Hi, thanks for coming.
Huberview is working in the government of all the government in this room.
I bet it's only a few.
Oh, maybe 10% or something.
Yeah, quite a lot.
Okay, so, hi, my name is Marco.
So let's talk about 2AM and why am I here.
I am active in the Floss community for about 10 years now of contributions to SignalDino
and also in projects in the wireless mesh community tooling.
I have a background in IT security and my current project during the last three years
was in this building state-of-the-art infrastructure for the public administration in Germany
in a German federal IT agency.
And yeah, we think a lot about how we can improve our infrastructure,
especially in Germany, but we also try to, yeah, think out of the box, out of the border.
And this is why, why Metrix is very interesting for us.
But let's start with what public administration does in Germany and other countries.
So the government provides a lot of services that ranges from healthcare services to social services.
There's dog tags registration, for example, there are holding benefits.
And in Germany, there are 575 service categories with a total of 13,000 individual services
that the government offers on different federal levels.
So that's a lot.
And also what we need to think about is that the government has a monopoly on these services.
Like if you want to have some housing benefits, probably the government is the only institution
that will provide you with these services and with this support.
So if you want to receive these services, you need to go to your local government.
And this is why it's important to have a, like, see how these services are designed, how they work,
if they are privacy-friendly, if they're usable, et cetera.
So in my opinion, it's very important to have a look at the tech stack behind these services
and also the privacy usability, accessibility aspects in there.
So how do we apply for these services?
First, there's, yeah, the option that you don't have to apply for them.
The government starts the process by itself.
For example, sending you money for your child benefits.
The government usually knows everything about your child when it's born,
and then they could theoretically send your child benefits by themselves.
That's what we call proactive government.
That's usually a thing, a neat thing, but it doesn't really work in all cases.
So there are use cases where this doesn't work.
For example, for a registration in the kindergarten,
it's probably a good idea to ask the people where they want to bring their kids
or if they want to bring their kids to this specific kindergarten
instead of just, like, distributing the kindergarten places.
That wouldn't really be a great usability thing there.
The second option, you could always and probably have already done this offline.
You can go to your local city hall.
That works for many people, but still for many people, that's kind of inconvenient.
So the third option that comes naturally, you can apply online for these services.
For example, via an app or via a website.
And I'd like to look at this third option a bit in detail.
Okay, let's start by requesting some government services
via a web formula or via a mobile application, for example.
That's comparatively easy because, like, the government websites are public.
You can just find them online.
And the contact details of the government agencies are also public,
including their private, sorry, their public keys, hopefully not their private keys,
sometimes they are public, but that's not by intention.
So you can just encrypt your application form and send it to the right government agency,
and you're basically done.
So that's comparatively easy.
Then usually, hopefully, the government responds.
But the person that applied for the government service
may have already left the website, for example,
and installed the app where they applied for the service.
So that's a bit harder because the contact details of these individuals of us
are not publicly available, and that's also by design.
We don't want that.
But also, we don't want the people to force installing some random application
and keep it installed for a longer period, or even at all.
There should be different ways to access these services.
We can't just hope that the app is still installed
and we can send a message to the people via this app, for example.
So let's have a look on how the industry solved this problem.
And here, for example, banks and some insurances put some online mailboxes in place.
That's usually very easy because they just stored the plaintext messages
on their central service and provide a web interface or an interface via an app
to receive them.
That might be okay for some banks and insurance companies
because they already know everything about BitOS anyway.
So that's their service.
They're directly communicating with us.
Still, it's not really anti-antimcryptus here,
but the two ends are the bank insurance agency and the people.
That's occasioned some way, but if we built this for all people
and for the whole country, we definitely need encryption.
So we have local government agencies that want to communicate with the people.
And there's a huge, so there's a large amount of information,
a large of different services that are being provided.
We don't want to have a central server that stores all this information
about the applications and responses to that online on the server.
So how did government agencies solve this?
You have to summarize.
Mostly, they did it very badly.
We've seen a lot of data leaks in the past years.
And I think there must be a way that doesn't include any risk of data leakage.
These are just some examples.
I found a line there probably a lot of more issues,
but this is not a European problem.
This is like a global problem.
You can find governments on basically every continent
that lost personal identification information of all the people in their country.
So that must be a better way.
So let's have a look how did the German government solve this issue till date.
We have a lot of different online mailboxes.
There's ELSER for those of you from Germany.
We probably know it.
It's a big application to pay your taxes.
We have so-called the email.
That's a German email variant that should be super secure.
It's basically some regulation on standard email protocols.
We have BundID, which is like a central identification service
that also contains a mailbox.
Then in the justice context, we have a lot of different mailboxes
that are somehow interoperable, but none of these really follows
the security by design principles and the Cedar Trust approach.
And this poses a huge risk to privacy and security to highly sensible data.
So this might explode somewhere, somewhere.
In fact, actually, there have been incidents in Germany too, of course,
as in other countries.
For example, we had the, since 2021, we have so-called digital health apps,
and they got analyzed by, it's a forschung, that's a collective of IT security researchers
in Germany and the fact that these apps leaked personal data of more than 20,000 people.
That's especially problematic because like in the healthcare sector,
there are often very sensible information that might get leaked here.
We also had a recent leak in the justice domain.
That was the case of the Justice Maybox leak last year between October 13th and November 9th,
a directory with personal identity data was publicly accessible to you to a config error.
So this shouldn't have happened at all.
There should have been technical measures in place to, yeah,
that, yeah, make sure that this won't happen.
That's especially bad in this domain.
For example, if stalking victims use this Maybox to contact some, some Kurds,
and especially then it's not, not really a great idea of their personal information,
including their address is publicly accessible.
So let's talk about some solutions.
And I brought this vision here.
What if, if, if communication between governments and citizens was easy, reliable and encrypted?
And since we are in the metric deaf room, yeah, let's take metrics to the rescue.
Metrics already provides enter and encrypted messages.
It provides multi-device access from apps and web applications.
It also provides access via third party apps and services.
So for example, corporate IT service or e-governance apps, et cetera.
This is all possible using the metrics protocol.
So why not build a metrics-based secure communication channel between citizens and governments?
And that's exactly what we are planning to do.
We wanted to integrate metrics in Germany's national identity system.
So first challenge here would be to build a proof of concept this year to demonstrate that this is technically possible.
And we have some like technical things we want to discuss here.
Also, for example, usability issues would be discussed here.
And in general, when we do this, we of course want to have a great user experience.
So what do we need for that?
We need polls and multiple choice questions.
We need push notifications and status updates.
We need also machine readable data.
For example, these polls would then make it easy for bi-directional interaction with the public administration using machine readable polls.
That would be an interesting thing to look into.
Also image and document uploads might be a feature.
And the neat thing here is that metrics already built comes with these features.
So there's not really much to build on top.
We can just use this and go from there.
Of course, we also need a great developer experience.
That's something most government projects don't really think about.
But I think especially here it's very important for us to have some SDKs in place for developers that are working on IT systems either inside the government,
but also to help building apps and an ecosystem of apps and services for citizens and company-facing apps, for example.
That helps us here with development speed for government services.
So again, what does Matrix offer us?
We have a great usability, especially compared to email-based systems here.
We have tried and tested security.
This exists already a bit and the protocols are known and we don't reinvent the wheel here security-wise.
It's interoperable and it's easy to integrate and it's also ready to use in the real-world layer.
Many features are already there in the Matrix specification.
Some strategic thoughts on enter and encryptive communication.
In my opinion is a key enabler for seamless e-government services.
We need this anyway.
We will also be able to...
This will enable us to really build a privacy-preserving realization of the so-called once-only principle that enables governments to reuse already submitted data and documents.
We have all this data in a machine-readable, secure way.
It also might support us in some wallet-like use cases, for example, at a station presentation of attributes like driver's licenses.
This also needs a secure communication channel before we think about all the additional challenges cryptography-wise here that we need to tackle.
We need to start all of these things, need a communication layer as a starting point to interact between peoples and governments.
A proud vision, where might this journey go?
We will start with a mailbox app and later, if this works out, it might be a good starting point to provide the most common e-government services via this app.
We would have an entry-end process to apply for all these services.
This will definitely help us with usability and user experience.
This might be a neat thing to look into.
In Germany, there are very little government services that are already integrated into an easy-to-use app.
Most of them are just huge web forms where you have to enter lots of data and then you send a form and hope for the best.
If we go further, finally, why not build a framework for any e-government service?
Basically, the service that is integrated into the app is basically a config file.
This would help us to scale, obviously, and give us an opportunity for modulary specifying different services that we want to provide by just providing a config file
that defines how the UI, for example, in the app looks like.
Putting it all together, this will provide us a National Privacy First e-government app, which would be a neat thing to have.
Maybe it will help us build up speed and get better in this domain.
To conclude, let's talk a bit about infrastructure.
The status quo is that we have different text tags for requesting services and also for replies.
These are completely different infrastructures.
For example, we are able to request services via a REST API and then there's a SOAP API to provide messages back.
This is completely different.
Also, it would be nice to... Currently, we have different text tags between different government agencies.
These might be encrypted or not.
That's obviously not good.
What can we do about it?
The obvious solution here would be to take metrics as an interability layer.
In my opinion, that would totally make sense to have a basic common ground to communicate with different government agencies.
Actually, that's what metrics is designed for.
We don't have only the chat application use case, but also the communication layer between different organizations or people.
That might be an interesting thing to look into and build some prototypes here.
Plus, it would also be very easy to integrate industrial needs here.
The industry is also, of course, a large customer, so to say, to the government.
They are requesting, for example, building permits for wind parks.
It would be nice if they didn't have to do this wire paper, but also wire an easy-to-use API and integrate their own IT services in this ecosystem.
Everything becomes easier for the government and for the industry to work together here.
Okay. That's all I have. Thanks for listening.
I would really like to continue the discussion of course via metrics, if you like.
Join the Metrics channel. It's metricsforgov.org.
It would be really interesting to discuss with you there.
I think we might have time for some questions.
You already answered one of the questions online for where is the place to discuss about it.
Another question online was, is there any plans to bring it together with the TI messenger communication from the German healthcare sector?
Yes, of course. We hadn't any in-depth discussions how to bring this together, but obviously we would then be using the same tech stack.
From an architectural point of view, this is what we want to do.
We have all these different Maybox infrastructures in Germany right now, and we need an interoperability layer between them to make it easy to use all of them and have one place for people to receive these messages or send messages to the government.
This is one of the design goals in the long term, to have all these services using the same communication infrastructure, making it easier for people and governments.
So the question was, if the GNUTALA project that also has some origins in Germany might be...
So the question was if the Nutala project that also has some origins in Germany might
be, so if there might be some lessons we learned there, so I'm personally not that involved
in the Nutala project but I'm looking at it with great interest because I think that
would be a nice candidate to have privacy preserving payment, a privacy preserving payment
system here.
That would of course greatly integrate in such an app here, so just yesterday I thought
about this aspect of maybe looking a bit deeper into Nutala there.
From the perspective of making it more or interoperable in the European domain we are
trying to or we are looking into of course other European or we're talking to other European
governments if this might be also a great thing for them.
We have the Interoperable Europe Act, we have the Single Literary Gateway regulation in
the EU so it might be a good thing to maybe harmonise this not only on the national level
but also on the European level.
I think that's an important aspect when we build infrastructure and I don't know any
other standard, the metrics that has the potential to solve this quite nicely.
We are talking to them.
It's our question.
So the question was if authentication will provide the requirements that government
services have in terms of authentication would have any impact on what is needed with metrics
and I think we're going in the right direction here with OpenID Connect so this is like what
government services already use.
The thing is here this is not completely zero trust and so we are not there yet with security
and privacy by design here because if there would be one central authentication server
that would provide identities for all people in Germany using OpenID Connect this will
be a huge attack surface of course.
So we are also thinking about how to maybe integrate the German EID system that have
it in my backpack.
So we have some EID cards that can be used to authenticate people and that would also
be an interesting thing to look into if we could deploy this privacy preserving authentication
system for these kind of services.
So that's a huge thing we are thinking about how to reduce risks here security and privacy
wise when we build such a massive system that deals with highly critical personal data.
Yeah so the question was if we provide any OZG services via this protocol OZG is like
the German government service accessibility law that requires governments to provide services
online and of course we have this thought if this would be possible at all.
Right now we have like different systems other systems in place that are using different
text stacks here but in my personal opinion this would be the like natural evolution to
if we like communicate with people via such an app or via the metric standards we might
also look into using metrics to fulfill these services but I think that's a long journey
to go.
There are some things you need to consider when we build this infrastructure because
not just the communication you also have to deal about which services or who can request
these government services we have to deal about authentication routing which government
agency is the right agency you want to address.
So I think from a technical perspective this would work but I think it will take time to
think about and maybe sometime build this but yeah we also don't want to build something
separate to the services that are already in place so I think the only natural solution
here would be to transform existing services to yeah maybe sometimes using metrics and
have a roadmap to or for developers and organizations how to migrate from existing services to metrics
otherwise this will probably not work and yeah will create a lot of confusion I think.
Yeah so the question was how to deal with with backups and device signing and all that
stuff so how to handle private keys basically and yes we are thinking about this and we have
some some ideas how this could be could be done of course we don't want people to like
manually store some private key file on their laptop and like take the burden to them but
this is like definitely a thing we are thinking about so if you have any inputs on this thing
I'd be very happy to hear from you in the metrics chat.
Thanks.
Yeah there is so the question was could we use our German EID cards for this and the
German EID cards are so they are able to put some some digital signatures out there the
problem is that currently the the signing keys are not deployed on this EID card so
you would have to build some infrastructure to deploy the the yeah signing keys for for
the people like private keys and as a like certificates for for every people this is
like a huge organizational thing but yeah maybe this this might be an option to go for
but I expected to be I don't know nothing that happens in the next one or two years
production takes a bit of time to build this.
Thank you very much.
Thanks.