Governance Models for Interoperable Electronic Identities

• Author: Tobias Mahler
• Position: Norwegian Research Center for Computers and Law (NRCCL), the Faculty of Law, University of Oslo
• Pages: 148-159



















 !∀

148





Tobias Mahler

1

Abstract: Current implementations of electronic identit y in Europe are rather

diverse; they include state-driven identity manage ment frameworks as well as private sector

frameworks a nd different forms of public-private collaborations. This diversity may

represent a major challenge for the deployment of information society services addressed

towards the European internal market. This raise s the question: How can we achieve

interoperability of electronic identities across Europe, and potentially beyond Europe’s

borders? This paper argues that the interoperability of electronic identity could be governed

by a multi-stakeholde r governance framework that brings together different parties with

interests in the provision and use of electronic identities. Such a governance framework

could, for example, consist in de signing and operating a portal with common functionalities

that allo ws interop erable authentication across multiple domains and contexts. Inspiration

for the governance of such a portal could come bo th from existing successful

implementations of electronic identity a nd from multi-stakeholder institutions that have

proven useful in Internet governance.

Introduction

Interoperable electronic identity (eID) is often considered a neces sary ingredient of cross-border

interactions and transactions over the Internet. Anyone building a framework for interoperab le eIDs needs

to addre ss a wide array of issues, including the choice of a technical framework, the context for which

eIDs shall be used (e.g., eGovernment, eBusiness, or both) and the selection or development of a suitable

legal framework. Many of these issues are, in practice, dep endent on and intertwined with the institutional

arrangements put in place to govern the eI D framework. For example, amongst the interesting legal issues

is the liability of actors involved in the provision and use of eIDs.

2

The liability of parties to an eID

framework dep ends evidently, in part, on the roles of the collaborators and their legal status. Similarly,

the provision and use o f eIDs needs to co mply with legal requirements—for example, under data

protection law—and ensuring compliance may have to be organised across a network of collaborating

parties.

Identity management

3

s ystems are currently implemented in a variety of governance structures and

models in Europe. This spans from primarily state-driven eIDs to different degrees of public-private

collaborations and private sector solutions. The private sector’s involvement is not necessarily surprising,

because both private and public entities might, in principle, play a role in the provision and use of eIDs.

Besides, the key role of the private sector in eID innovation is beyond question. While the variety of

implementations and governance models in Europe may be seen as a challenge for interoperabilit y, it

1

Norwegian Research Center for Computers and Law (NRC CL), the Faculty of Law,University of Oslo,

tobias.mahler@jus.uio.no. Thanks are d ue to the European Commission’s Joint Research Centre, Institute for

Prospective Technological Studies (IPTS), for the invitation to present this paper at the workshop "Electron ic Identity

for Eu rope” in Cyprus. Thanks go also to Lee Bygrave, Emily Weitzenboeck, and Kevin McGillivray, who have

provided valuable comments to an earlier draft and to Robert Queck for discussing with me t he status of identity

services in the electronic communications framework. However, any errors or omissions are entirely mine. Financial

support for this work is gratefully acknowledged from the Research Council of Norway and NORID under the Igov2

project.

2

See, e.g., Georg Borges, "Rechtsfragen der Haftung im Zusammenhang mit dem elektronischen Identitätsnachweis:

Ein Gutachten für das Bundesministerium des Innern," (2010). Regarding liability issues in the context of digital

certificates see, e.g., Rolf Riisnæs, Digitale sertifikater og sertifikattjenester - roller, o ppgaver og ansvar: en

tillitsorientert tilnærming til sertifikatutstederens villedningsansvar (Bergen: Fagbokforlaget, 2007).

3

For an introduction to identity management see Roger Clarke, "Identity Management," (Xamax Consultancy, 2004).