Towards the Foundation for Read-Write Government of Civilizations

Alois Paulin, 2011

Third International Conference on Software, Services and Semantic Technologies S3T 2011, Burgas, 2011-09-02

Introduction

In the past 10 years many great governmental e-services have emerged that enable citizens to be more productive: in Slovenia for example – besides many other online services, laws and court rulings are published on the web, cadastral information can be retrieved online, interaction with the land registry is conducted entirely in electronic form, tax forms can be submitted via web services, relevant information about legal subjects is available online in the electronic business register and even companies can be registered trough the Web.

Architecturally, each of these governmental web services is an n-tier application, where the presentation tier consists of a web server serving either a graphic user interface (GUI; defined typically in HTML, CSS and JavaScript) and/or an application programming interface (API; typically SOAP). The business logic of such applications is defined in the middle tier and contains rules that have been hardcoded at design-time. Consequently, these e-services serve fixed, predefined use-cases and it can be said that governmental web applications behave digital, as overall, only a discrete number of immutable services are available for the subject to access.

In contrast to the static, digital offerings, which are able to sufficiently satisfy only predefined requests, the relations among subjects and between subjects and the government – in a society based on the rule-of-law, behave analogue and are highly dynamic.

The protocols of accesses to governmental electronic services or data, as well as their mere availability, are usually not regulated by primary law (law issued by the parliament). Instead, either secondary law (legal acts defined by non-legislative bodies such as ministries and public agencies) defines crucial characteristics of the particular services, or existing bureaucratic rules are arbitrarily translated to the electronic dimension. Consequently the legal boundary, within which electronic services perform, is not always clear.

The introduction of a new law or a change of the existing can render e-services obsolete or even illegal, and the same applies for court decisions or rulings of inspectorates. Even a simple change in the organizational or political structure of the public body in charge of the e-service can result in a major re-development of the particular system. But unplanned change of legal boundaries is not the only challenge of modern governmental e-services.

Governmental e-services are planned, developed and maintained by individual governmental organizations. Effectively this means that either the governmental organization contracts a private company to build the information system plus web frontend, or that a state-owned company conducts this work. Either way, the resulting e-service application comes as a “black box” with hardcoded rules and a web frontend targeting a limited number of user agents (UA; e.g. web browsers).

Unlike the private sector, which fosters strict and public standards for data transfer between tiers of information systems (cf. e.g. EBICS), public sector e-services lack technical regulation. Law falsely seems to perceive e-services as monolithic, one-tier applications and correspondingly regulates only the human interaction with the presentation layer, while leaving technical issues to arbitrariness. An example of inadequately regulated governmental e-services is the Slovenian “e-Justice” system: In 08/2010, Slovenia’s Ministry of Justice passed and published an ordinance that regulates electronic transactions in the field of e-justice. It would be expectable that this ordinance would rigorously define the format for data exchange and the technical protocol, in a way technical standards do it, but instead the ordinance talks about indefinable concepts such as a “portal e-justice” (no URL defined – where should we find it?), and “electronic applications” (no format defined – is it XML + XML-DSig/XAdES? If so – where is the schema? Is it a Pkcs-7 signed plaintext message?). In order to submit the e-application, the ordinance instructs the citizen to “choose the corresponding ‘e-task’ on the portal and enter data into the required fields of the provided form”. This ordinance reads like a user-manual for a particular software product and does in no way define or mention any technically relevant characteristics. A similar style of regulating technical procedures has been chosen for the 2011 amendment of Slovenia’s Land Register Act , which defines the electronic land register as software backend including several “modules” and a public web portal as the frontend.

A similar style of regulating technical procedures has been chosen for the 2011 amendment of Slovenia’s Land Register Act, which defines the electronic land register as software backend including several “modules” and a public web portal as the frontend.

This kind of regulation does not allow a technically clear implementation; neither does it regulate the interaction between the server and the client. Several important issues are undefined, such as: Where is the URL? How should HTTP requests be formulated? What data format does the web server accept and respond? How does the client authenticate to the server? Who guarantees that the technical protocol will not arbitrarily change over time? Who is the responsible legislative body that can be called for accountability?

These questions are not only of importance from a technical perspective; they are important legal questions as well. The exchange of requests and responses between the web server and the UA is essentially a series of interactions between the citizen and the government in which the citizen’s HTTP request is a formal application towards the government, which must evaluate the application and respond lawfully. Additionally, the rule-of-law principles require that the rules, against which applications are evaluated, are transparent and published in advance.

The interaction between citizens and the government over the Internet is a novel experience for both the legislative, executive and the judicative branch, which all severely lack the technical knowledge required to cope with the challenge of structured data exchange. While ICT-literacy of the population rises, new situations will have to be resolved, such as: Has the government permission to prevent citizens from interacting with governmental services in an automated manner – e.g. through bots (cf. Lundblad, 2007)? Or: Is it legal to force citizens to use only certain (though undefined) user agents and system configurations to interact with e-services?

Arbitrariness of the design and non-existence of technical regulation for governmental e-services could potentially represent a breach of the Human rights , esp. art. 21/II, which states: “Everyone has the right of equal access to public service in his country.”

The third important issue with modern governmental e-services is their efficiency. While the first two described problems are to our knowledge not yet present on the international research agenda, the issue of is a major topic within the open data, linked data and open government communities(hereinafter OGD). OGD is a field of research that is concerned with the transparency of governmental data. The basic idea behind OGD is that governments and public organizations/bodies should make their data available online for the public to consume and to draw added value out of it.

The OGD movement took shape with the rise of several OGD project “in countries around the world from the United States, Australia and New Zealand to The Netherlands, Sweden, Spain, Austria and Denmark, not to mention and increasing number of city- and local-authority-based initiatives from Vancouver to London” (Sheridan & Tennison, 2010). However, despite their positive vision, OGD portals have become dumping-yards for governmental analyses and high-level statistical data with little added value. Authorities have published barely relevant statistics about child-seat safety, the jail population and the population count for wild horses and burros (O'Keefe, 2010) According to nonpartisan organizations, US federal agencies which by Obama’s decree had to publish at least three of their high-value sets of statistics or other information in a downloadable format, “went for the low-hanging fruit for things that are already out there and not terribly controversial” (ibid.).

Furthermore, governmental OGD initiatives rarely offer their data in a coherent, structured, machine-readable format, but instead focus on providing various dedicated web sites with relatively little added value. Robinson & al. (2009) demand that the government should shift its focus away from designing “sites that meet each end-user need” towards “creating a simple, reliable and publicly accessible infrastructure that ‘exposes’ the underlying data. Private actors, either non-profit or commercial, are better suited to deliver government information to citizens and can constantly create and reshape the tools individuals use to find and leverage public data” (ibid.).

O’Reilly (2010) shares Robinson’s concerns regarding governmental involvement in developing web pages and calls for a government as a platform (GaaP). The GaaP idea envisions the hegemony as a provider of infrastructure on which subjects can conduct their exchange of goods and services in a transactional manner. According to this idea, “Government 2.0 is not a new kind of government; it is government stripped down to its core, rediscovered and reimagined as if for the first time.” (ibid.) O’Reilly’s platform is an analogy to modern computer platforms, like iPhone or Android, hence the vision encompasses a two-tier architecture of e-governance.

Although we reject the API approach as proposed by O’Reilly, we follow his call to reinvent governing. Consequently our research presented in this paper first presents a short insight into the fundaments of governing as elaborated in the fields of political philosophy and jurisprudence. Based on these theoretical findings we describe a novel technical solution that responds to the problems outlined hereinbefore.

Rights - Structured Pieces of Information Stored in a Database

Rights are the fundamental legal relations between subjects and the sovereign within a governed society. Social contract theory (cf. Hobbes, 1650; Rousseau, 1762) tells us that each society is grounded in its social contract, an implicit mutual agreement between the society’s members about their rules of conduct. At the constitution of civil society each member of the community surrenders his natural liberty and all the resources at his command - including the goods he possesses, to the community (the State), which in return gives him civil liberty and proprietorship over all his possessions (Rousseau, 1762) Therefore “the State, in relation to its members, is master of all their goods by the social contract, which, within the State, is the basis of all rights” (ibid.; book 3/1). Contrary to natural liberty, which can be exercised within natural borders (walls, rivers, gravity) and social liberty, which is limited with social borders (morals, habits, conventions), rights represent artificial liberty, which must be granted by the sovereign in order to exist.

By granting a right, the sovereign creates a virtual space of legal liberty, and promises the grantee not to interfere with the subject’s execution of the right; cf. Jellinek (1905). Eventually, the sovereign may promise to defend the right, which it does by establishing a defensive system of subjects who have the right to use repression in order to secure the given right (e.g. a police force, a judicial system, state attorneys, etc.).

Rights are of various flavours and names – the right to exploit natural materials is granted trough a concession, the right to teach at a school or university is obtained trough habilitation, the right to lead a mission is called an appointment, rights in political issues are called mandates, the right to kill people can be obtained by enlisting in the army, etc. But as soon as we disregard the naming, the requirements and the procedure in obtaining it, the right at its basic level is information about the expressed decision of the person (or jointly of a committee) in charge, stored in a database. (A more elaborate argumentation is available in our previous work on this topic (Paulin, 2011); for a juridical theory on rights see also Hohfeld (1920).)

Every expressed right can be defined as a set of discrete electronic data that can be stored in a relational electronic database. Many rights are already today stored exclusively electronic – the land registry in Slovenia for example is from 2011 on kept electronic only and the information about rights is stored in a relational database.

The Secure SQL Server

The Secure SQL Server (SecSS) is a novel electronic interface, which allows the public as well as qualified users to fully transactional read and write data in remote relational databases using digitally signed standardized SQL statements.

SecSS allows users to send digitally signed SQL queries of any kind to a publicly know URI on the server. The semantics of the query are not important – it can be a simple freedom of information request for public data in form of a SELECT statement, a registration in the Land Register expressed trough an UPDATE statement, request for matriculation to an university, application for a governmental job or even just a bidding at a public auction expressed trough INSERT statements.

After SecSS receives the SQL request, which is treated as a formal application, it first validates the digital signature and the signer’s certificate. Based on the identity stored in the certificate, SecSS can apply personalized rules, if rules for the identity are explicitly defined. After the identity-check, SecSS dynamically applies public and personal rules to the original SQL request in form of SQL sub-queries, which limit the range of data to which the applicant has access-permissions. (Figure 1 illustrates the flow of the application.)

The rules, which SecSS applies to the original request, are stored in an XML Infoset, which has been signed by an official with a legislative mandate. This Infoset is a legally binding set of rules, which are subject to usual legal principles and is called the electronic legal act (ELA). Because the ELA is public, anybody can view and evaluate the rules contained. In case that somebody suspects that the ELA violates his rights or that it is in any form unlawful, the disputed validity of the ELA can be brought to an inspectorate’s attention, or evaluated by a court.

Each rule defined in the ELA is an explicit SQL query bound to a field in case the specified statement type – e.g. update, insert, or select, is requested. The rule may include SQL variables, to which values from the original request are assigned. Each rule has access to the identity of the applicant, which is crucial for strictly personal applications, e.g. when a change of ownership at the applicant’s real estate is requested. This SQL statement is later applied as a filter to the applicant’s request.

In order to apply the correct rules, SecSS utilizes a SQL language parser, which analyses the incoming request and extracts the mentioned fields. The applicant can only access fields for which an explicit regulation exists. If the applicant tries to access fields that are not regulated in the ELA, the application is not processed.

SecSS provides only an electronic interface that can be accessed over the Internet – HTTP may be preferred, but also other protocols, like SMTP or FTP should not be discriminated. Developers on the free market should provide higher-level applications that e.g. allow users to interact via a graphical user interface.

Furthermore, every request that is received by SecSS must be stored in its original form, as well as the corresponding response. This assures that each formal application is appropriately archived so that in case of a future dispute the non-repudiable request of the applicant can be evaluated again.

Proof of concept: the sandbox

In order to prove the working of SecSS, we have published a prototype server and client application. The server has access to a MySQL database management system. The database hosts the testbed scheme “playground”, which represents a fictional playground on which children can play with toys in a sandbox. For each child we store the following personal information: The national identification number (ninu), name, surname, and the date of birth (birthday). The toys are kept in the toychest and for each toy we know its unique ID (item), the name of the toy, the image and information about the suitable age (suitable4age). In the sandbox we store information about which child (ninu) is playing with which toy (item) and where the child is geographically located within the sandbox (posx and posy).

To the playground scenario several simple and complex requirements apply:

1. The public may read any data except the children’s birthdays, which are protected personal information by law.
2. A child may play only with toys for which it is old enough.
3. If a child plays with a toy, it must not be given to another child.
4. Anybody may at any time add a new toy into the toychest or put a new child into the playground.

The given conditions are complex and cannot be handled by individual rules applied to either the children or toys. Instead, the rules must be generic and applicable to all requirements.

Requirements #4 and #1 are simple; they can be realized by applying appropriate read or write permissions for the particular fields. However, requirements #2 and #3 are complex and require the definition of filters in form of sub-queries. Figure 2 shows the sub-query for requirement #2 and demonstrates how an INSERT-statement is transformed by the corresponding rule before it is sent into the MySQL server.

The playground prototype application, which is available online at http://sex.apaulin.com, is a proof-of-concept that SecSS is capable to handle complex real-life scenarios. Let us take for example that an ordinance would be passed, which would make it illegal to play with toys made in Azerbaijan: in that case, the authority in charge of the relational database would have to add a new field to the table toys - countryOfOrigin and add the appropriate SQL sub-query to the ELA. Besides those two simple changes, no additional modifications would be needed, neither server- nor client-side.

Conclusion

In this article we argued that rights could be effectively represented as structured data within relational databases. Consequently a society can be governed in a similar manner as a player of computer games governs his virtual community – by making actions that effectively trigger the change of values of digital objects in the virtual sphere of the computer game.

Following the finding that a change of data in a governmental relational database can have real legal impact on the rights within the real world, we developed a prototype system – the Secure SQL Server (SecSS) which allows fully transactional access to databases of rights according to legal, technical and political maxims of modern rule-of-law based states.

We believe that SecSS can revolutionize the way modern societies are governed and that our system can make a significant contribution to development towards fully transactional, self-service governance with practically no need for bureaucrats.