Abstract
National electronic identity (e-ID) card schemes and electronic identity management systems (e-IDMS) in Europe are characterised by considerable diversity. This contribution analyses the creation of a national e-IDMS in Austria with the aim of improving our understanding of the reasons behind the genesis of particular designs of national e-IDMS. It seeks to explain how the system’s specific design evolved and which factors shaped its appearance. Being part of a comparative four country study, a common theoretical framework is employed to allow for a comparison of national e-IDMS in Austria, Belgium, Germany and Spain. It combines the approach of actor-centred institutionalism and the concept of path dependence in order to analyse the innovation process and to explain resulting key characteristics of the e-IDMS in Austria: a technology-neutral system with multiple tokens; an ID model based on the Central Register of Residents; a privacy concept using sector-specific personal identifiers. It is shown that innovation process and outcome are not only shaped by specific actor constellations dominated by strategic e-government bodies, but also by path dependence at three levels: technological, institutional and organisational.
Similar content being viewed by others
Introduction
Along with the emerging global trend of introducing national systems for electronic identity management (e-IDMS), many European Union states have already rolled out electronic ID cards or are about to do so. National e-IDMS are expected to improve secure authentication and efficiency of service provision in e-government as proposed by EU-Commission initiatives. This is of particular importance as the implementation of online public services is entering more advanced, transactional stages. However, the development of e-ID card schemes at national level took place without supra-national European coordination and led to a quite diverse landscape of e-IDMS, e.g. regarding privacy features but also other components (ENISA 2009). There may be valid reasons for system diversity but it is a big challenge for achieving cross-border interoperability of e-ID schemes. Some scholars in the e-ID field have also addressed e-ID policy beyond the coordination deficit of national system development and postulate the need for a new regulatory framework in toto (Lusoli et al. 2008).
This paper wants to contribute to a better understanding of the reasons behind the genesis of particular designs of national e-IDMS. It attempts to identify major factors of influence on technological and organisational key decisions and events in the process of system design, development and implementation. In other words, it explores the space between determination and choice of decisions leading to certain system features by tracing technological and organisational choices and constraints with due consideration of given contexts. To this end the paper analyses the development and introduction of a national e-IDMS in Austria which was among the first countries in Europe to implement such a system. The results of this country case study, being part of an international cooperative research project involving similar case studies in Belgium, Germany and Spain,Footnote 1 also serve as a cross-country comparative analysis. The interest in explaining key characteristics of the system has been stimulated by indications of considerable country differences as regards both the motivations and strategies to develop an e-IDMS and the resulting system architecture.
The key research questions of this paper are as follows:
-
What are defining characteristics of the national e-IDMS in Austria in terms of its technological and organisational set-up and core features with regard to basic functions, ID model, privacy and data protection?
-
How can the specific design and components of the Austrian e-IDMS, in particular its key characteristics, be explained as outcomes of an innovation process shaped by an interplay of actor constellations, institutional context and binding effects from past decisions (“path dependence”)?
A common analytical framework is employed to analyse the innovation process and to explain resulting key characteristics of the e-IDMS at national levels which combines an institutionalist approach known as “actor-centred institutionalism” (cf. Schneider and Mayntz 1995; Scharpf 1997) and concepts of “path dependence” (cf. Werle 2007; Wetzel 2005; Beyer 2005).Footnote 2 While the former focuses on decisions and actor constellations in their institutional contexts, the latter allows identifying mechanisms which cause path dependence (i.e. confirm the continuation of a previous path, self-reinforcing and “lock-in” effects), but also include processes of new path creation.
The combination of actor-centred institutionalism and path dependence (PD) accommodates more recent understandings of PD which integrate substantial extensions of original PD concepts (Beyer 2005; Werle 2007). Firstly, an extended scope of causes of PD: in contrast to original economic concepts focussing on increasing returns, system scale economies, technical interrelatedness (or complementarities) and the quasi-irreversibility of investment as mechanisms causing PD, a variety of other mechanisms, particularly more social ones have been added such as actor constellations and actor interests, power-based reproduction, limited rationality, conformity due to uncertainty and cumulative commitments. Secondly, the logics of path stability: advances in PD concepts include greater attention to variations in the stability of path-dependent processes, i.e. the conditions of path continuation, deviation from a given path, and new path creation. In this view path deviation is not just a matter of external shocks (as the original concept suggests) but depends on the type of underlying stabilisation mechanism. Thus, lock-in and irreversibility of paths are not as stringent as originally assumed. The possibility of a path deviation not only depends on the appearance of external shocks but also on the transactional costs the involved actors are willing to accept when changing a path. Of course the ability to leave a path is also a matter of the actors’ latitude and the availability of alternatives in a given actor constellation (cf. Beyer 2005). Thirdly, the types of path dependence: the analysis of path-dependent processes can be differentiated into separate strands of change processes, distinguishing a technological path, an organisational path and a regulatory path.
The empirical investigation used a combination of methods: 20 face-to-face expert interviews with stakeholders involved in the process, practical tests on activating and using the Austrian Citizen Card, analysis of relevant official documents, a literature review, and further secondary sources (relevant research papers and reports, technical specifications, press releases and websites). Field work extended from December 2007 to November 2008.
The paper is structured as follows: Section “Austria—political system and institutional background” offers some institutional and historical background on Austria’s political and public administration system framing the introduction of a national e-IDMS. The previous form of identification is briefly described in order to understand the significance of change. Section “Central stages of the Austrian innovation process” outlines main stages of the innovation process while Section “Key characteristics of the e-IDMS in Austria” describes its outcome, i.e. the Austrian e-IDMS and its key characteristics. The subsequent Section “Actor constellation” is devoted to providing an overview on key actors followed by Section “Outreach of card and usage of e-ID”. Finally, Section “The interplay of actor constellations, institutional context and path dependence” combines different strands explaining the outcome of the Austrian e-IDMS in its present shape and Section “Conclusion” concludes the results.
Austria—political system and institutional background
Austria may be characterised as a small country (population 8.3 million) located in central Europe, with an alternating political history, marked by an imperial past and periods of radical breaks in democratic development. However, based on the foundation of the Second Republic after World War II, over the following decades a stable political system with successful economic development to a modern welfare state took shape.
The country is a democratic republic by constitution with a federal system of government and became an EU member state on January 1st 1995. The system of government and public administration is shaped by the principle of federalism based on three tiers made up of federal, provincial and municipal levels (nine federal provinces called “Länder”, and 2359 municipalities). Legislative and executive powers are divided between the National Parliament and Federal Government and the nine Provincial Parliaments and Provincial Governments. Above all, the public administration has to act according to the “principle of legality” which says that all actions in the sphere of official duties have to be based on legal regulation. Federal administration is organised into departments led by ministers who are monocratic organs. The Federal Chancellor cannot issue instructions to them but is formally a minister of equal rank who is also responsible for a department, the Federal Chancellery (cf. AFC 2008; Stolzlechner 2004).
In an international comparison, Austria’s political system has long been known to represent an ideal type of “neo-corporatism”, characterised by a tradition of consensus democracy with a strong co-operation between major interest groups (Trade Union Federation, Chamber of Commerce, Chamber of Labour, Chamber of Agriculture) and the state. This system of co-operation, commonly referred to as “social partnership”, is—although a voluntary arrangement—well-established in Austria’s political system and political culture. At its core is the voluntary and autonomous cooperation between the central associations representing labour and industry. The wider system of interest mediation includes these associations on the one hand, and the representatives of public policy and the political parties on the other. It is precisely the aggregate institutional, personal and functional interlock of actors and bodies in this quasi ‘all-channel-network’ that is considered as an essential factor for the stability of the economic and social partnership in Austria (cf. Tálos and Kittel 2002).
The system of public registration is an important component for identification of persons by the government in Austria as well as in other countries. Compulsory registration has a long history in Austria dating back to a ministerial regulation from 1857 based on an imperial decree. The origins of public registration mainly derive from police procedures, in order to gain information about the residence and movements of suspects. Over time, registration was increasingly modified and became relevant for a series of other administrative and private purposes. For instance, the ascertainment of a person’s main residence is not only important for local assignment but also for financial equalisation between local administrations (cf. Hahnenkamp 2007).
According to Austrian law, there is a compulsory registration, i.e. a person has to inform local authorities about his/her residence and provide personal data. Local authorities are obliged to process and keep this data in local registers. Since the introduction of the Central Register of Residents (CRR) it is also mandatory to transfer this data into the CRR and to inform the CRR-provider (the Ministry of the Interior) about every change. The CRR is a national information system that contains data about every Austrian resident (native and foreign). The register was created in 2001 in the context of the census that was conducted at that time. The basic set-up of the CRR came from the data collected within the census. A data record in the CRR comprises full name, sex, date of birth, citizenship and full address. Records of foreigners additionally contain passport data. Every record has a unique identifier—the so-called CRR-No. This is an attribute of particular importance as the ID model of the Austrian e-IDMS is also based upon this number (cf. Hahnenkamp 2007; FRA 1996).
In contrast to most other European countries there is no mandatory personal ID in Austria. Citizens do not have to hold a specific personal ID card. Instead, the need for identification in contact with public administration derives implicitly from legal provisions regarding the specific circumstance of an administrative procedure. The General Administrative Procedures Act builds the common legal framework and regulates in general, whether a person has to be identified in an administrative proceeding. Whether an ID is necessary and in which form it is acceptable, i.e. how a person has to prove his/her identity, are regulated in the specific legal provisions of an actual administrative procedure (e.g. the Federal Registration Act determines these issues for public registration). Due to this situational need for ID, there are several different IDs that can be used for authentication (driving licence, health insurance card, student ID, passport, etc.).
Central stages of the Austrian innovation process
In Europe, Austria was among the first countries to implement a nationwide ID system for online public services based on an electronic ID card. The centrepiece of the Austrian e-IDMS is the so-called “Buergerkarte” (Citizen Card) which is strongly embedded in the e-government approach. Significant features of the current system are technology-neutrality, the use of multiple tokens, and a specific ID model with a technical privacy concept using sector-specific identifiers based on the Central Register of Residents (Karlinger et al. 2002). The innovation process was driven by e-government stakeholders at high administrative levels. E-government is strongly institutionalised within separate organisational units (e.g. Platform Digital Austria—PDA, Chief Information Officer—CIO). The CIO played a leading role in this constellation as he coordinates the PDA and is involved in several other e-government organisations (see Section “Actor constellation”) (AFC 2008). Due to this high political support, the innovation process in Austria lasted a relatively short period of time. The idea of an e-ID card for improving secure authentication in public online services came up in 1999/2000; shortly after the European Signature Act had been approved. The first Citizen Cards (CC) were given out in a pilot scheme in 2002; and since 2005, smart cards with the “sleeping” CC-function as an optional feature have been available for every Austrian resident (cf. Aichholzer and Strauß 2009).
Before the current e-ID system evolved, some events shaped the further innovation process (Fig. 1). The first impetus for the development of a national e-IDMS in Austria had already arisen in the 90s from plans for a smartcard-system in the field of health and social security (HSS). A pilot scheme revealed possible benefits for the HSS administration. Due to the success of this test, stakeholders decided to introduce such a system with an electronic health card. Shortly afterwards, first plans to create a similar system for use in public services came up, and using the e-health card for both systems was favoured (cf. Hollosi et al. 2002; Leitold and Posch 2001). Originally, the e-health project should have started in 1998. However, problems during the procurement caused several delays and the final order was placed in 2004. Today, the social insurance card is known as the health “eCard”; it plays a special role with high impact on the whole development process of the e-IDMS and has become a major carrier device of the CC function. However, this situation was shaped by several events during the innovation process which finally led to this combination.
Central stages of the innovation process
Since 2000, the idea of a “Citizen Card” for secure authentication in public online services has evolved, mainly framed by plans for public sector modernisation and the set-up of structures for e-government. The official starting point was a concordant government resolution on November 20th 2000 regarding the deployment of smart card technology for simplifying public online services for citizens (Hollosi et al. 2002). At this early stage it was intended to use the eCard as a Citizen Card, i.e. to integrate the CC-function (authentication/e-signature) on the card with the social security number as an ID attribute. There were also plans to use the Personal ID card as a carrier device for the CC in the context of an amendment of the Passport Act. The Ministry of the Interior presented a draft in November 2000; one of the changes referred to the creation of an electronic personal ID card which should also be used as a CC. As the personal ID card is not mandatory in Austria, only about 10% of the citizens own this card. For this reason, these plans have not been followed since then, although the legal possibility to use the personal ID card as a CC was created in March 2001. Instead, there have been consistent intentions to use the eCard as a major carrier token for the CC. In the June 2001 version of the technical CC specification it was proposed to “personalise and rollout the Citizen Card on the basis of the e-Card” (Leitold and Posch 2001). Due to privacy concerns, political objections and technical problems regarding the suitability of the social insurance number as a unique identifier in this context, these plans were abandoned. A further reason was the production delays of the eCard implementation.
The introduction of the Central Register of Residents (CRR) in 2001/2002 opened the path for alternative options regarding the ID model. Crucial was a report of the provincial e-government working group which named three variants for the ID model: one based on the social security number and two others rooted in the CRR-No. While the document showed a definite tendency towards using the CRR-No. as an ID attribute, the Data Protection Council considered the direct use of the CRR-No. to be problematic for the ensuring of privacy. For this reason, stakeholders finally settled on the third variant as an acceptable compromise (Bachofner et al. 2001): the current ID model is based on the encrypted CRR-No. (sourcePIN) without using it directly, but instead only for creating irreversible sector-specific PINs for authentication in online services. Hence, the originally envisaged ID model based on the HSS-No. was not implemented (cf. Karlinger et al. 2002). During the subsequent stages of the innovation process there were no further plans to combine the eCard with the CC. However, the eCard maintained its special role as a carrier device for the CC: in 2004 the situation was radically changed as the Social Insurance Act was amended and the integration of the CC-function on the eCard became explicitly allowed by law. Only a few months earlier (January 2004), the e-Government Act was resolved,Footnote 3 which legally defines the ID model of the CC and hence can be seen as its legal specification. The e-Government Act has been effective since March 2004. With the finalised rollout by the end of 2005 and the nationwide availability of the e-ID, the relevance of the eCard as a major carrier device for the CC successively increased.
Key characteristics of the e-IDMS in Austria
The core element of the Austrian system, the Citizen Card (CC), is not a specific card but a virtual concept which can be installed on different carrier devices (a more elaborate description of this and the further characteristics can be found in Aichholzer and Strauß 2009). Hence, a major particularity of the system is the possibility of using multiple tokens for carrying personalised electronic identity data (e.g. smart card, USB device, mobile phone) and the availability of different cards (e.g. ATM cards, e-Card, student card, employment ID of several organisations) with prepared optional Citizen Card function. Due to their broad penetration, smartcards are currently the preferred tokens for the Citizen Card. Despite the openness of the concept two cards have evolved as the main devices: the ATM card and the already mentioned electronic social security card (“e-Card”). With these cards, the nationwide penetration had been realised as every Austrian has an e-Card and about 80% of the Austrians hold an ATM card. Since the end of 2005, both devices have the “sleeping” CC-function built-in. However, the relevance of the e-Card has continuously increased over the innovation process. The CC was mainly created as electronic ID for online services, with a current focus on e-government. Although usage for e-commerce services is possible as well, currently, the only application is e-banking, for which it is rarely used. The CC combines two basic functions: the verification of the card holder’s identity and the authenticity of his/her request by the provision of an electronic signature in online transactions. Additionally, the CC can also be used for signing and encrypting content (i.e. personal documents, e-mails, etc.). Another important characteristic of the e-IDMS is its specific ID model and privacy concept based on sector-specific PINs which has evolved as a compromise between the goals and requirements represented by different stakeholders. The data stored on the card is PIN-protected in order to prevent unauthorised access. The amount of data stored can vary, depending on the carrier card. However, the minimum data on the card consists of: full name, date of birth, the source PIN as unique identifier and the cryptographic keys required for the e-signature and content encryption. For storage of personal content (e.g. documents such as a birth certificate), the card also has an integrated data box.
Techno-organizational infrastructure
For the provision of the e-ID in the form of the CC as the centrepiece, the Austrian e-IDMS is based on a complex infrastructure. The figure below shows a simplified picture of its crucial components (Fig. 2).
Techno-organisational infrastructure
As the CC-function is optional, it needs to be activated before first use. For this purpose, the user can visit a registration office (RO) or with the e-Card as carrier device, the full activation can also be conducted online. During the activation process, the card’s functions become set-up, i.e. the ID model and the e-signature become integrated on the carrier device. Although the integration of both functions is part of the activation process, there are different components underneath each function. The e-signature is based on a public key infrastructure (PKI), whereas all components and services regarding the e-signature (creation of public and private keys and certificates, validation, revocation, etc.) are provided by a Certificate Authority (CA). In Austria, this is the organisation a.trust, which is currently the only CA to issue qualified certificates for the CC, although law would allow several CAs. A.trust also co-ordinates the different types of ROs, e.g. banks, post offices, local administration offices (AFC 2007; Karlinger et al. 2002).
The ID model is based on the Central Register of Residents (CRR) which is administrated by the Ministry of the Interior (MI). Hence the MI acts as central identity provider on behalf of the Data Protection Commission as the appropriate authority for the ID model. The CRR is a national database that contains data of all Austrian residents (native and foreign). A 12-digit number is used as unique identifier for each data record in the CRR. This number is the central element for the whole ID model (AFC 2007). As unique identifiers allow the linking and profiling of personal data, they are a serious threat to privacy. Therefore, unlinkability is a substantial property “that must be satisfied in order to ensure privacy protection” (FIDIS 2007). In order to protect the person’s privacy, there is no direct use of the CRR-No. Only the so-called sourcePIN—a strong encryption of the CRR-No. is stored within the identity link (“Personenbindung”)—a separate XML-based data structure on the chip of the CC. As the name suggests, this identity link is used to link the CC to a specific person. This data structure is created and stored on the chip during the activation process (Hollosi and Karlinger 2005). Deployment of the sourcePIN outside the card is prohibited by law as it would still enable data linkage. Instead, the sourcePIN is only used to create sector-specific identifiers (ssPIN) that the public services use for the authentication of a person. These identifiers are based on an irreversible cryptographic function, and thereby its elements (e.g. the sourcePIN) cannot be recreated. The ssPINs are unique for (currently) 26 sectors (e.g. tax, health, education), whereas one ssPIN allows unique identification of a person only in the corresponding sector (AFC 2007). The number of sectors is legally defined in the Sector Separation Enactment (ESSR 2004). To prevent privacy infringement, by law it is only permitted to store an ssPIN within the sector it belongs to, or which is allowed to use it.
Handling and usage of the e-ID
Usage of the CC requires the activated card, a card reader, a PC with internet connection and special software, the so-called Citizen Card Environment (CCE). The typical processing of the e-ID during an online service can be described as follows (Fig. 3):
e-ID handling and usage
(1): The first step (after connecting to the service via web-browser) is the user authentication by inserting the card into the card reader and entering a PIN code. (2): The successful authentication allows the service to access the user’s identity data that is stored within the identity link on the card. (3): With the user’s name and date of birth, a confirmation for accessing the service is generated that has to be signed by entering the signature PIN. (4): After that, the service can actually be used, whereas the user typically enters personal data into several forms (e.g. income data for tax declaration). (5): When completed and to submit this data, again the user has to sign a confirmation to request the specific service and to confirm the data. (6, 7): During submission, the service requests the creation of the sector-specific PIN (ssPIN), that is submitted by the Back-Office. A ssPIN is deployed as an identifier for the user only in the sector the current service belongs to (e.g. tax). (8): After that, the service is finished and the data is further processed within the applications of the appropriate authority (e.g. local administration) that provides the current service. Depending on the application, further processing can be completely automated or with manual treatment by the administration office.
Actor constellation
The e-IDMS is a crucial part of the Austrian e-government strategy and therefore, stakeholders of this sector dominated the whole innovation process. E-government has been of high political relevance and is well institutionalised in Austria. Since 2006, the country has held a leading position in the EU in the provision of e-government services (CGEY 2006). The strong institutionalisation of e-government in Austria is reflected in the separate organisational units that have been created for gaining a clustered structure which allows a more co-ordinated planning of projects. Headed by the Federal Chancellery, the e-government platform “Digital Austria” (PDA)Footnote 4 is the umbrella unit and co-ordinates all e-government and ICT-related activities. The platform consists of inter-governmental working groups across all three governmental levels (federal, provincial, municipal) as well as representatives of the Chamber of Labour, the Chamber of Commerce and the Head Organisation of the Social Insurance Administration. These institutions played a key role in the concept for the e-IDMS as most relevant decisions were taken here, facilitated by a high level of co-operation. For the technical co-ordination and implementation, several technical actors are involved in the PDA as well and had high impact on the decisions regarding the e-IDMS design. They arranged most of the preceding activities for the decisions within the PDA. Especially the Federal Chief Information Officer (CIO) played a key role in this constellation. He is a senior academic authority expert in the field, installed in the Federal Chancellery, co-ordinates the PDA and is involved in several technical organisations that are important for e-government in Austria (AFC 2007). As such, the CIO was the main actor for the whole development process of the e-IDMS and the technical implementation of the Citizen Card. He is also the scientific co-ordinator of the Centre for Secure Information Technology (A-Sit), which was also involved in the CC implementation. A-Sit is the national confirmation body for electronic signatures in Austria and provides certain services regarding IT-security and cryptography. Together with the CA a.trust, A-Sit builds the fundament of the Austrian PKI. The organisation a.trust acts as trust centre and is currently the only CA in Austria, which offers qualified certificates required for the CC. A.trust creates all e-signature related components and provides services regarding e-signature for end-users.
For privacy relevant issues of the e-IDMS, the legal data protection institutions (Data Protection Commission—DPC and Data Protection Council) were embedded. The DPC is the central institution for all privacy related aspects in Austria. In the context of the e-IDMS, it is the appropriate authority for legal provisions regarding the generation and handling of the ID model. The council is an advisory board and observes the privacy situation in Austria. It had high impact on the innovation process as its statement regarding the requirements for using the CRR-No. as identifier was decisive among the main stakeholders for the conceptualisation of the ID model. Another major player in e-government and the e-IDMS infrastructure is the Ministry of the Interior (MI). It administers the CRR, acts as service provider for the DPC and as such creates the ID model and deploys all related technical services (cryptographic functions, ssPINs, etc.). The role of the MI significantly increased with the implementation of the CRR, which became the kernel of the Austrian e-government and in particular of the e-IDMS.
Outreach of card and usage of e-ID
The eCard rollout and the rollout of a new generation of ATM cards, both with the Citizen Card function integrated as an optional feature, were already completed by the end of 2005. As every Austrian citizen has held an eCard since then, nationwide penetration of the Austrian e-ID is basically provided. However, actual activation and usage of the CC are still far below the expected levels, in spite of the broad availability of an opt-in to CC based e-ID usage, and although several measures to stimulate application have been taken since the beginning of the rollout phase. Table 1 shows e-ID usage rates for three exemplified e-government services, including electronic tax declarations as the most widely used service gives an indication.
The number of transactions for tax declaration is especially significant as this is the most successful e-government service. (The figures should be seen against the fact that Austria has a total labour force of about 4 million). Almost 50% of all income tax declarations were transmitted online, but only a tiny minority (less than 1%) used the Citizen Card whereas the vast majority used available alternative forms of authentication (e.g. user name/password). The situation with the two other services, student grants and pension account queries, is different in at least one respect: for online use of these services authentication via CC is mandatory and hence the number of transactions with CC equals the number of online transactions. Online applications for student grants have only recently received special promotion and show some increase in 2008; but overall applications via CC still play a marginal role. The significantly higher CC usage rate for online queries to pension accounts is an exceptional case. The reason for the number of online transactions being equal to the number of online transactions using the CC is that this online service is only accessible with authentication by CC. The comparatively high usage level is partly explained by strong PR measures on the roll out of the electronic health insurance card (eCard) and the increased attention to e-health services among the general public. But this does not change the general finding that the rates of CC usage for online authentication are very low.
In view of this result, some important facts have to be noted. First, for the vast majority of online public services the Citizen Card is not mandatory for authentication but is just an additional option. Alternative forms of online authentication still exist in parallel (as well as traditional authentication in offline services). Second, the average number of contacts for a citizen with the public administration is marginal, i.e. approx. 1.7 contacts per year. It seems that citizens do not have enough incentives to use the e-ID. Third, this situation is aggravated by additional requirements made of users (card plus activation process, card reader, special software) and the learning costs involved. Moreover, there are several obstacles in the handling of the e-ID and its components in practice. Due to the technical peculiarities of the eCard, problems can occur with some of the CC features such as content encryption.Footnote 5 In some cases, generating the identity link can fail because of differences between a person’s ID data and the corresponding data stored in the CRR.
A number of actions have already been taken to increase the diffusion of the Citizen Card and to improve the usage situation. Since 2008, usage of the eCard as a carrier device has been completely free of charge. To reduce usability problems and user requirements, the user no longer needs to install additional software. Customised notebooks (labelled as “Citizen Notebooks”) with pre-installed card reader and software are available to facilitate the use of the e-ID.Footnote 6 Online access to the Citizen Card environment software is another offer to improve usability. Service offices and help lines were set up in order to support citizens in activating and using their e-ID.Footnote 7 Teenagers and students are being targeted as primary groups for further advancing CC penetration. Electronic voting is also regarded as a possible enabler for the Citizen Card in a medium-term perspective and pilot schemes for CC-based e-voting, such as the recent election to the Austrian National Students Union in May 2009, have been conducted. Promotion of the e-voting option and the CC along with this event has resulted in approximately 11,000 additional activations of CC functions on student IDs. Such support measures provided a modest increase of e-ID usage but did not boost the overall level significantly. As emphasised by some interview partners, efforts to increase diffusion among businesses and to create corresponding applications have been neglected up to now. Key stakeholders expect a longer time period of around 10 years is necessary for a broad take-up of the Citizen Card and consider diffusion among businesses as a crucial factor for the success of the e-IDMS.
The interplay of actor constellations, institutional context and path dependence
The outcome of the e-IDMS design process in Austria, i.e. the characteristics and usage of the system, can be traced back to influences of two major types: firstly, the specific goals of stakeholders acting in different relationships to one another, and secondly, the institutional and technological contexts which constitute structural opportunities and constraints in systems design. This section summarises the interplay between these two strands of explanatory factors with a focus on various forms of path dependence, including their role as constraints in design decisions. Figure 4 outlines major design paths and critical junctures of the e-IDMS development process in Austria and its outcome as represented by four defining characteristics of the system: technology neutrality, multiple ID tokens, a CRR-rooted ID model, and sector separation via ssPINs in practical usage.
Design paths and path dependencies of major e-IDMS features
Evolution of the technology-neutral approach with multiple tokens
The first impetus which set the initial course of technological and organisational development paths at a very early stage came from the initiative for a smart card system in the HSS field in the 90s. It prepared path determinants for both the technological path of smart card based ID tokens and the organisational path of the social security number as ID attribute. However, the decisive and more sustainable foundation of the design path was the European e-Signature Directive and its transposition into national law. Its regulation of different categories of e-signatures, security requirements, corollary components and legal effects, with a related EU Action Plan focussing on e-ID in cross-border public services, constituted a basic institutional path addressing e-government as a central policy and application domain. Within this basic determination of the design path there was still plenty of undetermined territory which was gradually narrowed in subsequent stages. The decision in favour of technology neutrality expressed by the idea of the Citizen Card as a virtual concept was largely born as a consequence of an institutional path dependence and guiding visions in e-government: since Austrian law does not prescribe a mandatory personal ID card, this card as a carrier of the e-ID function would have made no sense and called for an alternative. This was reinforced by principles of the e-government strategy which favoured open, technology-neutral platforms as preconditions for a future-oriented design, together with a deliberate policy of avoiding dependence on a single card provider given the monopoly position this would create. These basic decisions were also agreed among the various e-government bodies as ideas originating from a CIO with undisputed expert authority.
After the commitment to technology-neutrality, the scope of action was determined by the existing pool of suitable technological options. For a future-oriented e-IDMS, a consequence was the decision in favour of multiple carrier devices of the ID function, which meant different existing smart card types as well as other tokens such as mobile phones or USB-sticks. Smart card and cryptography technology represented the core elements of e-ID solutions providing the required penetration and security levels. These dominant components caused technological path dependence in favour of smart cards as carrier devices and intensive use of advanced cryptography techniques, particularly, as will be explained below, for privacy protection. As the Citizen Card is a virtual concept that can be installed on several different devices, it offers a relatively broad latitude regarding the details of the technological design. Therefore, the physical card characteristics played a minor role in the implementation as they can vary depending on the carrier device. At the same time, the renouncement of features such as biometrics or RFID was a deliberate decision in order to avoid obstacles for the diffusion process.
However, the possibility of multiple tokens and the lack of a mandatory ID also brought the challenge of achieving the nationwide diffusion of the CC. As the eCard is the closest equivalent to an ID card (every Austrian carries one), it suggested itself as a carrier device. Another candidate was the ATM card. Both became and still are the main carrier devices for the CC-function (although the breakthrough of the eCard only came after a period of interruption). Decisions and co-operations that made the eCard and the ATM card dominant tokens derive from their broad availability and the estimated synergy effects, e.g. higher usage frequency of social security and bank services, complementary objectives regarding security in e-banking and e-government. Interrelations between the main actors aided these decisions, as banks and social security administration are both members of the e-government institutions; furthermore, banks as shareholders in the CA a.trust initially had a greater interest in promoting the e-signature than is currently the case.Footnote 8 Partly due to delays in the implementation of the eCard, privacy concerns and the assumed synergy effects in the banking sector, the new ATM cards were the first to be provided with the CC-function. The eCard followed shortly afterwards, once its further development had been settled and privacy concerns had been defused (by the current ID model, avoiding the social security number as identifier for the CC). Because the expected self-amplification effects in the bank sector did not occur, and because the banks did not see positive market effects and preferred less complex solutions (e.g. TAN generators), the main stakeholders focussed more on the eCard as the dominating device. A further reason for this is related to the synergy effects, as health services are assumed to be used more frequently than other public services. The fact that the usage of the eCard as CC is currently free of charge and easier to handle thanks to the possibility of online activation has led to an active self-amplification.
There was also a “CC light” version with a mobile phone as carrier device; mainly because of its high penetration (almost every Austrian owns at least one mobile device). Due to technical difficulties in providing a qualified signature and low usage, this option was abandoned in 2007. However, by the end of 2009, a new version of the CC via mobile phone had been announced, because the technical problems had now mostly been solved through the new generation of mobile phones.Footnote 9 Thus the path was interrupted temporarily and is now about to be continued. Taking the parent path—multiple carrier devices—into account in this assessment, this could also be described as a temporary path restriction, followed by a path extension. Whilst the parent path of multiple tokens still persists, deviations can be observed in its sub-paths; i.e. regarding the mobile phone described, the initial plans to use the personal ID card that were abandoned mainly due to marginal penetration, and the eCard, which was already a preferred device at the very beginning but became increasingly important after an interruption only several years later.
A path deviation is also involved in the cryptographic techniques chosen. Due to the possibility of multiple tokens, there is a relatively broad range of permitted algorithms for creating the e-signature. However, the main carrier devices (eCard and ATM card) both use the ECC-algorithm (elliptic curve cryptography) for this purpose. The reason for this decision lies in the increasing importance of the technique, as ECC is more efficient than other cryptographic methods. Compared to mainstream standards for cryptography, this decision was a path change which the technical experts in the strategic e-government bodies assessed as being affordable because it was seen as more future-oriented.
Formation of the ID model and a mechanism for preventing linkability
The choice of the ID model, i.e. the basic identifier, provides a particularly interesting development with changing path dependences. Before the e-IDMS development started, there was a preference for the use of the social security number as identifier also across many different domains. Hence, the continuation of this path suggested itself, which is also reflected in the early smart-card pilot in the HSS sector. With the advent of the Citizen Card and the related broader scope of application domains, the HSS-No. proved to be insufficient for this purpose due to its lack of quality (as duplicates are possible). The introduction of the Central Register of Residents created a special window of opportunity. The CRR-No. provided a unique identifier for every Austrian citizen, something that had not existed before and hence was more qualified for the ID model without the weakness of the HSS-No. The key actors decided to build the ID model on this new identifier and, in doing so, deviated from the previous path of using the HSS-No. as identifier in different contexts. This substantial decision meant that the CRR became the core of the e-IDMS infrastructure. Hence, this decision implied the creation of a new path and at the same time of organisational path dependence for further developments.
The decision in principal to use the CRR-No. as a unique identifier for the e-IDMS raised the question of the form in which it should be used. It triggered a long-lasting debate between the stakeholders involved, with privacy issues being a crucial factor. The Data Protection Council made several critical statements about earlier intentions for a direct use of the CRR-No. as identifier. The predominant topic of the controversy was how to find a balance between simplicity and efficacy i.e., how simple should the approach be versus how to account for security and privacy. It was mainly the local authorities who favoured a rather simple solution with marginal complexity and would also have accepted the direct use of a unique identifier. Due to the DPCs’ expected rejection, a compromise had to be found and led to the final decision in favour of the current ID model using the encrypted CRR-No. (sourcePIN) and sector-specific PINs, i.e. the indirect use of the CRR-No. and a mechanism which should prevent cross-sectoral linkability. This variant was accepted by all stakeholders involved. In its resolution of October 15th 2001 regarding personal identification, the DPC approved this approach.
It is obvious that the solution that finally prevailed was decisively shaped by the existing institutional path, i.e. established national legal regulations (Data Protection Act, General Administrative Procedures Act) and underlines the institutional path dependence of the ID model. This also holds for the definition of sector separation in this model: the concept of ssPINs should permit cross-sectoral procedures and at the same time technically prevent illegal data linkage (cf. Arora 2008). As the different fields of competence in the specific administration areas (e.g. finance, social security/health, registration, education, etc.) are mainly determined by the constitutional allocation of rights and duties, this was one major basis for the definition of the (currently) 26 sectors as specified in the corresponding Sector Separation Regulation (“Bereichsabgrenzungsverordnung”) (ESSR 2004).
The new path created with the current ID model also led to greater latitude for further applications. For instance the e-IDMS, especially because of the ssPINs, supports an electronic census. Even though initial considerations about an e-census already arose with the creation of the CRR, according to the main stakeholders, this additional potential was not fully recognised at the beginning of the development process of the e-IDMS. The general conditions for this application were framed and implemented much later. The first test run having helped to identify incidences of incorrect data and therefore increased the data quality, this application is deemed to be one of the most successful government applications so far.
However, the chosen approach also evinces a sort of irreversibility. The ID model rests on a reorganised, complex and centralised infrastructure with new organisational units and new forms of co-operation among local government authorities, the Ministry of the Interior and the Data Protection Commission. Given the efforts and investments already made, further deployment of the current solution is to be expected. Whether there will be adjustments depends not least on the development of acceptance and usage of the e-IDMS. The problems experienced in this respect so far are partly to be explained by a combination of new requirements for users that did not exist before, existing alternative and simpler authentication options, and low incentives to invest in the use of a Citizen Card when on average a citizen has only a marginal number of contacts with government requiring authentication. Besides the need for specific items (i.e. card, card reader, software), citizens as well as business users are also confronted with new procedures (activation, handling of the Citizen Card). Overall, the e-ID brings additional organisational efforts and requires some IT know-how that cannot be taken for granted. Moreover the high innovative character of the system as a whole exerts substantial pressure for change on the units affected within public administration, especially in the practical handling of the use of ssPINs. This is one reason for the local authorities’ criticism of the ssPIN concept. This is mainly because of the concept’s high complexity and the in part low adaptability to the handling of this solution, especially in small communities. Hence, a stabilisation of the path based on the ID model with ssPINs is rather uncertain as long as the system does not bring increasing returns at lower administrative levels, so as to generate self-reinforcing effects.
Conclusions
The development and implementation of a national e-IDMS is a complex innovation process which is shaped by a variety of forces, leading to different outcomes in different countries. This paper has analysed the genesis of such a system in Austria and aims to explain how this system obtained its particular architecture and characteristics. The analysis was undertaken not only to improve the understanding of the innovation process and system transformation in Austria. Based on a common approach, the results will also allow for a comparison with similar innovation processes in other countries and thus will contribute to the enhancement of our understanding of the diversity of e-IDMS in Europe. The analysis has been guided by a theoretical framework which combines the approach of actor-centred institutionalism and theories of path dependence (PD). This combination allowed a focus on decisions and trajectories in the process of systems design, influenced by actor constellations and institutional contexts. The explanatory contribution of this approach concentrates on identifying crucial determinants of the process and its outcomes in terms of essential system characteristics.
PD concepts in particular account for effects of the existing previous system as well as other forces of persistence that confront the introduction of a new system of identity management. As suggested by more recent PD concepts, a more differentiated look at and analysis of specific causal mechanisms of PD proved essential. By identifying the underlying mechanisms of path-dependent processes at technological, institutional and organisational levels, it was possible to go beyond the trivial insight that “history matters” and to genuinely increase the explanatory potential of this approach. This was proven by its contribution to explaining design decisions and critical junctures of the e-IDMS development process. The analysis revealed mechanisms and circumstances that lead both to instances of path continuation and to deviation from an existing or constitution of a new path in design options.
The resulting architecture and peculiarities of the Austrian system have been summarised in the following key characteristics of the system: technology neutrality, multiple ID tokens, a CRR-rooted ID model with unique identifier, and sector separation via sector-specific PINs (as a privacy protection mechanism to prevent linkability). An explanation of these system characteristics has been derived from the interplay of specific actor constellations, institutional context and path dependence. The main lines can be summed up as follows:
The whole innovation process in Austria has been shaped by the leading role of key actors in the field of e-government, its strong institutionalisation, high-level political backing and cross-sectoral co-operation capacities rooted in political culture. The idea of a Citizen Card, a cornerstone of the e-IDMS, was a central element of the e-government strategy from early on. The principle of technology-neutrality of the Citizen Card concept and the associated principle of multiple tokens (ID carriers) originate from a combination of institutional PD (lack of mandatory ID card, guiding visions in e-government), technological PD (smart card and cryptography standards), supplemented by the striving for increased penetration and economic rationales (greater independence from card providers). At the very beginning there were plans to use the social security card as the main carrier device because it guaranteed maximum penetration. Due to problems regarding unique identification, privacy, and production delays, this technological path was temporarily abandoned. However, at a later stage it became practicable again in the form of the eCard which finally became the most important carrier device due to cross-sectoral synergies, once an option for unique identification had arisen: a window of opportunity opened up with the implementation of the CRR and was seized as a basis for the ID model. This decision involved the definitive abandonment of the continuation of the established organisational path represented by the social security number as basic identifier. Perceived advantages of the CRR-based ID model and technological complementarities of the CRR with other e-government functions argued in favour of the constitution of a new path. However, the final specification of the ID model in its present form was only achieved as a compromise after a long-lasting debate focused on privacy issues. Again it was mainly institutional PD (established regulations for privacy and administrative procedures, delineation of sectors according to constitutional rules) which explains the current solution with encrypted CRR-No. and sector-specific PINs.
This new path and its ID model also brought a greater latitude for further applications such as an electronic census. However, being based on the complex techno-organisational infrastructure of the CRR also created a new path dependence with a sort of “lock-in” or high degree of irreversibility, given the implied transaction costs with respect to potential change options. How relevant this issue will become in the future will depend on the success of the established path and this includes not least the development of acceptance and usage of the e-IDMS.
Notes
The collaborative project “Systemic Change of the Identification of Citizens by Government—Electronic Identity Management in Selected European Countries” is coordinated by the Institute of Information Management Bremen (ifib) at the University of Bremen and funded by a grant from the Volkswagen Foundation.
A brief explanation of these concepts is provided in the introductory chapter by Kubicek in this issue.
During the 46th National Council Session (“Sitzung des Nationalrats”) (XXII. GP) 29.01.2004 http://tinyurl.com/ycehbfo.
Some problems are documented in the web-forum of a.trust https://forum.a-trust.at/viewforum.php?f=18&sid=1beee25b10b76742230249abf7fb4e88.
Telekom Press release August 28, 2008 http://www.telekom-presse.at/channel_computing/news_34045.html.
Some of the major banks still hold shares, but with reduced interest in further investments.
See Der Standard, 19 November 2009. http://tinyurl.com/y8nchme.
References
AFC—Austrian Federal Chancellery. Die österreichische Verwaltungsorganisation [Administration in Austria]. Vienna: Austrian Federal Chancellery; 2007. http://tinyurl.com/y8h99j2. Last accessed 22 Jan 2010.
AFC—Austrian Federal Chancellery. Administration on the net—The ABC guide of eGovernment in Austria. New edition, Vienna: Austrian Federal Chancellery; 7/2008. http://tinyurl.com/cfat7q. Last accessed 22 Jan 2010.
Aichholzer G, Strauß S. Understanding a complex innovation process: identity management in Austrian e-government. In: Proceedings of the 10th Annual international Conference on Digital Government Research: Social Networks: Making Connections between Citizens, Data and Government. ACM International Conference Proceeding Series, vol. 390; 2009. pp. 230–239.
Arora S. National e-ID card schemes: a European overview. Inf Secur Tech Rep. 2008;13:46–53.
Bachofner A, Connert W, Grandits F. Bericht der Länderarbeitsgruppe e-Government für die Landesamtsdirektorenkonferenz [Report of the e-government working group of regional governments]04.10.2001. http://tinyurl.com/y8o4gnl. Last accessed 22 Jan 2010.
Beyer J. Pfadabhängigkeit ist nicht gleich Pfadabhängigkeit!—Wider den impliziten Konservatismus eines gängigen Konzepts. Zeitschrift f Soziologie. 2005;34:5–21.
CGEY—Cap Gemini Ernst & Young. Online availability of public services: how is Europe progressing? Web based survey on electronic public services. Report of the Sixth Measurement. 2006. http://ec.europa.eu/information_society/eeurope/i2010/docs/benchmarking/online_availability_2006.pdf. Last accessed 22 Jan 2010.
ENISA—European Network and Information Security Agency. Privacy features of European eID card specifications. Position Paper. February 2009.
ESSR—E-Government-Bereichsabgrenzungsverordnung [e-Government Sector Separation Regulation] resolved on July 15 2004. http://tinyurl.com/yv9g27. Last accessed 22 Jan 2010.
FIDIS—Future of identity in the information society. D13.6: privacy modelling and identity. 2007; http://tinyurl.com/dcxc9v 16.06.09. Last accessed 22 Jan 2010.
FRA—Meldegesetz 1991—MeldeG [Federal Registration Act] Bundesgesetz über das polizeiliche Meldewesen BGBl. Nr. 9/1992 idF BGBl. I Nr. 45/2006.
Hahnenkamp E. Melderecht—Grundseminar für den Rechnungs- und Verwaltungsfachdienst in den Gemeinden. 2007. http://www.burgenland.at/media/file/904_Mag._Hahnenkamp_Melderecht_07.pdf. Last accessed 22 Jan 2010.
Hollosi A, Leitold H, Posch R. Die Bürgerkarte: Basis und Infrastruktur für sicheres e-Government, Arbeitskonferenz Enterprise Security—Unternehmensweite IT-Sicherheit. March 2002. ftp://ftp.freenet.at/beh/buergerkarte-grundlagen.pdf. Last accessed 22 Jan 2010.
Karlinger G, Konrad D, Posch R. Weißbuch Bürgerkarte [Whitebook Citizen Card]. May 2002. http://tinyurl.com/c9qnlz. Last accessed 22 Jan 2010
Leitold H, Posch R. Weißbuch Bürgerkarte [Whitebook Citizen Card]. Zentrum für sichere Informationstechnologie (A-Sit). 2001. https://www.iaik.tugraz.at/research/publications/2001/Weissbuch.pdf. Last accessed 22 Jan 2010.
Lusoli W, Maghiros I, Bacigalupo M. eID policy in a turbulent environment: is there a need for a new regulatory framework? Identity in the Information Society (IDIS). 2008;1:173–87. doi:10.1007/s12394-009-0011-9.
Scharpf F. Games real actors play: actor-centered institutionalism in policy research. Boulder: Westview; 1997.
Schneider V, Mayntz R. Akteurzentrierter Institutionalismus in der Technikforschung. In: Halfmann J, Bechmann G, Rammert W, editors: Technik und Gesellschaft: Jahrbuch 8: Theoriebausteine der Techniksoziologie. Frankfurt/Main New York; 1995. pp. 107–130.
Stolzlechner H. Einführung in das öffentliche Recht, 3. Auflage, Wien; 2004.
Tálos E, Kittel B. Austria in the 1990s: The routine of social partnership in question? In: Berger S, Compston H, editors. Policy concertation and social partnership in Western Europe. Lessons for the 21st Century. New York: Berghahn Books; 2002. p. 35–50.
Werle R. Pfadabhängigkeit. In: Benz A, Lütz S, Schimank U, Simonis G, editors. Handbuch governance. Theoretische Grundlagen und empirische Anwendungsfelder. Wiesbaden: VS Verlag für Sozialwissenschaften; 2007. p. 119–31.
Wetzel A. Das Konzept der Pfadabhängigkeit und seine Anwendungsmöglichkeiten in der Transformationsforschung. Arbeitspapiere des Osteuropa-Instituts der Freien Universität Berlin Heft 52/2005.
Open Access
This article is distributed under the terms of the Creative Commons Attribution Noncommercial License which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Open Access This is an open access article distributed under the terms of the Creative Commons Attribution Noncommercial License (https://creativecommons.org/licenses/by-nc/2.0), which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.
About this article
Cite this article
Aichholzer, G., Strauß, S. The Austrian case: multi-card concept and the relationship between citizen ID and social security cards. IDIS 3, 65–85 (2010). https://doi.org/10.1007/s12394-010-0048-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12394-010-0048-9