1 Introduction
-
RQ1. Which factors affect the public-private cooperation in the field of eID?
-
RQ2. How to improve the public-private cooperation in the field of eID?
2 Setting the Scene
2.1 Literature Review
2.1.1 PPP and Critical Infrastructure Related Studies
2.1.2 Factors Affecting PPP Projects
Publication | Research Focus | Factors |
---|---|---|
Osei-Kyei and Chan (2015) | General study | “Risk allocation and sharing, strong private consortium, political support, community/public support and transparent procurement.” |
Jacobson and Ok (2008) | General study | “Specific plan/vision, commitment, open communication and trust, willingness to compromise/collaborate, respect, community outreach, political support, expert advice and review, risk awareness, and clear roles and responsibilities.” |
Babatunde et al. (2016) | PPP projects in Nigeria | “Reliable concession arrangement with due diligence; serious commitment with adequate technical strength; favourable economic environment; government support with enabling legislation; bankable project with adequate stakeholders involvement; and strong “political will” with committed private partners.” |
Sanni (2016) | PPP projects in Nigeria | “Projects feedback, leadership focus, risk allocation and economic policy, good governance and political support, short construction period, favourable socio-economic factors, and delivering publicly needed service.” |
Hsueh and Chang (2017) | PPP projects in Taiwan | “Supportive legal frameworks, a favorable investment environment, selection of appropriate PPP projects and public support.” |
Chan et al. (2010) | PPP projects in China (infrastructure) | “Stable macroeconomic environment, shared responsibility between public and private sectors, transparent and efficient procurement process, political and social environment, judicious government control.” |
Ismail (2013) | PPP projects in Malaysia | “Good governance”, “commitment of the public and private sectors”, “favourable legal framework”, “sound economic policy” and “availability of finance market.” |
Muhammad and Johar (2018) | PPP projects in Malaysia and Nigeria (housing) | Nigeria (‘equitable risk allocation’, ‘stable political system’, and ‘reputable developer’). Malaysia (‘action against errant developer’, ‘consistent monitoring’, and ‘house buyer’s demand’). |
Li et al. (2005) | PPP projects in UK (construction) | “Effective procurement, project implementability, government guarantee, favourable economic conditions and available financial market.” |
Surachman et al. (2020) | PPP projects in Indonesia (water) | “Support and acceptance of the stakeholders from the community, whereas the private and public entities are the second and third important factors.” |
Dithebe et al. (2019) | PPP in water supply projects | “Thorough planning for project viability, high levels of transparency and accountability and a legal framework stipulating policy continuity.” |
Ameyaw and Chan (2016) | PPP in water supply projects | “Commitment of partners, strength of consortium, asset quality and social support, political environment, and national PPP unit.” |
2.2 Estonian Identity Management
2.2.1 The Level of Digitalization in Estonia
-
a PKI (public key infrastructure),
-
sophisticated software components for secure data exchange,
-
a nomenclature of metadata items associated with each message along the core representation language and structure of messages,
-
systematic (regulated (Regulation no. 105, 2016)) organizational measures.
-
The form of state’s institutions follows the state’s functions. The entirety of the state’s institutions (i.e., their shape, their interplay) makes the state’s institutional architecture. The institutional architecture changes slowly.
-
The state’s institutional architecture determines the state’s data governance architecture. The data governance architecture links data assets with accountable organizations.
-
The data governance architecture limits the design space of the digital government solution architecture, which consists of all digital administrative processes and delivered e-services. The digital government solution architecture can show small, ad-hoc and fast changes.
-
Changes in the institutional architecture are so severe that they can trigger immediate changes in the digital government solution architecture, whereas changes in the digital government solution architecture can only have a long-term influence on changes in the institutional architecture.
2.2.2 Estonian Identity Management Stakeholders
Public Sector Stakeholders | Responsibility |
---|---|
Police and Border Guard Board (PBGB) | Accordig to the Regulation no. 33 (2014) PBGB is responsible for identification of persons and identity management. PBGB procures identity document tokens and ensures their issuance. Furthermore, PBGB is responsible for the Estonian eID scheme description for cross-border usage. |
Estonian Information System Authority (ISA) | According to the Regulation no. 28 (2011) ISA is responsible for eID software and for the development and management of the trust services infrastructure. The authority is also responsible for national cybersecurity incidents handling and has a supervisory role over the trust service providers. |
IT and development center of the Ministry of the Interior of Estonia (SMIT) | According to the Regulation no. 8 (2020) SMIT develops, procures and manages ICT systems in the area of internal security, including information systems related to identity management and identity documents. |
Ministry of the Interior (SiM) | According to the Regulation no. 39 (2012) SiM is responsible for shaping the identity management and the identity documents issuance policy. |
Ministry of Economic Affairs and Communications (MKM) | According to the Regulation no. 323 (2002) MKM is responsible for shaping and coordinating the Estonian information society policy. |
Ministry of Foreign Affairs (MFA) | According to the Regulation no. 196 (2004) MFA ensures the protection of interests of Estonians in foreign countries. Receives identity document applications and issues identity documents |
Enterprise Estonia | Responsible for the e-residency program; creates pre-conditions for the development of e-services. |
Private Sector Stakeholders | Responsibility |
---|---|
Trust service provider (SK ID Solutions AS) | Responsible for issuing the certificates for the Estonian identity documents and provider of related services. |
ID manufacturer (IDEMIA France S.A.S) | Responsible for manufacturing blank identity documents. |
Personalization service provider (Hansab AS) | Responsible for personalization of identity documents. |
Banks | Provided the PIN replacement service until 28.02.2019. |
Telecommunication service providers | Responsible for issuing SIM-cards with mobile-ID capacity. |
External service providers (VFS Global) | Responsible for offering eResidency issuance service (including identification). |
3 Research Methodology
Layer | Estonian eID Ecosystem |
---|---|
Layer 4: Informal institutional environment | |
Layer 3: Formal institutional environment | The Estonian eID ecosystem relies on the EU eIDAS (electronic identification and trust services for electronic transactions in the internal market) regulation. At the national level, two main legal acts are regulating the eID ecosystem: Electronic Identification and Trust Services for Electronic Transactions Act and Identity Documents Act. |
Layer 2: Formal and informal institutional arrangements | Identity documents strategy proposed by public and private sector experts (Lips et al., 2019). Regular meetings between public and private sector representatives organized by Information Systems Authority. Estonian Police and Boarder Guard Board and IDEMIA S.A.S. have concluded a contract for the production of eID cards. |
Layer 1: Actors and games |
Organization name | Role | Interest/Focus | Category |
---|---|---|---|
Police and Border Guard Board | Head of Identity and Status Bureau | User friendliness / UX of e-services (authentication, digital signing) | Public |
State Information System Authority | Head of an eID branch | Engagement of the state in the eID field and long-term perspective. | Public |
SK ID Solutions AS | CEO | Ensuring that the process outcome is comprehensive. | Private |
Ministry of the Interior | Adviser | Identity management policy (especially identity documents issuance). | Public |
Cybernetica AS | Member of the Supervisory Board | Security of the electronic identity systems. | Private |
Estonian Association of Information Technology and Telecommunications (ITL) | Vice-President (digital infrastructure)/ Chair- man of the Board (AS Levira) | Community level agreement about secure devices that public and private sector uses and promotes. | Private |
ITL | CEO | Long-term view of the whole area. | Private |
ITL | Software Development and Technology Director (AS Datel) | Business architecture. | Private |
Estonian Banking Association | Head of Digital Strategy in Baltic Division at SEB Bank | Evolvement of digital identity and services built on it. | Private |
Police and Border Guard Board | Adviser-Expert | Identity management. | Public |
IDEMIA | Head of Citizen Markets | Security and user experience. | Private |
IT and Development Center (Ministry of Interior) | Product owner | Procedural matters related to identity documents. | Public |
4 Research Results and Discussion
4.1 Evaluation of Established Cooperation
Positive aspects | Negative aspects |
---|---|
∙ Joint meetings with a strategic focus | ∙ Negative attitude and prejudices |
∙ Workshops initiated by the public sector | ∙ Poor involvement in discussions |
∙ Public and private sector experts know each other from previous positions | ∙ Lack of feedback for proposals |
∙ Exclusion of important stakeholders | |
∙ Unclear processes | |
∙ Lack of interest | |
∙ Limited time to contribute | |
∙ Different perceptions and understandings | |
∙ Unclear responsibility and role division | |
∙ Subjectivity | |
∙ Complex regulatory environment |
4.2 Stakeholder Environment Analysis
4.3 Improvement Proposals
4.3.1 General Proposals
Interviewees (anonymised) | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Proposals | 1. | 2. | 3. | 4. | 5. | 6. | 7. | 8. | 9. | 10. | 11. | 12. | Total |
Community building | × | × | × | × | × | 5 | |||||||
General architectural vision | × | × | × | × | × | 5 | |||||||
Expert involvement in decision making | × | × | × | × | 4 | ||||||||
Joint understanding | × | × | × | × | 4 | ||||||||
Systematic meeting culture | × | × | × | × | 4 | ||||||||
External expert involvement | × | × | × | 3 | |||||||||
Two-way feedback | × | × | × | 3 | |||||||||
Inclusion of strategic agreements | × | × | 2 | ||||||||||
Internal communication | × | × | 2 | ||||||||||
Clear role division | × | × | 2 | ||||||||||
Sector specific strategies | × | 1 | |||||||||||
Academic sector engagement | × | 1 |
4.3.2 Proposals for Alternative Cooperation Formats
Interviewees (anonymised) | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Cooperation Format | 1. | 2. | 3. | 4. | 5. | 6. | 7. | 8. | 9. | 10. | 11. | 12. | Total |
Moderated workshops | × | × | × | × | × | × | 6 | ||||||
CA/Browser Forum format | × | 1 | |||||||||||
Brainstorming | × | 1 | |||||||||||
Visualization | × | 1 | |||||||||||
Engagement of volunteers | × | 1 | |||||||||||
Software development principles | × | 1 |