Tuesday, January 22, 2008

Outline on Electronic Government

1. Overview of Electronic Government

*

2. Comparison between manual and electronic government
*
3. Advantages/Disadvantages of Electronic Government
*
4. Development and Implementation Issues (concerns)
*
5. E-Government in Singapore
*
6. Types of electronic government applications
*
7. Security Issues pertaining to Electronic Government
*
8. Case study on Electronic Government
*
**
***
****
*****
For our vodcast, please go to http://www.msg-vod.blogspot.com/

Overview of Electronic Government

E-Government, as known as electronic government, refers to government’s use of information technology to exchange information and services with citizens, businesses, and other arms of government. The implementation of the e-Government would improve internal efficiency, the delivery of public services, or processes of democratic governance and better accessibility of public services.

The primary delivery models are Government-to-Citizen or Government-to-Customer (G2C), Government-to-Business (G2B) and Government-to-Government (G2G) & Government-to-Employees (G2E).

While e-government is often thought of as "online government" there are non-Internet "electronic government" technologies can be used in this context such as telephone, fax, PDA, SMS text messaging, MMS, wireless networks and services, Bluetooth, CCTV, tracking systems, RFID, biometric identification, road traffic management, identity cards, smart cards and other NFC applications; polling station technology (where non-online e-voting is being considered), TV and radio-based delivery of government services, email and online community facilities.

There are also some technology-specific sub-categories of e-government, such as m-government (mobile government), u-government (ubiquitous government), and g-government (GIS/GPS applications for e-government).

In certain countries such as the United Kingdom, there is interest in using electronic government to re-engage citizens with the political process. In particular, it is to introduct the system of electronic voting. The aim is to increase voter turnout by making voting easy. On the other hand, the UK Electoral Commission has expressed concern about the potential for fraud with some electronic voting methods.

Comparison between manual and electronic government

Benefits to Citizens


Benefits to Businesses

Advantages/Disadvantages of Electronic Government

Advantages:

There are advantages while implementing an electronic government. The main advantage of an electronic government this will be to improve the efficiency of the current system. That would in return save money and time. The introduction would also facilitate better communications between governments and businesses. An example would be, E-Procurement facilitates G2G and B2B communication; this will permit smaller business to compete for government contracts as well as larger business. This will have the advantage of creating an open market and stronger economy. Business and citizens can obtain information at a faster speed and it is possible at any time of the day.

In addition, moving away from a heavily paper based system to an electronic system would reduces the need for man power. Thus, this would allow the process to be handled by lesser employees and therefore to reduce operations cost.

The society is moving toward the mobile connections. The ability of an e-government service to be accessible to citizens irrespective of location throughout the country brings the next and potentially biggest benefit of an e-government service. The society is moving toward the mobile connections.

Due to the fact that information and statistics are posted online, the idea of an “opened up” government and made government policy, information (including some socially valuable archival and historical information) and services more available. This would reflect a greater transparency of the service provided by the government .

Disadvantages:

Electronic governments also consist on certain disadvantage. The main disadvantage of an electronic government is to move the government services into an electronic based system. This system loses the person to person interaction which is valued by a lot of people.

In addition, the implementation of an e-government service is that, with many technology based services, it is often easy to make the excuse (e.g. the server has gone down) that problems with the service provided are because of the technology.

The implementation of an e government does have certain constraints. Literacy of the users and the ability to use the computer, users who do not know how to read and write would need assistance. An example would be the senior citizens. In general, senior citizens do not have much education and they would have to approach a customer service officer for assistance.

Studies have shown that there is potential for a reduction in the usability of government online due to factors such as the access to Internet technology and usability of services and the ability to access to computers;

Even though the level of confidence in the security offered by government web sites are high, the public are still concerned over security, fear of spam from providing email addresses, and government retention of transaction or interaction history.

History of E Government

History - Before 1980

— 3 ministries with computers
— Just over 100 terminals
— No network Infrastructure
— Large application backlog
— How IT started… March 1980
— Committee of National Computerisation
— Formation of National Computer Board
— Government taking the lead
— Civil Service Computerisation Programme (CSCP)


E Government Action Plan 1 (2000 – 2003)
5 Strategic Thrusts:

— Reinventing Government
— Delivering Integrated Electronic Services
— Being Proactive & Responsible
— Using ICT to build capabilities & Capacities
— Innovating with ICT
6 Programs in the E-Government Strategic Framework:
— InfoComm Education
— Knowledge Management
— Robust InfoComm Infrastructure
— Operational Efficiency Improvement
— Technological Experimentation
— Electronic Services Delivery

E Government Action Plan 2 (2000 – Present)
Vision:


— To be a leading e-Government to better serves the nation in the digital economy.
E-Services Advantage:
— Convenient & easy to use
— Transcends organisational
— Boundaries
— Respects privacy
Supporting Active Citizenry
— Citizens as stakeholders
— Community building
— Greater Trust & Confidence
Underlying Foundation
— “Many Agencies, One Govt”
— Agile, Effective & Efficient
— Secure & Responsive

Development & Implementation Issues of E Government

The Effect

The development and implementation of e-government involves consideration of its effects on the organisation of the public sector, and on the nature of the services provided by the state.

Various Impacts

Governments may need to consider the impact by gender, age, language skills, as well as the effect on literacy, numeracy, education standards and IT literacy etc. Economic concerns include the effect of non-use, non-availability or inaccessibility of e-government, or of other digital resources, upon the structure of society, and the potential impact on income and economics

Economic & Revenue Concerns

Include e-government's effect on taxation, debt, Gross Domestic Product (GDP), commerce and trade, corporate governance, and its effect on non-e-government business practices, industry and trade, especially the ISP and Internet infrastructure.

Technological Issues

Implications for software choices (between open source and proprietary software, and between programming languages) Technology flows into the masses in the neighbourhood areas through forms such as kiosks (AXS and S.A.M.) for e government services such as payment of bills and fines.

Management & Financial Issues

Management issues related to service integration, local e-government, and Internet governance. Financial considerations, such as the cost of implementation/ effect on existing budgets, effect on government procurement, and funding.

Legal implications

Legal implications include freedom of information and privacy concerns. An example would be the NRIC. Every Singapore citizen has a NRIC and a lot of information is tied together with this identification number. This places the citizen in a very vulnerable situation whereby his information can be used for illicit purposes as his information is all stored in the central server of the government system. Information may include bank account numbers and family information.

Types of electronic government applications

In Singapore’s context, e-government applications are considered prevalent. Each and every Singaporean has access to various e-services online through this integrated website, www.gov.sg. This website is actually an integration of 3 government websites – the e-citizen portal – single point of access to all government information and services online, SINGOV; a website which contains all relevant and latest government news, and lastly, business.gov.sg, a portal whereby new startups can have a ease of setting up their businesses online.

One of an example of an electronic government application would be the Online Business Licensing Services (OBLS) – one stop business license application service on www.business.gov.sg, aids to help potential businessmen register for their businesses. With OBLS, the user needs to submit only one application for multiple licenses. In today’s context, more than 80% of business start-ups in Singapore can go online to apply for all the required licenses as OBLS offers 68 different licenses offered by 19 government agencies. With this system, Singapore hopes to create a more encouraging and hassle free environment for new businesses.

Moving away from the corporate side, another feature of Singapore’s e government application would be the interactive Government Online Consultation portal (www.feedback.gov.sg). This initiative was started in 2003 for Singaporeans and people residing in Singapore to voice out the comments and views on national issues and policy proposals online. Users are also allowed to participate in online forum discussions with fellow citizens on a wide range of issues.

In addition to these, Singapore has taken a step to involve the private sector in public service. The Public-Private-People integration (3PI) was announced in 2004, with the mindset that integration within the government is not good enough, the e-government must be able to provide public users services which private sectors are offering to ensure integration across the 3 sectors.

Some applications which were developed under the 3PI approach are My.eCitizen, a user portal which provides personalized eCitizen e-services and alerts. This portal received huge in take-up from 2200 in June 2003 to an impressive amount of 36,000 in June 2005.

Next, another application constructed under 3PI is National e-Payment hub. This portal is a consolidation for payment and presentation of government bills and private sector bills through electronic means. Now, consumers would not have to go to different websites to make payment for different types of bills. National e-Payment hub congregates all billing organizations under a centralized hub that offers secure and trusted means of electronic payment modes to consumers.

Lastly, one of the significant projects in 3PI is the TradeXchange. This is an integrated Trade and Logistics IT platform that manages the flow of trade-related information. Having this platform would allow exchange of information between shippers, freight forwarders, carriers and financial institutions to facilitate the flow of goods in Singapore. The creation and exchange of commercial and regulatory documentation necessary for trade is automated through the integrated platform. By providing a single web interface for all trade related IT systems, it will actually help logistics players cut down on multiple data entry steps. This would mean lesser duplication of efforts and reduction in human errors, which will ultimately help to improve overall efficiency and time to market.

Security issues on E-government

Passwords

Although passwords are commonly used in relatively low-risk environments, they are inconvenient and inadequate for the high-value transactions and communications that travel across the Internet. Passwords are easy to break, and users often write down or share passwords, or forget them. In addition, different applications require new IDs and passwords. Moreover, passwords by themselves cannot provide often-required security services: They do not ensure privacy (through encryption); they cannot guarantee the integrity of stored or transmitted data (through digital signing); and they cannot legally prove that a party participated in a transaction (non-repudiation).

Personal Identification Numbers (PINs)

Because the user must provide an access token and a personal identification number (PIN), security is stronger than with a password alone. However, a PIN (on its own) cannot provide important security services such as privacy, data integrity, and non-repudiation.

Digital Certificates

Digital certificates are the preferred technology over passwords and PINs for securing electronic transactions of all types. Based on public key encryption, digital certificates serve as unique, unforgeable online credentials, authenticating the identity of each device or device user and identifying privileges and attributes for authorized access to private online information. In addition to being a superior mechanism for identity authentication, digital certificates provide the privacy, data integrity, and non-repudiation services that are not supported by passwords and PINs. In most applications, digital certificates reside on the user’s hard drive.

Smart Cards

Smart cards carry an embedded microchip that stores data and applications. Smart cards hold more information than magnetic stripe cards and can be programmed for a variety of applications. Multiple applications can reside on a single smart card, and applications can be added, deleted, or upgraded without reissuing the card.

Smart Cards with Digital Certificates

Smart cards that use digital certificates offer greater security, convenience, and portability for Internet-based business than other security solutions. Placing the digital certificate and key pair on the smart card provides more protection against theft or impersonation than if they were stored on the user’s hard drive, and requiring a PIN to access the user’s credentials on the smart card provides an added layer of protection if the smart card itself is lost or stolen. Networks, systems, and applications are much less likely to be compromised. In addition, by incorporating one or more identification certificates on the smart card, users can carry with them the appropriate credentials to access systems remotely, forever severing ties to a single workstation.

Smart Card Privacy

In addition to the security issues addressed by smart cards and PKI, the use of a smart card strengthens the ability of systems to protect individual privacy and guard against identity theft.

VeriSign Managed PKI

Digital certificates are based on Public Key Infrastructure-the architecture, organization, techniques, practices, and procedures that collectively support the implementation and operation of a certificate-based public key cryptographic system. This system uses a pair of mathematically-related keys to encrypt and decrypt confidential information and to generate and verify digital signatures. A public key infrastructure reduces the risks of fraud and other unauthorized access by enabling enterprises to authenticate employees, partners, customers, and other users; encrypt communications and transactions; offer secure online payment capabilities; and audit transactions. Extending the VeriSign managed PKI solution to incorporate digital certificates onto smart cards increases the level of authentication for users and provides mobility and confidence for conducting sensitive transactions from personal computers, wireless devices, and remote computer terminals. VeriSign managed PKI is a fully integrated service designed to secure intranet, extranet, email, virtual private network, and e-commerce applications.

Certification Authority

(CA) system for issuing, renewing, and revoking digital certificates, without having to build their own internal security infrastructure. Unlike software-only solutions or building a PKI in-house, the VeriSign managed PKI service lets organizations control certificate registration and policies, while VeriSign provides the back-bone of certificate processing. By leveraging the VeriSign certificate processing infrastructure, enterprises can implement a PKI solution in a matter of days, and can take advantage of VeriSign’s proven capability to offer trusted, scalable managed services. In Australia, VeriSign’s Managed PKI services are managed through the Regional Operations Centre (ROC) in Melbourne, Victoria. This world-class facility is security accredited to ‘Highly Protected’ by the Australian Security Intelligence Organization (ASIO) as part of the Commonwealth Government’s Gatekeeper scheme. VeriSign’s infrastructure is designed, evaluated, and audited by the leading authorities in the field, including ASIO, Defence Signals Directorate, Defence Science & Technology Organization (DSTO), and Ernst & Young. The infrastructure is backed by binding Service Level Agreements, a disaster recovery infrastructure, high-security facilities, screened personnel, and customer support.

VeriSign Certificate Issuance Solutions for Smart Card Providers

VeriSign, the leading provider of Internet trust services, offers scalable, flexible, and customizable solutions for embedding certificates into smart cards. The VeriSign solutions for small-, medium-, and large-volume certificate issuance are device agnostic, and support multiple processes including key generation and certificate issuance. By allowing enterprises to outsource all or a portion of the certificate issuance process, VeriSign solutions make it easier and faster to produce and integrate certificates onto smart cards for a range of Purposes-from mobile phones to banking, healthcare, and national ID cards. The range of offerings allows enterprises to choose an appropriate level of control in the process of key generation and certificate issuance. In addition, enterprises can leverage the expertise of VeriSign’s Professional Services Organization to provide seamless integration with existing systems and services.

VeriSign High-Volume Certificate Issuance Solution

VeriSign provides a platform that enables certificates to be generated in batch volumes for incorporation into smart cards and other devices. The platform, based on VeriSign’s carrier-class, 24x7 digital certificate architecture and industry-leading outsourced managed services, is currently the only offering that enables smart card providers to scalable integrate digital certificates into the device manufacturing/card production process. VeriSign can integrate with various device manufacturing systems or card management systems via the XML key management specification (XKMS) standard interface or through direct integration. By using the VeriSign platform, enterprises can centrally generate digital certificates in volumes based on their scheduled production quantities. The VeriSign platform provides scalability and reliability with little effort or resources expended by the enterprise. Keys are virtually impossible to break and because they are generated before the cards are branded and printed, this helps the issuer catch potential problems with key or certificate generation before the cards are embossed and personalised.

VeriSign Medium-and Low-Volume Certificate Issuance Solution
Medium-and low-volume certificate issuance solutions are ideal for enterprises or situations that require limited numbers of certificates to be flexibly issued at any given time including for the introduction of pilot programs, the issuance of security badges, or the handling of exceptions such as lost cards. For example, a bank may want to distribute smart cards to a specific number of customers for financial and banking applications. In this scenario, the bank utilises a smart card vendor’s card management system (CMS) located at the bank to manage the customer data. The CMS sends a certificate request along with the public key to VeriSign for the generation of certificate. VeriSign generates the certificate and sends it back to the CMS. The CMS combines additional user data, keys, and the certificate into a file which is forwarded to a personalisation system where the smart cards are produced and distributed. The certificate enrolment process can also be initiated directly by the end user, in which case the enrollment information and key generation occurs at the user’s workstation and smart card reader. This information (along with the public key) is then approved by a central administrator within the user’s organisation, sent to VeriSign for certificate issuance and the certificate is then issued to the end-user and incorporated onto the smart card. The CMS also facilitates post issuance services for the smart card, whereby a user may update information or add new information to their card via a standard web interface operated by the central administrator or organisation.

Passport to Convenience and Security

When used with PKI services, smart cards strengthen security and unlock the door to tremendous levels of convenience. The inherent portability of smart cards allows them to go wherever users go, allowing enterprises to expand their customer base, offer new services electronically, and manage security more confidently and efficiently. Financial institutions, government agencies, colleges and universities, and wireless services are rapidly adopting smart cards with digital certificates to provide their customers with a convenient, multi-purpose passport to a wide range of applications and services.

Financial Services

Customers expect easy access to a broad range of services from their financial institutions, and they demand high standards of security, convenience, and value. Credit cards and debit cards offer convenience but they also are subject to fraud. In addition, financial institutions now have to compete with telecommunications, software, and other industries that include smart card technology in their products. Smart cards with a PKI solution help financial institutions retain existing customers as well as attract new customers. For example, banks can offer consumer smart cards that not only incorporate credit, cash, and debit services within the same card; but also enable customers to make Web-based purchases, carry multiple currencies on a single card, and pay for transportation. Using smart cards, banks can dynamically adjust credit lines to reflect the unique risk profile of each customer. The opportunities among corporate customers are equally compelling. To engage in high-value, business-to-business e-commerce requires the capability to electronically verify identities among financial institutions and businesses, as well as to protect sensitive data. In addition, enterprises must be able to eliminate the risk of transaction repudiation. When used with an integrated Identrus solution (see sidebar), smart cards allow banks and other financial institutions to leverage their traditional role as trusted third parties to offer their corporate customers a secure, convenient framework for electronically verifying the identity of their trading partners around the world. Corporate customers can shorten the negotiation and transaction lifecycles using smart cards with VeriSign digital certificates to check credit and identity; encrypt sensitive data; and digitally sign business documents, payments, and agreements.

Government

When used with a PKI, smart cards enable governments to safely provide citizens, employees, suppliers, and partners quick access to critical programs and information while reducing operating costs and improving customer satisfaction. Citizens can obtain smart cards that allow them to access confidential information, obtain benefits electronically, and pay for government services. For example, using a single card, a citizen might look up his or her military records, receive a medical insurance benefit, or pay a road toll. Employees can use cards for procurement, travel expenses, or accessing classified data. To provide better service and reduce costs, several agencies of the United States government-including the General Services Administration (GSA), Department of Defense, and the Veterans Health Administration-are beginning to implement ambitious smart card programs. The US Government uses smart cards for multiple purposes, including easy portability of military and civilian medical data, military personnel records, and financial entitlements data including purchasing authority and phone calling card services. More recently the government has explored using smart cards to store private keys and digital certificates, often with other data to create multi-purpose cards.

Wireless Applications and Services

Wireless applications are changing the face of the Internet. Users can use digital phones, personal digital assistants, and pagers to transfer money, access medical records, make travel reservations, and more. But before engaging in wireless transactions, users must be confident that they can reliably identify and authenticate each other, as well as protect information from interception or tampering. When used with VeriSign digital certificates, the smart card’s portability makes it the ideal mechanism for ensuring security in wireless applications. Although digital certificate-embedded smart cards are rapidly becoming the medium of choice for providing a single point of secure access to broad applications, their adoption is still in its infancy. Like the Internet itself, smart card applications and technologies will become more sophisticated as issuers and users begin to understand and expand the ways in which smart card technology can be applied to secure transaction exchange.The key to remaining ahead of the curve in this exciting new world is a PKI infrastructure that provides the scalability, stability, and interoperability to grow with an organisation as it adds new applications and services.As the leader in managed PKI services and as an innovator in smart card solutions,VeriSign provides products with proven scalability,reliability, and interoperability for enterprises poised to take the next step in the digital revolution.

Case Study on E Government

Case Study on E-Government

The Electronic Filing System (or EFS) is the Singapore Judiciary's electronic platform for filing and service of documents within the litigation process. In addition, it provides the registries of the Supreme Court and the Subordinate Courts with an electronic registry and workflow system; and an electronic case file. Recent enhancements have added a module which facilitates the conduct of hearing using documents that have been electronically filed.

The EFS provides the legal profession with a rudimentary online case file from which documents can be electronically filed with the courts or served on the other parties in a case. The EFS is also the source for electronic cause book searches that are provided through the Litigation module of LawNet.

The Electronic Filing System (EFS) was implemented by the Singapore Judiciary to provide a platform for Law Firms (LFs) to file documents to the Courts electronically over the Internet. The EFS was specifically designed to fully exploit the electronic super highway to minimise not just the physical movement of people and paper court documents from LFs to the Courts, but also to leverage the benefits of electronic storage within the Courts: ie faster document filing and retrieval, eradication of the misplacement of case files, concurrent access to view the same case filed by different parties, etc.

Within the Courts, the EFS allows electronic documents to be automatically routed to the appropriate registry staff for processing. The system allows further routing within the courts e.g. for approvals by the Duty Registrar and a reply is then sent out by the Registry staff which is routed back to the originating LF. This has enabled realisations of improvements in efficiency by minimising paper flow to shorten case processing time. Fees payable by the LFs for filing documents to Court are deducted automatically by the EFS. The whole process is fast, convenient and efficient.

For the LFs, the EFS provides an electronic case file showing hearing dates and documents file by them, served on them or received from the Courts. It also provides an electronic platform for the service of documents on other LFs. The EFS also allows for faster response as well as accurate and up-to-date information. Hence, other benefits of the EFS include the speedy inspection of documents electronically and the ability to request for and receive electronic extracts of documents via the Internet. Electronic cause book searches and legal research are also available through LawNet. Lawyers can even obtain details of hearing fixtures via Short Messaging System (SMS) using their mobile phones.

Within the court room, registrars make use of the EFS to conduct hearings in chambers electronically using the EFS.