the meaning of Article 5(2) of the Data Protection Act 2000, rights of access to personal data, in which there is a protected interest in confidentiality within the meaning of Article 1(1) of the Data Protection Act 2000, may be granted only where the unique identity of the person desiring access and the authenticity of his request have been validated. Such validation must be provided in a form which can be verified electronically.

The objective is therefore to improve the security of personal data and ensure that the introduction of the card does not occasion data protection issues and challenges regarding data use by government authorities from a legal point of view. The government claims that the various identity PINs provide greater data protection compared to traditional snail mail or face to face systems owing to the resultant data minimisation arising from the respective authorities solely accessing information necessary for the specific purpose of processing their services. This limits, and therefore makes, the disclosure of more data unnecessary.

The concept of the one-stop shop citizen card

Because the citizen card is designed to be a card allowing multiple types of transactions, (eg commerce, insurance), it is not restricted to government service transactions. Consequently, technical and legal means of protection are built into the legislation to guard against the disclosure of personal data to non-governmental third parties. The E-Government Act explicitly addresses possible use of the citizen card for private (e.g. commercial) purposes, and provides for a broad scope of protection, prohibiting the disclosure of data by government authorities to third parties. This is an important element designed to observe principles of purpose limitation and guard against ad hoc function creep. Indeed, an official list of participating departments and agencies exists that the public can check. [20] Moreover, Article 15 (2) of the E-Government Act stipulates that the source PIN of the data subject may not be made available to a controller in the private sector by way of the citizen card functions at any time during the generation of the ssPIN.

Encryption and verification are effected by the latest – state of the art – encryption technology. The security procedures not only embrace secure backlinking or several levels of encryption but also the use of electronic signatures and hash functions. The aim is to minimise the risk of malevolent intrusion, identity theft and fraud, and to meet the requirements of the EU Article 29 committee [21]. At the same time, there is an underlying recognition that no system is completely secure and that privacy is always affected by online and citizen card activity since all leave ‘traces’. The critical issue is therefore one of what use can be made of that ‘trace’ and how much information is left behind that is surplus to the specific requirement of the transaction; and whether or not it is desirable and technical feasible [22] to adopt a common approach to managing intrusion.

What is striking in the Austrian case is that such potential negative spin-offs are counter-balanced in the official and public discourse by their acceptance relative to the gain online access to governmental services brings to the citizen and to the state. It is assumed that the individual bears some responsibility for his own security and that the state cannot be expected to function (except as an undesirable nanny state) if it is tasked with dealing with the details of individual security.

Furthermore, the E-Government Act includes numerous sanctions to boost the criminal law with penalties for the unlawful use of personal data: Article 22 of the E-Government Act provides for a fine of up to EUR 20.000 for:

obtaining the source identification number or ssPIN of a natural person with a view to using them in order to acquire unlawfully personal data of the data subject (Art 22 (1) No. 1), storing or using an ssPIN of another controller in the private sector without authorisation (Art 22 (1) No. 2), making available to other controllers in the private sector an ssPIN derived from his own source identification number in a manner prohibited under Art 8 of the Data Protection Act 2000 (Art 22 (1) No. 3), using an ssPIN in order to supply third parties with data concerning a registered domicile of the data subject (Art 22 (1) No. 4)

or using or purporting to use an official signature contrary to Art 19(2) of the E-Government Act [23] (Art 22 (1) No. 5).

In addition, this sanction contains a further peculiarity. The local administrative authority is authorized to penalise the above offences. This thereby lightens the potential burden of the prosecution service but guarantees an effective and in particular swift procedure to sanction breaches :an offence is penalised on a subsidiary level, namely at the ‘scene of the crime’.

The E-Government Act, both in respect to legal and technical issues, provides a robust legal framework to protect individuals against the disclosure of personal data to non-authorised third parties. [24] This is in line with the Austrian government’s concern that e-information exchange should be effected to ensure administrative efficiency gains without compromising individual security and data privacy. The approach is not to push an agenda where political claims derived from prioritising efficiency are traded-off against personal data security but by one informed by balancing two requirements. This has been at the heart of the programme ab initio. The Electronic Legal Communication (ELC) programme initiated in 1990 set the standard. By 2009, it had replaced traditional communication for the most part. In 2007, 85 per cent of all summary proceedings (some 7 million transmissions) were e-communications. Electronic communication with the courts is based on both SSL and certificates, providing for secure transmission of documents, supported by a robust security architecture and semantic repository.

The Austrian E-Government Act complements the Federal Act on electronic signature. [25]

The latter sets out the legal framework for the creation and use of electronic signatures as well as the provision of services in respect of signatures and certificates. Article 4 stipulates that the use of an electronic signature replaces the requirement of a signature by hand for numerous several legal transactions, with the exceptions that cover probate matters, wills, guarantees conveyances or legal transactions which have to be authenticated by a notary public.

The Act also provides for the provision of certificates by private certification service providers. This is logical given that the Austrian approach to digital governance included private actors from the start. Much of the security architecture and technology used has been developed by the German software company SAP and the Austrian Telekom played a crucial role in the course of the development of the platform «Digitales Österreich». Such companies have to comply with regulations set out in Article 6 et sequitur of the Act on electronic signature. This Act also reflects attention to the issues of transparency and accountability. It provides for the establishment of an independent control authority, the so-called «Telekom-Control-Kommission» (Art.13). This authority has extensive supervisory and control powers vis-a-vis the certification service providers. It can prohibit the use of certain mechanisms and technical features and even ban the provision of such services.

Furthermore, bolstered by the more general provisions of the 2000 Data Protection Act, the Act contains detailed regulations covering technical security requirements (Art.18 of the Act on electronic signature as well as special regulations on the protection of personal data, Art. 22 of the Act on electronic signature). Moreover, the Act includes an explicit basis for a claim against certification service providers. Article 23 of the Act on electronic signature clearly sets out the scope of liability and thereby renders the complicated process of the evolution of jurisprudence in this respect unnecessary. Finally the Act provides for the recognition of foreign – and in particular European – certification service providers under Article 24.

The introduction of this Act clarified the legal assessment of electronic legal transactions. However, it provides but a framework which needs to be reviewed, re-evaluated and constantly updated to keep pace with technological innovation. [26] Nevertheless, the comparatively early introduction of the Act on electronic signature enabled a gradual habituation and thus a continuous expansion of the legal framework contemporaneously with the emergence and the further development of technical innovations in respect to electronic communications.

In addition, there have been several changes regarding Austrian law on legal procedures designed to facilitate adjustment to the innovations occasioned by rolling out e-governance. The ‘Berufsrecht Änderungsgesetz’ (Amendment to law on Professions) enabled lawyers, notaries and civil technicians to create public documents using electronic signatures in the course of their work, and a special electronic legalization signature. This was further supported by a programme of e-judicial cooperation (e-justice). The development of automated court procedures, facilitating automatic information exchange was boosted by the REDESIGN project to enable the electronic administration of court cases, from the rogatory letters onwards, through the electronic dispatch of letters to national insurance enquiries, online help and an Interface to the Edict File. The system has 6,000 internal users and covers more than three million cases and eleven million transactions. [27] The relatively early introduction in 1990 of electronic legal communication allows both for the submission of any written documents in respect to legal procedures and the automatic transfer of procedural data. The development of an intranet portal for all judicial administrators gives fast access to all relevant data, such as collections of forms and decrees, the prison regime and the maintenance of the edict file. Furthermore, several changes in respect to the law on servicing were enacted to include the possibility of electronic servicing. This is effected via an officially authorised servicing service provider. In turn, it provides a registration service for citizens and companies prepared to accept electronic servicing. The registration process requires the use of the citizen card. These, and several complementary initiatives to get citizens online, [28] complete a legal and technical environment for the successful realisation of a workable e-information exchange system within Austria. They have been further amended and improved by the introduction of a best practice and a quality mark system. The former covers the application of a subsidiary system in respect to the provision of services by improving services at a municipal level [29]. The latter includes the a kite-mark system to enhance the visibility and recognisability of companies and authorities enjoying level of trust. The trustworthiness kitemark is given to any company or administrative unit using standards and technologies that are recognised and verified in accordance with the legal provisions on e-governance. This is a symbol of openness and trust designed as a two-way process of accountability : citizens can see and check who is ‘trusted’, considered officially ‘reliable and secure’, and complies with specific standards and make decisions accordingly. The effect is the development of mutual trust in e-information exchange in a system that is designed with a secure architecture that guarantees trustworthy and reliable applications, complete with accountable transparency and legal sanctions.

The Austrian system is clearly founded on a public service information management culture. From the start, it tried to maximise the usefulness of the card to citizens (something that would encourage designing a one-stop shop, multi-purpose/infinite purpose expandable functionality eID) with a security architecture to minimise technical vulnerability to non-authorised, non-authenticated and even malevolent use and theft. The strongest safeguard for the individual in this system in the certificate authenticating identity. Any attempt to alter primary data on the card (personal details such as address, etc) is technically feasible but does not occur in practice as it results in certificate revocation and the need to replace the card. The public authorities can carry out ‘house-keeping’ functions, and there is provision for more data to be added [30]. However, the Austrian authorities have tried also to make data linkage more difficult. [31]

Notwithstanding all these achievements there are still several security issues - in particular in respect to the protection of personal data - which will have to be addressed in the future. Even though Austrian procedures and technologies suggest that its has management systems in place that do not open it to the same level of risks notorious in the data loss cases in the United Kingdom in 2006-8, it cannot be assumed that everything can be taken for granted. Systems are subject to malevolent intrusions, attacks and criminal activity.

Austrian citizens have generally accepted the citizen card for accessing both government services, and commercial and banking services. Banks and telecom operators equipped bank and telephone cards with citizen card functions. [32] In 2006 while only four percent of Austrians had activated their citizen card, 63% were prepared to do so, and a third were not interested in doing so in the near future, possibly because they did not have sufficient access to the net or broadband. [33] In addition, more than two thirds of the activated cards were used in 2006. Growth since then led the government and private sector to pronounce the citizen card a successful innovation. The idea of citizens being able to pay for goods transacted on mobile phones has been explored, as in England, but major players are not yet sufficiently satisfied with the technology for it to be widespread.

There continues to be wide differences among countries over the use of biometric data for authenticating identity. Outside the EU, Brazil has moved towards the use of biometric IDs to verify the identity of would-be voters, capturing up to ten fingerprints. This is viewed with more scepticism and as a potentially intrusive technology open to abuse by unknown actors in many EU states. The more recent plan of the Austrian Health Minister to include biometric data on the e-card used for accessing health services encountered resistance, and has been fiercely attacked as compromising personal privacy. [34] Currently, biometric data are not stored on Austrian citizen cards. The principles of data minimisation and purpose limitation seem to be open to compromise and function creep. As a result, the picture of trust, acceptance, openness and accountability that is associated with the roll-out of automated e-information exchange in Austria, is changing.

The trustworthiness of the assumed balance between a workable system and privacy issues is open to dispute. The role of commercial companies - such as the certification service providers – and outsourcing is no longer seen as necessarily providing sufficient safeguards for personal data privacy. In particular, the out-sourcing of data handling to non-Austrian companies has been criticised because it undermines Austrian government control over the e-information system. This is due to the fact that the enforcement of sanctions outside Austrian boundaries does not only lead to a conflict of laws but might also lead to a conflict of policies.

CONCLUSION

Austria paved the way initially as a role model in realising the goals of eEurope Action Programme, in the sense of the 2000 Lisbon strategy, notably rsepcting e-information exchange both between government departments and between the Austrian state and its citizens. The Government took the challenge of balancing technical feasibility and innovation with legal guarantees seriously from the start. A thorough legal framework has been created and an impressive technical infrastructure has been set up. The most important factor, however, is the fact that the creators of the security architecture for the Austrian system seem to never have lost sight of a crucial guiding principle: namely developing a transparent system aligned to the needs and interests of its citizens, that combines ease of use with accessibility, comprehensive and speedy service delivery with a high level of security. Hence, it is not surprising that the Austrian system has received numerous awards.

Nevertheless, this system – like all egovernment systems – must be continually updated to maintain both high quality standards and citizen trust. Informed public debate over controversial issues – such as the use of biometrics – is just as necessary as a further development of the technical and legal environment. This discussion should not only take place on a national level but also include other EU states. This would allow others to learn from Austrian experience and expertise and provide the kind of open feedback to inspire greater innovation and improvements. If Austria has ICT ‘solutions’ (like –ejustice and its underlying semantic repositories) that can augment security in e-transactions, not simply for citizen cards and judicial services within one state, then their utility for cross-border information exchanges needs to be demonstrated. The scope for doing so grows daily as the EU’s agencies to manage the common external border of the European Union have ever-greater demands put on them and needs for swift data exchange in order to realise EU policy goals openly, accountably and in ways trusted by EU citizens. The contextualisation of the discourse also shows that separating discussion from the ambiguities and misinterpretation of a surveillance (in)security discourse has some advantages. However, it does not disguise the inherent risk that a technological application ostensibly developed for one purpose could be readily used for another without sufficient, open, transparent debate taking place and so risk compromising trust and the legitimacy of the goals the new tools are designed to meet. The nature of openness and trust has changed along with (in)security.

eID use

eIDM system Potential user base Actual penetration Actual use Bank cards About 7 million3 About 6,5 million bank cards in use4 (almost 80% of the population) 55.000 bank cards activated beginning of 20065 No public data for 2007 known. Health insurance card About 9 million6 9 million (100 %) 13.000 active cards as of March 2007 Mobile phone About 7 million7 110%8 No statistics are publicly available Federal public servant service cards 133.000 federal civil servants9 12.000 service cards issued by the Federal Ministry of Finance 12.000 (all service cards of the Federal Ministry of Finance)

Source: IDABC, May 2008

http://ec.europa.eu/idabc/servlets/Doc?id=31519