Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental...

26
Electronic identification in practice – a case study of use and organization of eID in public e-services in schools Elin Wihlborg & Mariana S. Gustafsson IEI, Departement of Management and Engineering Linköping University

description

 

Transcript of Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental...

Page 1: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

Electronic identification in practice

– a case study of use and organization of eID in public e-services in schools

Elin Wihlborg & Mariana S. Gustafsson

IEI, Departement of Management and Engineering Linköping University

Page 2: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

•  To analyse from different perspectives the development of e-identification (eID) systems at policy level and in practice

•  From a social, organizational and technical perspective follow and critically analyse development processes, implementation and use of secure eID systems.

•  Analyse development processes from early solutions for eID though currently used eID-systems towards complex federation solutions.

•  By analysing e-ID policy-making and practice to develop knowledge about the meaning of eID for factual and preceived information security in the private and public e-services.

FUSe:

22.05.13

Our study

Page 3: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

Based on the presentation and the paper:

Q1 Methodological a)  What assumptions do you perceive I have had in this empirical study? b)  What assumptions are common when studying information security

matters

Q2 Conceptual a)  Discuss what implies the construction of the concept of ’security’ among

the people (citizens) in an organisational set-up (schools), using technical artefacts (e-ID, ICT, e-services):

o  Matter of TRUST (Wihlborg 2011, Melin & Wihlborg 2011, Rothstein 2009 ) o  Private/public relation o  Perceived/factual security (Oscarson 2007) o  Matter of IDENTITY (Castells 1997, Wihlborg 2012)

Page 4: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

eID in Sweden •  Introduced in 2002, 10 years of practice •  Used by the citizens in e-services provided by the

The Swedish Tax Authority, Försäkringskassan, Landstinget, the local municipality, the banks.

•  Security software + BankID or ID card and a device, based on personal security number, issued by the BankID, Telia, SEB, Posten, Nordea

•  Swedish e-Identification, requirements and symbolic meaning

Page 5: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

e aim for the study:

Ø … to present a case study of use of electronic identification to access ICT platforms in schools in order to analyze security aspects, organization and potential development of the platforms.

Ø e user/actor groups:

Ø e Management (school principals) Ø e Teachers Ø e Administrators Ø e Pupils Ø e Parents Ø LK Officials Ø LK IT-coordinators Ø Other stakeholders (ex. eID agency, other authorities)

22.05.13

Page 6: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

e Research Questions

Ø What are the experiences of use of secure log in to the ICT plattfroms and e-services in the schools today?

Ø How is secure log in implemented in the schools today?

Ø How is secure log in to the e-services and the plattforms perceived by the different users?

Ø What development potential do the users perceive connected to the secure identification systems in general and security in particular?

22.05.13

Page 7: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

Background

•  Why study schools –  A large ammount of information, including sensitive information,

passes through, is processed and exchanged among actors in schools. –  ere is a long history of use of ICT plattforms in schools. –  e New Education Act (Skollagen 2011) requires continous follow

up of the student performance and imposes written reporting and digital Individual Development Plans (skriftliga omdömen, SO och digital IUP)

–  Increasing administration in schools.

•  e municipality authonomy –  e municipality administration/organisation vs the schools

administration/organization

22.05.13

Page 8: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

About 145 000 inhabitants 4th largest city region in Sweden Base for high technology industries in Aviation, IT and environment 84 schools: 66 primary and 18 secondary schools Linköpings eVision (2006) eServices shall faciliatate for everybody to live and work in Linköping municipality Digital Agenda (2012)

   

Page 9: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

ICT and e-services in schools

FRONTER  

DEXTER  

SKOLA  24  

Schoolso5  

Heroma  

Extens  

LINSAM   X,  Y,  Z  

TRIO  

•  Learning  pla/orm  •  SO,  IUP  

•  E-­‐service:  applica<on  for  healthcare,  repor<ng  of  income,  Presence/absence  registra<on,  Skolvalet  

•  E-­‐service  •  SO,  IUP  •  Presence/abs.  registra<on,  

•  Personnel  administra<on  

•  Learning  pla/rom  •  SO,  IUP  

Pedagogics,  administraFon  &  communicaFon  

The  Municipality  core  database  

X,  Y,  Z  X,  Y,  Z  

•  Intranet    

Page 10: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

The Sample •  Based on a preliminary mapping of schools using ICT plattfroms in

the municipality (A total of 84 undergraduate schools: 55 public + 11 private, ’free schools’)

5  schools  (undergraduate  +  secondary)  from  different  geografical  school  areas,  out  of  which:  •  4  public  +  1  free  school  •  3  large  (˃  300  p.)  +  2  small  (˂  300  p.)    Linköpings  municipality  •  Educa<on  Adminsitra<on  unit  •  IT-­‐sub-­‐unit  

Page 11: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

Method

Schools The Municipality

Skolan  1.  Rektor  –  1  intervju  Lärare  –  1  fokusgrupp  Elever  –  1  fokusgrupp  Föräldrar  -­‐  1  fokusgrupp  

Skolan  1.  Rektor  –  1  intervju  Lärare  –  1  fokusgrupp  Elever  –  1  fokusgrupp  Föräldrar  -­‐  1  fokusgrupp  

Skolan  1.  Rektor  –  1  intervju  Lärare  –  1  fokusgrupp  Elever  –  1  fokusgrupp  Föräldrar  -­‐  1  fokusgrupp  

Skolan  1.  Rektor  –  1  intervju  Lärare  –  1  fokusgrupp  Elever  –  1  fokusgrupp  Föräldrar  -­‐  1  fokusgrupp  

Skolan  1.  Rektor  –  1  intervju  Lärare  –  1  fokusgrupp  Elever  –  1  fokusgrupp  Föräldrar  -­‐  1  fokusgrupp  

EducaFon  administraFon  unit    5  officials  –  1  focus  group  2  syst.adm.            –  1  interview  

EducaFons  administraFon  unit    2  IT-­‐coordinators  –  1  intervju  

Skolan  1.  Rektor  –  1  intervju  Lärare  –  1  fokusgrupp  Elever  –  1  fokusgrupp  Föräldrar  -­‐  1  fokusgrupp  

Skolan  1.  Rektor  –  1  intervju  Lärare  –  1  fokusgrupp  Elever  –  1  fokusgrupp  Föräldrar  -­‐  1  fokusgrupp  

Skolan  1.  Rektor  –  1  intervju  Lärare  –  1  fokusgrupp  Elever  –  1  fokusgrupp  Föräldrar  -­‐  1  fokusgrupp  

Skolan  1.  Rektor  –  1  intervju  Lärare  –  1  fokusgrupp  Elever  –  1  fokusgrupp  Föräldrar  -­‐  1  fokusgrupp  

Skolan  1.  Principal  –  1  interview  Teachers  –  1  focus  group  Pupils  –  1  focus  group  Parents  -­‐  1  focus  group  

•  Document  analysis  •  Semi-­‐structured  interviews  •  Explora<ve  interviews  •  Cumula<ve  data  collec<on  •  Interview  guide  for  each  

respondent  group  

Empirical  study  

Page 12: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

Data collection: interviews and focus groups

Ak<vity   Place   Role   Date  

Interview   School  1   Principal   2012.11.27  

Focus  group   School  1   Teacher  (4)   2012.11.27  

Focus  group   School  1   Pupil  (9)   2012.11.27  

Interview   School  2   Principal   2012.11.14  

Focus  group   School  2   Teacher  (4)   2012.11.14  

Interview   School3   Principal   2012.10.30  

Focus  group   School3   Teacher  (5)   2012.10.30  

Interview   School  4   Principal   2012.12.05  

Focus  group   School  4   Teacher  (3)   2012.12.04  

Focus  group   School  4   Pupil  (3)   2012.12.04  

Interview   School  4   Teacher  (6)   2012.11.06  

Interview   School  4   Fronter  administrator   2012.12.04  

Interview   School  5   Fronter  administrator   2012.12.05  

Interview   The  Municipality   IT-­‐coordinator  (2)   2012.10.22  

Interview   The  Municipality   System  administrator  (2)   2012.11.07  

Focus  group   The  Municipality   Officials  (4)   2012.10.23  

Page 13: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

Data collection: documents

Documents •  Municipal official documents: policy documents,

anual reports, activity reports, school boards meeting protocols (a selection).

•  Public records published on the municiaplity’s website.

•  Brochures on Dexter and Fronter

Page 14: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

Dexter log in page

Page 15: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

Fronter log in page

Källa:  SWEG  paper  

Page 16: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

Statistics on the use of Fronter

•   55  776  –  total  log  ins,  7  821  ac<ve  user  /oct,  2012    

Källa:  Linköpings  kommun  

Page 17: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

Experiences of use/ a selection •  e schools differ in how long they have come using

Fronter, depending on: •  the principal attitude towards Fronter, •  e school’s internal organization, •  work methods for IUP, •  leadership •  IT competence among teachers.

•  eID is tested for some e-services. Technical problems are discovered at the moment. An important question – eID - a hinder?

Page 18: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

The organizational set up for implementation of secure log in to ICT plattforms and e-services in schools

Ø Unclear ogranisation of implementation. Unclear picture on usability of Fronter for some principals and teachers.

Ø e id & password log in system is perceived as easy, but not secure enough. eID is perceived as complicated by certain groups of users.

Ø e complicated picture of eID agency, with different actors involved (BankID, Telia etc) raises questions of user support responsibility and efficiency.

Ø eID is perceived as a private attribute by some teachers that should not be used in their regular log in at work.

Page 19: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

Users perceptions of ICT plattforms’- and e-services’ security

•  Security is perceived differently by the users: –  Most users rely on the municipality responsibility to deal with security issues, –  e Municipality perceives the Plattforms and the e-services as secure. –  Fronter shall fullfill more security requirements if SO and IUP are to be processed

and stored on the plattfrom, according to the users.

•  eID is perceived as a possible but still ’unripe’ solution by the IT-coordinators, officials and Fronter-administrators in schools.

•  eID is perceived as a private attribute, not to be used at work, according to the teachers.

•  Unclear strategies: –  Sensitive infromation is stored on paper, on shelves. –  Sensitive work material is processed unsecurily, but saving it in Fronter is not an

obvious solution.

•  e schools raise demands for a flexible plattform that would match the schools work models and not vice versa.

Page 20: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

Analytical findings 1(3)

•  e value of information/sensitivity stored

– Different actors perceived the information as having different value for themselves (ex, logbook, IUP, work material)

– Heterogenous information (’we don’t have sensitive information in school’)

(technical-, organisational, security challenges)

Page 21: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

Analytical findings 2(3)

•  ere is an element of TRUST involved

– Trust in LM to deal with security – Trust in eID as an artefact (social?/technical) – Trust in own competence to manage eID and ICT

Page 22: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

Analytical findings 3(3)

•  Security is PRIVATE

–  eID is private (ex. teachers use of eID at work, public realm) –  Control of the individual by the organisation, by the state

(ex. logg of the activities) –  Private matters, thoughts and other information included in

work material at school (SO and IUP, loggbooks) –  Security is subjective

Page 23: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

Analytical findings and further questions:

•  Two important aspects: safety of operation and och data security – differences in perceptions between the users and the administrators´.

•  The need for secure ICT systems increases due to inccreasing amount of sensitive data flows in the schools and the rquirements of the Education Act.

•  Security – an issue of trust (Wihlborg 2012) •  Private vs public: eID as a private attribute to be used in the

public sphere? •  eID - legitimizing identity, legitimacy (Castells, 2007, Wihlborg

2012, Melin & Wihlborg 2011) •  eID – perceived and actual security (Oscarson 2007)

Page 24: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

Empirical findings:

•  Unclear organisational set-up for inplementation of Fronter and Dexter.

•  There is a need to integrate the current plattforms and e-services that are used in school.

•  There is a need to clarify roles and responsibilities for user-support of Fronter

•  Fonter – not an obvious solution for SO and IUP

Page 25: Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services

Potential Development

•  A technical challenge: the need for an integrated, flexible, simple, intuitive AND secure system – is it possible?

•  Organisations challenge: the need for a clear organiziational set-up

•  Competence development and trust for the system

•  Security challenge: current solutions do not match schools’ work methods.