Post on 18-Dec-2014
description
transcript
Electronic identification in practice
– a case study of use and organization of eID in public e-services in schools
Elin Wihlborg & Mariana S. Gustafsson
IEI, Departement of Management and Engineering Linköping University
• To analyse from different perspectives the development of e-identification (eID) systems at policy level and in practice
• From a social, organizational and technical perspective follow and critically analyse development processes, implementation and use of secure eID systems.
• Analyse development processes from early solutions for eID though currently used eID-systems towards complex federation solutions.
• By analysing e-ID policy-making and practice to develop knowledge about the meaning of eID for factual and preceived information security in the private and public e-services.
FUSe:
22.05.13
Our study
Based on the presentation and the paper:
Q1 Methodological a) What assumptions do you perceive I have had in this empirical study? b) What assumptions are common when studying information security
matters
Q2 Conceptual a) Discuss what implies the construction of the concept of ’security’ among
the people (citizens) in an organisational set-up (schools), using technical artefacts (e-ID, ICT, e-services):
o Matter of TRUST (Wihlborg 2011, Melin & Wihlborg 2011, Rothstein 2009 ) o Private/public relation o Perceived/factual security (Oscarson 2007) o Matter of IDENTITY (Castells 1997, Wihlborg 2012)
eID in Sweden • Introduced in 2002, 10 years of practice • Used by the citizens in e-services provided by the
The Swedish Tax Authority, Försäkringskassan, Landstinget, the local municipality, the banks.
• Security software + BankID or ID card and a device, based on personal security number, issued by the BankID, Telia, SEB, Posten, Nordea
• Swedish e-Identification, requirements and symbolic meaning
e aim for the study:
Ø … to present a case study of use of electronic identification to access ICT platforms in schools in order to analyze security aspects, organization and potential development of the platforms.
Ø e user/actor groups:
Ø e Management (school principals) Ø e Teachers Ø e Administrators Ø e Pupils Ø e Parents Ø LK Officials Ø LK IT-coordinators Ø Other stakeholders (ex. eID agency, other authorities)
22.05.13
e Research Questions
Ø What are the experiences of use of secure log in to the ICT plattfroms and e-services in the schools today?
Ø How is secure log in implemented in the schools today?
Ø How is secure log in to the e-services and the plattforms perceived by the different users?
Ø What development potential do the users perceive connected to the secure identification systems in general and security in particular?
22.05.13
Background
• Why study schools – A large ammount of information, including sensitive information,
passes through, is processed and exchanged among actors in schools. – ere is a long history of use of ICT plattforms in schools. – e New Education Act (Skollagen 2011) requires continous follow
up of the student performance and imposes written reporting and digital Individual Development Plans (skriftliga omdömen, SO och digital IUP)
– Increasing administration in schools.
• e municipality authonomy – e municipality administration/organisation vs the schools
administration/organization
22.05.13
About 145 000 inhabitants 4th largest city region in Sweden Base for high technology industries in Aviation, IT and environment 84 schools: 66 primary and 18 secondary schools Linköpings eVision (2006) eServices shall faciliatate for everybody to live and work in Linköping municipality Digital Agenda (2012)
ICT and e-services in schools
FRONTER
DEXTER
SKOLA 24
Schoolso5
Heroma
Extens
LINSAM X, Y, Z
TRIO
• Learning pla/orm • SO, IUP
• E-‐service: applica<on for healthcare, repor<ng of income, Presence/absence registra<on, Skolvalet
• E-‐service • SO, IUP • Presence/abs. registra<on,
• Personnel administra<on
• Learning pla/rom • SO, IUP
Pedagogics, administraFon & communicaFon
The Municipality core database
X, Y, Z X, Y, Z
• Intranet
The Sample • Based on a preliminary mapping of schools using ICT plattfroms in
the municipality (A total of 84 undergraduate schools: 55 public + 11 private, ’free schools’)
5 schools (undergraduate + secondary) from different geografical school areas, out of which: • 4 public + 1 free school • 3 large (˃ 300 p.) + 2 small (˂ 300 p.) Linköpings municipality • Educa<on Adminsitra<on unit • IT-‐sub-‐unit
Method
Schools The Municipality
Skolan 1. Rektor – 1 intervju Lärare – 1 fokusgrupp Elever – 1 fokusgrupp Föräldrar -‐ 1 fokusgrupp
Skolan 1. Rektor – 1 intervju Lärare – 1 fokusgrupp Elever – 1 fokusgrupp Föräldrar -‐ 1 fokusgrupp
Skolan 1. Rektor – 1 intervju Lärare – 1 fokusgrupp Elever – 1 fokusgrupp Föräldrar -‐ 1 fokusgrupp
Skolan 1. Rektor – 1 intervju Lärare – 1 fokusgrupp Elever – 1 fokusgrupp Föräldrar -‐ 1 fokusgrupp
Skolan 1. Rektor – 1 intervju Lärare – 1 fokusgrupp Elever – 1 fokusgrupp Föräldrar -‐ 1 fokusgrupp
EducaFon administraFon unit 5 officials – 1 focus group 2 syst.adm. – 1 interview
EducaFons administraFon unit 2 IT-‐coordinators – 1 intervju
Skolan 1. Rektor – 1 intervju Lärare – 1 fokusgrupp Elever – 1 fokusgrupp Föräldrar -‐ 1 fokusgrupp
Skolan 1. Rektor – 1 intervju Lärare – 1 fokusgrupp Elever – 1 fokusgrupp Föräldrar -‐ 1 fokusgrupp
Skolan 1. Rektor – 1 intervju Lärare – 1 fokusgrupp Elever – 1 fokusgrupp Föräldrar -‐ 1 fokusgrupp
Skolan 1. Rektor – 1 intervju Lärare – 1 fokusgrupp Elever – 1 fokusgrupp Föräldrar -‐ 1 fokusgrupp
Skolan 1. Principal – 1 interview Teachers – 1 focus group Pupils – 1 focus group Parents -‐ 1 focus group
• Document analysis • Semi-‐structured interviews • Explora<ve interviews • Cumula<ve data collec<on • Interview guide for each
respondent group
Empirical study
Data collection: interviews and focus groups
Ak<vity Place Role Date
Interview School 1 Principal 2012.11.27
Focus group School 1 Teacher (4) 2012.11.27
Focus group School 1 Pupil (9) 2012.11.27
Interview School 2 Principal 2012.11.14
Focus group School 2 Teacher (4) 2012.11.14
Interview School3 Principal 2012.10.30
Focus group School3 Teacher (5) 2012.10.30
Interview School 4 Principal 2012.12.05
Focus group School 4 Teacher (3) 2012.12.04
Focus group School 4 Pupil (3) 2012.12.04
Interview School 4 Teacher (6) 2012.11.06
Interview School 4 Fronter administrator 2012.12.04
Interview School 5 Fronter administrator 2012.12.05
Interview The Municipality IT-‐coordinator (2) 2012.10.22
Interview The Municipality System administrator (2) 2012.11.07
Focus group The Municipality Officials (4) 2012.10.23
Data collection: documents
Documents • Municipal official documents: policy documents,
anual reports, activity reports, school boards meeting protocols (a selection).
• Public records published on the municiaplity’s website.
• Brochures on Dexter and Fronter
Dexter log in page
Fronter log in page
Källa: SWEG paper
Statistics on the use of Fronter
• 55 776 – total log ins, 7 821 ac<ve user /oct, 2012
Källa: Linköpings kommun
Experiences of use/ a selection • e schools differ in how long they have come using
Fronter, depending on: • the principal attitude towards Fronter, • e school’s internal organization, • work methods for IUP, • leadership • IT competence among teachers.
• eID is tested for some e-services. Technical problems are discovered at the moment. An important question – eID - a hinder?
The organizational set up for implementation of secure log in to ICT plattforms and e-services in schools
Ø Unclear ogranisation of implementation. Unclear picture on usability of Fronter for some principals and teachers.
Ø e id & password log in system is perceived as easy, but not secure enough. eID is perceived as complicated by certain groups of users.
Ø e complicated picture of eID agency, with different actors involved (BankID, Telia etc) raises questions of user support responsibility and efficiency.
Ø eID is perceived as a private attribute by some teachers that should not be used in their regular log in at work.
Users perceptions of ICT plattforms’- and e-services’ security
• Security is perceived differently by the users: – Most users rely on the municipality responsibility to deal with security issues, – e Municipality perceives the Plattforms and the e-services as secure. – Fronter shall fullfill more security requirements if SO and IUP are to be processed
and stored on the plattfrom, according to the users.
• eID is perceived as a possible but still ’unripe’ solution by the IT-coordinators, officials and Fronter-administrators in schools.
• eID is perceived as a private attribute, not to be used at work, according to the teachers.
• Unclear strategies: – Sensitive infromation is stored on paper, on shelves. – Sensitive work material is processed unsecurily, but saving it in Fronter is not an
obvious solution.
• e schools raise demands for a flexible plattform that would match the schools work models and not vice versa.
Analytical findings 1(3)
• e value of information/sensitivity stored
– Different actors perceived the information as having different value for themselves (ex, logbook, IUP, work material)
– Heterogenous information (’we don’t have sensitive information in school’)
(technical-, organisational, security challenges)
Analytical findings 2(3)
• ere is an element of TRUST involved
– Trust in LM to deal with security – Trust in eID as an artefact (social?/technical) – Trust in own competence to manage eID and ICT
Analytical findings 3(3)
• Security is PRIVATE
– eID is private (ex. teachers use of eID at work, public realm) – Control of the individual by the organisation, by the state
(ex. logg of the activities) – Private matters, thoughts and other information included in
work material at school (SO and IUP, loggbooks) – Security is subjective
Analytical findings and further questions:
• Two important aspects: safety of operation and och data security – differences in perceptions between the users and the administrators´.
• The need for secure ICT systems increases due to inccreasing amount of sensitive data flows in the schools and the rquirements of the Education Act.
• Security – an issue of trust (Wihlborg 2012) • Private vs public: eID as a private attribute to be used in the
public sphere? • eID - legitimizing identity, legitimacy (Castells, 2007, Wihlborg
2012, Melin & Wihlborg 2011) • eID – perceived and actual security (Oscarson 2007)
Empirical findings:
• Unclear organisational set-up for inplementation of Fronter and Dexter.
• There is a need to integrate the current plattforms and e-services that are used in school.
• There is a need to clarify roles and responsibilities for user-support of Fronter
• Fonter – not an obvious solution for SO and IUP
Potential Development
• A technical challenge: the need for an integrated, flexible, simple, intuitive AND secure system – is it possible?
• Organisations challenge: the need for a clear organiziational set-up
• Competence development and trust for the system
• Security challenge: current solutions do not match schools’ work methods.
ank you!
elin.wihlborg@liu.se mariana.s.gustafsson@liu.se