Application for Research grant regarding SEMA:s call on Information Security:
Project leader: Associate Professor, Elin Wihlborg , and Assistant Professor, Maria Alm , Unit of
Politics, Associate Professor, Karin Axelsson , and Assistant Professor, Ulf Melin VITS Research
Network, Division of Information Systems.
All at the Department of Engineering and Management, Linköping University, SE-581 83 Linköping.
Within public authorities and organizations one of the main adaptive actions to the emerging information society is to make information accessible on the Internet and develop e-services.
There is an essential increase in the range and use of public e-services in Sweden as well as internationally. Examples of Swedish e-services are income tax declaration on Internet, medical information and applications systems housing and social services. The demands on public authorities to provide simple and accessible information and services increase the options for interaction and participation in democratic processes.
However, this impressive rhetoric often hides extensive organisational changes for providers and users. It is common that authorities often overestimate effectiveness in favour of benefits for citizens 2 and information security thereby becomes a critical issue.
Information systems in general and e-services in particular, construct safety and shape actions spaces for individuals as well as organisations and by building on power relations and politics.
Collaboration between private and public actors is commonly used to gain in efficiency and increase users influence and participation. The borders between the public and the private are central in political science regarding decisions, governance and organisation.
Thereby information security becomes an issue of accountability.
4 This is not at least common in new areas of politics and infrastructural arrangements, such as IT and e-services.
This research project focuses on how the developments of public e-services in interplay among public and private organisations, affects the work practice for actors that construct, organise and govern e-services.
These different actors possess different competences and can be placed both within and outside the organisations that provide the e-services. Thus they most likely have different interpretations of what a secure e-service based on their roles and professions forming a professional knowledge concerning e-services. By regarding actors as having different roles rather than ‘positions’ we want to include the individual’s capacities,
See for example Swedish official public publications as: Statskontoret, (2004). E-tjänster och besökare på offentliga webbplatser . Rapport 2004:11; Statskontoret, (2000). The 24/7 Agency: Criteria for 24/7 Agencies in the Networked Public Administration , Report 2000:41. SOU, (2004:56). E-tjänster för alla. 24timmarsdelegationen . Finansdepartementet (2006). Bättre service för varje skattekrona – Strategi för fortsatt utveckling av elektronisk förvaltning;
Conroy, M.M. (2006) E-participation in planning.
Planning C . vol 24. p. 371-384.
2 As clarified by The Swedish National Audit Office (SNAO) in for example: Riksrevisionen, (2004). Vem styr den elektroniska förvaltningen?
, RIR 2004:19.
3 Holmes, Douglas (2001). Egov: E-Business Strategies for Government. London: Nicholas Brealey Publishing.
Pierre, J., & Peters, G. (2000). Governance, Politics and the State. London: Macmillan; Bache I, et al (ed.),
Multi-level Governance . New York: Oxford University Press.
4 Palm, J. & Wihlborg, E. (2007). ”Who is governing what? Governing Local Technical systems – an issue of accountability” Accepted for publication in: Local Government Studies.
5 Palm, J. & Wihlborg, E. (2006). “Governed by technology? Urban management of broadband and 3G systems in Sweden” Journal of Urban Technology, Volume 13, Number 2, pp 71–89.
6 This project applies a constructivistic approach where it is important to understand and analyse the issues and the different interpretations in a ‘holistic’ way rather than investigate who is right or wrong regarding what is real and what is experienced. Lidskog R, et.al. (1997). Samhälle, risk och miljö.
, Lund, Studentlitteratur.
knowledge and relations used in this processes. As a consequence a related important issue to address when studying e-services is how trust works within these practices
. Thereby information security can be increased and contribute to democratic legitimacy and efficiency in the information society. The contributions from the research project are thus both in forms of scientific results and through practical consequences and impact in collaboration with practitioners.
This study is an interdisciplinary 8 project focusing on actors and their practices to analyse how secure information systems develop as socio-technical systems by integrating theories and interpretations from Political Science and Information Systems. Both these disciplines have interests in and build on knowledge of e.g. organisational theory. This line of theory, as one example, will be used to understand and analyse the emergence of e-services, and secure e-services, in our society. When using the concept secure e-services we are interested in how different actors and organisations define secure systems and what their ideas, norms, arguments and conceptions around security are. These interpretations can indeed be different and the actors do not have to have a common interpretation nor understand the formal definitions. In building this understanding organisational aspects of information technology as well as technical dimensions are relevant to study as well as trust. This project will open up for creative and innovative ways of enlighten common interests among the two disciplines, relevant to the academic and practice field and we will contribute to best practices.
The overall aim of the study is to analyse how and why “secure” public e-services are constructed (both as a social and a technical activity) within different practices. Our interdisciplinary approach actively integrating political science and information systems (both in theory and practice) open for analyses of trust and meanings as consequences of developments of different forms of professional knowledge among individuals as well as organisations.
Who are the actors and organisations involved when constructing secure public eservices and how do they interpret information security, trust and organisation?
What forms of knowledge and competences are used and developed through the sociotechnical organizational design process?
What value, norms, ideas and strategies can be identified through the process, how and why can they explain outcomes of the process?
How can information security and trust be built into the theoretical framework of sociotechnical systems?
Our interdisciplinary theoretical framework is based on a socio-technical approach that allows us to study the interrelations between involved actors, organisations and technology. Thereby the governance of secure public e-services will be analysed as processes of construction of
7 In research related to risk it is known that trust works “asymmetric” where trust-destroying actions such as accidents, lies, discovered faults and so on are more visible and tangible than trust-building actions which often are diffuse and thereby affect individuals less in their ordinary life. It is also known that when distrust has occurred in an individual or a group it tends to grow stronger since the distrustful individual chose to connect to like-minded. See for example Cvetkovich G et al (Ed) Social trust and management of Risk , London, Earthscan.
8 Here we consider interdisciplinary as an approach combining different theoretical perspectives to construct theoretical framework based on shared research questions in contrast to a multidisciplinary study where the different academics use their different backgrounds and their different research questions on a shared case.
technology and social arrangements through different practices. This framework will be developed and deepen by contributions throughout the research project.
Studies of socio-technical systems have a history of analysing technical systems as embedded in a “seamless web” of symbolic, economic, cultural, political as well as social meanings.
Involved actors such as for example engineers, economists, lawyers, administrators, experts of different kinds, users and producers negotiate how to organise and govern the particular system.
9 The technological components are here studied as mutual dependent components with the individuals and organisations that develop, govern and control the operation of a particular e-service. It means that technology is studied in relation to the networks of ownership, organisational structure and regulatory frameworks.
Our analysis of developments of secure e-services will combine theories of socio-technical systems with theories of governance deprived from political science and organisation theory as well as theories concerning information systems and its security perspectives, organisation culture, trust and power questions concerning the development and governance of sociotechnical systems.
A socio-technical system develops through a number of phases before they might be considered a mature and well-balanced system. The socio-technical approach makes it possible to encounter the organisation and government of a technical system by an overall view where all the heterogeneous components (technical as well as non-technical) are constructed, organised and governed to function as a system. It is from this perspective we will follow the development of security in e-services.
The development of e-services and the development of 24/7 agencies is a global process of developing the public administration. However, it is a central building stone for the realisation of the information society as such. These processes will fundamentally change and challenge public organisations, authority and meanings of democracy.
Basically the project builds on the research field of socio-technical systems seen as organisational procedures
, as discussed above. The information system relationship with organisations has been discussed in several contexts and disciplinary areas. From an organisational perspective there are a number of early studies of the relationship.
The relations between the use of e-services and organisation are considered as complex and multi dimensional. A relation where benefits are not to be taken for granted and resistance against
9 Hughes T P (1983) Networks of Power , Baltimore, John Hopkins University Press; Blomqvist P. et al (Ed) Den konstruerade världen. Tekniska system i historiska perspektiv , Stockholm, Brutus Östlings Förlag; Evertsson L
(2001) The Triumph of Technology Over Politics? Reconstructing Television Systems , Linköping Studies in Arts and Science, no 232; Ingelstam. L. (1996) (ed) Complex Technical Systems , Stockholm, Forskningsrådet; Palm J
Makten över energin –Policyprocesser I två kommuner 1977-2001 , Linköping Studies in Arts and
Science, no289.: Wihlborg, E. (2003) Kommunala Bredbandsbyggen. Lokal politik för IT-samhället . (Tema-T
Rapport 40). Linköping: Linköpings University. Alm, M. (2006) Nationell kraft och lokal motkraft. En diskursanalys av konflikten kring SwePol Link , Linköping Studies in Arts and Science, no 354.
10 For studies of trust, knowledge and culture see for example: Alm M (2006); Cvetkovich G and Earle T (1999)
“Social Trust and Culture in Risk Management” in Cvetkovich G and Lövstedt R (Ed) Social trust and the
Management of Risk London, Earthscan; Whynne B “Sheepfarming after Chernobyl”, Environment, Vol 31, No
2. For studies of power see for example: Flyvbjerg B (1991) Rationalitet og magt , Köpenhamn, Akademisk
Forlag; Foucault M (1974)
Övervakning och straff. Fängelsets födelse , Lund, Arkiv Förlag; Boholm, Å. et.al. ed.
(2002). Osäkerhetens Horisonter – Kulturella och Etiska Perspektiv på Samhällets Riskfrågor. Nya Doxa, Nora.
Latour, B. (2005) Reassembling the social. Oxford. Oxford University Press.
12 March, J.G. & Simon (1958). Organizations , John Wiley & Sons., New York.
the introduction of an e-service can exist and the implications of IT are contradictory.
The more recent and constructivist work focus on human action aspects of technology, seeing it more as a product of interpretation with impacts on organizations in interplay of social structures, human actions, and information system,
drawn heavily on Giddens’s theory of structuration.
Information systems are, based on this, a social product of subjective human action and have a constitutive role. An information system, as well as an e-service, embodies interpretative schemes, provides coordination facilities and are deeply implicated in linking social action and structure and interaction.
Knowledge is related to power relations among actors in a negotiating process.
In collaborative practices professional knowledge and norms are developed in relation to the specific aims of the organisation and the professionals’ competences.
In these practices knowledge is also constructed socially through stories, symbols and other ways of communicating ideas, arguments and conceptions.
This study of how information security develops in public e-services builds on essential theoretical and empirical experiences within the related fields of information systems and politics. By analysing different applications of e-services we will explain how information security is generated through the organisation, development and governance of sociotechnical systems.
Thus, the main part of the work will be the empirical case studies of different types of e-services. These cases will be selected based on how mature the e-services is (from both the providers’ and users’ perspectives), type of governing structures (privatepublic mixes, local-national-international, etc), and technical design and interfaces.
In the Swedish context today there are some remarkable differences in public e-services. On one hand there is the National Tax Board of Sweden that has developed several e-service applications based on e-identification and on the other hand there are municipalities that may just manage to make some forms available on the Internet. The cases included in this study have to catch these differences, and also make categorisations of such differences, therefore the first more descriptive research question. In a socio-technical perspective the mapping of
13 Keen (1981) Information Systems and Organizational Change, Communications of the ACM , vol. 24, no. 1, p.24-33; Markus and Robey (1988) Information Technology and Organizational Change: Causal Structure in
Theory and Research, Management Science, Vol. 34, Nr. 5, USA.
14 Orlikowski W.J. & Robey (1991) Integrated Information Environment or Matrix of Control – the
Contradictory Implications of Information Technology, Accounting, Management and Information Technology , vol. 1, nr. 1, s. 9-42.
15 Giddens, A. (1979) Central Problems in Social Theory: Action, Structure and Contradiction in Social
Analysis , University of California Press, Berkeley; Giddens, A (1984): The constitution of society: outline of the theory of structuration, Polity Press, Cambridge.
16 Walsham (1993 ) Interpreting Information Systems in Organizations , John Wiley & Sons, Chichester.
17 It is common to use technological knowledge as a way of separating the experts from the “public” in conflicts regarding complex technological systems and their potential risks. See for example Lidskog R et al (2000). (ed)
Risker, kommunikation och medier.
Summerton, J. & Berner, B. (2003). Constructing Risk and Safety in Technological Practice.
19 Axelsson K, Ventura S (2007). Reaching Communication Quality in Public E-forms – A Communicative
Perspective on E-form Design , In: Wimmer, M.A. (ed.): EGOV 2007, Springer-Verlag Berlin. Alm, et.al.
(2007). Länsstyrelsens samordningsansvar i krisberedskapssystemet. Hur och med vem sker samverkan.
working paper tema T, Linköping University 320.
20 Axelsson, K., Melin, U. (2007): An Inter-organizational Perspective on Challenges in One-stop Government,
[submitted paper]. Wihlborg E. (2007/8, forthcoming) ”E-governance as self-service” Submitted on request to edited volume: Self-service in the Internet Age , Oliver, D. et al (ed.)
different structures and participating actors indicates the complexity of the system and thereby the options for different interpretations of information security, trust and organisation.
The initial phase of the research project will take off from two case studies already preliminary designed based on brief contacts with representatives for the organisations. These are the County Administration Board in Östergötland and the Student Centre at the University
Administration, Linköping University. We (Axelsson) have established contacts with both organisations through previous research cooperation and courses and this project idea is well grounded.
The organisations are interested in the project and can see benefits by contributing to the project. They are both state authorities and have extensive contacts with the public through individuals as well as organisations. The university administration introduced its first e-services in 1999 and its e-services might be considered to be a part of a rather mature system. The university administration has a relatively homogeneous group of users and is a smaller and geographically tight organisation with close contact with the users. The e-services in broad terms at the university target specific groups mainly mature user of information technology in general. These services are also integrated to other governmental authorities as for example the Swedish National Board of Student Aid (CSN).
On the other hand the County
Administration Board has a relatively immature e-service system, since most e-services just recently have been implemented and there is a much more heterogeneous group of users, with more complex demands in much more unpredictable life situations. These two cases will be complemented by two additional cases where the above mentioned aspects will be important variables in the selection of cases. These will be introduced the second year to be able to build on the analyses of knowledge, value, norms, ideas and strategies in the first cases (research question two and three).
The methodological approach is to build thick descriptions of the e-services by interviews, text analysis, participatory observations (of users and providers), focus groups
and other forms of data in order to be able to answer upon the presented research questions. We will work in pairs to combine approaches and interpretations from information systems and political science. The analyses have a constructvist starting point through which we combine our theoretical frames to handling empirical findings and develop the theoretical framework
(research question four).
We also believe that it is of outmost importance to have a constant dialogue with the practitioners in the field. One more formalised such context will be the workshops designed for practitioners to discuss preliminary results and implications.
These situations will both function as feedback to the practitioners as well as being an analytical situation where different interpretations meet and develop both through practical and theoretical implications
– a form of action research.
For this approach we will also organise a reference group that
21 Axelsson and Melin run the research project “Inter-organisational e-services for driver licenses” funded by
Vinnova 2005-2008. Axelsson K (2006), ’Körkortstillstånd på nätet – Utmaningar & lärdomar’, presented at
Sundsvall42, Sundsvall, Sweden, 17-19 October 2006, pp 73-75. (in Swedish).
22 Axelsson and Melin has developed and tested these methods regarding in relations to e-services to be able to analyse both technical and social aspects, as discussed in: Axelsson, K., Melin, U. (2007) Talking to, not about,
Citizens – Experiences of Focus Groups in Public E-Service Development. In: Wimmer, M.A., et al (Ed): EGOV
2007, LNCS 4656, Springer-Verlag Berlin Heidelberg.
23 Axelsson K, Melin U, Persson A (2006), Information systems mediation in communication between citizens and government agencies – Experiences from communication analysis of forms, in Axelsson, K. et al (Ed)
Proceedings of The International Workshop on E-Services in Public Administration (WESPA), Borås, Sweden,
31 October 2006, p. 49-66.,.
24 Axelsson K, Goldkuhl G (2004), Theory Modelling - Action Focus when Building a Multi-Grounded Theory, in Brown A, Remenyi D (Ed), Proceedings of the 3rd European Conference on Research Methods in Business and Management (ECRM2004), Reading University, United Kingdom, 29-30 May 2004, p.25-33, Melin, U.
yearly are give the opportunity to reflect on and discuss the direction of the coming research focus.
Acting as project manager.
Initiate reference group.
Introduction case 1a.
Research overview of governance, trust, information security and eservices. Introduction case 1b.
Research overview of organisations, knowledge, information security and e-services. Introduction case 1b.
Initiate the study into networks of egovernance. Conceptual modelling.
Results and presentati ons
Initiating two case studies.
- 3 conference papers.
- 1 Article manuscript on conceptual approaches (EW + KA).
Acting as project manager.
Analysis case 1a, introduction case 2a.
Analysis case 1b, introduction case 2b.
Analysis case 1b, introduction case 2a.
Co-ordinate design tests and system reliability.
Analysis case 1a, introduction case 2b.
Co-ordinate focus groups.
- Rewrite the conference papers into 2 scientific articles.
- Arrange workshops for practitioners.
- 3 conference papers based on the fieldworks.
Acting as project manager.
Analysis case 2a.
Combined analysis and final reporting.
Analysis case 2b.
Combined analysis and final reporting. Co-ordinate workshops.
Analysis case 2a.
Combined analysis and final reporting.
Analysis case 2b.
Combined analysis and final reporting.
- At least 2 co-written conclusive articles.
- Handbook with policy implications for practitioners.
- Arrange workshops for stakeholders discussing preliminary results.
In the field of e-government the citizen’s perspective has been in focus
relating to coordinated web portal solutions for a common public administration ‘one-stop government’.
Several studies have focused on success stories as well as bad examples within egovernment.
Many projects are based on the assumption that the e-service will be used automatically when users have access to it. This assumption, nevertheless, seldom works in
Axelsson K (2002) Roles of Theories and Models in Interactive Knowledge Creation - Reflections from a
Business Network and IT Case Study, in Remenyi D (Ed.) Proceedings of the European Conference on Research
Methodology for Business and Management Studies, p. 229-243, Melin, U., Axelsson, K. (2007): Action in
Action Research – Illustrations of What, Who, Why, Where, and When from an E-Government Project, in:
Wimmer, M.A., (Eds., 2007). EGOV 2007, LNCS 4656, Springer-Verlag Berlin.
See for ex. Andersen, K.V. (2004). E-government and Public Sector Process Rebuilding (PPR): Dilettantes,.
Kluwer; Boston. Goldkuhl, G. (2006). What does it mean to serve the citizen? – Towards a practical theory on public e-services founded in socio-instrumental pragmatism. In Axelsson, K. and Goldkuhl, G. (Ed). Proceedings of the International Workshop on E-services in Public Administration, pp. 27-47.
Wimmer, M. (2001). European Development towards Online One-stop Government: The “eGOV” Project. In
Proceedings of the International Conference on Electronic Commerce (ICEC2001), Vienna. Kubiceck, H.,
Hagen, M. (2000). One Stop Government in Europe: An Overview. In Hagen, M., Kubicek, H. (Eds. 2000). One
Stop Government in Europe. Results from 11 National Surveys. University of Bremen, Bremen 2000, pp. 1- 36.
27 Undesa, (2003). E-government as a “free lunch”? Development administration 106:6-8, UN Department for
Economic and Social Affairs, New York; Heeks, R. (2006). Implementing and managing eGovernment . SAGE,.
practice, this not at least since the trust and information security are questioned issues.
There are numbers studies almost exclusively analysing e-services from either a user perspective or an organisational authority perspective,
here we will combine them to increase the understanding of information security. Studies of group software indicate that new ways of work in organisations increase trust building and education.
Studies of ‘citizens offices’ – one-stop shops – show how the public administration in practice crosses organisational boarders when putting the needs of the citizen first.
31 By combining and building on these experiences we will further contribute to societal security and management. A social security issue is the international discussion in politics and science on digital divide
that we through the study will attempt to take home and ground in Swedish context, mainly through research question two and three.
The focus on information security here addresses the importance of analysing interorganisational relations that exist between both public and private organisations. Thereby we will contribute by increasing information security through increased mutual understandings of differences and similarities among organisations. Vertical and horizontal relations between organisations are not given rather open for creating new ways of collaboration. Existing organisational boarders might be challenging by the practices and use of e-services.
Associate Professor Elin Wihlborg holds a position as senior lecturer in Political Science at the department of Management and Engineering , Linköping University. She also holds a part-time position as lecture in architecture and infrastructure at the department if urban planning at Luleå University of Technology, supervising PhD-students in urban planning and water systems from a socio-technical perspective. She has also been a researcher at the
Institute for Future Studies. Dr Wihlborg has since year 2000 conducted extensive research work and published numerous research articles and books focusing on issues of organisation and cooperation as expressions of governance. She has also worked as a journalist and been member of the former government’s delegation on public e-services “the 24 hours authority”.
Currently she is running the SEMA funded research project: ”Krisberedskap för teknisk infrastruktur – regionala och kommunala strategier för samverkan och implementering” together with among others Maria Alm. She is also co-leader of the SWEPA (Naturvårdsverket) funded project “Sustainable households: Attitudes, Resources and Policy”.
Maria Alm has a PhD-degree in Technology and Social Change, in the national Energy
Systems Programme. Alm holds a master in Political Science and Sociology. Alm holds a position as researcher at the Unit of Politics at the department of Management and Engineering, Linköping University. and are at the moment part of the above mentioned SEMA project were she focuses on political and administrative collaboration forms between local actors and regional in crises management of energy and information technological systems.
28 The phrase: ”build it and they will come” is used by Jupp, V. (2004). “Realizing the vision of e-government”,
In Curtin G, et al. (ed) The World of E-Government , Haworth Press, New York .
29 Graafland-Essers, I. and Ettedgui, E. (2003) Benchmarking e-Government in Europe and the US , RAND,;
Norris, Donald F.(ed). Current Issues and Trends in E-Government Research.
: Idea Group Publishing, Hershey.
30 Nilsson, A., Ranerup, A. (2001). ”Improvisatoriskt förändringsarbete – nya arbetssätt med grupprogramvara”, in Grönlund, Å.,et al. (Ed). Elektronisk förvaltning, elektronisk demokrati – Visioner, verklighet, vidareutveckling.
31 Montin, S. (2006), "Mobilising for Participatory Democracy?", In Zittel, T. & Dieter, F. (eds.), Participatory democracy and political participation. Can democratic reform bring citizens back in?
32 See for example Warschauer, M. (2003). Technology and Social Inclusion. Rethinking the digital Divide.
Press. Cambridge, Mass.
Karin Axelsson and Ulf Melin are PhDs in Information Systems Development (1998 and
2002) from LiU. Axelsson is associate professor and Melin is assistant professor. Both are active in e-government projects at the moment, studying and evaluating public e-services in
Sweden (sponsored by Vinnova) and members of the VITS Research Network
). Karin Axelsson has a previous research interest in information systems architecture and has the last ten years conducted research in the area of inter-organizational information systems and cooperation between organizations. Electronic commerce has been an issue also studied and published. . Axelsson runs a Vinnova funded national network of researchers in the e-government field. Ulf Melin’s research interests also focus on interorganizational issues, cooperation and coordination between organizations and their use of IT.
Melin has also studied enterprise systems related to coordination within and between organizations.
This research project will contribute to fill the knowledge gap within research concerning eservices regarding information security and also general issues on risk and e-services. This is both in the forms of scientific results and as practical consequences and impact when practitioners and researchers will meet over these issues. The study builds on the extensive numbers of research projects concerned with developing functioning e-services, and add important perspectives to the implemented and used services from an information security perspective.
This study will also deepen the understanding of how different actors together develop secure e-services within public (or both public and private) organisations. This form of results will both have theoretical conceptual implications as well as to enlighten the meaning of information security in practice based on our interactive research process.
At the moment we identify three primary potential risks related to the project .
A case falling off . It is of course a major issue if an organization falls off when carrying out a case study.
However, we find it surmountable to replace an organization and its e-service with another, comparable, one. We estimate this risk as low/medium. Several Swedish organizations have launched or will launch e-service in the future. The challenge will though be to compensate for the “sunk costs” regarded the invested time and effort. There is also a medium/high risk that the e-service that we study will be replaced by another one (with other characteristics etc.) or closed-down. The way to handle this is situations can be compared to the situation where a case falls off. Several Swedish organizations have launched or will launch e-service in the future. The challenge will though be to compensate for the “sunk costs” regarded the invested time and effort studying a particular e-service. Another risk is that a project member decides to leave the project (e.g. changing appointment/position). We estimate this risk as low/medium. If this situation becomes a reality, both subject areas are involved in research networks and constellations. We therefore find in rather easy to involve persons with similar background and incentives to participate in the project.
33 Vinnova has for example through its programme “Innovative development of cross-boundary public eservices” within the Growth Area E-services in public administration financed twelve research projects in order to develop e-services and at the same time develop knowledge regarding successful e-service construction that is useful for present projects.