E-Governance in the Information Society Erich Schweighofer University of Vienna Centre for Computers...
-
Upload
caren-lilian-malone -
Category
Documents
-
view
228 -
download
1
Transcript of E-Governance in the Information Society Erich Schweighofer University of Vienna Centre for Computers...
e-Governance in the Information Society
Erich Schweighofer
University of ViennaCentre for Computers and Law
Outline Particularities of e-governance
Governance, cyberspace, applicable law, jurisdiction
Competition of governance providers E-persons E-transactions
E-government E-commerce E-democracy E-documents
E-signatures Conclusions
Erich Schweighofer (2007)33
Definition of GovernanceDefinition of Governance UN Commission on Global Governance, Our Global
Neighbourhood The Report of the Commission on Global Governance
(1995) chapter 1 „Governance is the sum of the many ways individuals
and institutions, public and private, manage their common affairs. It is a continuing process through which conflicting or diverse interests may be accommodated and co-operative action may be taken. It includes formal institutions and regimes empowered to enforce compliance, as well as informal arrangements that people and institutions either have agreed to or perceive to be in their interest.“
Aim: rule of law as a efficient way of risk reduction by providing legal security
Erich Schweighofer (2007)44
Definitions of Cyberspace (1)Definitions of Cyberspace (1) Gibson (1991): metaphor for a new space in which through
communication and data transfer certain actions are set New space for human activities where distance does not
matter, e.g. communications, leisure (games, pornography), trading (e-commerce), participation (e-democracy), administration (e-government), working (?) US Supreme Court, United States et al v American Civil
Liberties Union et al (1997) “ […] a unique and wholly new medium of worldwide
communication. […] Taken together, these tools [email, mailing list servers, newsgroups, chat rooms, World Wide Web] constitute a unique new medium - known to its users as "cyberspace" - located in no particular geographical location but available to anyone, anywhere in the world, with access to the Internet.”
Council of Europe, Cybercrime Convention (2001) […] By connecting to communication and information
services users create a kind of COMMON SPACE, called "cyber-space", which is used for legitimate purposes but may also be the subject of misuse […]”.
Erich Schweighofer (2007)55
Definitions of Cyberspace (2)Definitions of Cyberspace (2) Invisible, intangible, non-territorial (but: IPv6
geographic-based unicast addresses), worldwide space (Grewlich 1999)
Strong interaction with real world (people still live in real space; are always subject to enforcement of state of residence), but territorial approach is not sufficient any more
No new territory (e.g. declaration of Barlow, cyberspace jurisdiction à la Johnson/Post) Too strong interaction with real world Persons may be very often in this space for some
time, but they still live in a real physical world. They are not away (concept: conflict of laws) and
have no relation any more with a particular country!
Erich Schweighofer (2007)66
Multilevel regulation in cyberspaceMultilevel regulation in cyberspace Multilevel regulation (Engel): competition of different
regulation providers on activities in cyberspace Territorial Topical Sometimes a chaos resulting from various
regulation endeavours Data protection (Child) pornography Lotteries Spam Nazi propaganda
New challenge for risk reduction (e.g. providing legal security) as main aim of legal systems
Erich Schweighofer (2007)77
Cyberspace regulation (1)Cyberspace regulation (1) Options of multilevel regulation
Cyberspace jurisdiction (Johnson/Post) No acceptance
Territorial jurisdiction Westphalian system; realist approach Problem of limited reach of powers of state authorities
Personal jurisdiction Liberal system (Slaughter): citizens have sovereignty;
can give it to various organisations like state, NGO, or transnational corporations
Option for states, sometimes used; but in general limited because of interference with territorial jurisdiction
New “personal communities” with self-regulation (e.g. IETF, W3C, ICANN, information cities [ACM Feb04] etc.)
Erich Schweighofer (2007)88
Cyberspace regulation (2)Cyberspace regulation (2) Developing, but: quite limited, focused on technical issues
(IETF), ICANN in this respect quite unsuccessful Requires some support by territorial state
Technical regulation (software code = law [Lessig]) Fascination option with quite high efficiency Lack of regulatory control Requires some support (and correction) by territorial
state Extraterritorial (unilateral) regulation of the territorial
state (or supranational organisation) Best option for uniform application of laws (e.g. USA,
EU) International law
Public international law Limited use, mostly co-operation
Erich Schweighofer (2007)99
Cyberspace regulation (3)Cyberspace regulation (3) Conflict of laws (private international law,
international penal law, international administrative law)
In the very end in case of lack of good rules: dispute settlement provider
Tentative solution for unsolved balancing of realist vs. liberal approaches of regulation
Present status States in (close) co-operation with International
Organisations, NGOs, transnational corporations, citizens etc.
Problems: chaos (e.g. no efficient regulation), dissens, extraterritorial regulation, self-regulation with lack of accountability
Erich Schweighofer (2007)1010
Cyberspace governance providers (1)Cyberspace governance providers (1)
Regulation agents, governance providers, legal systems, jurisdictions
Regulation agents (Regulierungsagenten): (Kirchner, Lutterbeck)
Transnational order (Jessups) with new forms of regulation
International economic law (Georg Erler[1956]) “The Peer Production of Governance”
(Johnson/Crawford/Palfrey Jr. [2004]) International Regimes (Young)
Governance States are the most important governance providers in
cyberspace; but: End of strict hierarchies (governance by
government) Competition of different regulation systems
(governance with government) and others
Cyberspace governance providers (2)Cyberspace governance providers (2)
Characteristics Exit option of citizens, companies and
communities Governance by recognition Limited enforcement by territorial state and
cyberspace
Erich Schweighofer (2007)1212
Cyberspace governance providers (3)Cyberspace governance providers (3)
StatesTerritorial and personal regulation
Extraterritorial (unilateral) regulationInternational Governmental Organisation
(IGO) [community of states] International Non-Governmental
Organisation (NGO) [community of citizens (economic or non-economic)]
Transnational Corporations Civil Society, (cyber)citizens
Erich Schweighofer (2007)1313
e-person (1)e-person (1) Same person as in real life but without the real life
context and acting in a artificial ICT world called cyberspace (e.g. very limited wits level, in input as well as in output)
Problem: identity link, “biometric touch”
Cartoon by Peter Steiner (1993). Reproduced from page 61 of July 5, 1993 issue of The New Yorker, (Vol.69 (LXIX) no. 20.
Erich Schweighofer (2007)1414
e-person (2)e-person (2) Human person has a physical identity
Alive, age, face, body, behaviour, speaking, life context
Can be easy checked; together with legal identity (identity card, passport) sufficient proof to do business
e-person: human (or also legal) person with an electronic identity Data entry in a trustable register
Credit card number Bancontact/ATM/Maestro E-mail
Erich Schweighofer (2007)1515
e-person (3)e-person (3) IP number Domain name Telephone number, Skype identity, E.NUM Source identification number
(Zentralmelderegister-Nummer, Stammzahl) Personal data: CV, life context Some link with a „biometric touch“
Secrete Information, private information Possession: cards or dongles User identity/password PIN/TAN codes
Erich Schweighofer (2007)1616
e-person (4)e-person (4) Electronic signatures Secure electronic signatures Finger prints IRIS scan Genetic data RFID chip
Electronic expressions of will of person (that’s legally relevant) Fulfilling certain access requirements to the proper
interface (e.g. user identity/password, special cards, place of PC) + providing additional secrete information + ICT activity (e.g. mouse click)
Full substitute to paper signature
Erich Schweighofer (2007)1717
e-person (5)e-person (5) Risk analysis required in order to achieve a balance
between costs (more security) and benefits (higher dissemination) IT security people have maybe gone too far
It may not be necessary for every business to go to the notary as it is now foreseen in the E-Signature Directive.
Dark site: new crime called „personality theft“ Another reasons to be very careful with personal data
and data protection
Erich Schweighofer (2007)1818
e-person (6) - robote-person (6) - robot Robots
Intelligent machines with tool character Machines for the enlargement of human movement
capabilities Mechatronics
„Embodyment“ of intelligence in a physical world Internet agents roboter No robots in the narrow sense but many if its characteristics:
plane, house, car etc Replacement of humans?
Not yet, maybe in 20 years Senses of robots not sufficiently developed
Robot = legal person? No! Robot = intelligent machine Human being determines behaviour of robots and rules
over robots Robot = messenger (Bote) Human being is liable for robot like for a (special) thing
Erich Schweighofer (2007)1919
e-person (7) - software agent Ie-person (7) - software agent I Software agents: Software modules with intelligence
enabling unsupervised activity and co-operation with other agents Automation of web applications, independent services on
the internet Acts in cyberspace, no real difference between
communications of a software agent and those of a human being
Characteristics Interaction
Reactive behaviour Proactive behaviour
Communication Mobility on the internet Learning capabilities
Programming and knowledge representation
Erich Schweighofer (2007)
e-person (7) - software agent IIe-person (7) - software agent II
Integrity and authenticityRegistration, responsibility
Types User interface agents, network agents Information agentsMulti-agent systems (co-operation with other agents)
Legal problemsSoftware agent = messenger? Yes; no agent because the software agent has no acting power at all
Automatic will of software agent is attributed to responsible person.
E-transactions All human actions possible in cyberspace
Restricted by contraints of cyberspace Information and communication
Full potential not yet explored E-government E-commerce E-democracy E-entertainment & e-live (second life)
Legal actions: no constraints any more from a technological or legal point of view (some exceptions!)
Erich Schweighofer (2007)2222
Legal acts in cyberspace (1)Legal acts in cyberspace (1) Conclusion of legal transactions, notice of
documents, electronic decisions etc. with electronic signatures or equivalent procedures
Private law Electronic wills
Will by person with electronic means (private autonomy)
Will by computer Computer = messenger; each declaration of will is
covered by a general will of declaration and action of the responsible person.
Wills by software agent Software agent = messenger
Wills by robot Robot = messenger Strict liability with insurance is desirable [Schweighofer in
Christaller et al. 2001]
Erich Schweighofer (2007)2323
Legal acts in cyberspace (2)Legal acts in cyberspace (2)
Public law (Austrian examples) § 1 para. 2 signature law: applies also for electronic
communications with courts and other authorities E-government law: contains further provisions
(identity, public documents) Electronic submissions
Considered as written notifications in case of use of citizen card (Bürgerkarte) (identification) with electronic signature (authentification)
Electronic files Electronic decisions, minutes (§ 18 law on general procedures,
e-government law) E-signature or other suitable procedures
Erich Schweighofer (2007)2424
Legal acts in cyberspace (3)Legal acts in cyberspace (3)
Electronic communications In case of electronic address Official signature, encryption
Erich Schweighofer (2007)2525
e-document (1)e-document (1) Document: (lat) documentum = proving certificate
any discrete representation of meaning (in law in particular: will) Usually: paper (hand-written, typed or printed) Now: "virtual" document in electronic (digital) format
Prove is usually: hand-written signature at the end of nicely
structured document (maybe also paraphs) context (paper, form, pen, finger prints, etc)
File does not provide any proof but only information
Problem: How do create similar proof of a signed written document?
Erich Schweighofer (2007)2626
e-document (2)e-document (2) Authenticity function
proves that the document remains unchanged. Hash values constitute the „finger print“ of file.
Identity function Document origins from its producer.
Electronic signature New form of declaration of will (key is known only to
signer) Biometric touch: signature card, password for signing (in
the future maybe fingerprint) Certificate: certification service providers establish
identity of person with its e-signature Providing secure information in a secure environment
Credit card transactions Problem: transfer of information transfers signature rights
Erich Schweighofer (2007)2727
e-document (3)e-document (3) Signing (pressing the sign button) in a secure
procedural environment Problem: prove lies in the ICT environment that
can be modified by highly qualified ICT experts (highest level security checks required)
Editor problem What you see is what you sign? Not guaranteed in an electronic document Dynamic text processors like Word for Windows may
deceive you in small but important details Thus: Word is considered as not appropriate Eligible: PDF, simple text editors, XML editors
Erich Schweighofer (2007)2828
e-document (4)e-document (4) Best practise
XML document hash-code encrypted with secure e-signature encrypted (with different key) during transport
Examples Austrian Official Gazette Notaries in Austria: electronic notary acts
Problem Directive 1999/93/EC on a Community framework for
electronic signatures [OJ L 13/2000, 12] Legal recognition of electronically signed documents in
order to stimulate market for European signature products
2929
e-document (5)e-document (5) Establish a European wide secure environment Transborder recognition of electronic signatures Gives recognition of e-documents with same value as
written documents Maybe not sufficiently flexible in response to involved
risks Secure electronic signature too often required Administrative signatures may be much more
appropriate FinanzOnline, e-Justiz, A1 Signatur Combination of secure + administrative signatures:
Beamtenausweis - Austrian Ministry of Finance
Conclusions Governance in cyberspace
Some particularities in comparison to traditional forms of legal governance Broader view of governance; recognition quite
important State looses monopoly of regulation; some competition
between regulation providers existing and emerging E-persons E-transactions
E-document E-signatures
Legal framework exists; fine-tuning necessary Still a lot of potential not yet used