Identification versus anonymity in e-government PSEUDONYMOUS SIGNATURES IN E-GOVERNMENT

Pseudonymous signatures in e-government

Though pseudonymous signatures are supported by the European Electronic Signature Directive, only a few European countries have included pseudonymous electronic signatures in national electronic signature legislation so far, among them Germany. Hornung has analysed the possibilities to use pseudonymous electronic signatures in the context of public services in Germany (published in Roßnagel 2006). 

In Germany, pseudonymous certificates for electronic signatures are a standard service of CAs. They are implemented in accordance with the law on the national ID card for using a pseudonymous name instead of the original first name and surname. In some special cases, e.g., chambers or associations for certain professions (medical doctors, etc.), the application of pseudonymous signatures together with the professional attributes might not be possible.These, however, are exceptional cases that are well understood (Roßnagel 2006: 59).

Contrary to the statement in the German Electronic Signature Law, the German government understands pseudonymous signatures as a purely voluntary service of CAs. This understanding results in the conclusion that no German citizen is entitled to make pseudonymous electronic signatures. This understanding and the corresponding implementation of the law limits the possibility of citizens to even get a pseudonymous electronic certificate issued by a CA in Germany (Roßnagel 2006: 58f).  

In addition, the use of pseudonymous signatures in Germany for signing governmental tranactions is limited by law. Art. 3a of the German Law on governmental procedures (“Verwaltungsverfahrensgesetz”, VwVfG) states that “The use of electronic signatures using a pseudonym that does not allow the identification of the person using the electronic signature is prohibited”. In additional comments to the law, the German Federal Government states that pseudonyms may be used by the public administration (such as the municipal offices for social affairs), but not by the citizen, in order to avoid “abuse of governmental services […]” (Roßnagel 2006: 60).  

Hornung argues that this is not proportionate, as there are governmental procedures that do not require identification. In addition, an identification of the user of a pseudonym in defined cases by the CA is possible (Roßnagel 2006: 60). On the other hand, the certificates issued together with key pairs for electronic signing in Germany are not meant and developed to identify the user of the key pair without doubt. In fact identification currently is possible via additional information issued by the CA only, as relevant information such as date of birth, location of residence etc. is not stored in the certificates (Roßnagel 2006: 61). Hornung concludes that from this perspective, the exclusion of pseudonymous signatures for governmental procedures does not make sense at all and the corresponding articles of the German Law on governmental procedures should be changed (Roßnagel 2006: 69).