'The pillars for electronic communication and interaction are security and trust', pointed out the Chair of the parallel session on Security and Infrastructure, Peter Kustor, Head of eGovernment, Federal Chancellery, Austria.
'Looking back to the "signposts" paper of 2005 and Manchester and the eGovernment action plan, it is clear that eID and eSignatures are clearly highlighted as key enablers for eGovernment. But the paradox we face is that despite this cross-border interoperability of eSignatures and eID have not been priority issues for Member States. They are still being dealt with on a national and not European level'.
'And the problem here is not primarily a technical one', he said. 'The solutions are indeed out there. The stumbling blocks are principally legal and organisational problems'.
The parallel session looked at the issues of the mutual recognition of signatures, eID interoperability and cross-border interoperability and infrastructure services.
'Regarding eSignatures, it is evident that the solutions being implemented are predominantly PKI based. The sector is indeed governed by the eSignatures Directive but', Peter Kustor pointed out, 'the national exceptions permitted are too wide'.
'In practice the interpretation is quite extensive and this is leading to interoperability problems', he said.
A lot of discussion centred on the detailed study undertaken by the Commission: the ‘Preliminary study on the mutual recognition of eSignatures for eGovernment applications’ which highlights the challenges and presents possible routes for finding solutions.
One of the main problem areas is that of signature validation. One approach is to establish a list of certification service providers at EU level. Another approach is the creation of a federated authority to set up a validation platform.
'The main issues here are first and foremost legal issues and not technical ones. These have to be sorted out first', Peter Kuster said.
Liability questions arise when we talk about a qualified certificate. Can I rely on the gateway or the validation authority? Or does it have no legal relevance. Just where does the liability lie in these systems? 'We have a picture for the technical solution, but there are some important legal questions to be sorted out'. The discussion on eID concluded that it is not harmonisation we should be aiming at, but the interoperability of the national solutions. Indeed progress is well advanced and eID cards are already in process in 21 countries with 7 already issued and 14 planned.
The Commission’s study on eID discussed one possible approach involving pan-European Proxy Service Providers (PEPS), and also a second middleware approach.
The solution may well be found through the STORK eID Large-Scale Project which will look at both approaches. Peter Kuster said that 'IDABC has a strong role to play in finding the appropriate solutions' and he concluded that 'a great contribution has been made through the technical studies'.
It was clear from the discussion in the Parallel Session that IDABC can provide further added value. A new study on legal issues surrounding eID will soon be forthcoming.
Article published in Synergy 10 - Special Edition
|
Print
