View
126
Download
4
Embed Size (px)
DESCRIPTION
VERDIKT conference 2013
Citation preview
Possibilities and challenges in thedevelopment and use of secure eID
– Experiences from Sweden
Karin Axelsson
Professor in Information SystemsDepartment of Management and Engineering
Linköping University
e-ID – A small technical artefact?
2
In one sense, yes – but we should not underestimate its
contextual and organizational complexity
Agenda
• Background and introduction to e-ID developmentand use
• The problem in focus
• Research approach and case introduction
• The Swedish program and a case study in health care
• Analyzing the management of the e-ID developmentcase
• From a life-cycle perspective and a CSF perspective
• Conclusions
• Further research
Background and introduction
• e-ID is a key enabler for the secure identification,authentication and digital signing via the Internet
• A part of secure e-service design (European Commission,2010; Halperin and Backhouse, 2008; Price, 2008; Rössler, 2008)
• As digitized citizens, we become reliant on e-IDsolutions that give us a certain level of utility andtrust when we interact with local and centralgovernment (Collings, 2008) in an e-service context
• In digitizing Europe e-ID is regarded as an importantback-office enabler for launching e-services andtransforming government (European Commission, 2010)
The problem in focus
• Developing, implementing and managing public e-services and secure e-ID solutions are challenging
• Require coordination and management
• Include people, processes and technology
• Stresses the complexities and interwoven characterof the e-ID as an artefact in an e-service setting andin an institutional arrangement
• Can be governed by an active role of thegovernment, and/or managed by market drivensolutions (cf. Grönlund, 2010; Kubicek, 2010)
The problem in focus
• Several e-government initiatives face a number ofchallenges of complexity; calls for further studies (Irani
et al., 2007; Gil-García and Pardo, 2005; Rosacker and Olson, 2008)
• e-ID as a contemporary example
• An important issue for IS project management ande-government, in practice and research
• To understand how we organize initiatives like thisand why some initiatives progress to success whileothers end in failure (e.g. Heeks and Stanforth, 2007; Melin and
Axelsson, 2009)
Purpose and research questions
• To analyse the management of e-ID development inSweden from:
• an e-government systems development life-cycleperspective and
• a project challenge and CSF perspective
• What challenges and success factors are representedin a national e-ID development initiative?
• How can we judge the success/failure of an e-IDinitiative using a life-cycle framework?
• What can we learn from the management ofdevelopment of e-ID in a public e-service context ona program level?
• Illustrate the implementation process in health care
WebCare_L19800819-0123
Research design• A qualitative, longitudinal case study
• Two cases today: the national development and animplementation case
• The study is part of a larger project focusing e-ID in a publice-service setting (2011-2014), financed by the Swedish CivilContingencies Agency
• Future safe electronic identification
• eID in government agencies
• eID in schools
• eID in health sector
• Interviews
• Document studies
• Forums for presentations and discussions
• Hearings, meetings with the Swedish e-ID Board,practitioners’ networks events and documents, scientificconferences
e-ID development in Sweden – Phase 1
• The emergence of the present national public e-IDpolicy can be traced back to the end of the 1990s
• Future use of public e-services
• In 2000/2001 the Swedish Tax Agency got thecommission to investigate a national e-ID solution forthe public sector
• Frame agreements with the actors delivering securee-ID to the banking sector
• A market driven e-ID delivery model
• e-banking is well established, 80% of the e-ID use
• An installed base of solutions for identification
e-ID development in Sweden – Phase 2
• The e-Government Delegation was formed in 2009
• Strengthen national inter-organizational developmentof e-government including e-ID
• A next generation of inter-organizational e-IDsolutions was needed
• The current procurement model was outdated, withoutany option of renewal
• The investigation resulted in a report, dominated bya technical oriented blueprint
• In January 2011 an authority named The Swedishe-ID Board was created
• Centrally manage and develop sustainable e-IDsolutions
The national e-ID program initiative in aEuropean context
2013-10-24
Kubicek and Noack, 2010a, p. 237
Managing e-ID Development –A Life-cycle Perspective
Projectassessment
Projectassessment
Analysis ofcurrent reality
Analysis ofcurrent reality
Design of the pro-posed system
Design of the pro-posed system
Systemconstruction
Systemconstruction
Implementationand beyond
Implementationand beyond
Projectassessment
Projectassessment
Analysis ofcurrent reality
Analysis ofcurrent reality
Design of the pro-posed system
Design of the pro-posed system
Systemconstruction
Systemconstruction
Implementationand beyond
Implementationand beyond
(Heeks, 2006, p. 159)
Managing e-ID Development –A Challenge and CSF Perspective
• Several sets of success factors in the e-governmentarea and in ISD in general (Sarantis et al., 2011)
• E.g. top management commitment, linkage tobusiness, technical alignment, knowledge and userinvolvement (Pardo and Ho, 2004)
• Several challenges linked to
• (1) information and data, (2) IT, (3) organizational andmanagerial, (4) legal and regulatory, and (5)institutional and environmental (Gil-García and Pardo, 2005;Melin and Axelsson, 2009)
Analysis – Managing e-ID Development –A Life-cycle Perspective
Project stage (Heeks, 2006) e-ID development case
Project assessment Oriented towards pragmatic problem solving
An outdated procurement model; a need for a new e-ID solution;stimulate competition
Opportunity seeking
Analysis of current reality Extremely forced and temporarily staffed
The technology put in the foreground
Contextual analysis put in the background
Design of the new system Conceptual design; no technical artefact designed
Model development; multiple contracted private e-ID providers and afederated e-ID solution
Important design issues (digital signing) not solved
System construction Conceptual infrastructure in focus
Time consuming building of trust
Implementation and beyond Changes in the constitution, preparation of agreements,technological development, frameworks for security and trust
A transition plan (the new solution in use during 2014)
Analysis – Managing e-ID Development –A Challenge and CSF PerspectiveChallenge/CSF e-ID development case
Information and data The federative solution in the suggested e-ID infrastructure demands datainterchange between different actors
IT The technological conditions for the program are based on different existing e-ID artefacts on the market (installed base; widespread solutions from e.g.Swedish banks). There is also a situation where the infrastructure andapplication are conceptually designed in parallel – resulting in an untested,conceptual, e-ID infrastructure.
Organizational andmanagerial
The role of the e-Gov Delegation is perceived as unclear
The size and scope of the e-ID development program perceived as unclear, sois the ownership of the program
A complex infrastructure with relationships between technology, law andbusiness model; harder to communicate with different stakeholder groups
A high risk program
Legal and regulatory Changes in law and regulations are needed (procurement model etc.)
Institutional andenvironmental
A step towards a more centralized and consistent e-ID infrastructure
Challenging the norms and power structures (decentralization)
Implementation and use of e-ID in healthcare – an ongoing study
• Studies of an implementation project in a county
• Early use of e-ID (SITHS card)
• Clearly driven by law requirements on patientsecurity (Patient Data Act, 2008)
• Step by step approach – the "easy" first – is not sosimple
• Related routines – development and use in parallel
• Dependence – strong professions – key persons
• Safety in everyday life – bet everything onone card?
CREATE VALUE PERCEIVED BENEFITS INCREASED USE
Conclusions 1(3)
• National level – eID development
• A high risk e-ID project and e-service program!
• The initiative is oriented towards pragmatic problemsolving and an explicit demand from public agencies(secure e-ID solutions for e-services)
• The problem solving and implementation process isforced in time and have limited available resources
• The program scope is unclear and the relation to theexisting and dominating e-ID solution (BankID) is unclearand hard to coordinate from a governmental perspective
• A significant challenge in the designing of theinfrastructure for e-ID (conceptually and applyingit in parallel)
Conclusions 2(3)
• National level – eID in development
• Significant challenges related to organization andmanagement of the program
• Involved actors are heterogeneous and have differentsets of expectations
• The technological artefact is in foreground, and the usersetting (citizens and professional users) and the link to e-services provided is in the background
• The e-ID needs to be managed as an integral part ofe-service development because it is intertwined with theuse of e-services from a user perspective
• e-ID is more than a back-office enabler – it is anintegrated part of successful e-service management anduse
Conclusions 3(3)
• e-ID in health care – SITHS card in use
• The pattern on national level is visible here as well
• True challenges are related to the organization of theimplementation – the roll-out is in focus
• Involved actors are heterogeneous and have differentexpectations on the result – strong professions
• The technical artefact is in focus – not use issues and therelation between e-services and internal IT
• Complicated use in the work settings
• Trying to create benefits for users…
• Some security risks are reduced – but new ones appear
Further research
• There is a lot of work to be done to develop securee-services and e-ID that creates safe everyday life
• Contextual studies of e-ID are needed
• Health sector
• Local government
• Public agencies, national and international
• Generate more knowledge on the issue of e.g.national and organizational differences, governancestructures, IT and e-ID user maturity and diffusion
• The implementation gap between policy and practice
• Systematic evaluation and governance
• Further studies on theoretical implications
Thanks for your attention!
Questions andcomments?
www.liu.se