1. uropean
Digital
Community
Thematic aNetwork for European e-ID
Building Thematic Network for European e-ID
eID Adoption Survey 2012
Jiri Bouchal (IS-practice) – jiri-bouchal@is-practice.eu
Slide 1 , 18/04/2013 WWW.EID-SSEDIC.EU
2. SSEDIC 2012 eID Adoption Survey
A detailed online survey to
collect information about:
• use of electronic identity
by the internet users
• opinions on eID
regulation, eID use, eID
federation, and privacy
issues
Slide 2 , 18/04/2013 WWW.EID-SSEDIC.EU
3. Survey Conditions
• Four language versions
• Survey distribution
– via different networks in IT, consultancy, public sector, university
sector etc.
– via social networks and mailing lists of the SSEDIC partners
• Sample
– 1000 respondents
• Field open October 19 – end of December 2012
Slide 4 , 18/04/2013 WWW.EID-SSEDIC.EU
5. Sample Composition
Country of residence Language version of the survey
European Union Other countries English Français Deutsch Español
3% 14%
15% 15%
68%
85%
Slide 7 , 18/04/2013 WWW.EID-SSEDIC.EU
6. Sample Composition
Gender Education
Male Female Primary or secondary education
Higher education
10%
28%
72% 90%
Age
Y1 Comparison
less than 34 35-54 55+
- more women
- more respondents with
18% 25%
lower education
57%
Slide 8 , 18/04/2013 WWW.EID-SSEDIC.EU
7. Sample Composition
Field of professional activity (N=713)
Student 0% 2%
3% 5%
Public sector: administration, education etc.
21%
31%
IT industry (software, hardware, services…)
Private sector outside of the IT industry
Unemployed 38%
Retired
Other
Slide 9 , 18/04/2013 WWW.EID-SSEDIC.EU
8. Internet Use Profile
Internet access frequency and devices used
Not once At least once,but not every month
At least once a month, but not every week At least once a week, but not every day
Every day or almost every day
Desktop, Laptop or Tablet PC at work
Desktop, Laptop or Tablet PC at home
Laptop or Tablet PC “on the road” using Wifi or Mobile
connection
Using Internet applications on your Smartphone:
mail, webbrowser, Internet Voice communication…
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Slide 10 , 18/04/2013 WWW.EID-SSEDIC.EU
10. Use of Electronic Identity – Y1 Survey Comparison
... on a daily basis ... at least once a week ... at least once a month
Username and password indicating my real identity
YEAR 1 Expert Survey Result
Username and password connected to a card (e.g. bank…
YEAR 1 Expert Survey Result
A “Nickname” not indicating my real name and password used…
YEAR 1 Expert Survey Result
An eID supported by a hardware device: a chip card/reader…
YEAR 1 Expert Survey Result
An eID supported by a hardware device: a One Time Password…
YEAR 1 Expert Survey Result
An eID supported by a hardware device: a SIM card/mobile…
YEAR 1 Expert Survey Result
0% 10% 20% 30% 40% 50% 60% 70% 80%
Slide 14 , 18/04/2013 WWW.EID-SSEDIC.EU
11. Origin of eID Credentials
Obtained to create my e-mail
Username and password covering my real identity account
A “Nickname” not indicating my real name and password Obtained to purchase goods or
services for one or more
eCommerce websites
Obtained as member of a social
An eID supported by a hardware device: a chip card/reader network
combination protected by PIN code
These credentials represent the
official eID in my country issued
by the government
An eID embedded in a public register (PKI) which in
combination with eSignature allows to electronically sign … Obtained as an eBanking client
An eID supported by a hardware device: a SIM card/mobile
device combination
Obtained in the context of my
An eID supported by a hardware device: a One Time professional activities and used
Password device for professional and private
activities
An eID supported by biometric information (fingerprint, iris Obtained in the context of my
scan...).
professional activities and ONLY
used for professional activities
0% 10% 20% 30% 40% 50%
Slide 15 , 18/04/2013 WWW.EID-SSEDIC.EU
12. Reasons for Not Using Some eID Types
….I’m not aware of the
Username and password covering my real identity existence of these tools
A “Nickname” not indicating my real name and
password …I don’t believe these
Username and password connected to a card (e.g. bank tools are technically
payment card, frequent flyer card or smart card used secure
for public transportation), verified by a 3rd party
An eID supported by a hardware device: a chip …I don’t need these
card/reader combination protected by PIN code tools
User ID and password which are in addition verified by a
number from a list of randomly generated numbers
(“tokens”). …these tools are to
An eID embedded in a public register (PKI) which in complicated for me
combination with eSignature allows to electronically
sign documents.
An eID supported by a hardware device: a SIM
…I don’t TRUST the
card/mobile device combination
issuers of these tools
An eID supported by a hardware device: a One Time when they belong to
Password device the PUBLIC sector
…I don’t TRUST the
An eID supported by biometric information issuers of these tools
(fingerprint, iris scan...). when they belong to
the PRIVATE sector
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Slide 16 , 18/04/2013 WWW.EID-SSEDIC.EU
13. Cross-Border Use of eID
Online cross-border purchasing of goods and services (N=696)
Yes.
No, I don’t have a need to order goods or services from another member state.
No, I do not trust merchants outside my country, because I think my rights as a consumer are not protected then.
I can’t tell whether an Internet transaction I do is an international, cross-border transaction or not.
75% 15% 4% 5%
Online cross-border money transfers (N=696)
Yes, at least once a week.
Yes, at least once a month.
Yes, at least once a year.
Sometimes, less than once a year.
No, I never had a need to transfer money to another member state.
No, I do not trust cross-border online money transfers.
No, I do not trust online money transfers at all, I prefer to make the transaction in my bank personally.
No, I am not aware of such online tools. 1% 2%
4% 19% 28% 18% 24% 4%
Slide 17 , 18/04/2013 WWW.EID-SSEDIC.EU
15. E-Signatures
Possession of eSignature (N=713) Legal Qualification of eSignature (N=371)
Yes No Don't know Yes
5% No
I don’t know whether my eSignature is qualified
12%
43% 52% 14%
74%
Use of eSignature (N=371)
Signing a declaration for a public service (e.g. online tax-…
Signing a registered mail
Confirming an eBanking or eCommerce transaction
Signing an order, invoice or other procurement message
Signing a contract
Other
0% 10% 20% 30% 40% 50% 60%
Slide 19 , 18/04/2013 WWW.EID-SSEDIC.EU
16. E-Signature Technology
A signature key stored on a smartcard with signing software
to sign standard office documents (e.g. pdf, MS office, Open
Office, e-mails…)
A signature key stored on the desktop with signing software
to sign standard office documents (e.g. pdf, MS office, Open
Office, e-mails…)
A signature key stored on a local server with signing software
to sign standard office documents (e.g. pdf, MS office, Open
Office, e-mails…)
A signature key stored on a remote server or supported by a
remote server which is used through a mobile device (such as
a mobile phone or tablet pc)
A signature key stored on a remote server with signing
software to sign most of the standard office kind of
documents (pdf, MS office, Open Office, e-mails…)
Signing in connection with legacy applications such as
accounting, ERP or procurement systems with signing of
structured information such as XML or EDIFACT documents…
0% 10% 20% 30% 40% 50%
Slide 20 , 18/04/2013 WWW.EID-SSEDIC.EU
17. Respondents Opinions
1) EU and National Regulation of eID
2) eID Federation and Cross-Sector Use
3) Privacy Issues
Slide 21 , 18/04/2013 WWW.EID-SSEDIC.EU
18. Opinions on eID Regulation
Need for EU regulation of eID (N=694)
Yes, this is typically a task of European regulation.
No, this needs to be addressed by each member state separately.
No, leave this to the private sector.
No opinion on this issue.
78% 7% 6% 9%
Usefulness of EU proposals on eID and digital signature (N=692)
Yes, they will really help.
They may marginally help.
No, I do not expect they will help.
No opinion on this issue.
51% 27% 9% 12%
Slide 22 , 18/04/2013 WWW.EID-SSEDIC.EU
19. Opinions on eID Regulation
Need for eGovernment eID which can be used cross-border (N=686)
Yes, this is absolutely necessary.
Not necessarily, this is no core task of the government.
Not at all, I prefer to maintain separate electronic identities for each Member State.
Not at all, this is a task for the private sector.
No opinion on this issue.
67% 16% 7% 2% 8%
Need for cross-border eID to access private services (N=684)
Yes, this is absolutely necessary.
Not necessarily, this is no core task of the government.
Not at all, this is a task for the private sector.
No opinion on this issue.
55% 26% 10% 9%
Slide 23 , 18/04/2013 WWW.EID-SSEDIC.EU
20. Federation and Cross-Sector Use of eID
eID federation use (N=700)
Yes, I use it always because it makes the log-in easier.
Yes, but I use it only when I see possible benefit of sharing eIDs between both services.
Yes, but I use it rarely.
Never, I do not want to provide information about what service I use to another company.
Never, I have never heard of it.
No opinion on this issue.
10% 17% 18% 45% 6% 5%
Opinion on future cross-sector use of eID (N=700)
The only way forward. Can have some positive effects. Not a good idea. No opinion on this issue.
23% 44% 25% 9%
Slide 24 , 18/04/2013 WWW.EID-SSEDIC.EU
21. Privacy Issues
Need for specific privacy rules for companies holding significant identity
information (N=696)
Yes, specific regulation and control is necessary.
No, specific rules are not required, other than already existing general privacy protection rules.
Not at all, this is a normal evolution, every one gives this information on a voluntarily basis.
No opinion on this issue.
82% 11% 3% 4%
Right to online anonymity (N=696)
Yes, in fact, anonymous access must be the rule; only in exceptional cases “strong identification” can be requested
Yes, in certain circumstances anonymity is preferable
Yes, but anonymity must be “conditional”, can be lifted by court order for example (when criminal acts are involved)
No, anonymity must be the exception
No, all online actions must be traceable and identifiable so that people can be held responsible
No opinion on this issue.
34% 27% 28% 4% 4% 4%
Slide 25 , 18/04/2013 WWW.EID-SSEDIC.EU
23. Secure Electronic Document Exchange
Internet exchange of sensitive documents (N=133)
12%
Yes, I exchange sensitive documents
via Iternet
No, I do not 88%
Types of sensitive documents exchanged Technical solutions used (N=116)
Invoices Regular email
Contracts
Internet web portals
Purchase Orders
Business to Secure email
business…
Other Other solutions
documents
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Slide 27 , 18/04/2013 WWW.EID-SSEDIC.EU
24. Secure Electronic Document Exchange
Problems encountered (N=116) Would you increase electronic
documents exchange if you had
I have never encountered any problem Problems encountered
a secure electronic
51% 49%
address?(N=116)
Problems encountered
Yes
Problems related to spam and No
spam filtering
Poor traceability/unclear status I already have a secure electronic
of transaction address linked to my company eID
Problems identifying the 15%
sender of a document received
Denial of delivery by recipient 53%
32%
Delivery to wrong recipient
Other problems
0% 10% 20% 30%
Slide 28 , 18/04/2013 WWW.EID-SSEDIC.EU
26. CONCLUSIONS: Use of eID
• Most frequent – user ID/password credential mostly obtained to
• create an email account
• become a member of a social network
• to purchase goods or services online
• Username/password credential connected to a card (e.g. bank payment card
or smart card used for public transportation) used by 76%
• Progress of SIM card/Mobile related eID
– 3 times more use of these credentials on daily basis then registered one year ago
for the expert panel
• Hardware devices (including code-generating tokens, SIM card mobile
devices, and card readers with PIN verification) usually obtained for eBanking
• Low use of more sophisticated identification methods based on
PKI, hardware devices, and biometrics
Slide 34 , 18/04/2013 WWW.EID-SSEDIC.EU
27. CONCLUSIONS: Opinions on eID Regulation
• Importance of public sector involvement
– EU regulation needed
– Governments should ensure the acceptance of eID
• in other member states
• both for public and private services
Slide 36 , 18/04/2013 WWW.EID-SSEDIC.EU
28. CONCLUSIONS: eID Federation and Privacy
• privacy concerns of users
– Need for specific privacy protection rules in the future
• Respondents not willing to use the eID federation
– Reason: reluctant to provide information about the service used to
3rd party
X
– majority would support eID federation in case they can foresee
positive effects
• right to online anonymity is preferred
Slide 38 , 18/04/2013 WWW.EID-SSEDIC.EU
29. SSEDIC 2012 eID Survey
Thank you for your attention.
Jiri Bouchal (IS-practice)
jiri-bouchal@is-practice.eu
Slide 40 , 18/04/2013 WWW.EID-SSEDIC.EU
Editor's Notes
The fundamental goal of this eID survey was to collect the information about the use of electronic identity (eID) by the European general public and about its opinions on eID regulation, use, and privacy issues.The Year 2 eID Adoption Survey is a continuation of the Year 1 eID Adoption Survey (Nov 2011). Year 2 survey modified to make it comprehensive for non-experts and to reach for a wider public Approach, structure and the user profile kept - possible to compare the Year 1 and Year 2 results
95% use the Internet on daily basis for professional purposes such as checking e-mail or searching information. Social networks are visited by almost 60% of users on daily or weekly basis (34% daily). Approximately the same amount of respondents, with only a little lower frequency, uses the Internet regularly to administer their bank account via the Internet banking. Most of the people do that on weekly rather than on daily basis.Half of the respondents use the Internet daily or weekly to watch online videos or TV, listen to online music or radio streaming, download movies or music etc.Active participation at discussions and blogs, posting opinions at news websites, Twitter etc. is the daily or weekly activity for 30% of respondents Almost 60% of respondents access the Internet for the online shopping at least once a month.Quite surprisingly, only 5% of respondents do not purchase goods or services online at all. The use of online auction sites as eBay is considerably lower, with only 20% purchasing at such websites at least monthlyphone or webcam video calls -56% of respondents at least once a month.The lowest frequency of the Internet use was found out in the case of online gaming and downloading computer and video games (This result can be influenced by the very low representation of younger Internet users)
Use of Electronic IdentityThe most frequently used credentials are the traditional and relatively weak user ID/password based credentials for accessing websites. Username and password connected to a card (e.g. bank payment card or smart card used for public transportation) with the personal information verified by a 3rd party is used by the 76% of respondents.A considerable number of respondents do not or rarely use the more sophisticated identification methods based on biometrics, PKI and hardware devices. The username/password credentials are mostly obtained to create an email account, to become a member of a social network, or to purchase goods or services online. An other interesting finding is the progress in one year time what concerns SIMcard/Mobile related eID’s: actually 3 times more use of these credentials on daily basis then registered one year ago for the expert panel.Hardware devices, including code-generating tokens, SIM card mobile devices, and card readers with PIN verification, are usually obtained for eBanking purposes.The use of PKI infrastructures (allowing to sign documents electronically with eSignature) are mostly connected to the official government issued eIDs.The most common reason for not possessing or hardly using the listed types of eID credentials was no need to use these tools, followed by disbelief that these tools are technically secure and lack of trust in the issuers of these tools.
Cross-border use of eID: Online Shopping and Money TransfersThe surprisingly large majority of survey participants (75%) buy goods or services via the Internet from other countries.A 51% majority of respondents makes online money transfers to other EU member state (e.g via online banking or other payment services such as PayPal) at least once a year and additional 18% make such payments less frequently.
Opinion on Electronic Identity regulationThe respondents clearly expressed the importance of public sector involvement in the eID regulation. The clear majority thinks that the regulation on the European level is needed and expects the new EU proposals to help with eID take-up and its wider use. The respondents would also like their governments to ensure the use and acceptance of their eID in other MS to online access both public and private services (the majority is more distinct in the case of eGovernment services). The Y1 expert survey brought similar results with even higher support for the eID legal framework on the EU level and clear statement that digital identities should be interoperable across borders. Consistently with the Y2 findings, the experts stress the importance of public sector involvement to stimulate the use of eID both in the public and private sector.
eID federation and Privacy IssuesThe respondents are well aware of privacy concerns of the Internet and eID use and would like to see specific privacy protection rules in the future. ¨They are usually not willing to use the eID federation because they do not want to provide information about what service they use to another company (3rd party) unless it is necessary. However, the majority of respondents would support the eID federation in case they can foresee future positive effects and user scenarios that would make their online transactions easier and more transparent. The right to online anonymity is preferred by a large majority and shall be lifted only under certain circumstances (such as criminal acts). These findings are in line with the privacy recommendation of eID experts in the SSEDIC Y1 survey.
Secure Electronic Document Exchange and Digital Identity Replies in this section prove that there are still many problems and security issues in the field of electronic documents exchange. The regular email is the most used communication tool to exchange sensitive electronic documents. Most of the respondents would increase their sensitive online communication if they had a secure electronic address linked to their company eID. The future potential for the take-up of eID and eSignature seems to be obvious in this domain.