The individual management of online identity, as part of a wider politics of personal information, privacy, and dataveillance, is an area where public policy is developing and where the public sector attempts to intervene. This paper attempts to understand the strategies and methods through which the UK government and public sector is engaging in online identity management. The analysis is framed by the analytics of government (Dean 2010 ) and governmentality (Miller and Rose 2008 ). This approach draws attention to (...) the wide assemblage of public and private actors with shared regimes of practice and fields of visibility, as well as to the extent to which individual actors are made responsible for their own identity management. The paper also uses communication and discursive research to examine the potential failings of engagement efforts. Communication theory suggested that the assumption of individual responsibility, alongside linguistic distortions created by this way of understanding the problematic of identity management, complicate and fundamentally limit engagement activity. (shrink)

The article argues for a shift of perspective in identity management (IDM) research and development. Accessibility and usability issues affect identity management to such an extent that they demand a reframing and reformulation of basic designs and requirements of modern identity management systems. The rationale for the traditional design of identity management systems and mechanisms has been security concerns as defined in the field of security engineering. By default the highest security level has been recommended and implemented, often without taking (...) end-user needs and accessibility issues into serious consideration. The article provides a conceptual framework for inclusive IDM, a brief overview of the regulatory status of inclusive IDM and a taxonomy of inclusive identity management methods. Several widespread IDM approaches, methods and techniques are analyzed and discussed from the perspective of inclusive design. Several important challenges are identified and some ideas for solutions addressing the challenges are proposed and discussed. (shrink)

In this article, I argue that lawmakers must abandon their previous reluctance to engage with questions of personal identity (PI). While frequently seen as an esoteric subject, of limited interest outside of academic philosophy departments, I attempt to show that, in fact, assumptions about PI—and its durability in the face of certain psychological or genetic changes—underpin many current legal rules. This is most perhaps obviously exemplified with regard to reproductive technologies. Yet the Parfitian challenge to identify a victim of ‘bad’ (...) reproductive choices has been largely overlooked in framing legislative responses to such technologies. Furthermore, I argue, it is not only with regard to emerging technologies that questionable assumptions about PI play a role; legal responses to questions about the attribution of criminal responsibility, and about the treatment of demented or brain-injured people, necessitate a frank engagement with such questions. It may be, however, that a multi-faceted approach to PI, which takes account of genetic, psychological and social factors—will prove a better fit for the myriad needs of the legal system than any sort of ‘unified theory of identity’. (shrink)

Identity governance is an emerging concept for fine-grained conditional disclosure of identity information and enforcement of corresponding data handling policies. Although numerous technologies underlying identity management have been developed, people still have difficulty obtaining a clear picture of how their identity information is maintained, used, and propagated. An identity management framework is described for tracking the history of how a person’s identity information is handled after it is transferred across domains of control and for enforcing meta-policies related to managing identity (...) information distributed over the Internet. With this framework, organizations that manage identity information can improve accountability for their data practices and thereby increase their trustworthiness. The framework also enables users to control and optimize the propagation of their identity information in a user-centric manner. (shrink)

“Privacy as confidentiality” has been the dominant paradigm in computer science privacy research. Privacy Enhancing Technologies (PETs) that guarantee confidentiality of personal data or anonymous communication have resulted from such research. The objective of this paper is to show that such PETs are indispensable but are short of being the privacy solutions they sometimes claim to be given current day circumstances. Using perspectives from surveillance studies we will argue that the computer scientists’ conception of privacy through data or communication confidentiality (...) is techno-centric and displaces end-user perspectives and needs in surveillance societies. We will further show that the perspectives from surveillance studies also demand a critical review for their human-centric conception of information systems. Last, we rethink the position of PETs in a surveillance society and argue for the necessity of multiple paradigms for addressing privacy concerns in information systems design. (shrink)

Genetic information is becoming increasingly used in modern life, extending beyond medicine to familial history, forensics and more. Following this expansion of use, the effect of genetic information on people’s identity and ultimately people’s quality of life is being explored in a host of different disciplines. While a multidisciplinary approach is commendable and necessary, there is the potential for the multidisciplinarity to produce conceptual misconnection. That is, while experts in one field may understand their use of a term like ‘gene’, (...) ‘identity’ or ‘information’ for experts in another field, the same term may link to a distinctly different concept. These conceptual misconnections not only increase inefficiency in complex organisational practices, but can also have important ethical, legal and social consequences. This paper comes at the problem of conceptual misconnection by clarifying different uses of the terms ‘gene’, ‘identity’ and ‘information’. I start by looking at three different conceptions of the gene; the Instrumental, the Nominal and the Postgenomic Molecular. Secondly, a taxonomy of four different concepts of identity is presented; Numeric, Character, Group and Essentialised, and their use is clarified. A general concept of Information is introduced, and finally three distinct kinds of information are described. I then introduce Concept Creep as an ethical problem that arises from conceptual misconnections. The primary goal of this paper is to reduce the potential for conceptual misconnection when discussing genetic identity and genetic information. This is complimented by three secondary goals—1) to clarify what a conceptual misconnection is, 2) to explain why clarity of use is particularly important to discussions of genes, identity and information and 3) to show how concept creep between different uses of genetic identity and genetic information can have important ethical outcomes. (shrink)

The convergence of biomedical and information technology holds the potential to alter the discourses of identity, or as is argued here, to turn us inside out. The advent of digital networks makes it possible to ‘see inside’ people in ways not anticipated and thus create new performance arenas for the expression of identity. Drawing on the ideas of Butler and Foucault and theories of performativity, this paper examines a new context for human-computer interaction and articulates potentially disturbing issues with monitoring (...) health rather than wellbeing. It argues that by adopting explicitly social framings we can see beyond the idea of medical interventions for health to recognize the political implications of the new categorizations and their implementation in code. In the process, it critiques traditional ways of understanding machine-body relations within the field of technology design. (shrink)

IntroductionIDIS is a multidisciplinary journal with a focus on identity in the information society. The information society is usually associated with information and communication technologies, such as computers, mobile phones and the Internet, and with information in the form of computer- or human-readable data. In this special issue on genetics, information and identity, however, we focus on a different type of information, namely genetic information. The DNA of the human genome is often called a ‘blueprint’ of human life, containing information (...) that regulates—in various and very complex ways—most of the processes in human life. In this sense, genetics may well be considered an information technology in its own right.Genetic information is becoming ever more important in society, although current knowledge of the human genome and how the genome relates to human life is still limited. Nevertheless, what knowledge we have about the genetic make-up of people—whether in terms of congen .. (shrink)

The amount of personal data now collected through contemporary marketing practices is indicative of the shifting landscape of contemporary capitalism. Loyalty programs can be seen as one exemplar of this, using the ‘add-ons’ of ‘points’ and ‘miles’ to entice consumers into divulging a range of personal information. These consumers are subject to surveillance practices that have digitally identified them as significant in the eyes of a corporation, yet they are also part of a feedback loop subject to ongoing analysis. This (...) paper focuses on this analysis as the ‘cultural circuit’ of loyalty programs—the ongoing process of meaning-making in this form of contemporary marketing—as exemplary of what Nigel Thrift calls “soft capitalism”( 1997, 2005 ). Loyalty programs engage consumers in an ongoing ‘relationship’ with a corporation, yet it is one predicated on the collection and analysis of personal data in order to identify, maintain and increase profits from these consumer ‘relationships.’ This paper looks at ways of knowing, application and revision in the cultural circuit of loyalty program marketing as a form of reflexive marketing and raises concerns about consumer subjectivity in the context consumer culture that mediates much of contemporary experience. These technologies and practices continually adapt and adjust to strategically act toward consumers as a form of consumer surveillance based on an increasingly intensive and nuanced knowledge of their behaviours. (shrink)

The number of large research projects in the fields of identity, privacy and related topics has burgeoned in recent years. This is a development of great importance to academic scholarship but also to a wider range of audiences and ‘users’, including policy-makers and regulators, the information and communication technology industries, and the general public. New issues have been spotlighted as we move into what some call ‘surveillance societies’, along with a clearer sense of the problems created, and the advantages afforded, (...) by the ability of governments and businesses to identify people and groups, monitor and track their behaviour ad movements, provide them with services at home, in the workplace, online, and in the streets, and enable them to engage in important transactions involving flows of information as well as money. New ways of mitigating adverse effects and enhancing the benefits have been explored, although we are only near the beginning of thinking through and acting on .. (shrink)

This paper presents a framework for the design of human-centric identity management systems. Whilst many identity systems over the past few years have been labelled as _human-centred,_ we argue that the term has been appropriated by technologists to claim moral superiority of their products, and by system owners who confuse administrative convenience with benefits for users. The framework for human-centred identity presented here identifies a set of design properties that can impact the lived experience of the individuals whose identity is (...) being managed. These properties were identified through an analysis of public response to 15 historic national identity systems. They capture the practical design aspects of an identity system, from structural aspects that affect the flow of information - _Control Points, Subject Engagement, Identity Exposure, Population Coverage_—to the metrical aspects that considers how information is used and perceived—_Expert Interpretation, Population Comprehension, Information Accuracy, Information Stability, Subject Coupling, Information Polymorphism_. Any identity system can be described in terms of these fundamental properties, which affect individuals’ lived experience, and therefore help to determine the acceptance or rejection of such systems. We first apply each individual property within the context of two national identity systems—the UK DNA Database and the Austrian Citizen Card, and then also demonstrate the applicability of the framework within the contexts of two non-government identity platforms—Facebook and Phorm. Practitioners and researchers would make use of this framework by analysing an identity system in terms of the various properties, and the interactions between these properties within the context of use, thus allowing for the development of the potential impacts that the system has on the lived experience. (shrink)

This paper explores the intersections between national identity and the production of medical/population genomics in Mexico. The ongoing efforts to construct a Haplotype Map of Mexican genetic diversity offers a unique opportunity to illustrate and analyze the exchange between the historic-political narratives of nationalism, and the material culture of genomic science. Haplotypes are central actants in the search for medically significant SNP’s (single nucleotide polymorphisms), as well as powerful entities involved in the delimitation of ancestry, temporality and variability ( www.hapmap.org (...) ). By following the circulation of Haplotypes, light is shed on the alignments and discordances between socio-historical and bio-molecular mappings. The analysis is centred on the comparison between the genomic construction of time and ethnicity in the laboratory (through participant observation), and on the public mobilisation of a “Mexican Genome” and its wider political implications. Even though both: the scientific practice and the public discourse on medical/population genomics are traversed by notions of “admixture”, there are important distinctions to be made. In the public realm, the nationalist post-revolutionary ideas of Jose Vasconcelos, as expressed in his Cosmic Race ( 1925 ), still hold sway in the social imaginary. In contrast, admixture is treated as a complex, relative and probabilistic notion in laboratory practices. I argue that the relation between medical/population genomics and national identity is better understood as a process of re-articulation (Fullwiley Social Studies of Science 38:695, 2008 ), rather than coproduction (Reardon 2005 ) of social and natural orders. The evolving process of re-articulation conceals the novelty of medical/population genomics, aligning scientific facts in order to fit the temporal and ethnic grids of “Mestizaje”. But it is precisely the social and political work, that matches the emerging field of population genomics to the pre-existing projects of national identity, what is most revealing in order to understand the multiple and even subtle ways in which population genomics challenges the historical and identitarian frames of a “Mestizo” nation. (shrink)

Much legislation dealing with the uses of genetic information could be criticised for exceptionalising genetic information over other types of information personal to the individual. This paper contends that genetic exceptionalism clouds the issues, and precludes any real debate about the appropriate uses of genetic information. An alternative to “genetically exceptionalist” legislation is to “legislate for fairness”. This paper explores the “legislating for fairness” approach, and concludes that it demonstrates a fundamental misunderstanding of both how legislation is drafted, and how (...) it is interpreted. The uncomfortable conclusion is this: policy-makers and legislators must tackle head-on the difficult policy questions concerning what should and should not be done with genetic information. Only by confronting this crucial issue will they achieve a workable legislative solution to the problems caused by genetic information. (shrink)

In November, 2009, a prominent group of privacy professionals, business leaders, information technology specialists, and academics gathered in Madrid to discuss how the next set of threats to privacy could best be addressed.The event, Privacy by Design: The Definitive Workshop, was co-hosted by my office and that of the Israeli Law, Information and Technology Authority. It marked the latest step in a journey that I began in the 1990’s, when I first focused on enlisting the support of technologies that could (...) enhance privacy. Back then, privacy protection relied primarily upon legislation and regulatory frameworks—in an effort to offer remedies for data breaches, after they had occurred. As information technology became increasingly interconnected and the volume of personal information collected began to explode, it became clear that a new way of thinking about privacy was needed.Privacy-Enhancing Technologies paved the way for that new direction, highlighting how the universal pr .. (shrink)

Current advances in connectivity, sensor technology, computing power and the development of complex algorithms for processing health-related data are paving the way for the delivery of innovative long-term health care services in the future. Such technological developments will, in particular, assist the elderly and infirm to live independently, at home, for much longer periods. The home is, in fact, becoming a locus for health care innovation that may in the future compete with the hospital. However, along with these advances come (...) valid privacy and security questions arising from the fact that the data collected and transmitted through these technologies could also allow for individual monitoring as well as unauthorized access to critical diagnostic and other health data. (shrink)

The 2003 blackout in the northern and eastern U.S. and Canada which caused a $6 billion loss in economic revenue is one of many indicators that the current electrical grid is outdated. Not only must the grid become more reliable, it must also become more efficient, reduce its impact on the environment, incorporate alternative energy sources, allow for more consumer choices, and ensure cyber security. In effect, it must become smart. Significant investments in the billions of dollars are being made (...) to lay the infrastructure of the future Smart Grid. However, the authors argue that we must take great care not to sacrifice consumer privacy amidst an atmosphere of unbridled enthusiasm for electricity reform. Information proliferation, lax controls and insufficient oversight of this information could lead to unprecedented invasions of consumer privacy. Smart meters and smart appliances will constitute a data explosion of intimate details of daily life, and it is not yet clear who will have access to this information beyond a person’s utility provider. The authors of this paper urge the adoption of Dr. Ann Cavoukian’s conceptual model ‘SmartPrivacy’ to prevent potential invasions of privacy while ensuring full functionality of the Smart Grid. SmartPrivacy represents a broad arsenal of protections, encapsulating everything necessary to ensure that all of the personal information held by an organization is appropriately managed. These include: Privacy by Design; law, regulation and independent oversight; accountability and transparency; market forces, education and awareness; audit and control; data security; and fair information practices. Each of these elements is important, but the concept of Privacy by Design represents its sine qua non. When applying SmartPrivacy to the Smart Grid, not only will the grid be able to, for example, become increasingly resistant to attack and natural disasters—it will be able to do so while also becoming increasingly resistant to data leakage and breaches of personal information. The authors conclude that SmartPrivacy must be built into the Smart Grid during its current nascent stage, allowing for both consumer control of electricity consumption and consumer control of their personal information, which must go hand in hand. Doing so will ensure that consumer confidence and trust is gained, and that their participation in the Smart Grid contributes to the vision of creating a more efficient and environmentally friendly electrical grid, as well as one that is protective of privacy. This will result in a positive-sum outcome, where both environmental efficiency and privacy can coexist. (shrink)

An accountability-based privacy governance model is one where organizations are charged with societal objectives, such as using personal information in a manner that maintains individual autonomy and which protects individuals from social, financial and physical harms, while leaving the actual mechanisms for achieving those objectives to the organization. This paper discusses the essential elements of accountability identified by the Galway Accountability Project, with scholarship from the Centre for Information Policy Leadership at Hunton & Williams LLP. Conceptual _Privacy by Design_ principles (...) are offered as criteria for building privacy and accountability into organizational information management practices. The authors then provide an example of an organizational control process that uses the principles to implement the essential elements. Initially developed in the ‘90s to advance privacy-enhancing information and communication technologies, Dr. Ann Cavoukian has since expanded the application of _Privacy by Design_ principles to include business processes. (shrink)

Morgan et al. examine the notion of corporate citizenship and suggest that for it to be effective companies need to minimize harm and maximize benefits through its activities and, in so doing, take account of and be responsive to a full range of stakeholders. Specifically, they call for a “next generation” approach to corporate citizenship that embeds structures, systems, processes and policies into and across the company’s value chain. We take this notion of corporate citizenship and apply it to Privacy (...) by Design concepts in a value chain model. Privacy by Design is comprised of Seven Foundational Principles, and as we develop the Privacy by Design Value Chain, those principles are incorporated. First, we examine the primary activities in the value chain and consider each of these seven principles, and then we extend the analysis to the support activities. Finally, we consider privacy implications and the challenges to be faced in supply chain and federated environments. Designing privacy into the value chain model is a practical, business view of organizational and privacy issues. This puts privacy where it belongs in an organization—everywhere personal information exists. We conclude that further research is needed to consider the internal stakeholders’ communications among the various departments within an organization with the goal of better communications and shared values, and we believe the value chain approach helps to further this research agenda. Also, federated environments necessitate that organizations can “trust” their third parties providers. Research and case studies are needed regarding how these organizations can create value and competitive advantages by voluntarily providing their customers with privacy practice compliance reports. For the most part, the future is bright for the protection of personal information because solutions, not problems are being proposed, researched, developed and implemented. (shrink)

Built-in privacy has for too long been neglected by regulators. They have concentrated on reacting to violations of rules. Even imposing severe fines will however not address the basic issue that preventative privacy protection is much more meaningful. The paper discusses this in the context of the International Working Group on Data Protection in Telecommunications (“Berlin Group”) which has published numerous recommendations on privacy-compliant design of technical innovations. Social network services, road pricing schemes, and the distribution of digital media content (...) have figured prominently in the group’s latest working papers. More recently, a judgment of the European Court of Human Rights has thrown light on weaknesses in the protection of patients’ data in hospitals that requires urgent action by designers of IT systems. Built-in privacy is no magic button, no panacea, but it has turned out to be a necessary condition for meaningful privacy protection. (shrink)

An introductory message from Peter Hustinx, European Data Protection Supervisor, delivered at Privacy by Design: The Definitive Workshop. This presentation looks back at the origins of Privacy by Design, notably the publication of the first report on “Privacy Enhancing Technologies” by a joint team of the Information and Privacy Commissioner of Ontario, Canada and the Dutch Data Protection Authority in 1995. It looks ahead and adresses the question of how the promises of these concepts could be delivered in practice.

Pervasive, easy-to-use privacy services are keys to enabling users to maintain control of their private data in the online environment. This paper proposes (1) an online privacy lifecycle from the user perspective that drives and categorizes the development of these services, (2) a layered platform design solution for online privacy, (3) the evolution of the PeCAN (Personal Context Agent Networking) architecture to a platform for pervasively providing multiple contexts for user privacy preferences and online informational privacy services, and (4) use (...) of platform network effects for increasing wide-scale user adoption of privacy services. One implication of this paper’s concepts is that platform-mediated networks, which are reportedly the vehicles for most of the revenue earned by 60 of the world’s largest companies, and other platforms that commonly host millions of users, will not have to individually reinvent and manage sophisticated user services for privacy protection since universal privacy platforms can be layered on them in future. (shrink)

This paper introduces Nymity’s Privacy Risk Optimization Process (PROP), a process that enables the implementation of privacy into operational policies and procedures, which embodies in Privacy by Design for business practices. The PROP is based on the International Organization for Standardization (ISO) concept that risk can be positive and negative; and further defines Risk Optimization as a process whereby organizations strive to maximize positive risks and mitigate negative ones. The PROP uses these concepts to implement privacy into operational policies and (...) procedures. This paper was produced by Nymity and the Office of the Information and Privacy Commissioner of Ontario, Canada. It was presented by Terry McQuay, President of Nymity, at Privacy by Design: The Definitive Workshop, in Madrid, Spain, on November 2nd, 2009. The workshop was hosted by Dr. Ann Cavoukian, Information and Privacy Commissioner of Ontario, Canada, and Yoram Hacohen, Head of the Israeli Law, Information and Technology Authority. (shrink)

With the proliferation of networked electronic communication came daunting capabilities to collect, process, combine and store data, resulting in hitherto unseen transformational pressure on the concepts of trust, security and privacy as we know them. The Future Internet will bring about a world where real life will integrate physical and digital life. Technology development for data linking and mining, together with unseen data collection, will lead to unwarranted access to personal data, and hence, privacy intrusion. Trust and identity lie at (...) the basis of many human interactions and transactions, and societies have developed legitimate concern for privacy being essential for freedom and creativity. The burgeoning development of the Information Society, particularly during the past fifteen years, transcended the societal readiness to respond to the transformational change evoked by ICT. We have reached the eleventh hour for the preservation of trust and privacy as elements that can be transposed into our digital future. Europe has been at the forefront in recognizing the importance of privacy protection in relation to digital data, witness the advanced European legislation in this domain. The European Commission recognizes that appropriate measures need to combine technology development with legal means, user awareness and tools supporting data controllers to comply with law in an accountable and transparent way, and that empower users with a controlling stake in managing their personal data. Activities are underway at many levels. European RTD programmes play their role in supporting research in trustworthy ICT, privacy enhancing technologies, privacy-by-design in service layers as well as in networks, enabling technologies such as cryptography, and in generalized frameworks for trust and privacy-protective identity management. (shrink)

In view of rapid and dramatic technological change, it is important to take the special requirements of privacy protection into account early on, because new technological systems often contain hidden dangers which are very difficult to overcome after the basic design has been worked out. So it makes all the more sense to identify and examine possible data protection problems when designing new technology and to incorporate privacy protection into the overall design, instead of having to come up with laborious (...) and time-consuming “patches” later on. This approach is known as “_Privacy by Design_” (PbD). (shrink)

SmartData is a research program to develop web-based intelligent agents that will perform two tasks: securely store an individual’s personal and/or proprietary data, and protect the privacy and security of the data by only disclosing it in accordance with instructions authorized by the data subject. The vision consists of a web-based SmartData agent that would serve as an individual’s proxy in cyberspace to protect their personal or proprietary data. The SmartData agent (which ‘houses’ the data and its permitted uses) would (...) be transmitted to, or stored in a database, not the personal data itself. In effect, there would be no personal or proprietary raw data out in the open—it would instead be housed within a SmartData agent, much like we humans carry information in our heads; extending the analogy, it would be the human-like clone that would be transmitted or stored, not the raw data. The binary string representative of a SmartData agent would be located in local or central databases. Organizations requiring access to any of the data resident within the agent would query it once it had been activated. In this paper, we provide a preliminary overview of the SmartData concept, and describe the associated research and development that must be conducted in order to actualize this vision. (shrink)

With the proliferation of networked electronic communication came daunting capabilities to collect, process, combine and store data, resulting in hitherto unseen transformational pressure on the concepts of trust, security and privacy as we know them. The Future Internet will bring about a world where real life will integrate physical and digital life. Technology development for data linking and mining, together with unseen data collection, will lead to unwarranted access to personal data, and hence, privacy intrusion. Trust and identity lie at (...) the basis of many human interactions and transactions, and societies have developed legitimate concern for privacy being essential for freedom and creativity. The burgeoning development of the Information Society, particularly during the past fifteen years, transcended the societal readiness to respond to the transformational change evoked by ICT. We have reached the eleventh hour for the preservation of trust and privacy as elements that can be transposed into our digital future. Europe has been at the forefront in recognizing the importance of privacy protection in relation to digital data, witness the advanced European legislation in this domain. The European Commission recognizes that appropriate measures need to combine technology development with legal means, user awareness and tools supporting data controllers to comply with law in an accountable and transparent way, and that empower users with a controlling stake in managing their personal data. Activities are underway at many levels. European RTD programmes play their role in supporting research in trustworthy ICT, privacy enhancing technologies, privacy-by-design in service layers as well as in networks, enabling technologies such as cryptography, and in generalized frameworks for trust and privacy-protective identity management. (shrink)

National electronic identity (e-ID) card schemes and electronic identity management systems (e-IDMS) in Europe are characterised by considerable diversity. This contribution analyses the creation of a national e-IDMS in Austria with the aim of improving our understanding of the reasons behind the genesis of particular designs of national e-IDMS. It seeks to explain how the system’s specific design evolved and which factors shaped its appearance. Being part of a comparative four country study, a common theoretical framework is employed to allow (...) for a comparison of national e-IDMS in Austria, Belgium, Germany and Spain. It combines the approach of actor-centred institutionalism and the concept of path dependence in order to analyse the innovation process and to explain resulting key characteristics of the e-IDMS in Austria: a technology-neutral system with multiple tokens; an ID model based on the Central Register of Residents; a privacy concept using sector-specific personal identifiers. It is shown that innovation process and outcome are not only shaped by specific actor constellations dominated by strategic e-government bodies, but also by path dependence at three levels: technological, institutional and organisational. (shrink)

This paper reviews the history and current status of electronic identities (eID) and eID management in Sweden, including an outlook for the future. The paper is based on official policy documents, technical documentation, presentations by key experts, and comments from government agencies and independent experts. The future perspective is based on the October 2009 public investigation (SOU 2009:86) by the E-delegation. It is concluded that the E-delegation proposal, while still pending political decision, is a major step forward in terms of (...) making eID more established as an infrastructural element in the government electronic service program. (shrink)

This paper describes the introduction of a new electronic identity card including an electronic identity (EID) for local physical and online authentication in 2006. The most significant difference to any European country is the decentralized issuing at 256 police stations employing an automatic printing machine. This is the most visible element in a high degree continuation, as the previous paper based ID cards were also personalized and issued at the police stations. Similarly the attributes defining the identity and the legal (...) framework were not changed either. While there was some delay in the planning phase, the role-out of the new eID cards was rather smooth. At the end of 2009, approx. 13 Mio Spanish citizens out of more than 46.5 Mio inhabitants (www.ine.es) were in possession of an eID card. But this does not necessarily mean that they are using the eID function for online authentication. The reasons for this application gap will be discussed with reference to online tax declaration, where the eID so far covers less than one percent of all online declarations while authentication by software certificates still make up for 98 percent. (shrink)

The focus of this article is to explain why there is still no qualified digital signature in Denmark as defined by the EU eSignatures Directive nor any other nationwide eID even though Denmark had an early start in eGovernment, and a high level of e-readiness compared to other nations. Laying out the technological, organizational and legal dimensions of eID in Denmark, and comparing these with a number of other European countries made it possible to explain this paradox. Thus, the three (...) main reasons for the special route development has taken in Denmark seems to be concerns over privacy, lack of intergovernmental coordination and lack of cooperation between public and private sector. However, with the recent tender on digital signatures won by the PBS and the roll-out of the NemID it seems that Denmark will finally—after twenty years of delay—have an eID which can be widely used in the public as well as the private sector. (shrink)

This paper introduces the objectives and basic approach of a collaborative comparative research project on the introduction of national electronic Identity Management Systems (eIDMS) in Member States of the European Union. Altogether eight country case studies have been produced in two waves by researchers in the respective countries, which will be presented in the following articles in this special issue. The studies adopt a common conceptual framework and use the same terminology, which will be presented in this introduction, just as (...) the reasoning for the selection of the particular countries under investigation. The conceptual framework combines elements of actor centred institutionalism with path analysis, looking for path continuation, change or creation in the transition from the previous IDMS to an electronic one and explaining this as choices of actors in certain contexts. Information on the reasons for these choices in the first four cases has been collected from in depth interviews with key actors and in the four other cases from official documents. As the subject of this research is the transition of national identity management systems only countries have been included in which a national ID and a civil registry already exist before the introduction of the electronic elements, thus excluding the UK. (shrink)

A first comparison of the innovation processes of introducing electronic identities on a national level in Austria, Belgium, Germany and Spain, based on extensive expert interviews with key actors, has been amended by four more country reports from Denmark, Finland, Estonia and Sweden in order to check the validity of generalisations derived from the first four cases. The extended comparison with the four additional countries increases the variance between the eID systems in Europe by showing differing technical and organisational features, (...) such as purely software-based solutions, e.g. in Denmark, or complete outsourcing of the eIDMs, e.g. in Sweden. In the second part of the paper, the conceptual framework of the comparative study, a combination of path analysis, institutional actor theory and policy field analysis will be reflected. It has resulted in a fruitful approach allowing for the explanation of some, but by no means all, of the differences between the national eIDMs in Europe. (shrink)

This paper compares the four national electronic Identity Management Systems (eIDMS), which have been described in the previous chapters. The section Similarities and differences between four national eIDMS will highlight the differences between these systems conceived as socio-technical systems with regard to the eID itself, the eID cards as tokens, the authentication processes as well as the procedures for distribution and personalisation, the support provided for installing the technology and any provider-related regulation. The section A three-fold path dependency , according (...) to the conceptual framework presented in the introductory chapter to this special issue, compares the new electronic systems with the previous ones in each country, in order to assess the continuation or changes with regard to the organisational, technological and regulatory path of development. The following sections explain the differences between the paths chosen and the path-related changes by analysing the actor constellation of the institutional actors, in particular the policy field and the power structure, as well as the context in which the policy makers made their choices, looking at privacy and Staatsverständnis in particular. Finally the diffusion and usage of the eID function will be compared and analysed, discussing to what extent the new institution has made a contribution to solving the policy problem it was developed for, e.g. providing a stronger authentication in order to meet security concerns regarding e-government and e-commerce transactions and avoiding new privacy infringements. Using grounded theory, the explanations provided have the status of generalisations derived from the four cases. They have to be considered as hypotheses, which will be checked for other countries in the following papers of this special issue. The comparison of the four cases in this article shows a high degree of path dependency. Most of the differences between the new systems are just a continuation of differences between the previous systems although they are to solve the same problem and can draw on the same technologies. But most astonishing is the finding that these differences between the systems do not influence diffusion and use of the eID function in the respective countries. (shrink)

This article provides a critical view on the development and deployment phase of the e-ID in Belgium since 1999. It is based on extensive desk research and fifteen in depth-interviews with experts and stakeholders from government, administration, academia and industry who have been key in the development of the e-ID. The article identifies different elements that influenced, both in a positive and negative way, the societal, technical and political aspects of the Belgian e-ID. It shows that no severe problems occurred (...) during the initial deployment phase, which came to an end in 2009 providing over eight million Belgian citizens with an e-ID. The pre-existence of a National Register and the preliminary experiences with the exchange of digital information between administrative entities in the field of Social Security enabled and facilitated the development and the distribution of the e-ID. However, the research also reveals that usage of the e-ID by citizens and uptake of e-ID based services by administration and business remains limited due to multiple factors. The complex system of state structures in Belgium and as a consequence the dispersion of competences across different governmental entities makes that no unified approach to e-government and e-ID based services has been developed. From the industries’ point of view the privacy framework and the strictly regulated use of the National Registration Number provides no clear view on the allowed use of data accessible through the e-ID hampering take up in this area. (shrink)

The present paper summarizes the development of the national electronic Identity Management System (eIDMS) in Estonia according to a conceptual framework developed in an European comparative research project outlined in the first chapter of this special issue. Its main function is to amend the picture of the European eIDMS landscape by presenting a case with high involvement of the private sector and thereby checking the generalizations from the comparisons of Austria, Belgium, Germany and Spain, presented by Kubicek and Noack in (...) the previous chapter of this special issue. Starting with a short introduction into the historical background of identity documents in Estonia the national population register, the passport as well as the bank ID are described as the main pillars of the Estonian eIDMS, on which the national ID card builds on, which has been introduced in 2002. The technical features of the eID and the ID card are described in Section two as well as the areas of application and the processes for production and distribution. Section three presents the actors constellation, Section four the time line of the development process, starting from 1997. Section five deals with the diffusion and promotion of the ID card and the eID authentication function. After a very low and slow take up during the first 5 years due to a cooperation agreement between major banks, telecom operators and the government usage has increased. But still the authentication by Internet banks, which provides authentication services to third parties, including government, is the biggest competitor for the eID function on the national eID card. Only recently the major banks have announced to slowly fade out the password cards and PIN calculators as alternative modes of bank authentication. (shrink)

This chapter provides an analysis of the long process of introducing an electronic identity for online authentication in Germany. This process is described as a multi-facet innovation, involving actors from different policy fields shifting over time. The eID process started in the late ‘90s in the context of eGovernment and eCommerce with the legislation on e-signatures, which were supposed to allow for online authentication of citizens. When after 5 years it was recognized that this was not the case, a new (...) digital ID card, which had meanwhile been announced, was chosen as token for the eID. This process was dominated by the concerns for visual inspection and border control, including the storage of digital fingerprints. Under the leadership of the Ministry of the Interior (BMI) and technical guidance of the Federal Agency for Information Security (BSI), technical specifications have to a large extent been adopted from the electronic passport, which had been smoothly introduced 2 years before. However, in the legislative process some concern regarding digital fingerprints on the eID card was raised and led to an opt-in solution. In 2009, a bill on the new ID card was passed which regulates the eID function for online authentication as well. This is characterized as a radical innovation by introducing a double-sided, mutual authentication of the citizen and the service provider and implementing the principle of proportionality regarding the access of service providers to data on the chip. At the time of writing, field tests are conducted. Roll-out of the new eID card is to start in November 2010. Therefore no figures about adoption can be provided here. (shrink)

This chapter describes the introduction and diffusion of the Finnish Electronic Identity Card (FINEID card). FINEID establishes an electronic identity (eID), based on the civil registry and placed on an identity chip card issued by Finnish government to Finnish citizens and permanent residents from age 18 and older. It is a non-mandatory electronic identity card introduced in 1999 in order to replace the older citizen ID card. It serves as a travel document and is intended to facilitate access to eGovernment (...) services as well as offering a possibility to sign electronically. Therefore the chip contains two certificates: one for authentication purposes, and one for qualified signatures. The eID function had to compete with the already existing PIN/TAN based TUPAS standard for online authentication for eBanking, eCommerce and eGovernment applications, and has lost this battle by reaching less than one percent of all online authentications. The history, actor constellation, time line and barriers will be described and a few communalities and differences to other countries under study in this special issue will be highlighted. (shrink)