The fundamental goal of this eID survey was to collect the information about the use of electronic identity (eID) by the European general public and about its opinions on eID regulation, use, and privacy issues.The Year 2 eID Adoption Survey is a continuation of the Year 1 eID Adoption Survey (Nov 2011). Year 2 survey modified to make it comprehensive for non-experts and to reach for a wider public Approach, structure and the user profile kept - possible to compare the Year 1 and Year 2 results
95% use the Internet on daily basis for professional purposes such as checking e-mail or searching information. Social networks are visited by almost 60% of users on daily or weekly basis (34% daily). Approximately the same amount of respondents, with only a little lower frequency, uses the Internet regularly to administer their bank account via the Internet banking. Most of the people do that on weekly rather than on daily basis.Half of the respondents use the Internet daily or weekly to watch online videos or TV, listen to online music or radio streaming, download movies or music etc.Active participation at discussions and blogs, posting opinions at news websites, Twitter etc. is the daily or weekly activity for 30% of respondents Almost 60% of respondents access the Internet for the online shopping at least once a month.Quite surprisingly, only 5% of respondents do not purchase goods or services online at all. The use of online auction sites as eBay is considerably lower, with only 20% purchasing at such websites at least monthlyphone or webcam video calls -56% of respondents at least once a month.The lowest frequency of the Internet use was found out in the case of online gaming and downloading computer and video games (This result can be influenced by the very low representation of younger Internet users)
Use of Electronic IdentityThe most frequently used credentials are the traditional and relatively weak user ID/password based credentials for accessing websites. Username and password connected to a card (e.g. bank payment card or smart card used for public transportation) with the personal information verified by a 3rd party is used by the 76% of respondents.A considerable number of respondents do not or rarely use the more sophisticated identification methods based on biometrics, PKI and hardware devices. The username/password credentials are mostly obtained to create an email account, to become a member of a social network, or to purchase goods or services online. An other interesting finding is the progress in one year time what concerns SIMcard/Mobile related eID’s: actually 3 times more use of these credentials on daily basis then registered one year ago for the expert panel.Hardware devices, including code-generating tokens, SIM card mobile devices, and card readers with PIN verification, are usually obtained for eBanking purposes.The use of PKI infrastructures (allowing to sign documents electronically with eSignature) are mostly connected to the official government issued eIDs.The most common reason for not possessing or hardly using the listed types of eID credentials was no need to use these tools, followed by disbelief that these tools are technically secure and lack of trust in the issuers of these tools.
Cross-border use of eID: Online Shopping and Money TransfersThe surprisingly large majority of survey participants (75%) buy goods or services via the Internet from other countries.A 51% majority of respondents makes online money transfers to other EU member state (e.g via online banking or other payment services such as PayPal) at least once a year and additional 18% make such payments less frequently.
Opinion on Electronic Identity regulationThe respondents clearly expressed the importance of public sector involvement in the eID regulation. The clear majority thinks that the regulation on the European level is needed and expects the new EU proposals to help with eID take-up and its wider use. The respondents would also like their governments to ensure the use and acceptance of their eID in other MS to online access both public and private services (the majority is more distinct in the case of eGovernment services). The Y1 expert survey brought similar results with even higher support for the eID legal framework on the EU level and clear statement that digital identities should be interoperable across borders. Consistently with the Y2 findings, the experts stress the importance of public sector involvement to stimulate the use of eID both in the public and private sector.
eID federation and Privacy IssuesThe respondents are well aware of privacy concerns of the Internet and eID use and would like to see specific privacy protection rules in the future. ¨They are usually not willing to use the eID federation because they do not want to provide information about what service they use to another company (3rd party) unless it is necessary. However, the majority of respondents would support the eID federation in case they can foresee future positive effects and user scenarios that would make their online transactions easier and more transparent. The right to online anonymity is preferred by a large majority and shall be lifted only under certain circumstances (such as criminal acts). These findings are in line with the privacy recommendation of eID experts in the SSEDIC Y1 survey.
Secure Electronic Document Exchange and Digital Identity Replies in this section prove that there are still many problems and security issues in the field of electronic documents exchange. The regular email is the most used communication tool to exchange sensitive electronic documents. Most of the respondents would increase their sensitive online communication if they had a secure electronic address linked to their company eID. The future potential for the take-up of eID and eSignature seems to be obvious in this domain.
uropean Digital Community Thematic aNetwork for European e-ID Building Thematic Network for European e-ID eID Adoption Survey 2012 Jiri Bouchal (IS-practice) – firstname.lastname@example.orgSlide 1 , 18/04/2013 WWW.EID-SSEDIC.EU
SSEDIC 2012 eID Adoption Survey A detailed online survey to collect information about: • use of electronic identity by the internet users • opinions on eID regulation, eID use, eID federation, and privacy issuesSlide 2 , 18/04/2013 WWW.EID-SSEDIC.EU
Survey Conditions • Four language versions • Survey distribution – via different networks in IT, consultancy, public sector, university sector etc. – via social networks and mailing lists of the SSEDIC partners • Sample – 1000 respondents • Field open October 19 – end of December 2012Slide 4 , 18/04/2013 WWW.EID-SSEDIC.EU
Sample Composition & Internet Use ProfileSlide 6 , 18/04/2013 WWW.EID-SSEDIC.EU
Sample Composition Country of residence Language version of the survey European Union Other countries English Français Deutsch Español 3% 14% 15% 15% 68% 85%Slide 7 , 18/04/2013 WWW.EID-SSEDIC.EU
Sample Composition Gender Education Male Female Primary or secondary education Higher education 10% 28% 72% 90% Age Y1 Comparison less than 34 35-54 55+ - more women - more respondents with 18% 25% lower education 57%Slide 8 , 18/04/2013 WWW.EID-SSEDIC.EU
Sample Composition Field of professional activity (N=713) Student 0% 2% 3% 5% Public sector: administration, education etc. 21% 31% IT industry (software, hardware, services…) Private sector outside of the IT industry Unemployed 38% Retired OtherSlide 9 , 18/04/2013 WWW.EID-SSEDIC.EU
Internet Use Profile Internet access frequency and devices used Not once At least once,but not every month At least once a month, but not every week At least once a week, but not every day Every day or almost every day Desktop, Laptop or Tablet PC at work Desktop, Laptop or Tablet PC at home Laptop or Tablet PC “on the road” using Wifi or Mobile connection Using Internet applications on your Smartphone: mail, webbrowser, Internet Voice communication… 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%Slide 10 , 18/04/2013 WWW.EID-SSEDIC.EU
Use of electronic IdentitySlide 12 , 18/04/2013 WWW.EID-SSEDIC.EU
Use of Electronic Identity – Y1 Survey Comparison ... on a daily basis ... at least once a week ... at least once a month Username and password indicating my real identity YEAR 1 Expert Survey Result Username and password connected to a card (e.g. bank… YEAR 1 Expert Survey Result A “Nickname” not indicating my real name and password used… YEAR 1 Expert Survey Result An eID supported by a hardware device: a chip card/reader… YEAR 1 Expert Survey Result An eID supported by a hardware device: a One Time Password… YEAR 1 Expert Survey Result An eID supported by a hardware device: a SIM card/mobile… YEAR 1 Expert Survey Result 0% 10% 20% 30% 40% 50% 60% 70% 80%Slide 14 , 18/04/2013 WWW.EID-SSEDIC.EU
Origin of eID Credentials Obtained to create my e-mail Username and password covering my real identity account A “Nickname” not indicating my real name and password Obtained to purchase goods or services for one or more eCommerce websites Obtained as member of a socialAn eID supported by a hardware device: a chip card/reader network combination protected by PIN code These credentials represent the official eID in my country issued by the government An eID embedded in a public register (PKI) which in combination with eSignature allows to electronically sign … Obtained as an eBanking clientAn eID supported by a hardware device: a SIM card/mobile device combination Obtained in the context of my An eID supported by a hardware device: a One Time professional activities and used Password device for professional and private activitiesAn eID supported by biometric information (fingerprint, iris Obtained in the context of my scan...). professional activities and ONLY used for professional activities 0% 10% 20% 30% 40% 50%Slide 15 , 18/04/2013 WWW.EID-SSEDIC.EU
Reasons for Not Using Some eID Types ….I’m not aware of the Username and password covering my real identity existence of these tools A “Nickname” not indicating my real name and password …I don’t believe theseUsername and password connected to a card (e.g. bank tools are technically payment card, frequent flyer card or smart card used secure for public transportation), verified by a 3rd party An eID supported by a hardware device: a chip …I don’t need these card/reader combination protected by PIN code toolsUser ID and password which are in addition verified by a number from a list of randomly generated numbers (“tokens”). …these tools are to An eID embedded in a public register (PKI) which in complicated for me combination with eSignature allows to electronically sign documents. An eID supported by a hardware device: a SIM …I don’t TRUST the card/mobile device combination issuers of these tools An eID supported by a hardware device: a One Time when they belong to Password device the PUBLIC sector …I don’t TRUST the An eID supported by biometric information issuers of these tools (fingerprint, iris scan...). when they belong to the PRIVATE sector 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%Slide 16 , 18/04/2013 WWW.EID-SSEDIC.EU
Cross-Border Use of eID Online cross-border purchasing of goods and services (N=696) Yes. No, I don’t have a need to order goods or services from another member state. No, I do not trust merchants outside my country, because I think my rights as a consumer are not protected then. I can’t tell whether an Internet transaction I do is an international, cross-border transaction or not. 75% 15% 4% 5% Online cross-border money transfers (N=696) Yes, at least once a week. Yes, at least once a month. Yes, at least once a year. Sometimes, less than once a year. No, I never had a need to transfer money to another member state. No, I do not trust cross-border online money transfers. No, I do not trust online money transfers at all, I prefer to make the transaction in my bank personally. No, I am not aware of such online tools. 1% 2% 4% 19% 28% 18% 24% 4%Slide 17 , 18/04/2013 WWW.EID-SSEDIC.EU
E-Signatures Possession of eSignature (N=713) Legal Qualification of eSignature (N=371) Yes No Dont know Yes 5% No I don’t know whether my eSignature is qualified 12% 43% 52% 14% 74% Use of eSignature (N=371) Signing a declaration for a public service (e.g. online tax-… Signing a registered mail Confirming an eBanking or eCommerce transaction Signing an order, invoice or other procurement message Signing a contract Other 0% 10% 20% 30% 40% 50% 60%Slide 19 , 18/04/2013 WWW.EID-SSEDIC.EU
E-Signature Technology A signature key stored on a smartcard with signing software to sign standard office documents (e.g. pdf, MS office, Open Office, e-mails…) A signature key stored on the desktop with signing software to sign standard office documents (e.g. pdf, MS office, Open Office, e-mails…) A signature key stored on a local server with signing software to sign standard office documents (e.g. pdf, MS office, Open Office, e-mails…) A signature key stored on a remote server or supported by a remote server which is used through a mobile device (such as a mobile phone or tablet pc) A signature key stored on a remote server with signing software to sign most of the standard office kind of documents (pdf, MS office, Open Office, e-mails…) Signing in connection with legacy applications such as accounting, ERP or procurement systems with signing of structured information such as XML or EDIFACT documents… 0% 10% 20% 30% 40% 50%Slide 20 , 18/04/2013 WWW.EID-SSEDIC.EU
Respondents Opinions 1) EU and National Regulation of eID 2) eID Federation and Cross-Sector Use 3) Privacy IssuesSlide 21 , 18/04/2013 WWW.EID-SSEDIC.EU
Opinions on eID Regulation Need for EU regulation of eID (N=694) Yes, this is typically a task of European regulation. No, this needs to be addressed by each member state separately. No, leave this to the private sector. No opinion on this issue. 78% 7% 6% 9% Usefulness of EU proposals on eID and digital signature (N=692) Yes, they will really help. They may marginally help. No, I do not expect they will help. No opinion on this issue. 51% 27% 9% 12%Slide 22 , 18/04/2013 WWW.EID-SSEDIC.EU
Opinions on eID Regulation Need for eGovernment eID which can be used cross-border (N=686) Yes, this is absolutely necessary. Not necessarily, this is no core task of the government. Not at all, I prefer to maintain separate electronic identities for each Member State. Not at all, this is a task for the private sector. No opinion on this issue. 67% 16% 7% 2% 8% Need for cross-border eID to access private services (N=684) Yes, this is absolutely necessary. Not necessarily, this is no core task of the government. Not at all, this is a task for the private sector. No opinion on this issue. 55% 26% 10% 9%Slide 23 , 18/04/2013 WWW.EID-SSEDIC.EU
Federation and Cross-Sector Use of eID eID federation use (N=700) Yes, I use it always because it makes the log-in easier. Yes, but I use it only when I see possible benefit of sharing eIDs between both services. Yes, but I use it rarely. Never, I do not want to provide information about what service I use to another company. Never, I have never heard of it. No opinion on this issue. 10% 17% 18% 45% 6% 5% Opinion on future cross-sector use of eID (N=700) The only way forward. Can have some positive effects. Not a good idea. No opinion on this issue. 23% 44% 25% 9%Slide 24 , 18/04/2013 WWW.EID-SSEDIC.EU
Privacy Issues Need for specific privacy rules for companies holding significant identity information (N=696) Yes, specific regulation and control is necessary. No, specific rules are not required, other than already existing general privacy protection rules. Not at all, this is a normal evolution, every one gives this information on a voluntarily basis. No opinion on this issue. 82% 11% 3% 4% Right to online anonymity (N=696) Yes, in fact, anonymous access must be the rule; only in exceptional cases “strong identification” can be requested Yes, in certain circumstances anonymity is preferable Yes, but anonymity must be “conditional”, can be lifted by court order for example (when criminal acts are involved) No, anonymity must be the exception No, all online actions must be traceable and identifiable so that people can be held responsible No opinion on this issue. 34% 27% 28% 4% 4% 4%Slide 25 , 18/04/2013 WWW.EID-SSEDIC.EU
Secure Electronic Document Exchange Internet exchange of sensitive documents (N=133) 12% Yes, I exchange sensitive documents via Iternet No, I do not 88% Types of sensitive documents exchanged Technical solutions used (N=116) Invoices Regular email Contracts Internet web portals Purchase Orders Business to Secure email business… Other Other solutions documents 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90%Slide 27 , 18/04/2013 WWW.EID-SSEDIC.EU
Secure Electronic Document Exchange Problems encountered (N=116) Would you increase electronic documents exchange if you had I have never encountered any problem Problems encountered a secure electronic 51% 49% address?(N=116) Problems encountered Yes Problems related to spam and No spam filtering Poor traceability/unclear status I already have a secure electronic of transaction address linked to my company eID Problems identifying the 15% sender of a document received Denial of delivery by recipient 53% 32% Delivery to wrong recipient Other problems 0% 10% 20% 30%Slide 28 , 18/04/2013 WWW.EID-SSEDIC.EU
CONCLUSIONS: Use of eID • Most frequent – user ID/password credential mostly obtained to • create an email account • become a member of a social network • to purchase goods or services online • Username/password credential connected to a card (e.g. bank payment card or smart card used for public transportation) used by 76% • Progress of SIM card/Mobile related eID – 3 times more use of these credentials on daily basis then registered one year ago for the expert panel • Hardware devices (including code-generating tokens, SIM card mobile devices, and card readers with PIN verification) usually obtained for eBanking • Low use of more sophisticated identification methods based on PKI, hardware devices, and biometricsSlide 34 , 18/04/2013 WWW.EID-SSEDIC.EU
CONCLUSIONS: Opinions on eID Regulation • Importance of public sector involvement – EU regulation needed – Governments should ensure the acceptance of eID • in other member states • both for public and private servicesSlide 36 , 18/04/2013 WWW.EID-SSEDIC.EU
CONCLUSIONS: eID Federation and Privacy • privacy concerns of users – Need for specific privacy protection rules in the future • Respondents not willing to use the eID federation – Reason: reluctant to provide information about the service used to 3rd party X – majority would support eID federation in case they can foresee positive effects • right to online anonymity is preferredSlide 38 , 18/04/2013 WWW.EID-SSEDIC.EU
SSEDIC 2012 eID Survey Thank you for your attention. Jiri Bouchal (IS-practice) email@example.comSlide 40 , 18/04/2013 WWW.EID-SSEDIC.EU