e-GOVERNMENT IN FINLAND - ePractice.eu
e-GOVERNMENT IN FINLAND - ePractice.eu
e-GOVERNMENT IN FINLAND - ePractice.eu
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
3.3.2 Types of barriers<br />
119. Respondents to the OECD survey identified four technological challenges as the most important:<br />
privacy and security, rapid technological change, standards, and integration. As internal integration is not<br />
considered to be an external barrier for the purpose of this report, it is covered in Part 5.5.1, “Promoting<br />
organisational change”. The other important barriers are discussed in turn.<br />
Privacy and security<br />
120. Respondents see privacy and security as the highest overall challenge , even though, as discussed<br />
in the part on legislative and regulatory barriers and in the case study on electronic citizen ID (see<br />
Parts 3.1.2 and 6.2), much of the groundwork has been laid to allow electronic identification and<br />
authentication in support of secure transactions.<br />
121. An identification and authentication framework is an essential element for the delivery of the<br />
most advanced electronic services which allow online transactions and datasharing. The framework makes<br />
it possible to verify that online users are who they say they are, thus ensuring the security of online<br />
transactions. Methods can range from a simple username and password to a public key infrastructure which<br />
allows the agency to verify user identity.<br />
122. The 1998 Resolution on Electronic Transactions, the Development of Online Services and<br />
Reduction of Data Gathering set a target of establishing an electronic identity card by 1999. As the citizen<br />
ID card allows a service provider to verify the owner’s identity, by checking with a third-party certificate<br />
holder – in this case, the Finnish Population Registry Centre (PRC) – this necessitated the development not<br />
only of a smart ID card (see Box 3.3), but also of a PKI infrastructure to support authentication<br />
transactions. This included making card readers available in institutions and people’s homes so that the<br />
card could be used. The electronic ID card and card reader require an up-front payment, though there is no<br />
additional charge for each subsequent transaction. It also required building support among service<br />
providers to adopt the process and/or develop services that incorporated it and to convince users to buy the<br />
resulting card once it became available.<br />
123. By launching a general card rather than targeting a specific service or even a specific population<br />
or institution, such as a university or hospital, the Finnish government ventured into a much more diffuse<br />
and unpredictable market over which it had very little control. The Government seems to have learned the<br />
important lesson that e-enablers need to be developed with the accompanying services in mind. If those<br />
services do not yet exist, it should either reconsider moving ahead of the market or develop an<br />
accompanying plan to develop those services. As one interviewee noted wryly, “Finland is good at<br />
building infrastructure, but not so good at providing content.”<br />
124. Despite criticism of the process of developing the citizen ID card and the disappointing number<br />
of users, a robust verification infrastructure is now in place that can be used and adapted for a variety of<br />
transactions, in both the public and private sectors. The real danger, however, is that after such an<br />
investment of money and resources, technological advances will result in competing solutions that are<br />
equally secure, while also being simpler, less expensive and most importantly, market-oriented. Many of<br />
the agencies interviewed are still taking a “wait and see” attitude about adopting the citizen ID card<br />
authentication standard. (For more detailed information on the development of the citizen ID card, see the<br />
case study in Part 7.2.)<br />
125. However, the Stage 3 interactive services that require authentication remain relatively rare in<br />
Finland. Of those that exist, the majority have settled for the moment on relatively weak but simple<br />
identifying systems such as a username and password. This stems from uncertainty by some agencies over<br />
54