e-Governance in the Information Society Erich Schweighofer University

e-Governance in the Information Society Erich Schweighofer University of Vienna Centre for Computers and Law

Outline o Particularities of e-governance n n o o E-persons E-transactions n n o Governance, cyberspace, applicable law, jurisdiction Competition of governance providers E-government E-commerce E-democracy E-documents o E-signatures Conclusions

Definition of Governance o UN Commission on Global Governance, Our Global Neighbourhood n o o The Report of the Commission on Global Governance (1995) chapter 1 „Governance is the sum of the many ways individuals and institutions, public and private, manage their common affairs. It is a continuing process through which conflicting or diverse interests may be accommodated and co-operative action may be taken. It includes formal institutions and regimes empowered to enforce compliance, as well as informal arrangements that people and institutions either have agreed to or perceive to be in their interest. “ Aim: rule of law as a efficient way of risk reduction by providing legal security Erich Schweighofer (2007) 3

Definitions of Cyberspace (1) o o Gibson (1991): metaphor for a new space in which through communication and data transfer certain actions are set New space for human activities where distance does not matter, e. g. communications, leisure (games, pornography), trading (e-commerce), participation (edemocracy), administration (e-government), working (? ) n US Supreme Court, United States et al v American Civil Liberties Union et al (1997) o n “ […] a unique and wholly new medium of worldwide communication. […] Taken together, these tools [email, mailing list servers, newsgroups, chat rooms, World Wide Web] constitute a unique new medium - known to its users as "cyberspace" - located in no particular geographical location but available to anyone, anywhere in the world, with access to the Internet. ” Council of Europe, Cybercrime Convention (2001) o […] By connecting to communication and information services users create a kind of COMMON SPACE, called "cyber-space", which is used for legitimate purposes but may also be the Erich Schweighofer (2007) 4

Definitions of Cyberspace (2) o o o Invisible, intangible, non-territorial (but: IPv 6 geographic-based unicast addresses), worldwide space (Grewlich 1999) Strong interaction with real world (people still live in real space; are always subject to enforcement of state of residence), but territorial approach is not sufficient any more No new territory (e. g. declaration of Barlow, cyberspace jurisdiction à la Johnson/Post) n Too strong interaction with real world n Persons may be very often in this space for some time, but they still live in a real physical world. n They are not away (concept: conflict of laws) and have no relation any more with a particular country! Erich Schweighofer (2007) 5

Multilevel regulation in cyberspace o Multilevel regulation (Engel): competition of different regulation providers on activities in cyberspace o Territorial o Topical o Sometimes a chaos resulting from various regulation endeavours n n n o Data protection (Child) pornography Lotteries Spam Nazi propaganda New challenge for risk reduction (e. g. providing legal security) as main aim of legal systems Erich Schweighofer (2007) 6

Cyberspace regulation (1) o Options of multilevel regulation n Cyberspace jurisdiction (Johnson/Post) o n Territorial jurisdiction o o n No acceptance Westphalian system; realist approach Problem of limited reach of powers of state authorities Personal jurisdiction o o o Liberal system (Slaughter): citizens have sovereignty; can give it to various organisations like state, NGO, or transnational corporations Option for states, sometimes used; but in general limited because of interference with territorial jurisdiction New “personal communities” with self-regulation (e. g. IETF, W 3 C, ICANN, information cities [ACM Feb 04] etc. ) Erich Schweighofer (2007) 7

Cyberspace regulation (2) n n n Technical regulation (software code = law [Lessig]) o o o n Fascination option with quite high efficiency Lack of regulatory control Requires some support (and correction) by territorial state Extraterritorial (unilateral) regulation of the territorial state (or supranational organisation) o n Developing, but: quite limited, focused on technical issues (IETF), ICANN in this respect quite unsuccessful Requires some support by territorial state Best option for uniform application of laws (e. g. USA, EU) International law o Public international law n Limited use, mostly co-operation Erich Schweighofer (2007) 8

Cyberspace regulation (3) n Conflict of laws (private international law, international penal law, international administrative law) n n n In the very end in case of lack of good rules: dispute settlement provider Tentative solution for unsolved balancing of realist vs. liberal approaches of regulation Present status n n States in (close) co-operation with International Organisations, NGOs, transnational corporations, citizens etc. Problems: chaos (e. g. no efficient regulation), dissens, extraterritorial regulation, self-regulation with lack of accountability Erich Schweighofer (2007) 9

Cyberspace governance providers (1) o Regulation agents, governance providers, legal systems, jurisdictions n n n o Regulation agents (Regulierungsagenten): (Kirchner, Lutterbeck) Transnational order (Jessups) with new forms of regulation International economic law (Georg Erler[1956]) “The Peer Production of Governance” (Johnson/Crawford/Palfrey Jr. [2004]) International Regimes (Young) Governance n States are the most important governance providers in cyberspace; but: o End of strict hierarchies (governance by government) o Competition of different regulation systems (governance with government) and others Erich Schweighofer (2007) 10

Cyberspace governance providers (2) n Characteristics o o o Exit option of citizens, companies and communities Governance by recognition Limited enforcement by territorial state and cyberspace

Cyberspace governance providers (3) o States n Territorial and personal regulation o Extraterritorial (unilateral) regulation o International Governmental Organisation (IGO) [community of states] o International Non-Governmental Organisation (NGO) [community of citizens (economic or non-economic)] o Transnational Corporations o Civil Society, (cyber)citizens Erich Schweighofer (2007) 12

e-person (1) o o Same person as in real life but without the real life context and acting in a artificial ICT world called cyberspace (e. g. very limited wits level, in input as well as in output) Problem: identity link, “biometric touch” Cartoon by Peter Steiner (1993). Reproduced from page 61 of July 5, 1993 issue of The New Yorker, (Vol. 69 (LXIX) no. 20. Erich Schweighofer (2007) 13

e-person (2) o Human person has a physical identity n n o Alive, age, face, body, behaviour, speaking, life context Can be easy checked; together with legal identity (identity card, passport) sufficient proof to do business e-person: human (or also legal) person with an electronic identity n Data entry in a trustable register o o o Credit card number Bancontact/ATM/Maestro E-mail Erich Schweighofer (2007) 14

e-person (3) IP number o Domain name o Telephone number, Skype identity, E. NUM o Source identification number (Zentralmelderegister-Nummer, Stammzahl) Personal data: CV, life context Some link with a „biometric touch“ o Secrete Information, private information o Possession: cards or dongles o User identity/password o PIN/TAN codes o n n Erich Schweighofer (2007) 15

e-person (4) Electronic signatures o Secure electronic signatures o Finger prints o IRIS scan o Genetic data o RFID chip Electronic expressions of will of person (that’s legally relevant) o o n n Fulfilling certain access requirements to the proper interface (e. g. user identity/password, special cards, place of PC) + providing additional secrete information + ICT activity (e. g. mouse click) Full substitute to paper signature Erich Schweighofer (2007) 16

e-person (5) n Risk analysis required in order to achieve a balance between costs (more security) and benefits (higher dissemination) o IT security people have maybe gone too far n o It may not be necessary for every business to go to the notary as it is now foreseen in the E-Signature Directive. Dark site: new crime called „personality theft“ n Another reasons to be very careful with personal data and data protection Erich Schweighofer (2007) 17

e-person (6) - robot o Robots n n n Intelligent machines with tool character Machines for the enlargement of human movement capabilities Mechatronics o o Replacement of humans? n n o „Embodyment“ of intelligence in a physical world Internet agents roboter No robots in the narrow sense but many if its characteristics: plane, house, car etc Not yet, maybe in 20 years Senses of robots not sufficiently developed Robot = legal person? No! n n Robot = intelligent machine Human being determines behaviour of robots and rules over robots Robot = messenger (Bote) Human being is liable for robot like for a (special) thing Erich Schweighofer (2007) 18

e-person (7) - software agent I o o o Software agents: Software modules with intelligence enabling unsupervised activity and co-operation with other agents n Automation of web applications, independent services on the internet Acts in cyberspace, no real difference between communications of a software agent and those of a human being Characteristics n Interaction o o n n n o Reactive behaviour Proactive behaviour Communication Mobility on the internet Learning capabilities Programming and knowledge representation Erich Schweighofer (2007) 19

e-person (7) - software agent II o Integrity and authenticity n Registration, o responsibility Types n User interface agents, network agents n Information agents n Multi-agents) o systems (co-operation with other Legal problems n Software agent = messenger? n Yes; no agent because the software agent has no acting power at all n Automatic will of software agent is attributed to responsible person. Erich Schweighofer (2007)

E-transactions o All human actions possible in cyberspace n n o Restricted by contraints of cyberspace o Information and communication Full potential not yet explored o E-government o E-commerce o E-democracy o E-entertainment & e-live (second life) Legal actions: no constraints any more from a technological or legal point of view (some exceptions!)

Legal acts in cyberspace (1) o o Conclusion of legal transactions, notice of documents, electronic decisions etc. with electronic signatures or equivalent procedures Private law n Electronic wills o o Will by person with electronic means (private autonomy) Will by computer n o Wills by software agent n o Computer = messenger; each declaration of will is covered by a general will of declaration and action of the responsible person. Software agent = messenger Wills by robot n n Robot = messenger Strict liability with insurance is desirable [Schweighofer in Christaller et al. 2001] Erich Schweighofer (2007) 22

Legal acts in cyberspace (2) o Public law (Austrian examples) n § 1 para. 2 signature law: applies also for electronic communications with courts and other authorities n E-government law: contains further provisions (identity, public documents) n Electronic submissions o Considered as written notifications in case of use of citizen card (Bürgerkarte) (identification) with electronic signature (authentification) n Electronic files Electronic decisions, minutes (§ 18 law on general procedures, e-government law) o E-signature or other suitable procedures o Erich Schweighofer (2007) 23

Legal acts in cyberspace (3) n Electronic communications o In case of electronic address o Official signature, encryption Erich Schweighofer (2007) 24

e-document (1) n documentum = proving certificate any discrete representation of meaning (in law in particular: will) Document: (lat) o n n n Usually: paper (hand-written, typed or printed) Now: "virtual" document in electronic (digital) format Prove is usually: o hand-written signature at the end of nicely structured document (maybe also paraphs) o context (paper, form, pen, finger prints, etc) File does not provide any proof but only information Problem: How do create similar proof of a signed written document? Erich Schweighofer (2007) 25

e-document (2) n Authenticity function n proves that the document remains unchanged. Hash values constitute the „finger print“ of file. Identity function o Document origins from its producer. n n Electronic signature § New form of declaration of will (key is known only to signer) § Biometric touch: signature card, password for signing (in the future maybe fingerprint) § Certificate: certification service providers establish identity of person with its e-signature Providing secure information in a secure environment § Credit card transactions § Problem: transfer of information transfers signature rights Erich Schweighofer (2007) 26

e-document (3) n n Signing (pressing the sign button) in a secure procedural environment § Problem: prove lies in the ICT environment that can be modified by highly qualified ICT experts (highest level security checks required) Editor problem o o o What you see is what you sign? Not guaranteed in an electronic document Dynamic text processors like Word for Windows may deceive you in small but important details Thus: Word is considered as not appropriate Eligible: PDF, simple text editors, XML editors Erich Schweighofer (2007) 27

e-document (4) o Best practise n n o Examples n n o XML document hash-code encrypted with secure e-signature encrypted (with different key) during transport Austrian Official Gazette Notaries in Austria: electronic notary acts Problem n Directive 1999/93/EC on a Community framework for electronic signatures [OJ L 13/2000, 12] o Legal recognition of electronically signed documents in order to stimulate market for European signature products Erich Schweighofer (2007) 28

e-document (5) o o o n n n Establish a European wide secure environment Transborder recognition of electronic signatures Gives recognition of e-documents with same value as written documents Maybe not sufficiently flexible in response to involved risks Secure electronic signature too often required Administrative signatures may be much more appropriate o o Finanz. Online, e-Justiz, A 1 Signatur Combination of secure + administrative signatures: Beamtenausweis - Austrian Ministry of Finance 29

Conclusions o Governance in cyberspace n Some particularities in comparison to traditional forms of legal governance o o n n E-persons E-transactions o o Broader view of governance; recognition quite important State looses monopoly of regulation; some competition between regulation providers existing and emerging E-document E-signatures Legal framework exists; fine-tuning necessary Still a lot of potential not yet used