legal framework of e-government
TRANSCRIPT
eGovernment Legal Framework | 19.11.2014 2 |
Typical E-Government-Process
eDelivery
servicebackofficeportal
HELP.gv.at
USP.gv.at
Electronic File System (ELAK),
Central Register,
Official Signature
eDelivery
www.zustellung.gv.at
1 2 3
eGovernment Legal Framework | 19.11.2014 3 |
Legal bases
Legal Bases
E-Goverment
Act
General Admin.
Procedure Act
1991
Electronic Signature Act
Delivery
Act
Data Protection Act 2000
Register of Residents Act
Fed. Law on
Associations
2002
Fee Act 1957
Register of Buildings and
Homes Act
eGovernment Legal Framework | 19.11.2014 4 |
Electronic Signatur Act
eSignature – overview and legal frame
EU Signature Directive (1999/93)
AT Signature Act (190/1999) plus amendments (2000,
2001, 2005, 2008 and 2010)
– AT Signature Ordinance 2008 (3/2008 replacing the
Ordinance from 2000)
AT E-Government Act (10/2004) plus amendments
(2008, 2009 and 2010): „Citizen Card Concept“
(combines qualified signature with eID)
eGovernment Legal Framework | 19.11.2014 5 |
eSignature – overview and legal frame
EU Signature Directive (1999/93)
– will be replaced by EU Regulation (2014/940) on electronic
identification and trust services for electronic transactions in the
internal market
– Includes eID and eSignature topic
– directly applicable in the member states!
– enters into force 1st July 2016
AT Signature Act and Signature Ordinance will be repealt
– there will be only a short Signatur Act for the supervision
AT E-Government Act
– will be amended
eGovernment Legal Framework | 19.11.2014 6 |
Types of electronic signatures in the SigG
3 different types of signatures:
electronic signature
advanced electronic signature
qualified electronic signature
– must fulfill all requirements of an advanced electronic signature
– based on an qualified certificate
– created by a secure signature creation device (SSCD)
eGovernment Legal Framework | 19.11.2014 7 |
General legal effect
Signature procedures with different levels of security and different
classes of certificates can be used for legal or commercial
transactions. (§ 3 Abs. 1)
The legal effects of an electronic signature and its use as
evidence can-not therefore be excluded merely by reason of the
fact that the electronic signature is only available in electronic
form, is not based on a qualified certificate or on a qualified
certificate issued by an accredited certification service provider or
was not created using the technical components and procedures
as defined in § 18 (§ 3 Abs. 2).
„Principle of non-discrimination“
Electronic Signatures must be admitted as evidence
eGovernment Legal Framework | 19.11.2014 8 |
eGovernment Legal Framework | 19.11.2014 9 |
Specific legal effect for qualified signatures
Qualified electronic signature fulfills legal requirement for a hand-written signature especially the requirement for the written form as defined in § 886 of the Austrian Civil Code (ABGB)
– unless a different definition is laid down by law or
– by an agreement between the parties
Exceptions of specific legal effect
Qualified signature does not have the legal effects of the written form in the case of:
– legal transactions under family and inheritance law which require the written form or a stricter formal requirement *
– other declarations of intent or legal transactions which require official certification, judicial or notarial authentication or a notarial deed in order to be valid *
– other declarations concerning land register, companies register or other official register *
– declarations of guarantee („Bürgschaftserklärung“) outside business activity *
* still possible if there is a declaration of a legal attorney or a notary that he has enlightened the signatory of the legal consequences of his signature
eGovernment Legal Framework | 19.11.2014 10 |
eGovernment Legal Framework | 19.11.2014 11 |
Certification Service Provider (CSP)
Certification service provider (CSP):
a natural or juristic person or some other legally
capable Institution, which issues certificates or
provides other signature and certification services.
CSPs shall require no special permit to establish and
exercise their activities, but shall immediately notify
the supervisory body of the establishing of activities.
– Only for CSPs which issue qualified certificates
Supervisory Body is
Telekom-Control-Kommission / RTR
eGovernment Legal Framework | 19.11.2014 12 |
Issuing of qualified certificate
CSP (or an institution acting on his behalf) has to
prove the identity of natural person by
an official photo ID (“Lichtbildausweis”) or
verifying by the others in its reliability equivalent
documented or documented evidence
– e.g. “RSa-Brief”
eGovernment Legal Framework | 19.11.2014 13 |
E-Government Act
citizen
card
identity-link
mandates source PINsector
specificeID
source PINREGISTER
supplementREGISTER
standard-documentREGISTER
officialsignature
Registerqueries
eGovernment Legal Framework | 19.11.2014 14 |
eGovernment Act the main legal basis
entered into force on 1st March 2004
designed especially for the electronic communication between citizens and the business world with and between public administrations (eGovernment Act)
considers Data Protection
Barrier-free access to websites
eGovernment Legal Framework | 19.11.2014 15 |
The Austrian citizen card
Card based (e-card, …)
Mobile phone signature
eGovernment Legal Framework | 19.11.2014 16 |
Implementetion of this function
§ 4 Abs. 2 E-GovG:
The unique identifcation of an natural person results of
his/her Source-PIN
(= encrypted Number of the Central Resident
Register/CRR)
§ 4 Abs. 4 E-GovG:
The authenticity of the electronically electronically
submitted application is provided by means of the
electronic signature.
eGovernment Legal Framework | 19.11.2014 17 |
Central Register of Residents
Each resident has a unique number (ID) „ZMR-Zahl“ in the Central Register
of Residents (CRR)
CRR
SupR
eGovernment Legal Framework | 19.11.2014 18 |
Online identity = CSP + public register
Trust center: Certification Service Provider(CSP)
public sector registries
CRRBMI
Electronic Identity
CSPA-Trust
CSP…
SupplementaryRegister
eGovernment Legal Framework | 19.11.2014 19 |
Function of the cititzen card
The citizen card serves as proof
the unique identity of a person and
the authenticity of electronically submitted application
That means, that the citizen card is:
E-Identity Document and
Handwritten Signature on the internet
eGovernment Legal Framework | 19.11.2014 20 |
Sector specific approach in Austria
Austrian eGovernment Act:
The base registers provide for unique
identification
The SourcePIN represents the
uniquely identified person; it is a
hidden number, stored only in the
Citizen Card, which is in the
possession of the data subject
In government data bases only the
appropriate sector specific PIN
appears for identifying data subjects
Sect.spec.PIN
SourcePIN
Base register(s)
eGovernment Legal Framework | 19.11.2014 21 |
Electronic identity of natural persons
Central Residents Register
Number (CRRegNo)
Source PIN
ssPIN
education
ssPIN
Soc. Sec.
ssPIN
taxation
ssPIN
…
Base
RegistersSupplementary Register
Number for non-residents
eGovernment Legal Framework | 19.11.2014 22 |
ssPIN: Generation
Conversion impossible!
ssPIN a
e.g. taxes & dutiese.g. constructing &
living
ssPIN b
irreversiblederivation
Source PIN
eGovernment Legal Framework | 19.11.2014 23 |
eID citizen card function
Bank cards
Health insurance card
Affinity cards
Mobile phones
Access to e-business:• eBanking
• eBilling
• eProcurement
• CyberDoc
• Archivium
• eDelivery
Within administration:• eSignature
• eRegisters
• eFile System
Access to e-gov:• eForms
• eHealth
• eDelivery
• eDocument-Safe
• eUniversity
• eVoting
eGovernment Legal Framework | 19.11.2014 24 |
Mobile phone signature
server-based citizen card solution for
qualified electronic signatures via mobile phone
familiar technology and comfortable alternative to the
current smartcards
important step towards usability and dissemination of
modern eGovernment services because
– no software installation on the local PC, just the browser,
– no special computer skills and
– no card readers are needed for use.
No requirement on the mobile phone or SIM
– Just receiving SMS
eGovernment Legal Framework | 19.11.2014 25 |
Mobile phone signature
Core Aspects
– Operated by a Certification Service Provider
(CSP) for qualified certificates
– Signature-creation data (cryptographic keys) kept
at CSP but controlled by the signatory
• 2-factor authentication (knowledge &
possession) as known from smartcards
– Secure Signature-Creation Device
• 1999/93/EC Annex III, confirmed by a notified
body
eGovernment Legal Framework | 19.11.2014 26 |
Registration possibilities
„self registration“ using a qualified
signature (existing citizen card):
https://www.handy-signatur.at/
Registration authorities/ registration
officers at various institutions (finance authorities,
expanding: post offices…)
https://www.a-trust.at/Aktivierung/ro/OfficerData.aspx?t=mobile
Using „trusted systems“ (currently e.g. FinanzOnline,
registration via online banking in cooperation with telecom providers)
eGovernment Legal Framework | 19.11.2014 27 |
E-Government Act
officialsignature
eGovernment Legal Framework | 19.11.2014 28 |
Use of eDocuments (Validity)
Electronic documents need the potential for being
authentic
Even if printed on paper such documents shall keep
validity
Official signatures serve to facilitate recognition of the
fact that a document originates from an authority
„Official signature“ of documents
It facilitates recognition of
the fact that a document
originates from an authority
It has to be visualized with
certain elements
eGovernment Legal Framework | 19.11.2014 29 |
eGovernment Legal Framework | 19.11.2014 30 |
Official Signatur (Amtssignatur)
only for signing by of the public sector
at least advanced electronic signature
The signature certificate includes a specific attribute,
which only the public sector is allowed to use
Signatory can also be a legal person or other legal
entity; that means that an authority may act as
signatory
Official signature can be based on software-based
server certificate
eGovernment Legal Framework | 19.11.2014 31 |
Concept of official signatures
date and time
logo of
authority
validity hint
signing person
(function)
Check
information
Different implementations rgd visualization
eGovernment Legal Framework | 19.11.2014 32 |
Minimum content:
• logo of the authority
• Explicit information
that it was “officially
signed”
• Information needed
for the verification of
the electronic
signature and the
printout
eGovernment Legal Framework | 19.11.2014 33 |
Logos of the public sector
https://www.help.gv.at/Portal.Node/hlpd/public/content
/221/Seite.2210001.html
Signature verification
Follow the link in
the individual
document for
information or
go directly to the
signature
verification
service of the AT
Supervisory
Authority for
electronic
signatures
eGovernment Legal Framework | 19.11.2014 34 |
www.signature-verification.gv.at
The verification procedure and result
Upload doc.
See:
– Signatory
– Verification
successful
– Valid
certificate
chain
– (Poss.
manifest)
– Link to
detailed report
eGovernment Legal Framework | 19.11.2014 35 |
Detailed report (signed by RTR)
eGovernment Legal Framework | 19.11.2014 36 |
Details on
– Certificate
– Signature type
– Signature
attribute „official
signature“
– …
Signed by
Supervisory
Authority
eGovernment Legal Framework | 19.11.2014 37 |
Probative Value of Printouts (§ 20 E-GovG)
electronic official signed document is always
considered as original = authentic public document
(öffentliche Urkunde)
also an electronic document of an authority (e.g.
“Bescheid”) printed out on to paper is assumed to be
authentic (§ 292 ZPO)
regardless of whether authority or recipient prints the
official signed document
eGovernment Legal Framework | 19.11.2014 38 |
Documents issued by Public Authorities
§ 18 of the General Administrative Procedure Act 1991 (AVG) foresees that (since 1.1.2011)
– Official documents issued electronically have to bear an official signature (§ 19 E-GovG)
– Official documents issued on paper have to be • manually signed by the official approving the document or
• manually certified by the office, indicating that the document corresponds with the document approved by the responsible official or
• the paper document is the printout of an electronic document which bears an official signature. In this case, no further requirements need to be met.
eGovernment Legal Framework | 19.11.2014 39 |
General Administration Procedure Act (AVG)
eGovernment Legal Framework | 19.11.2014 40 |
Submissions/Applications (Anträge)
Submissions may be filed in writing, orally or by
telephone (§ 13 Abs. 1 AVG)
Written submissions may be communicated to the
authority in any technically feasible form
by e-mail however to the extent that no specific means
of communication are provided for the electronic
communication between the authority and the persons
involved. (§ 13 Abs. 2 AVG)
e.g. e-form
eGovernment Legal Framework | 19.11.2014 41 |
Submissions/Applications (Anträge)
Eventual technical requirements (file format, interfaces)
or
organisational restrictions of the electronic
communication between the authority and the persons
involved (time limitation, certain e-mail-address)
are to be published in the internet
– is no enabling provision, but merely a publicity requirement for
any organizational rextriction (VfGH-Erkenntnis 106/2013-10
vom 3.3.2014)
– Sending an application to an other e-mail-address than the
published, bears the risk of loss or of delay of the application
eGovernment Legal Framework | 19.11.2014 42 |
Submissions/Applications (Anträge)
the authority is obligated only during office hours to
accept submissions in writing or
operate receiving appliances (Fax!)
the office hours and the hours for the public are to be
published in the internet (§ 13 Abs. 5 AVG)
– AVG links only to the organizational set office hours and their
publication in the internet
(VfGH-Erkenntnis 106/2013-10 vom 3.3.2014)
eGovernment Legal Framework | 19.11.2014 43 |
Submissions/Applications (Anträge)
Therefore, on the basis of the right to organize,
possibilities of the authority (with procedural
consequences):
e-forms instead of e-mail
set the file formats
time restrictions (on office hours)
certain e-mail addresses
eGovernment Legal Framework | 19.11.2014 44 |
Service of documents (delivery act)
eGovernment Legal Framework | 19.11.2014 45 |
Delivery (in general)
e-mail: delivery unverifialbe
electronic delivery:
– official documents are transmitted electronically
– with or without proof of delivery
– unique identification of recipient
• substitute for registered mail
– No Spam!
eGovernment Legal Framework | 19.11.2014 46 |
Electronic Delivery (Zustellgesetz)
transmission of documents in execution of the
laws (§ 1 ZustG)
not applicable for private sector
different regulations for finance authorities
(Finanz Online!) and
courts of law (ERV – Elektronischer
Rechtsverkehr für Gerichte)
4 Types of electronic delivery (ZustG)
1. delivery to an electronic delivery address (e-mail)
– without proof of service
2. via the electronic communication system of the authority
(§ 37 ZustG)
– without proof of service
3. immediate electronic release (§ 37a ZustG)
– without proof of service exept citizen card was used for logon
eGovernment Legal Framework | 19.11.2014 47 |
4 Types of electronic delivery (ZustG)
4. e-Delivery via electronic delivery service providers
(§ 35 ZustG)
– delivery with proof of service (like Rsa/RSb in paper)
– delivery confirmation through using the qualified electronic
signature of the citizen card
– cititzen card is mandatory
– service provider are authorized (§ 30 ZustG) and
– supervised (§ 31 ZustG) by the Federal Chancellor
eGovernment Legal Framework | 19.11.2014 48 |
eGovernment Legal Framework | 19.11.2014 49 |
e-Delivery via electronic delivery service
providers
1) document
transmitted by
administration
2) eMail notification
3) eID and signature based login
(to confirm receipt)
4) deliver document content
eGovernment Legal Framework | 19.11.2014 50 |
Notification through delivery service provider
e-Delivery via electronic delivery service
providers:
2
2. Electronic notification (if the document is not picked up within 48 hours)
3
3. postal notification (if the document is not picked up within the subsequent 24 hours and if
addressee has notified to the delivery service provider a delivery address)
1
1. Electronic notification (immediately to all electronic addresses)
eGovernment Legal Framework | 19.11.2014 51 |
e-Delivery via electronic delivery service
providers: delivery effect (Zustellwirkung)
Document is at the latest considered as delivered
when picked up (§ 35 Abs. 5 ZustG)
else on the first workday after the 2nd electronic
notification has been sent (§ 35 Abs. 6 ZustG)
else on the third workday after sending the (3rd) postal
notification, if a postal delivery address has been
specified (§ 35 Abs. 7 ZustG)
– delay because of absence until return to delivery place
(“Abgabestelle”) on the following day possible
Document is considered to be delivered without being
picked-up by the recipient
Thank youfor your attention!
Dr. Bernhard Karning
Federal Chancellery of Austria
Section I/Department 11
E-Government –
Legal, Organisational and International Issues