Andrea DiMaio

A member of the Gartner Blog Network

Andrea Di Maio
Managing VP
15 years at Gartner
28 years IT industry

Andrea Di Maio is a managing vice president for public sector in Gartner Research, covering government and education. His personal research focus is on digital government strategies strategies, Web 2.0, open government, cloud computing, the business value of IT, smart cities, and the impact of technology on the future of government Read Full Bio

Coverage Areas:

If the UK Killed Its ID Card, Why Can’t Italy Kill Its Certified E-Mail?

by Andrea Di Maio  |  May 30, 2010  |  4 Comments

This is one of those posts where I need to stress again – although this is already written at the bottom of the blog page – that I am expressing an opinion that is absolutely personal, does not constitute a Gartner position and does not appear in any of our research notes.

A few days ago I had a conversation with somebody about topics that are of interest to central government organizations in Italy, with a view at organizing a possible session on such topics. He said that the so-called PEC (Italian acronym for Certified E-mail) is top-of-mind for many government departments and agencies .

In fact, according to a government decree, all enterprises should have one or more certified e-mail boxes for all correspondence with government to take place electronically: having a PEC box is a requirement to create a new enterprise, while existing ones have three years to adapt. The original plan for PEC is to become something that all citizens will have to use. The advantage of PEC is that it has the same legal validity as a registered letter with return receipt.

Here is how the dialogue with this person, which I will fictitiously call Mr.Smith, went:

Mr.Smith: Is this a topic where you could add value to participants?

Me: (pausing) As all government analysts at Gartner have a worldwide coverage of certain topics, we have to pick those that interest a sufficiently broad set of jurisdictions: PEC is really unique to Italy

Mr Smith: Does it mean that Italy is on the bleeding edge on this? Could you maybe refer to related best practices?

Me: Well, in all fairness the only thing I could say is that they may still be in time to find a way out and not implement it. Italy is not at the bleeding edge: this is just a bad idea.

Mr. Smith (embarassed): This is clearly something you can’t tell them! They need to go forward with it, it is a decree.

Me: Then maybe you should think about somebody else, I can’t really help and my duty as an analyst is to warn people when they are making a mistake, even if they don’t want to hear that.

Why do I think this is a bad idea? Well, first of all there has to be a reason why this is not being done pretty much anywhere else. Further, this has been going on for several years and is the sister story to identity and service smart cards, both not terribly successful in Italy.

But, most importantly, citizen expectations are going in different directions. The greater choice given by web 2.0, the emergence of personal health records and the use of federated identities ask for governments to step back from areas that the market can sort our by itself.

What sense does it make for an enterprise or an individual to have an email address to deal only with government? Of course the PEC’s supporters will insist that it can be used for plenty of other purposes. Let’s be serious: if you want to make sure that people use e-government services, you have to give them choice, you have to allow them to use what they are used to, and not mandate something else.

Also, the whole concept originates from looking at e-government as the electronic equivalent of processes and interactions as they were conducted offline. Shouldn’t e-government reinvent these, decrease the number of touch points and messages exchanged, and give people choice about the channel for interacting and transacting?

Last but not least, as it costs a significant amount of money, it would be great if the Italian government had the guts to do what the UK government is doing with the ID card.

4 Comments »

Category: e-government     Tags: ,

4 responses so far ↓

  • 1 Tweets that mention If the UK Killed Its ID Card, Why Can’t Italy Kill Its Certified E-Mail? -- Topsy.com   May 30, 2010 at 5:02 pm

    [...] This post was mentioned on Twitter by Andrea DiMaio, open3gov. open3gov said: RT @AndreaDiMaio If the UK Killed Its ID Card, Why Can’t Italy Kill Its Certified E-Mail? – http://bit.ly/9Rjegl #egov #gov20 [...]

  • 2 Natasha Khramtsovsky   May 31, 2010 at 4:48 am

    Sorry, Andrea, this time you are not very convincing. First of all, you are not correct about the uniqueness of Italian PEC: similar services are promoted in some Central European and Baltic countries. Russia goes along this road as well by building (a sort of) certified e-mail for inter-government interactions (with possible scope extension later on), – and we are studying the Italian experience with PEC along with Czech and Estonian models.

    PEC and similar systems are designed from short/medium term perspective. No-one offers them as final golden solution. Do you seriously expect web 2,0 to mature instantly? How about legislative frameworks, information security and lots of other thing which presently are not ready/not ensured for Web 2,0? What’s wrong for PEC to be in service for several years and be later replaced by something more advanced? Again, I’d like to emphasize that in comparison PEC is cheap, relies on proven technology and can be implemented quickly – unlike some unseasoned “2,0” ideas :)

    You ask “Shouldn’t e-government reinvent these?” – It should, but it should do it wisely, and without shying away from temporary and imperfect solutions when necessary. And you are offering no immediate alternatives to PEC.

  • 3 Andrea Di Maio   May 31, 2010 at 8:27 am

    @Natasha – Thanks for your comments. The PEC is over five years old and is beng deployed only now on a significant scale as a consequence of (1) a government mandate and (2) two large providers (Italian Post and Telecom) entering the market, for a cost of about 50 million euro (see http://www.lastampa.it/_web/cmstp/tmplrubriche/tecnologia/grubrica.asp?ID_blog=30&ID_articolo=6525&ID_sezione=&sezione= in Italian).
    It appears that the PEC may be slowed down or stopped by the recent budget law, which highlights excessive burden on businesses (see http://www.ilsole24ore.com/art/SoleOnLine4/Editrice/IlSole24Ore/2010/05/19/Norme%20e%20Tributi/33_A.shtml in Italian).
    Criticisms to the PEC is that it is a home-made solution, while the use of the much more widely adopted S/MIME would allow any email message to be digitally signed (see http://www.giorgiorusso.it/public/post/stop-per-la-posta-elettronica-certificata-1250.asp in Italian). Starting 26 April all citizens may require a certified email, but after an initial spike of interest, it would appear that the success is quite modest.
    I would buy your point about a short-medium term solution if we were still in 2005, but today one would expect a personalized portal as well as the choice of online intermediaries to transact with government, or the recognition that people who do not use the PEC frequently enough wil simply forget that as they do with the PIN code of smart cards in counries where those have been introduced.
    I am glad to note that other countries are studying the Italian case: I hope they will learn quickly that they’d better do something else.

  • 4 Natasha Khramtsovsky   May 31, 2010 at 11:18 am

    @Andrew: Thank you for your reply and for the interesting links (Google managed to provide decent translations from Italian). I’d like to draw your attention to the following:

    - Digital signature per se IMHO is not a viable substitute for a trusted system like PEC. You will need time-stamping by a trusted third party (otherwise the time of signing/ sending/ delivery could be disputed). And you will still need to create an undeniable proof of sending and delivery. Besides, current digital signature technology is known to be complex and user-unfriendly.

    Digital signatures are also the archivist’s nightmare. Some documents require long-term retention, so do you know how to re-validate digital signatures in 10 years or more? :)

    My country’s legal practice shows that digitally-signed documents quite often are successfully challenged in the courts of law by law-and-technology-savvy tricksters.

    - My country is maybe a decade behind the leaders in the implementation of the electronic records management. Mind you, we’ve got all the necessary technologies, and the challenge is to overcome huge legal and organizational barriers. We ain’t too proud and so are quite willing to embrace PEC-like solutions, – for us it will be a step forward. Your mileage may vary :)

    - Cost is important. How much an alternative to PEC costs?