Governance Models for Interoperable Electronic Identities

Author:Tobias Mahler
Position:Norwegian Research Center for Computers and Law (NRCCL), the Faculty of Law, University of Oslo
 !∀
Tobias Mahler
Abstract: Current implementations of electronic identit y in Europe are rather
diverse; they include state-driven identity manage ment frameworks as well as private sector
frameworks a nd different forms of public-private collaborations. This diversity may
represent a major challenge for the deployment of information society services addressed
towards the European internal market. This raise s the question: How can we achieve
interoperability of electronic identities across Europe, and potentially beyond Europe’s
borders? This paper argues that the interoperability of electronic identity could be governed
by a multi-stakeholde r governance framework that brings together different parties with
interests in the provision and use of electronic identities. Such a governance framework
could, for example, consist in de signing and operating a portal with common functionalities
that allo ws interop erable authentication across multiple domains and contexts. Inspiration
for the governance of such a portal could come bo th from existing successful
implementations of electronic identity a nd from multi-stakeholder institutions that have
proven useful in Internet governance.
Interoperable electronic identity (eID) is often considered a neces sary ingredient of cross-border
interactions and transactions over the Internet. Anyone building a framework for interoperab le eIDs needs
to addre ss a wide array of issues, including the choice of a technical framework, the context for which
eIDs shall be used (e.g., eGovernment, eBusiness, or both) and the selection or development of a suitable
legal framework. Many of these issues are, in practice, dep endent on and intertwined with the institutional
arrangements put in place to govern the eI D framework. For example, amongst the interesting legal issues
is the liability of actors involved in the provision and use of eIDs.
The liability of parties to an eID
framework dep ends evidently, in part, on the roles of the collaborators and their legal status. Similarly,
the provision and use o f eIDs needs to co mply with legal requirements—for example, under data
protection law—and ensuring compliance may have to be organised across a network of collaborating
Identity management
s ystems are currently implemented in a variety of governance structures and
models in Europe. This spans from primarily state-driven eIDs to different degrees of public-private
collaborations and private sector solutions. The private sector’s involvement is not necessarily surprising,
because both private and public entities might, in principle, play a role in the provision and use of eIDs.
Besides, the key role of the private sector in eID innovation is beyond question. While the variety of
implementations and governance models in Europe may be seen as a challenge for interoperabilit y, it
Norwegian Research Center for Computers and Law (NRC CL), the Faculty of Law,University of Oslo, Thanks are d ue to the European Commission’s Joint Research Centre, Institute for
Prospective Technological Studies (IPTS), for the invitation to present this paper at the workshop "Electron ic Identity
for Eu rope” in Cyprus. Thanks go also to Lee Bygrave, Emily Weitzenboeck, and Kevin McGillivray, who have
provided valuable comments to an earlier draft and to Robert Queck for discussing with me t he status of identity
services in the electronic communications framework. However, any errors or omissions are entirely mine. Financial
support for this work is gratefully acknowledged from the Research Council of Norway and NORID under the Igov2
See, e.g., Georg Borges, "Rechtsfragen der Haftung im Zusammenhang mit dem elektronischen Identitätsnachweis:
Ein Gutachten für das Bundesministerium des Innern," (2010). Regarding liability issues in the context of digital
certificates see, e.g., Rolf Riisnæs, Digitale sertifikater og sertifikattjenester - roller, o ppgaver og ansvar: en
tillitsorientert tilnærming til sertifikatutstederens villedningsansvar (Bergen: Fagbokforlaget, 2007).
For an introduction to identity management see Roger Clarke, "Identity Management," (Xamax Consultancy, 2004).

To continue reading

Request your trial