Digital signature and e-government: legal framework and opportunities Raúl Rubio Baker & McKenzie
e-government concept Utilization of Information and Communication Technologies (ICTs) to improve and/or enhance on the efficiency and effectiveness of service delivery in the public sector Benefits Better communication with citizens Simplification Increased efficiency and productivity Greater transparency and accountability Greater citizen participation (edemocracy) Savings in paper and environmental responsibility Risks Lack of equality in the access to the public services (digital divide) Hyper-surveillance and lack of privacy Increased costs not managed efficiently False sense of transparency and accountability
e-government in a crisis and post-crisis context The underlying principle of e- government [ ] is to improve the internal workings of the public sector by reducing financial costs and transaction times so as to better integrate workflows and processes and enable effective resource utilization across the carious public sector agencies aiming for sustainable solutions (United Nations E-Government Survey 2012)
e-government global leaders* The to 20 countries have marginal differences among them in the level of e- government development The UN e-government assessment focused on the concept of integrated services, allowing back-office integration across governmental departments and strengthening institutional arrangements (one-stop-shop portals) Single sign-on integrated services on portals can organizationally transform public service delivery both on the front end and the back end (user-centric public service delivery) *According to the 2012 United Nations E-Government Survey
e-government trends and challenges Emerging leaders Digital identity Federated authentication and single sign-on solutions Cloud-based services Integrity of services Data security and privacy Regulatory environment Big Data
Digital Agenda for Europe Public Services Integrated in the Europe 2020 action plan As part of its strategy, the European Commission is taking concrete actions for the development of Crossborder Digital Public Services. These include the creation of European interoperable platforms such as a common framework for citizens' electronic identity management (eid). Work streams: European egovernment Action Plan 2011-2015 Large Scale Pilot Projects (CIP - PSP Programme) eparticipation projects Open government egovernment Studies - completed and on-going
Stork 2.0 Will contribute to the realization of a single European electronic identification and authentication area STORK is a platform which allows people to use their national electronic ID to establish new e-relations with foreign electronic services, which may be operated by public or private service providers. STORK 2.0 extends the STORK platform by allowing legal persons (such as companies) to be represented by natural persons. STORK only interconnects national infrastructures and allows the use of national electronic identities it has been built to also support decentralized identity management systems, or even private sector operated identity systems
Identification and authentication Identity management (IDM): a key element for the e-government Variety of digital means for constructing and managing the citizen's identity in e-government service relationships New EU regulation for electronic ID and trust services with this main objectives: Ensure that people and businesses can use their own national electronic identification schemes (eids) to access public services in other EU countries where eids are available Create an European internal market for ets by ensuring that they will work across borders and have the same legal status as traditional paper based processes
New European Regulation for electronic ID and trust services Sets the conditions under which Member States must recognize electronic means of identification of natural and legal persons of another Member State Sets standards for trust services, particularly for electronic transactions Establishes a legal framework for electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic delivery services recorded and certification services for authenticating websites.
New European Regulation for electronic ID and trust services Some remarks about concepts defined in the Regulation: Electronic identification: individuals, legal persons and individuals representing legal persons Advanced electronic signature: created using data from creation of the electronic signature that the signer can use with a high level of confidence, under its exclusive control Trust services: Creation, verification and validation of electronic signatures, electronic seals or electronic time stamps, registered electronic delivery services and certificates for these services Creation, verification and validation of certificates for authentication of web sites, Preserving signatures, stamps or electronic certificates for these services
New European Regulation for electronic ID and trust services Some remarks about concepts defined in the Regulation (ii): Electronic seal certificate: an electronic statement linking data validation of a stamp with a legal person and confirms the name of that person Registered delivery mail service: means a service that allows you to transmit data between third parties by electronic means and provides evidence relating to the management of data transmitted, including proof of sending and receiving data, and protects data transmitted against risks of loss, theft, damage or unauthorized alteration
New European Regulation for electronic ID and trust services Requirements for mutual recognition among Member States Identification system included in the list published by the Commission The security level of this electronic identification corresponds to a level of security equal to or greater than the level of security required by the public sector body to access the online service in the first Member State The public body uses a substantial or high level of security regarding the accessibility to this online service. Notification procedure for electronic identification systems
New European Regulation for electronic ID and trust services Security levels: Low, significant and high The Commission shall, by means of implementing acts, the minimum technical specifications, standards and procedures with reference to which the security levels low, high and important means of electronic identification shall be specified Security breaches Notifying Member State will suspend or revoke without undue delay such transboundary authentication or the parties concerned, and shall inform the other Member States and the Commission
New European Regulation for electronic ID and trust services Interoperability Notified national identification systems will be interoperable The interoperability framework must meet the following criteria: Being neutral from a technological point of view and not discriminate between specific national technical solutions for electronic identification within the Member State Shall comply with the international and European standards, where possible Facilitate the implementation of the principle of privacy by design Ensure that personal data is processed in accordance with Directive 95/46/EC
New European Regulation for electronic ID and trust services Supervisory body Member States shall designate a monitoring body established in their territory or subject to mutual agreement with another Member State, a monitoring body established in another Member State shall be responsible for oversight functions in the Member State making the appointment. Trusted Lists Each Member State shall establish, maintain and publish lists of trust with information regarding providers of trust with respect to which it is responsible, along with the information related to the services provided by them.
New European Regulation for electronic ID and trust services Label of confidence 'EU' for qualified trust services Before 1 July 2015 the Commission, by means of implementing acts, will draw up specifications for the form and presentation, composition, size and design of the label confidence 'EU' for qualified trust services.
New European Regulation for electronic ID and trust services Conclusions: New regulation for existing services in the market to avoid that their legal effect are denied More flexible system More coordinated More centralized
Baker & McKenzie s role in the context of the TUI Global agreement with Santander to provide Universities with regulatory and legal advice in the implementation of digital signature and trust services Baker & McKenzie covers the world over. With our expansive global footprint, our clients tell us they rely on our ability to provide a deep level of local expertise while ensuring a global perspective to their legal needs.