Now, do not misunderstand me. E-government is a very good thing and has many clear and documented benefits. For example, there is a lot of evidence that digitizing back-office processes can lead to significant cost savings for government through more efficient and rational processes, joining up administrations to share and save resources, better design and targeted services, and more intelligent and evidence-based policy development with greater impact. As illustrated in a 2011 article in the European Journal of ePractice, e-government also has a lot to offer in tackling the financial and economic crisis. In the front-office, e-government services undoubtedly provide users with better, more convenient, time-saving services, available 24-7. Digitization encourages transparency, openness, and participation, and provides tools for users to get involved in designing and consuming services more appropriate to their individual needs.

For example, a 2010 survey from Tech America, an information technology (IT) trade association, shows how federal agencies and departments in the United States have increased efforts to publish data sets and utilize social media tools as part of the Obama Administration’s push for transparency, yet continue to struggle with cybersecurity, IT infrastructure, and workforce issues. The shift toward a more open government has created threats as well as opportunities. According to the survey, some chief information officers (CIOs) see “millions of malicious attempts per day to access their networks”—from recreational hackers to sophisticated cyber-criminals.

This chapter illustrates some of the issues of moving public sector information online, showing that these have both direct and indirect ramifications across the large canvas of e-government areas often not considered. For example, many governments are making the mistake of trying to set security systems too high for the functionalities deployed, resulting in a waste of resources that could have been used to shore up more vulnerable systems. There have been many failed attempts to introduce sophisticated Public Key Infrastructure (PKI) and digital signature systems when simple passwords or PIN codes would suffice. The lesson is to take security and data protection extremely seriously and treat it as the most pressing technical challenge, but at the same time approach these issues incrementally and proportionally given that there is always a trade-off between increased security and usage. The approach to take is to build in security and data protection from the very start of any e-government initiative.

Some are also looking forward to Web 4.0 as the global semantic web (i.e., methods and technologies that allow machines to understand the meaning, or “semantics,” of information on the web), including the use of statistical, machine-constructed semantic tags and algorithms. According to Tim Berners-Lee, the “father” of the Internet, we are indeed on the verge of the age of the semantic web that exploits the Internet of data rather than the Internet of documents we now have. This will enable intelligent uses of the Internet like asking questions rather than simply searching for key words, as well as more automatic data exchanges between databases, data mining, and similar uses.

E-government is affected by the march of the web with increasing focus on the Government 2.0 paradigm. This concentrates much more on the demand side, on user empowerment and engagement, as well as on benefits and impacts that address specific societal challenges, rather than simply providing administrative services online.

This is to be achieved by supporting the real transformation of governance arrangements away from silo and government centricity toward becoming more user centric and user driven. As noted by Millard in 2010, users and other legitimate stakeholders are being invited more openly into a participative and empowering relationship with government in relation to service design and delivery, the workings and arrangements of the public sector and public governance more widely, as well as public policy and decision making.

To this effect, tremendous e-government progress has been made over the last 10 to 15 years during which time the use of information communication technology (ICT) in the public sector has moved from being largely a concern of separate ministries in digitizing their records and processes, to one where ICT is used to join up ministries, reengineer processes, and offer many new services to citizens and businesses. E-government has become a top priority for governments around the world and a major focus of investment. This can be measured in the steady growth of the supply-side availability of e-government services across all countries since 2000. For example, according to ongoing benchmarking reports led by Capgemini, a consultancy, full online availability of a basket of the most common 20 e-government services in Europe increased from 20% in 2001 to 82% in 2010, while online sophistication increased from 45% in 2001 to 90% in 2010. Globally, the 2010 UN benchmarking survey “finds that citizens are benefiting from more advanced e-service delivery, better access to information, more efficient government management and improved interactions with governments, primarily as a result of increasing use by the public sector of information and communications technology” (p. 59).

These developments point inexorably in the same direction. As the web marches on and data of all types and qualities become increasingly ubiquitous, the issues are not only about whether we can keep them secure but also about confronting profound issues about who owns the data, where they are, how accurate they are, and who is accountable for them.

Adequate privacy and data protection, and the trust these support, are crucial for reaping the benefits of e-government. If they are in place and work well, they can provide stable, predictable, and confidence-building frameworks. In fact, these are key for any activity using information and communications technology (ICT) across society, whether in the public, private, or civil sectors, so should not be seen in isolation. But if they are not, it can have negative effects on usage. According to the European Commission (2009, p. 1), “Only 12% of EU Web users feel safe making transactions on the Internet, while 39% of EU Internet users have major doubts about safety, and 42% do not dare carry out financial transactions online.” Ongoing news reports about lost credit card data and private information in both the private and public sectors are not likely to improve this image. For example, according to a November 2007 BBC News report, two password protected computer disks holding the personal details of all families in the United Kingdom with a child under 16, 25 million people in total, went missing. The package had not been recorded or registered and has never been found since being physically transported between two departments. This has been one incident among many severely questioning the way government handles sensitive data. There are also increasing numbers of malicious hacker attacks, financially motivated breaches, and even policy motivated efforts to shut off information, such as during the attacks on Estonia, the Iranian demonstrations in 2010, and the 2011 uprisings in the Middle East. We know a lot about the main cybersecurity threats, yet a lot less about how to meet them. As the foremost duty of government is to protect its citizens, the public sector must build highly effective and integrated systems to protect against crime, espionage, terrorism, and war in cyberspace.

Government’s response to cybersecurity issues has, however, generally lagged the private sector, despite it arguably being more important, and, according to a 2008 Organization for Economic Cooperation and Development (OECD) report, there is limited availability of data on public sector efforts. Even in highly advanced e-government countries like Norway, only a minority of public administrations have been offering secure ways of communicating with their websites, despite many surveys showing that fears of data insecurity are perceived by users as the biggest deterrent to their use of e-government. However, it is also worth noting that the cybersecurity response is highly variable, for example central governments are much more likely to have adequate measures in place than local, obviously reflecting the size of populations involved and the resources available. But many e-government services are provided at the local or regional levels and the amount of information provided by these entities is rapidly increasing. One of the challenges of cybersecurity in e-government is that the public sector is characterized by a large amount of operational independence and “siloization” among its various parts, something not seen in the private sector to the same extent.

Security in government’s cyberspace is thus of paramount concern, and it is clear that current systems, both organizational and technical, are not always meeting the challenge. Future solutions will also likely require solutions very different from those of today’s systems that are predicated on relatively stable, well-defined, consistent configurations, contexts, and participants in security arrangements. A new paradigm is probably needed characterized by “conformable” security, in which the degree and nature of security associated with any particular type of action will change over time, with changing circumstances and with changing available information. In this endeavor, it is likely that the public sector will have to deal with challenges in five areas: privacy, trust, data security, loss of data control, and human behavior.