Roland Krebs and Dr. Susanne Seibert, Bayerisches Landesamt für Steuern (Bavarian State Office for Taxation)
With the “Onlinezugangsgesetz” (Online Access Act, OZG), the majority of official services will also be made possible via the Internet. This requires reliable and user-friendly online authentication. In this field, the Bavarian State Tax Office sets new standards with the development of the KOLIBRI interface and is awarded a gold medal in the 17th eGovernment competition as the best concept of the Online Access Act.
mgm: What is achieved with the implementation of the KOLIBRI interface?
Roland Krebs: We want eGovernment to function just as easily as eCommerce. Today you shop at an online marketplace and then naturally hand the payment over to an online payment service provider. Following this example, we also envisage communication between citizens and authorities. In the future the ELSTER certificates issued by us for the authentication at the tax administration will also be used in other citizen or administration portals and so eGovernment services can be utilized.
A significant advantage is created for companies that can also make use of eGovernment services as a result. Companies do not yet have an own digital identity. This will change with our procedure. For the first time – even at an international glance – they can authenticate themselves as a company and thus, for example, register a vehicle.
mgm: Which challenges have had to be overcome so far, which are still to come?
Dr. Susanne Seibert: “With the demanding technical and technological challenges, we were able to build on the technology of the existing ELSTER certificates, which are of a very high standard.
The real challenge lies in a completely different area, namely changing the laws. Due to the tax secrecy applicable in Germany, tax data is subject to special protection. This includes the ELSTER certificates. If the possibility to use ELSTER certificates for authentication at other citizen or administration portals is now opened, then it is unavoidable to adapt the laws accordingly, on which the Federal Ministry of the Interior is currently working.
mgm: What makes online authentication technologically more sophisticated than online payment services?
Data misuse cannot be compensated in money, it cannot be undone.
Roland Krebs: Online authentication is much more in the public eye than the private sector with its payment services. It is also subject to much stricter regulations. That’s why the appropriate technologies need to be more hardened, more stable, and ultimately more user-friendly to avoid application errors. Data misuse cannot be compensated in money, it cannot be undone. The image damage would be enormous, which we can’t afford.
mgm: What are the prerequisites for broad acceptance of online authentication?
Roland Krebs: A prerequisite is that the citizen is at all aware of the possibility of eGovernment. Payment services are establishing themselves because they are offered by the large online services. It’s harder for us. The new ID card, for example, is hardly used online because users don’t even know what to do with it.
With ELSTER, we have an enormous advantage: we already have over 6 million certificates and a large customer base, which we can reach promptly via our media. And ELSTER users are already familiar with the extremely high safety standard and reliability of the process.
It is just as important that it means as little effort as possible for the individual authority to use authentication. The municipalities in particular have neither the organisational nor the financial means to take care of this themselves. Likewise, the data we provide must also be valid and meet a certain standard.
mgm: Why can the citizen look forward to having KOLIBRI at his disposal soon?
Dr. Susanne Seibert: The citizen can be happy, because in the future he will be able to use all authorities that are connected online. If he already uses the ELSTER certificate for his tax purposes, he only has to activate the tick “I want to use my certificate also for non-tax purposes” in the program as soon as the technology is available. Then he can use the authentication immediately, without waiting for a letter or buying hardware.
If the citizen does not yet have an ELSTER user account, he or she can open one very easily and in just a few steps on the homepage www.elster.de . In this context, it should be expressly pointed out that citizens can also create an ELSTER user account and use it for eGovernment in the future if they have their tax affairs handled by a tax advisor, for example.
An additional advantage is that it is absolutely intuitive for the citizen. As we closely follow the established eCommerce processes during implementation, it will be almost self-explanatory for the citizen. Because you may only change your registration once in your life, because you only register a car once in a while, because you often only go to the authorities once in a lifetime, this time you have to be intuitive right away.
For the first time companies get their own digital identity.
Roland Krebs: But it’s not only the citizens who can really be happy, but above all the companies and all legal entities who, for the first time and also internationally uniquely, have their own digital identity with which they can authenticate themselves can be happy.
mgm: What exactly is the advantage of KOLIBRI in connection with companies and legal entities?
Roland Krebs: There is currently no digital identity for companies and it is not foreseeable that someone else will be able to provide it.
Through KOLIBRI, the company authenticates itself as such and no longer as it is in the analogue world, a person acting in the name and on behalf of the company.
Dr. Susanne Seibert: The digital identity provided by the ELSTER certificate and the authentication via the KOLIBRI interface works not only for companies, but also for all organizations that can apply for an ELSTER certificate, i.e. also for associations, communities of heirs, property communities, associations of persons and even other authorities.
Roland Krebs: What is different from people is that a person is born, moves, marries and dies. These are essentially the main events on which something changes for an individual. For a company, this is much more diverse. A company is created, it can be liquidated, split up, merged, bought up, etc. The tax administration, and thus also ELSTER, is the administration that knows the company’s CV in real time and is thus in a position to authenticate a company accordingly.
mgm: What else makes KOLIBRI so attractive for authorities?
Roland Krebs: It is important to know that not every authority has to do something of its own, but can simply use the KOLIBRI interface if it is connected to the user accounts of the Bundesländer or the Bund.
ELSTER has already a huge and validated database of individuals and companies.
In addition, we not only have the largest user database for German citizens, companies and organisations, but I think the only one worth mentioning. With over 6 million certificates issued, we have a huge validated user database that the authorities can access.
We have a database that uniquely identifies the registered citizens; companies and organizations. We have no duplications and we have verified data, streets, addresses etc. The fact is that in our opinion there is nothing foreseeable that could compete with the quality and security of authentication via the KOLIBRI interface.
mgm: What would an interested authority have to do?
Roland Krebs: As of today, the interested authorities would only have to connect to one of the federal user accounts mentioned. According to the Onlinezugangsgesetz, user accounts of the Bundesländer as well as a separate user account for the federal government – a total of 17 user accounts – are currently being implemented. These user accounts in turn can become our partners and will integrate the KOLIBRI interface accordingly and thus use the ELSTER certificates as an authentication option.
mgm: Are there international role models for KOLIBRI? Where do we stand from an international point of view? How is authentication carried out abroad?
Roland Krebs: In fact, there are authentication possibilities in many countries, many of which are much further along than we are. The technology is mostly comparable with what we want to do with KOLIBRI. There is a type of certificate that can be obtained from a central location, with a central user administration behind it. Other countries usually have personal identification numbers, such as the social security number in America. In Sweden, for example, there is a kind of bank ID where the Swedish banks have joined forces with the state. Then again there are countries that have a cooperation between the state and the telecommunications providers.
These are all central states with a central government, central identification numbers and central user data. Through cooperation with the free economy, every citizen then has such an identity with which he can do everything. He can service his bank account and order his garbage can. It’s not like that with us. The only central register we have had so far was via the identity card, but it has not yet gained acceptance. And now, as an alternative to tax registration, we have a technology similar to that available in other countries, but from the tax administration.
mgm: What are the essential requirements and challenges for the near future?
Roland Krebs: It is important that the system is known and disseminated. Even if it is set by the state, citizens do not use it if it is not user-friendly. Usability, as they say, is the be-all and end-all. The product can be as good and safe as it is, if it is not user-friendly, then the user will not accept it.
Another challenge are the user accounts, of which there will be 17 to our knowledge. I hope these will fly next year.
Our ELSTER systems are designed so that they can easily handle online authentication in addition. There is an interesting figure: The German has an average of 1.4 contacts with authorities per year. The “1” before the decimal point is the tax return, i.e. ELSTER, and the remaining 0.4 are all other official services, from the registration of the car to its own removal to ordering the garbage can. There are about 9000 services in Bavaria that could be digitized. All these share the 0.4 authority contacts, while ELSTER alone represents an entire authority contact and we are set up on the system side in this way. The theoretically 0.4 additional contacts are no problem for us.
mgm: At a glance into the future: Is an expansion to the private sector planned or conceivable?
Dr. Susanne Seibert: Of course, from a purely technical point of view, it is of course possible. Since KOLIBRI is a generic interface, basically any user can connect, no matter if it is a federal user account or a private customer. But the legal framework for this is not in place at present. Since the authentication data is also tax data, we are not allowed to release this data. The aforementioned changes in the law will make it possible to expand the use of data in the future, but always exclusively in the federal sector. The private sector has so far been completely excluded from this. Nothing is impossible, of course, if you change the relevant laws. Whether this is meaningful and desirable cannot be answered in general terms.
Roland Krebs: I think there are certainly people who want to have an identity for everything. For example, they use their Facebook account for everything. But many citizens already want to distinguish with which identity they are active on which platform. A state digital identity, as created by KOLIBRI, is an attractive alternative.
mgm: Many thanks for the interview!