information society with absolute trust in the services
DESCRIPTION
Personal data residing or in transit, across and between administration networks are the focus of extensive security efforts. Encryption should be deployed judiciously. In this presentation, check how we safeguard information, processes and procedures in three practical cases: • Data-processing tools to fight social fraud (OASIS datawarehouse) • Sign and deposit of notary acts (e-Depot platform) • Identity Management at European-level (Services directive)TRANSCRIPT
page 1
Gov IT Summit 2009 – Antwerpen, 21 Septembre 2009
Information Society
with Absolute Trust in the Services
Luc Gathy
page 2
What citizens expect ?
Factors encouraging the use of e-ID
The assurance that the law on data protection is complied with
The guarantee that the data is not sold on or re-used
A label or logo proving that the service is secure
An individual file of my data and transactions so that I know
what information about me is held
Obtaining a receipt after providing information
Information on the information system
Information on how the data I have provided is used
Testimonies of people who have used the system.
page 3
What citizens expect ?
Factors encouraging the use of e-Services
If my privacy is completely respected
If I can choose which personal data I want to provide
If the service is free
If the service saves me time
If it is very easy to register
If my friends have strongly recommended it to me
Who should offer these services
A government organization (federal, local),
A company, a specialist service provider
A non-profit organization
page 4
To summarize ...
Active and responsible relation is expected with Public Services
Simplification and rapidity as issuing conditions to the usage of e-
Services to organize “my” everiday life
Transparency
Methods of conserving and consulting data
Conditions for storing this data
Controls in place, also for subcontractors involved in processing
the personal data
Consistency intra- and between platforms (codes, signs and products)
No extra cost
page 5
e-Depot :Overview
National
register
e-Notariat
interface
Bis
register
Company
register
Justice
files
Moni-
teur
Belge (*)
e-Gov
interface
Notary
Clerk Citizen
1 3 4 52
Write deed
and extracts
Update e-Gov
sources
Deposit digital
deed
Monitor the
status of
deposits
Consult
authentic
sources
Dep.
Inneres Dep. Economy Department Justice
Social
security
(*) Belgian Official Gazette
page 6
e-Depot: Partnership & SOA infrastructure
(3)
4
5/76
KFBN ServerNotaris
Notaris
Notaris
FSB Server
Real Card
RRN Server
Servercertificaat
2
KSZ Server
1
FOD/Economie
Server
FOD/Justitie
Server
Nat NrNat Nr
Nat Nr
eID
eID 4
4
ü S
AM
Lassert
ion
eID
Logs
Servercertificaat
Notary
Notary
Notary
FRNB Server Federal service
bus (FSB) Server
Social security
Server
National register
Server
Dep. Justice
Server
Dep. Economy
Server
Tracebility through “Certificates chain”
and “Timestamping” (XAdES standards)
page 7
e-Depot: New workflow
FSB -NOTKFBN
FOD
Justitie
FOD
Justitie BS
FOD
Economie
FOD
Justitie
FOD
Economie
Notariaat
( New Enterprise number created )
Forward of the final status to
the network
RRN
KSZ
FOD
Economie
Find a moral person (company’s /
enterprise’s)
-F
eder
al s
erv
ice
bu
s (F
SB
)
FR
NB
Po
rtal
Creation of a new enterprise
Notary
Deposition of deeds
( Submission of files,
number & date of deposit returned )
Activation of the enterprise
Publication in the “Moniteur”
( Date of publication)
Dep.
Inneres
Creation / Update of data
Find physical(s) person(s)
by National number
Dep.
economy Deed preparation
Deed processingDep.
economy
Social
security
Dep.
Justice
Dep.
economy
Dep.
Justice
Dep.
Justice
Dep.
Justice
Moniteur
Belge
Find foreign natural
person(s)
e-Depot
(web)
services
FMOP
FPHP
PRSU
FPHP = Manage phy sical person details
FMOP = Manage mo ral person details
PRSU = Process sub mittal of an electronic
notary deed
page 8
e-Depot: A best practice
http://www.epractice.eu/cases/edepot
We meet the “Trust” requirements:
Recognition:
&
« Authentic digital
Act
Signed
Electronically »
page 9
OASIS: Overview
Travail-
leurs
Vue «Travailleur »
Vue «Employeur »
Actions sur les
«Sources authentiques»
Employ-
eurs
Registre national
Chantiers
(Construction)
DMFA
Comptes &
recouvrements
Dimona
Chômage
(ONEM)
Fichier
Clients-fournisseurs
Déclarations
TVADettes TVA
page 10
OASIS: Outputs
page 11
OASIS: Outputs
9
page 12
OASIS: Outputs
page 13
OASIS: Recognition
“Crime such as fraud cause loss of revenue and require human resources
to trace and handle them. Electronic systems for fraud detection can
increase the detection rate by automatically carrying out checks and
controls.
The Belgian Anti-Fraud Datawarehouse project has developed a model
whereby the need for precious resources in terms of both time and
personnel has been cut and which has enabled more focused
investigations leading to an increased apprehension rate.
This example also illustrates as possible solution to tackle issues related
to security and trust, a major concern for both front and back office users
and for clients.”
Ecrit par Christine Leitner (Head of eEurope Awards Project Management
Secretariat and Senior Lecturer, EIPA Maastricht) dans la revue “Eipascope”
numéro 2004/1 page 40.
More details: http://www.epractice.eu/cases/OASIS2
page 14
OASIS: What about « Big Brother » syndrome ?
« Commission for the protection of privacy » special autorisation:
Délibération n° 01/06 du 6 mars 2001 relative à une demande du Ministère
des Affaires sociales, de la Santé publique et de l'Environnement pour la création et la
gestion d'une banque de données OASIS, en vue de la lutte contre la fraude sociale dans les
secteurs de la construction, de la construction métallique, de l'électricité et des parcs et
jardins.
Délibération n° 05/001 du 18 janvier 2005 relative à la création et gestion
de la banque de données OASIS en vue de la lutte contre la fraude sociale - Extension de
l'autorisation comprise dans la délibération n° 01/06 du 6 mars 2001.
Encryption of the personal data
For the detection process
... With limited opportunities to retrieve the original version
In the investigation process
page 15
Positioning of Belgium
Reliability of our Civil Register (Parent database)
Contains the “founding documents” upon which identification
security is to be based
A unique identification system
Not multiple unified or partitioned
Traceability of all transactions performed, e.g. by Civil servants
Example: “Mondossier” or “MyFile”
e-ID as an electronic identification system guaranteed by the State
A “Service-oriented” State in construction
For the Individual/Citizen: State’s back office own structure hidden
(“Citizen Centric”), facilitation for learning, promoting the service,
accessibility and responsiveness (face-to-face and electronic)
For government bodies: Migrate from paper-based to electronic
culture, prioritization of the need for transparency, maintain “Social
cohesion”, cross-functional shared framework (for the fluidity of the
processing), Circle of Trust, legal validity of paperless procedures.
page 16
Positioning of Belgium
Protection of individual’s privacy and personal data
Principle of “end goals” (bind to mandates) and
“proportionality” (Example: Driving licence = 18 or over No need to
know the age or date of birth)
Five Trusted party commissions for privacy protection,
compartmentalized by domain;
Public-sector administration/Interior ministry
Finance
Health
Social matters
Justice
Introduction or mixed access to commercial and non-commercial
services carried out with great precision.
... And ensuring the public’s interests !
page 17
Services Directive: Overview
Abolish restrictive legislation and practices hindering service providers
Set up Point of Single Contact
Applicants must be able to:
– Find rules and formalities they need to comply with
– Complete applications electronically (submit application forms,
supporting documents, fee payment)
Administration co-operation improved with counterparts in other EU countries
Prestataire
de services
« Interlocuteur
unique »
Guichet
Unique
Autorités Compétentes
Prestataire
établi
Prestataire
non établi
page 18
Services Directive: Issues
Recognition of electronic documents across Member States (MS)
borders, requires:
Common set - or at least understanding – of signature and
document formats (structured and unstructured)
Necessary information for validation of e-Docs
Signature format for (qualified) electronic signature should be
defined
Date of public registers has to be accessible (read only) to
authorities of MS, involves questions:
How to identify a requesting authority? eID LSP STORK
How to search for and find a certain record in accordance with
national data protection rules?
How to retrieve and validate it?
page 19
Services Directive: Issues (continue)
SP
SP
SP SP
SP
SP
IdP
IdP
IdP
FAS
IdP
PsC
Federal Authentication Service
CA
CA
CA
CA
Point of Single Contact
Authentication Service
+
Federated Identity and
Access Management (FIAM)
+
Trust relationship
SSO
IdP: Identity provider
SSO: Single-sign-on
SP: Service provider
CA: Certification authority
page 20
Services Directive: Issues (continue)
e-Procedure e-Doc safe
e-Delivery
service
MS A
MS B
Additional
issues
page 21
Services Directive: Issues (continue)
National e-delivery systems have to become interoperable:
How can a sending authority find the appropriate messaging
service?
How to interface with it?
How to identify individual recipients and their addresses?
How to get confirmation of delivery and receipt?
Data safes can make online transactions during an official
procedure more efficient, comfortable and user friendly, but:
How to access an e-Document safe of MS A across borders
during an electronic transaction in MS B?
How to retrieve a particular document?
How to authorise public authorities for asynchronous access to
data safes?
Is there a need for a standard document inventory to find
equivalent in other MS?
page 22
Services Directive: Issues (continue)
Cross border payment of administrative fees:
Service providers should be able to use their local payment
system (e.g. credit card and online banking) with foreign public
administrations
Common service directory needed:
Description of service interface as well as of process models
Service orientation independently of a particular national portal
Allowing integration (partial or complete) in others MS !
page 23
Conclusion
Authority
Trust
Traceability
Transparency
= Four “untouchable” fundamental components !
Included in our future work to avoid…
page 24
Q&A