Elin Wihlborg, Mariana S. Gustafsson: Organizing safe on-line interaction and trust in governmental services
Electronic identification inpractice– a case study of use and organizationof eID in public e-services in schoolsElin Wihlborg & Mariana S. GustafssonIEI, Departement of Management and EngineeringLinköping University
• To analyse from diﬀerent perspectives the development of e-identiﬁcation (eID) systems at policy level and in practice• From a social, organizational and technical perspective follow andcritically analyse development processes, implementation and use ofsecure eID systems.• Analyse development processes from early solutions for eID thoughcurrently used eID-systems towards complex federation solutions.• By analysing e-ID policy-making and practice to develop knowledgeabout the meaning of eID for factual and preceived informationsecurity in the private and public e-services.FUSe:22.05.13Our study
Based on the presentation and the paper:Q1 Methodologicala) What assumptions do you perceive I have had in this empirical study?b) What assumptions are common when studying information securitymattersQ2 Conceptuala) Discuss what implies the construction of the concept of ’security’ amongthe people (citizens) in an organisational set-up (schools), using technicalartefacts (e-ID, ICT, e-services):o Matter of TRUST (Wihlborg 2011, Melin & Wihlborg 2011, Rothstein 2009 )o Private/public relationo Perceived/factual security (Oscarson 2007)o Matter of IDENTITY (Castells 1997, Wihlborg 2012)
eID in Sweden• Introduced in 2002, 10 years of practice• Used by the citizens in e-services provided by theThe Swedish Tax Authority, Försäkringskassan,Landstinget, the local municipality, the banks.• Security software + BankID or ID card and a device,based on personal security number, issued by theBankID, Telia, SEB, Posten, Nordea• Swedish e-Identification, requirements and symbolicmeaning
e aim for the study:Ø … to present a case study of use of electronic identification toaccess ICT platforms in schools in order to analyze securityaspects, organization and potential development of theplatforms.Ø e user/actor groups:Ø e Management (school principals)Ø e TeachersØ e AdministratorsØ e PupilsØ e ParentsØ LK OﬃcialsØ LK IT-coordinatorsØ Other stakeholders (ex. eID agency, other authorities)22.05.13
e Research QuestionsØ What are the experiences of use of secure log in to the ICTplattfroms and e-services in the schools today?Ø How is secure log in implemented in the schools today?Ø How is secure log in to the e-services and the plattformsperceived by the diﬀerent users?Ø What development potential do the users perceiveconnected to the secure identiﬁcation systems in generaland security in particular?22.05.13
Background• Why study schools– A large ammount of information, including sensitive information,passes through, is processed and exchanged among actors in schools.– ere is a long history of use of ICT plattforms in schools.– e New Education Act (Skollagen 2011) requires continous followup of the student performance and imposes written reporting anddigital Individual Development Plans (skriftliga omdömen, SO ochdigital IUP)– Increasing administration in schools.• e municipality authonomy– e municipality administration/organisation vs the schoolsadministration/organization22.05.13
About 145 000 inhabitants4th largest city region in SwedenBase for high technology industries in Aviation, IT and environment84 schools: 66 primary and 18 secondary schoolsLinköpings eVision (2006)eServices shall faciliatate for everybody to live and work in LinköpingmunicipalityDigital Agenda (2012)
ICT and e-services in schoolsFRONTER DEXTER SKOLA 24 Schoolso5 Heroma Extens LINSAM X, Y, Z TRIO • Learning pla/orm • SO, IUP • E-‐service: applica<on for healthcare, repor<ng of income, Presence/absence registra<on, Skolvalet • E-‐service • SO, IUP • Presence/abs. registra<on, • Personnel administra<on • Learning pla/rom • SO, IUP Pedagogics, administraFon & communicaFon The Municipality core database X, Y, Z X, Y, Z • Intranet
The Sample• Based on a preliminary mapping of schools using ICT plattfroms inthe municipality (A total of 84 undergraduate schools: 55 public + 11private, ’free schools’)5 schools (undergraduate + secondary) from diﬀerent geograﬁcal school areas, out of which: • 4 public + 1 free school • 3 large (˃ 300 p.) + 2 small (˂ 300 p.) Linköpings municipality • Educa<on Adminsitra<on unit • IT-‐sub-‐unit
Data collection: interviews and focus groupsAk<vity Place Role Date Interview School 1 Principal 2012.11.27 Focus group School 1 Teacher (4) 2012.11.27 Focus group School 1 Pupil (9) 2012.11.27 Interview School 2 Principal 2012.11.14 Focus group School 2 Teacher (4) 2012.11.14 Interview School3 Principal 2012.10.30 Focus group School3 Teacher (5) 2012.10.30 Interview School 4 Principal 2012.12.05 Focus group School 4 Teacher (3) 2012.12.04 Focus group School 4 Pupil (3) 2012.12.04 Interview School 4 Teacher (6) 2012.11.06 Interview School 4 Fronter administrator 2012.12.04 Interview School 5 Fronter administrator 2012.12.05 Interview The Municipality IT-‐coordinator (2) 2012.10.22 Interview The Municipality System administrator (2) 2012.11.07 Focus group The Municipality Oﬃcials (4) 2012.10.23
Data collection: documentsDocuments• Municipal official documents: policy documents,anual reports, activity reports, school boardsmeeting protocols (a selection).• Public records published on the municiaplity’swebsite.• Brochures on Dexter and Fronter
Statistics on the use of Fronter• 55 776 – total log ins, 7 821 ac<ve user /oct, 2012 Källa: Linköpings kommun
Experiences of use/ a selection• e schools diﬀer in how long they have come usingFronter, depending on:• the principal attitude towards Fronter,• e school’s internal organization,• work methods for IUP,• leadership• IT competence among teachers.• eID is tested for some e-services. Technical problemsare discovered at the moment. An important question– eID - a hinder?
The organizational set up for implementation of securelog in to ICT plattforms and e-services in schoolsØ Unclear ogranisation of implementation. Unclear picture onusability of Fronter for some principals and teachers.Ø e id & password log in system is perceived as easy, but notsecure enough. eID is perceived as complicated by certain groupsof users.Ø e complicated picture of eID agency, with diﬀerent actorsinvolved (BankID, Telia etc) raises questions of user supportresponsibility and eﬃciency.Ø eID is perceived as a private attribute by some teachers thatshould not be used in their regular log in at work.
Users perceptions of ICT plattforms’- and e-services’ security• Security is perceived diﬀerently by the users:– Most users rely on the municipality responsibility to deal with security issues,– e Municipality perceives the Plattforms and the e-services as secure.– Fronter shall fullﬁll more security requirements if SO and IUP are to be processedand stored on the plattfrom, according to the users.• eID is perceived as a possible but still ’unripe’ solution by the IT-coordinators, oﬃcials and Fronter-administrators in schools.• eID is perceived as a private attribute, not to be used at work, according tothe teachers.• Unclear strategies:– Sensitive infromation is stored on paper, on shelves.– Sensitive work material is processed unsecurily, but saving it in Fronter is not anobvious solution.• e schools raise demands for a ﬂexible plattform that would match theschools work models and not vice versa.
Analytical ﬁndings 1(3)• e value of information/sensitivity stored– Diﬀerent actors perceived the information ashaving diﬀerent value for themselves (ex, logbook,IUP, work material)– Heterogenous information (’we don’t have sensitiveinformation in school’)(technical-, organisational, security challenges)
Analytical ﬁndings 2(3)• ere is an element of TRUST involved– Trust in LM to deal with security– Trust in eID as an artefact (social?/technical)– Trust in own competence to manage eID and ICT
Analytical ﬁndings 3(3)• Security is PRIVATE– eID is private (ex. teachers use of eID at work, public realm)– Control of the individual by the organisation, by the state(ex. logg of the activities)– Private matters, thoughts and other information included inwork material at school (SO and IUP, loggbooks)– Security is subjective
Analytical findings and further questions:• Two important aspects: safety of operation and och datasecurity – differences in perceptions between the users andthe administrators´.• The need for secure ICT systems increases due toinccreasing amount of sensitive data flows in the schools andthe rquirements of the Education Act.• Security – an issue of trust (Wihlborg 2012)• Private vs public: eID as a private attribute to be used in thepublic sphere?• eID - legitimizing identity, legitimacy (Castells, 2007, Wihlborg2012, Melin & Wihlborg 2011)• eID – perceived and actual security (Oscarson 2007)
Empirical findings:• Unclear organisational set-up for inplementation ofFronter and Dexter.• There is a need to integrate the current plattformsand e-services that are used in school.• There is a need to clarify roles and responsibilitiesfor user-support of Fronter• Fonter – not an obvious solution for SO and IUP
Potential Development• A technical challenge: the need for an integrated, ﬂexible,simple, intuitive AND secure system – is it possible?• Organisations challenge: the need for a clearorganiziational set-up• Competence development and trust for the system• Security challenge: current solutions do not match schools’work methods.