E-Governance in the Information Society Erich Schweighofer University of Vienna Centre for Computers...

e-Governance in the Information Society

Erich Schweighofer

University of ViennaCentre for Computers and Law

Outline Particularities of e-governance

Governance, cyberspace, applicable law, jurisdiction

Competition of governance providers E-persons E-transactions

E-government E-commerce E-democracy E-documents

E-signatures Conclusions

Erich Schweighofer (2007)33

Definition of GovernanceDefinition of Governance UN Commission on Global Governance, Our Global

Neighbourhood The Report of the Commission on Global Governance

(1995) chapter 1 „Governance is the sum of the many ways individuals

and institutions, public and private, manage their common affairs. It is a continuing process through which conflicting or diverse interests may be accommodated and co-operative action may be taken. It includes formal institutions and regimes empowered to enforce compliance, as well as informal arrangements that people and institutions either have agreed to or perceive to be in their interest.“

Aim: rule of law as a efficient way of risk reduction by providing legal security


Definitions of Cyberspace (1)Definitions of Cyberspace (1) Gibson (1991): metaphor for a new space in which through

communication and data transfer certain actions are set New space for human activities where distance does not

matter, e.g. communications, leisure (games, pornography), trading (e-commerce), participation (e-democracy), administration (e-government), working (?) US Supreme Court, United States et al v American Civil

Liberties Union et al (1997) “ […] a unique and wholly new medium of worldwide

communication. […] Taken together, these tools [email, mailing list servers, newsgroups, chat rooms, World Wide Web] constitute a unique new medium - known to its users as "cyberspace" - located in no particular geographical location but available to anyone, anywhere in the world, with access to the Internet.”

Council of Europe, Cybercrime Convention (2001) […] By connecting to communication and information

services users create a kind of COMMON SPACE, called "cyber-space", which is used for legitimate purposes but may also be the subject of misuse […]”.


Definitions of Cyberspace (2)Definitions of Cyberspace (2) Invisible, intangible, non-territorial (but: IPv6

geographic-based unicast addresses), worldwide space (Grewlich 1999)

Strong interaction with real world (people still live in real space; are always subject to enforcement of state of residence), but territorial approach is not sufficient any more

No new territory (e.g. declaration of Barlow, cyberspace jurisdiction à la Johnson/Post) Too strong interaction with real world Persons may be very often in this space for some

time, but they still live in a real physical world. They are not away (concept: conflict of laws) and

have no relation any more with a particular country!


Multilevel regulation in cyberspaceMultilevel regulation in cyberspace Multilevel regulation (Engel): competition of different

regulation providers on activities in cyberspace Territorial Topical Sometimes a chaos resulting from various

regulation endeavours Data protection (Child) pornography Lotteries Spam Nazi propaganda

New challenge for risk reduction (e.g. providing legal security) as main aim of legal systems


Cyberspace regulation (1)Cyberspace regulation (1) Options of multilevel regulation

Cyberspace jurisdiction (Johnson/Post) No acceptance

Territorial jurisdiction Westphalian system; realist approach Problem of limited reach of powers of state authorities

Personal jurisdiction Liberal system (Slaughter): citizens have sovereignty;

can give it to various organisations like state, NGO, or transnational corporations

Option for states, sometimes used; but in general limited because of interference with territorial jurisdiction

New “personal communities” with self-regulation (e.g. IETF, W3C, ICANN, information cities [ACM Feb04] etc.)


Cyberspace regulation (2)Cyberspace regulation (2) Developing, but: quite limited, focused on technical issues

(IETF), ICANN in this respect quite unsuccessful Requires some support by territorial state

Technical regulation (software code = law [Lessig]) Fascination option with quite high efficiency Lack of regulatory control Requires some support (and correction) by territorial

state Extraterritorial (unilateral) regulation of the territorial

state (or supranational organisation) Best option for uniform application of laws (e.g. USA,

EU) International law

Public international law Limited use, mostly co-operation


Cyberspace regulation (3)Cyberspace regulation (3) Conflict of laws (private international law,

international penal law, international administrative law)

In the very end in case of lack of good rules: dispute settlement provider

Tentative solution for unsolved balancing of realist vs. liberal approaches of regulation

Present status States in (close) co-operation with International

Organisations, NGOs, transnational corporations, citizens etc.

Problems: chaos (e.g. no efficient regulation), dissens, extraterritorial regulation, self-regulation with lack of accountability


Cyberspace governance providers (1)Cyberspace governance providers (1)

Regulation agents, governance providers, legal systems, jurisdictions

Regulation agents (Regulierungsagenten): (Kirchner, Lutterbeck)

Transnational order (Jessups) with new forms of regulation

International economic law (Georg Erler[1956]) “The Peer Production of Governance”

(Johnson/Crawford/Palfrey Jr. [2004]) International Regimes (Young)

Governance States are the most important governance providers in

cyberspace; but: End of strict hierarchies (governance by

government) Competition of different regulation systems

(governance with government) and others


Characteristics Exit option of citizens, companies and

communities Governance by recognition Limited enforcement by territorial state and

cyberspace



StatesTerritorial and personal regulation

Extraterritorial (unilateral) regulationInternational Governmental Organisation

(IGO) [community of states] International Non-Governmental

Organisation (NGO) [community of citizens (economic or non-economic)]

Transnational Corporations Civil Society, (cyber)citizens


e-person (1)e-person (1) Same person as in real life but without the real life

context and acting in a artificial ICT world called cyberspace (e.g. very limited wits level, in input as well as in output)

Problem: identity link, “biometric touch”

Cartoon by Peter Steiner (1993). Reproduced from page 61 of July 5, 1993 issue of The New Yorker, (Vol.69 (LXIX) no. 20.


e-person (2)e-person (2) Human person has a physical identity

Alive, age, face, body, behaviour, speaking, life context

Can be easy checked; together with legal identity (identity card, passport) sufficient proof to do business

e-person: human (or also legal) person with an electronic identity Data entry in a trustable register

Credit card number Bancontact/ATM/Maestro E-mail


e-person (3)e-person (3) IP number Domain name Telephone number, Skype identity, E.NUM Source identification number

(Zentralmelderegister-Nummer, Stammzahl) Personal data: CV, life context Some link with a „biometric touch“

Secrete Information, private information Possession: cards or dongles User identity/password PIN/TAN codes


e-person (4)e-person (4) Electronic signatures Secure electronic signatures Finger prints IRIS scan Genetic data RFID chip

Electronic expressions of will of person (that’s legally relevant) Fulfilling certain access requirements to the proper

interface (e.g. user identity/password, special cards, place of PC) + providing additional secrete information + ICT activity (e.g. mouse click)

Full substitute to paper signature


e-person (5)e-person (5) Risk analysis required in order to achieve a balance

between costs (more security) and benefits (higher dissemination) IT security people have maybe gone too far

It may not be necessary for every business to go to the notary as it is now foreseen in the E-Signature Directive.

Dark site: new crime called „personality theft“ Another reasons to be very careful with personal data

and data protection


e-person (6) - robote-person (6) - robot Robots

Intelligent machines with tool character Machines for the enlargement of human movement

capabilities Mechatronics

„Embodyment“ of intelligence in a physical world Internet agents roboter No robots in the narrow sense but many if its characteristics:

plane, house, car etc Replacement of humans?

Not yet, maybe in 20 years Senses of robots not sufficiently developed

Robot = legal person? No! Robot = intelligent machine Human being determines behaviour of robots and rules

over robots Robot = messenger (Bote) Human being is liable for robot like for a (special) thing


e-person (7) - software agent Ie-person (7) - software agent I Software agents: Software modules with intelligence

enabling unsupervised activity and co-operation with other agents Automation of web applications, independent services on

the internet Acts in cyberspace, no real difference between

communications of a software agent and those of a human being

Characteristics Interaction

Reactive behaviour Proactive behaviour

Communication Mobility on the internet Learning capabilities

Programming and knowledge representation

Erich Schweighofer (2007)

e-person (7) - software agent IIe-person (7) - software agent II

Integrity and authenticityRegistration, responsibility

Types User interface agents, network agents Information agentsMulti-agent systems (co-operation with other agents)

Legal problemsSoftware agent = messenger? Yes; no agent because the software agent has no acting power at all

Automatic will of software agent is attributed to responsible person.

E-transactions All human actions possible in cyberspace

Restricted by contraints of cyberspace Information and communication

Full potential not yet explored E-government E-commerce E-democracy E-entertainment & e-live (second life)

Legal actions: no constraints any more from a technological or legal point of view (some exceptions!)


Legal acts in cyberspace (1)Legal acts in cyberspace (1) Conclusion of legal transactions, notice of

documents, electronic decisions etc. with electronic signatures or equivalent procedures

Private law Electronic wills

Will by person with electronic means (private autonomy)

Will by computer Computer = messenger; each declaration of will is

covered by a general will of declaration and action of the responsible person.

Wills by software agent Software agent = messenger

Wills by robot Robot = messenger Strict liability with insurance is desirable [Schweighofer in

Christaller et al. 2001]


Legal acts in cyberspace (2)Legal acts in cyberspace (2)

Public law (Austrian examples) § 1 para. 2 signature law: applies also for electronic

communications with courts and other authorities E-government law: contains further provisions

(identity, public documents) Electronic submissions

Considered as written notifications in case of use of citizen card (Bürgerkarte) (identification) with electronic signature (authentification)

Electronic files Electronic decisions, minutes (§ 18 law on general procedures,

e-government law) E-signature or other suitable procedures


Legal acts in cyberspace (3)Legal acts in cyberspace (3)

Electronic communications In case of electronic address Official signature, encryption


e-document (1)e-document (1) Document: (lat) documentum = proving certificate

any discrete representation of meaning (in law in particular: will) Usually: paper (hand-written, typed or printed) Now: "virtual" document in electronic (digital) format

Prove is usually: hand-written signature at the end of nicely

structured document (maybe also paraphs) context (paper, form, pen, finger prints, etc)

File does not provide any proof but only information

Problem: How do create similar proof of a signed written document?


e-document (2)e-document (2) Authenticity function

proves that the document remains unchanged. Hash values constitute the „finger print“ of file.

Identity function Document origins from its producer.

Electronic signature New form of declaration of will (key is known only to

signer) Biometric touch: signature card, password for signing (in

the future maybe fingerprint) Certificate: certification service providers establish

identity of person with its e-signature Providing secure information in a secure environment

Credit card transactions Problem: transfer of information transfers signature rights


e-document (3)e-document (3) Signing (pressing the sign button) in a secure

procedural environment Problem: prove lies in the ICT environment that

can be modified by highly qualified ICT experts (highest level security checks required)

Editor problem What you see is what you sign? Not guaranteed in an electronic document Dynamic text processors like Word for Windows may

deceive you in small but important details Thus: Word is considered as not appropriate Eligible: PDF, simple text editors, XML editors


e-document (4)e-document (4) Best practise

XML document hash-code encrypted with secure e-signature encrypted (with different key) during transport

Examples Austrian Official Gazette Notaries in Austria: electronic notary acts

Problem Directive 1999/93/EC on a Community framework for

electronic signatures [OJ L 13/2000, 12] Legal recognition of electronically signed documents in

order to stimulate market for European signature products

2929

e-document (5)e-document (5) Establish a European wide secure environment Transborder recognition of electronic signatures Gives recognition of e-documents with same value as

written documents Maybe not sufficiently flexible in response to involved

risks Secure electronic signature too often required Administrative signatures may be much more

appropriate FinanzOnline, e-Justiz, A1 Signatur Combination of secure + administrative signatures:

Beamtenausweis - Austrian Ministry of Finance

Conclusions Governance in cyberspace

Some particularities in comparison to traditional forms of legal governance Broader view of governance; recognition quite

important State looses monopoly of regulation; some competition

between regulation providers existing and emerging E-persons E-transactions

E-document E-signatures

Legal framework exists; fine-tuning necessary Still a lot of potential not yet used

E-Governance in the Information Society Erich Schweighofer University of Vienna Centre for Computers...

Documents

Transcript of E-Governance in the Information Society Erich Schweighofer University of Vienna Centre for Computers...