Citizens' Trust in Dutch Government and DigD

8/8/2019 Citizens' Trust in Dutch Government and DigD

1/126

1

Center for e-Government Studies

Citizens trust in Dutch e-Government and DigID

Citizens trust in

Dutch e-Government and DigID

Center for e-Government Studies Universiteit Twente


2/126


3/126

3



Center for e-Government StudiesP.O. Box 2177500 AE Enschede

T. +31 (0) 53 489 4342

F. +31 (0) 53 489 4259


Datum 1 november 2010Versie 1.0

Uitgever Universiteit TwenteCenter for e-Government Studieshttp://www.cfes.nl

Met subsidie van Alliantie Vitaal BestuurPublicatie titel Citizens trust in Dutch e-Goverment and DigIDPublicatiejaar 2010Publicatietype Onderzoeksrapport

Auteurs Dr. Thea van der GeestArdion Beldad, MSc

Correspondentie Thea van der GeestE-mail [email protected]

APA Referentie Geest, Th. van der & Beldad, A. (2010) Citizens trust in Dutch e-Government and DigiD. Enschede: Universiteit Twente.


4/126

4


Th. van der Geest & A. Beldad, 2010

Nederlandse Samenvatting Summary inDutch

Het vertrouwen van burgers in de Nederlandse e-

overheid en in DigiD

OpdrachtIn discussies over de vraag waarom elektronische diensten van de Ne-derlandse overheid minder worden gebruikt dan verwacht, wordt vaakgespeculeerd over de mogelijke rol van het vertrouwen dat de Neder-landse burgers hebben in de overheid. Daarom heeft de Alliantie VitaalBestuur aan drie onderzoeksinstellingen (TNO, Universiteit van Tilburgen Universiteit Twente, Center for e-Government Studies) de opdrachtgegeven om dat vaak gebruikte begrip vertrouwen en de rol ervan inontwikkeling en gebruik van de elektronische dienstverlening nader teonderzoeken. De focus daarbij is op de identiteitsinfrastructuur, in Ne-

derland DigiD. Bijgaand rapport gaat over het deelonderzoek van deUniversiteit Twente, dat zich richt op burgers en hun vertrouwen in de e-overheid, en wel speciaal in DigiD.

Wat is vertrouwen?Er zijn veel wetenschappelijke definities geformuleerd van het begripvertrouwen; de meeste hebben gemeen dat ze constateren dat vertrou-wen nodig is in situaties waaraan een zeker risico is verbonden. In decontext van de e-overheid is dat risico vooral aanwezig bij diensten entransacties, en veel minder bij gewoon informatie zoeken op websitesvan de overheid. Burgers willen of moeten zaken, diensten en transac-ties met de overheid afhandelen, bijvoorbeeld belasting betalen of de

hoogte van hun studiebeurs aanpassen. Zij kunnen er (in de meeste ge-vallen) voor kiezen om dat elektronisch te doen of via een ander kanaalzoals de balie. Voor dienstverlening en transacties via een website moe-ten burgers hun persoonlijke gegevens aanleveren aan de overheid,vaak onder vermelding van DigiD, de persoonlijke identificatiecode diegekoppeld is aan het Burgerservicenummer van de burger. Vertrouwenin de elektronische dienstverlening kan dus zowel vertrouwen in deoverheid inhouden, als vertrouwen in de website of in DigiD als be-scherming voor persoonlijke gegevens.

Hoe komt vertrouwen tot stand en waar leidt het toe?In dit onderzoek hebben we de burgers met opzet niet alleen maar in

het algemeen gevraagd om de overheid een rapportcijfer voor vertrou-wen te geven. Dat rapportcijfer zegt niet zoveel als we niet weten watenerzijds de factoren zijn die tot vertrouwen leiden (de zogenaamde de-terminants of trust) en anderzijds of dat vertrouwen groot genoeg is omtot het beoogde gedrag te leiden (de behavioral intention). In dit gevalis de beoogde gedragsintentie: de bereidheid om gegevens ter beschik-king te stellen in het kader van een dienst of transactie met de e-overheid, en ook de bereidheid om daar DigiD bij te gebruiken. We heb-ben dus het vertrouwen gepeild in de context van elektronische dienst-verlening die met DigiD is beschermd.

Op basis van de literatuur (zie hoofdstuk 2 van dit rapport) hebben wegekozen om drie groepen mogelijke factoren die kunnen leiden tot ver-trouwen te onderzoeken:

Vertrouwen in de technologie (de website, DigiD);


5/126

5



Vertrouwen in officile of organisatiekeurmerken, zoals bijvoor-beeld een officile mededeling over de privacybescherming;

Persoonskenmerken van de burgers, bijvoorbeeld of ze goed vanvertrouwen zijn (sommige mensen zijn meer geneigd personen oforganisaties te vertrouwen dan anderen) en of ze eerder goede of

slechte ervaringen hebben opgedaan bij transacties met de over-heid.

We onderzoeken of deze factoren inderdaad leiden tot vertrouwen in dee-overheid. Vertrouwen in organisaties en personen bestaat uit een setvan overtuigingen (beliefs) die men heeft over die organisaties of perso-nen: of ze in principe je belangen respecteren (integrity), of ze kundigzijn in wat ze moeten doen (competence), en of ze betrouwbaar en eer-lijk werken (honesty). Dit vertrouwen leidt vervolgens tot de bereidheidom je persoonlijke gegevens aan de overheid prijs te geven. We gaan ervan uit dat burgers de risicos bij het beschikbaar stellen van persoonlij-ke gegevens afwegen tegen de verwachte voordelen in de specifieke si-tuatie, bijvoorbeeld dat ze niet naar het politiebureau hoeven om aangif-te te doen, of dat ze bij het doen van hun belastingaangifte niet met eenblanco formulier hoeven te beginnen.

Het onderzoek naar vertrouwen in de e-overheid is nader toegespitst ophet vertrouwen in DigiD als middel om de identiteit van de burger dieeen dienst aanvraagt of een transactie aangaat vast te stellen. We kij-ken in meer detail naar de afweging die de burger maakt rondom de in-tentie om DigiD te (blijven of gaan) gebruiken: welke voordelen ziet deburger in het gebruik van DigiD en hoe wordt de gebruiksintentie ver-volgens benvloed door eventuele verwachte risicos of moeilijkheden.Het algemene onderzoeksmodel over vertrouwen in de e-overheid enhet specifieke model over de afwegingen rondom gebruik van DigiD

staan beschreven in hoofdstuk 3 van het rapport.

Aanpak van het onderzoekHet onderzoek is in twee stappen uitgevoerd. Eerst hebben we burgersgenterviewd in focusgroepsessies. In drie verschillende groepen hebbenin totaal 23 burgers die ervaring hadden met de e-overheid met ons enmet elkaar gediscussieerd over hun ervaringen en opvattingen over dee-overheid, hun gebruik of niet-gebruik van DigiD, en de risicos envoordelen van zaken online afhandelen. Daarbij vergeleken ze hun erva-ringen met andere vormen van elektronische dienstverlening en transac-tie, zoals internetbankieren of producten kopen bij webwinkels. Inhoofdstuk 4 worden de resultaten van de focusgroepen gerapporteerd.

Als tweede stap hebben we een grootschalige online enqute uitgezet bijtwee panels van respondenten die zich eerder bereid hadden verklaardvragen over overheidsonderwerpen te beantwoorden. Het ene panel waslandelijk en leverde 1046 ingevulde vragenlijsten op, het andere panelwas vanuit een gemeente met meer dan 100.000 inwoners en leverde1156 ingevulde vragenlijsten op. Hoofdstuk 5 tot en met 8 bevatten deresultaten van de enquete over vertrouwen in de e-overheid, de factorendie tot dat vertrouwen leiden en de gedragsintenties om gegevens terbeschikking te stellen en daarbij DigiD te (gaan of blijven) gebruiken.

Burgers aan het woord in de focusgroepen

De 23 burgers in onze focusgroepen varieerden in leeftijd van 20 tot bo-ven de 60. Zij hadden (op n deelnemer na) meer dan 5 jaar internet-ervaring en maakten vaak gebruik van internetdiensten, vooral voor hun


6/126

6



bankzaken (22 van onze 23 deelnemers) en online winkelen (21 deel-nemers), iets minder voor transacties met hun gemeente ((19 deelne-mers) en de Belastingdienst (18 deelnemers). De bevindingen van defocusgroepen, toegelicht met uitspraken van deelnemers, zijn te vindenin Hoofdstuk 4.

We hebben de deelnemers allereerst gevraagd om rapportcijfers voorvertrouwen uit te delen. De deelnemers hadden het meeste vertrouwenin de online transacties met hun bank (gemiddeld rapportcijfer 9), invergelijking met hun gemeente (gemiddeld een 7.8), de Belastingdienst(7.7) en webwinkels (7.1). De deelnemende burgers hadden weinig ne-gatieve ervaringen met e-dienstverlening, wat niet wegneemt dat ze welhet gevoel hadden dat er makkelijk misbruik van hun gegevens zou kun-nen worden gemaakt. Ze verwachten dat banken meer moeite doen danoverheden om transacties optimaal te beveiligen omdat fouten of nega-tieve publiciteit de banken klanten zou kosten, wat niet het geval is bijoverheden. Overigens namen de meesten wel aan dat de overheid hungegevens goed zou beveiligen, maar ze merkten tegelijkertijd op dat ze

geen idee hadden op welke manier de overheid in de praktijk hun databeschermt.

Een aantal deelnemers had het idee dat alle gegevens die achter DigiDzitten makkelijk gekoppeld kunnen worden via de persoonsgebondencode. Veel deelnemers verwachtten dat er ongevraagd gegevens wordenuitgewisseld tussen overheidsorganisaties die gebruik maken van DigiD.Die risicos wegen in sommige situaties wel op, in andere situatie niet optegen het gemak van DigiD: n inlogcode voor alle overheidsinstantiesen de extra beveiliging van een transactie met een persoonsgebondeninlogcode. De inlogprocedures van banken zijn volgens de deelnemersuitvoeriger en veiliger, onder andere doordat banken naast gebruikers-

naam en wachtwoord werken met willekeurige codes die op het momentvan de transactie worden gegenereerd en per SMS worden toegestuurd.Maar veilig werken wordt ook nogal eens omslachtig of moeilijk gevon-den en daarom omzeild: het lastig te kraken wachtwoord is moeilijk teonthouden en wordt dus op een briefje geschreven dat in de buurt vande computer ligt.

De burgers in onze focusgroepen zeiden dat ze keken naar bepaaldewebsite- en inhoudskenmerken als ze de veiligheid beoordeelden: deprofessionaliteit van de website, het gele slotje of de aanduiding httpsals teken van beschermd gegevensverkeer, privacyverklaringen en regi-stratie van een webwinkel bij de Thuiswinkel-organisatie. De deelnemers

bleken verwachte risicos (van ongewenste koppeling of te kort schie-tende beveiliging) af te wegen tegen de voordelen van het gebruiksge-mak van n code voor verschillende overheidsorganisaties en contex-ten. Omdat deze afweging van veronderstelde risicos tegen verwachtevoordelen herhaaldelijk naar voren kwam in de focusgroepen is dezeverwerkt in het onderzoeksmodel van het vertrouwen in DigiD (ziehoofdstuk 3).

De invullers van de enquteDe 2202 invullers van onze enqute vormen een representatieve steek-proef van de Nederlandse bevolking wat betreft leeftijd en geslacht.Meer dan 90% heeft meer dan 5 jaar internetervaring, mannen meerdan vrouwen, en 75% heeft al eens een overheidswebsite gebruikt vooreen transactie. De jongste groep (onder de 25) en vooral de ouderegroepen (55+ en 65+), hebben minder vaak online zaken gedaan met


7/126

7



de overheid. Dit hangt ook samen met ervaring in internetgebruik: hoemeer jaren mensen internet gebruikten, hoe vaker ze online zaken had-den gedaan met de overheid.

Vertrouwen dat de overheid goed omgaat met je gegevens

Wat zijn de factoren die maken dat burgers erop durven te vertrouwendat de overheid zorgvuldig omgaat met hun persoonlijke gegevens? Hetgedetailleerde en statistisch onderbouwde antwoord op die vraag is tevinden in Hoofdstuk 6.1 6.3. Voor de analyse hebben we onderscheidgemaakt tussen de groep van 1646 mensen die ervaring had met trans-acties met de e-overheid en de groep van 551 mensen zonder ervaring.Bij de mensen met ervaring is zijn de voorspellers van vertrouwen datde overheid goed omgaat met hun persoonlijke gegevens (in volgordevan belangrijkheid):

1. de aanwezigheid van een privacyverklaring op de website,2. de reputatie van de overheidsorganisatie,3. de eerdere ervaringen met e-overheid transacties,4. of de betreffende persoon zegt goed van vertrouwen te zijn.

Bij de groep die geen ervaring had met e-overheid transacties is hunvertrouwen (zoals te verwachten) minder sterk gekoppeld aan de onder-zochte factoren. De voorspellers van vertrouwen zijn in volgorde vanbelangrijkheid:

1. de aanwezigheid van een privacyverklaring,2. of de persoon zegt goed van vertrouwen te zijn,3. de reputatie van de overheidsorganisatie.

In Hoofdstuk 6.6 6.9 kijken we in meer detail naar kenmerken van deburgers in relatie met het vertrouwen dat ze hebben dat de overheidgoed omgaat met hun gegevens. Vooral bij de jongere respondenten (18 34 jaar) is de aanwezigheid van een privacyverklaring een sterkerevoorspeller dan bij de ouderen, terwijl mensen met relatief weinig inter-

netervaring (minder dan 5 jaar) minder sterk reageren op de aanwezig-heid van een privacyverklaring.

Vertrouwen van verschillende groepen burgers in overheidsor-ganisatiesWe hebben de burgers in de enqute gevraagd verschillende organisa-ties een rapportcijfer te geven, als uitdrukking van hun vertrouwen datde organisatie goed omgaat met hun gegevens (zie Hoofdstuk 6.4 6.5). De internetbanken kregen het hoogste rapportcijfer, een 7.3, ge-volgd door de Belastingdienst (7.1), gemeentes (6.8), de overheid(6.6), online verzekeraars (6.4) en webwinkels (5.5).Een verdere analyse van het oordeel over de overheid laat zien dat

vooral jongere burgers (onder de 25) meer dan gemiddeld vertrouwenhebben in de overheid (7.1) in vergelijking met burgers van 45 jaar enouder (gemiddeld 6.5), en mannen (6.7) gemiddeld meer dan vrouwen(6.5). Ook hier is het oordeel sterk verbonden met internetervaring endus ervaring met de e-overheid. Mensen met 5 jaar internetervaring ofminder geven een duidelijk lager rapportcijfer (6.1) dan mensen met 10

jaar ervaring of meer (6.7). Burgers die al eens zaken met de e-overheid hebben gedaan, beoordelen de overheid aanmerkelijk gunsti-ger (6.8) dan mensen die alleen informatie hebben gezocht (6.2) enmensen die helemaal geen overheidswebsites gebruikt hebben (5.8). Diteffect kan twee kanten op werken: mensen met weinig vertrouwen be-ginnen niet aan online zaken doen met de overheid en bouwen dus ook

geen positieve ervaringen op die vervolgens weer vertrouwen kunnencreren en vergroten.


8/126

8



Bij de beoordeling van gemeentes zien we een zelfde patroon: jongereburgers, mannen, mensen met meer dan 10 jaar internetervaring enmensen met ervaring met online zaken doen geven hogere rapportcijfersvoor vertrouwen dan anderen. De rapportcijfers van de Belastingdienstlaten een iets ander beeld zien: Daar oordeelt de groep burgers tussen35 en 44 jaar iets positiever (7.4) dan de jongste groep respondenten

(7.3).

We hebben de respondenten ook gevraagd naar hun oordeel over de re-putatie van de overheid wat betreft het voor ogen hebben van de belan-gen van de burger (integrity), het goed kunnen doen waar ze voor zijn(competence) en de betrouwbaarheid (honesty). Dat oordeel over dereputatie hebben we in verband gebracht met hun vertrouwen dat deoverheid netjes met hun gegevens omgaat. De jongste groep burgers(onder 25) en de oudere groepen (45 en ouder) schatten de reputatievan de overheid lager in dan de middengroep, en vrouwen hadden eenlagere dunk van de overheid dan mannen. Mensen die al eens online za-ken hebben gedaan met de overheid, oordelen aanmerkelijk gunstiger

over de reputatie (3.4 op een 5-punt schaal) dan mensen die de websitealleen gebruikt hebben voor informatie (2.6) of helemaal niet (2.4).

Het is de moeite waard op te merken dat vooral de belangrijkste voor-speller van vertrouwen, het aanwezig zijn van een privacy statement,goed te benvloeden is door gerichte communicatie. Overheidsorganisa-ties zouden op veel meer en veel opvallender plaatsen duidelijk kunnenmaken dat ze zich houden aan strenge privacyregels en op dit punt ookaan reputatiemanagement kunnen doen. Punt 7 van de Burger ServiceCode (vertrouwelijkheid van gegevens en zorgvuldige archivering) zoubij elke transactie gecommuniceerd kunnen worden, aangenomen dat deorganisatie natuurlijk ook doet wat zij belooft. De verschillen tussen

jong-oud en ervaren minder ervaren laten zien op welke groepen decommunicatie zich in de eerste plaats zou kunnen richten.

Burgers en hun bereidheid om gegevens te verstrekkenIs er nu ook echt een verband tussen het vertrouwen van burgers en debereidheid om persoonlijke gegevens te verstrekken die nodig zijn voorde e-dienstverlening? Hoofdstuk 7 van het rapport levert de gegevensen analyses om deze vraag te beantwoorden.

We hebben op basis van de focusgroepen aangenomen dat de beslissingom gegevens ter beschikking te stellen tot stand komt in een situatiewaarin voordelen (zoals opbrengst, tijdsbesparing en gemak) worden

afgewogen tegen mogelijke risicos (bijvoorbeeld misbruik van gege-vens), in de wetenschap dat er trust cues zijn (zoals de aanwezigheidvan wettelijke bescherming van persoonlijke gegevens). Over het alge-meen waren de burgers redelijk bereid om hun gegevens ter beschikkingte stellen (gemiddeld 3.3 op een schaal van 5).

Bij burgers die eerder zaken hebben gedaan met de e-overheid was hunvertrouwen in de overheidsorganisaties de belangrijkste voorspeller vanhun bereidheid, gevolgd door de afweging van risicos tegen voordelenen in mindere mate hun overtuiging dat zij goed beschermd zijn door deWet Bescherming Persoonsgegevens (WBP). Voor de burgers die geenervaring hadden met online zaken doen met de overheid golden dezelfdeoverwegingen, maar die leidden minder sterk tot de bereidheid om per-soonlijke gegevens ter beschikking te stellen.


9/126

9



In paragraaf 7.4 7.5 wordt gerapporteerd welke groepen burgers zichonderscheiden in hun afwegingen en hun bereidheid om hun persoonlij-ke gegevens ter beschikking te stellen. Voor burgers tussen 25 en 45

jaar en voor mensen die ervaring hebben met online zaken doen met deoverheid spelen voordelen als tijdsbesparing en gemak een veel belang-

rijker rol dan voor jongere en (met name) oudere burgers. De risicosdie gepaard gaan met het ter beschikking stellen van persoonlijke gege-vens worden door alle groepen gelijk ingeschat. Op een 5 puntsschaalscoren de burgers rond de 2.5 op uitspraken als: ik denk dat de over-heid mijn gegevens kan doorverkopen, dat de overheid misbruik kanmaken van mijn gegevens, dat de overheid derden toegang kan geventot mijn gegevens zonder mijn toestemming. De kennis van burgersover wat de overheid kan en mag doen met hun gegevens schiet duide-lijk tekort.

De bereidheid om gegevens ter beschikking te stellen, zowel bij burgersmet als bij burgers zonder ervaring met e-diensten van de overheid,wordt sterk positief benvloed door het vertrouwen van burgers in demanier waarop overheidsorganisaties omgaan met de gegevens, hungeloof in de bescherming die de WBP biedt, en voordelen van onlinetransacties. Hun inschatting van de risicos is een kleinere negatieve te-genkracht in de afweging.

Al met al ontstaat er een beeld van burgers die aan de ene kant ervanovertuigd zijn dat de overheid op ongewenste manieren om kan gaanmet hun gegevens, maar aan de andere kant toch relatief vol vertrou-wen een online transactie aangaan als ze daar denken voordeel bij tehebben. Overtuigingen en gedrag(sintenties) lopen op dit essentilepunt in de e-dienstverlening niet parallel.

Burgers en hun intentie om DigiD te (gaan of blijven) gebruikenVoor de vragen die betrekking hebben op DigiD maken we onderscheidtussen:- burgers die DigiD hebben en gebruiken (75% van de invullers)- burgers die DigiD hebben maar niet gebruiken (12%)- burgers die geen DigiD hebben maar wel weten wat het is(9%).Negentig burgers (4% van de respondenten) gaf aan geen idee te heb-ben wat DigiD is; die hebben we verder geen vragen over DigiD gesteld.Hoofdstuk 8 van het rapport gaat over de factoren die bepalen of men-sen DigiD gaan of blijven gebruiken.

Jongere burgers (onder de 25) en oudere burgers (55 en ouder) zijn watoververtegenwoordigd in de groep die wel DigiD heeft, maar het nietgebruikt. Mannen hebben vaker een DigiD die ze gebruiken dan vrouwen(80% tegen 70%) en mensen die relatief kort internet gebruiken (min-der dan 5 jaar) gebruiken minder vaak DigiD dan mensen met veel in-ternetervaring (meer dan 10 jaar): 58% tegen 83%.De intentie om DigiD te blijven gebruiken (gemiddeld een 3.8 op een 5puntsschaal) wordt het sterkst bepaald door de afweging van voordelenenerzijds tegen nadelen of gebruiksproblemen anderzijds, en vervolgensdoor vertrouwen in overheidsorganisaties en vertrouwen in DigiD. Deburgers (zowel mensen die hun DigiD actief gebruiken als degenen diedat niet doen) zijn het met elkaar eens dat het onhandig is dat DigiD

verloopt (gemiddeld 3.8 op een 5 puntsschaal). Vooral jongere burgers(onder de 25) en ouderen (boven de 65) vinden DigiD-gebruik moeilijker


10/126

10



dan de andere leeftijdsgroepen, maar in het algemeen wordt DigiD nietbijzonder moeilijk gevonden (van 2.1 tot 2.5 op een vijfpuntsschaal).

Voor de burgers die DigiD daadwerkelijk gebruiken spreekt er het nodigein het voordeel van DigiD: zij vinden het makkelijk te gebruiken (gemid-deld 3.8 op een 5 puntsschaal), vinden het makkelijk dat ze verschillen-

de overheidsdiensten met n login kunnen benaderen (3.9) en waarde-ren dat het gratis is (4.1). Ze onderkennen de noodzaak van DigiD(3.9). Alle groepen burgers spreken dan ook een vergelijkbaar grootvertrouwen uit in DigiD (3.8). Ze zijn van plan hun DigiD te blijven ge-bruiken (3.8). Over de vraag of ze de inlogprocedure van hun bank zou-den willen gebruiken voor overheidstransacties zijn de meningen ver-deeld (gemiddelden rond de 2,5), maar ouderen (55 en ouder) zijn ster-ker gekant tegen dit idee dan jongeren (resp. 2.4 tegen 2.6), en vrou-wen sterker tegen dan mannen (2.3 tegen 2.6). De omgekeerde vraag,of ze hun DigiD willen gebruiken voor commercile transacties wordtveel negatiever beantwoord (gemiddeld 2.2), waarbij de 65+-ers veelnegatiever zijn dan de anderen (1.1 op een 5 puntsschaal).

De kleinere groep van 12 % burgers die wel een DigiD hebben maar dieniet gebruiken is wat negatiever over de gebruiksproblemen (bijvoor-beeld de extra gebruikersnaam en wachtwoord die het met zich mee-brengt), maar spreken toch vertrouwen in DigiD uit (3.1 op een 5 punts-schaal) en laten merken dat ze een behoorlijke sterke intentie hebbenhet te gaan gebruiken (gemiddeld 2.9). Ook hier zijn vooral de jongsteen de oudste groep, en de mensen met relatief weinig internetervaringhet meest negatief over gebruiksproblemen.

Actuele gebeurtenissen die leiden tot negatieve berichten in de mediakunnen de intentie tot gebruik van DigiD benvloeden. Dat was aan de

orde kort voordat we de burgers enquteerden over DigiD. Hoewel eendaadwerkelijke gedragsverandering niet vast te stellen is met een een-malige meting, hebben we de burgers gevraagd of hun visie op DigiD-gebruik onlangs veranderd is. Burgers die gebruik maken van hun DigiDwaren voor de overgrote meerderheid (gemiddeld 88%) niet van meningveranderd over het gebruik van DigiD. Bij de groep die wel een DigiDheeft, maar die niet gebruikt (12% van onze respondenten), zien weeen groter effect van de negatieve media-aandacht voor DigiD. Van deburgers in deze groep die tussen de 25 en 45 zijn gaf 87% aan dat hungeneigdheid om DigiD te gaan gebruiken niet veranderd was, maar bijde andere leeftijdsgroepen lag dat percentage tussen 68% en 76%. Bijde relatief kleine groep van burgers die wel weet heeft van het bestaan

van DigiD maar het niet gebruikt (9% van de respondenten) valt het opdat vooral de oudste burgers (65+) denken dat DigiD niet makkelijk isom te gebruiken. Zij reageren niet zo sterk op de argumenten dat DigiDgratis is, dat het makkelijk is om n login te hebben, en ze zien ook denoodzaak van DigiD minder in. Voorspellers voor het gaan aanvragenvan een DigiD zijn vooral het algemene vertrouwen in DigiD en in over-heidsorganisaties, en niet zozeer de afweging van voor- en nadelen vanDigiD. Ongeveer 80% van de burgers in deze groep is niet van meningveranderd over het gaan aanvragen van DigiD, ondanks recente nega-tieve media-aandacht.

Welke factoren zijn nu het meest belangrijk in het krachtenveld rondomhet (gaan en blijven) gebruiken van DigiD? Bij de burgers die een DigiDhebben en hem gebruiken is de afweging tussen voordelen en gebruiks-problemen het belangrijkst en komen vertrouwen in DigiD en de over-


11/126

11



heidsorganisaties duidelijk op een tweede plaats. Het lijkt zin te hebbenom in de communicatie met deze groep de voordelen en het gebruiks-gemak te benadrukken. Bij de groep burger die DigiD heeft maar nietgebruikt, spelen de voordelen de belangrijkste rol. In tweede instantietellen vertrouwen in DigiD, verwachte gebruiksproblemen en vertrouwen

in overheidsorganisaties ook mee. Bij de groep niet-gebruikers is datvertrouwen verreweg de belangrijkste factor. Bij deze twee groepen zoude communicatie zich sterker dan bij de regelmatige gebruikers kunnenrichten op het creren van vertrouwen en het ontkrachten van negatieveverwachtingen over gebruiksgemak.

ImplicatiesDit onderzoek heeft laten zien hoe burgers staan tegenover een over-heid die hen vraagt om haar hun gegevens toe te vertrouwen, onder be-scherming van DigiD, met als tegenprestatie dat ze de voordelen kunnenondervinden van digitaal zaken afhandelen met de overheid. Vertrouwenin de competentie en integriteit van overheidsorganisaties en vertrou-wen in de technologie van websites en DigiD spelen zeker een belangrij-ke rol, maar dat vertrouwen wordt gecreerd en bevestigd in situatieswaarin de burgers hun verwachte voordeel afwegen tegen vermeende enverwachte problemen met hun persoonlijke gegevens en met het ge-bruik van DigiD. Zichtbare vertrouwensbrengers (trust cues) helpen omdat vertrouwen te creren en te vergroten, zoals verwijzingen naar eenprivacyverklaringof de Wet op de Bescherming Persoonsgegevens, maarook goed ontworpen websites en informatie over de veiligheid van Di-giD. In de communicatie rondom diensten en transacties met de over-heid zou hier veel explicieter en meer op doelgroepen gericht aandachtaan besteed kunnen worden. Deze communicatie is effectief als de over-heid ook waarmaakt wat zij haar burgers belooft: een betrouwbare ,omgang met hun persoonlijke gegevens die niet ten koste gaat van ge-

bruiksgemak.


12/126


13/126

13



6.2 Determinants of trust among citizens with e-governmentexperience...........................................................................................................53

6.3 Determinants of trust among citizens without e-government experience .................................................................................54

6.4 Trust in various e-service organizations ................................................556.5

Trust in various e-government parties....................................................56

6.5.1 Trust in the governments personal data processing and use ...................566.5.2 Trust in municipalities personal data processing and use..........................586.5.3 Trust in the Tax Administrations personal data processing and use ......606.6 The impact of privacy statements .............................................................626.7 The reputation of government organizations .......................................646.8 Previous e-government transactional experience..............................656.9 Discussion ...........................................................................................................666.9.1 The impact of Internet usage and experience ................................................666.9.2 The determinants in Dutch e-government.......................................................666.9.3 Trust in government organizations of various subgroups ...........................68

7 INTENTION TO DISCLOSE PERSONAL INFORMATION

FOR e-GOVERNMENT TRANSACTIONS .......................................... 707.1 Internal consistency test of the online survey ....................................707.2 Determinants of intention to disclose among citizens

with e-government experience ..................................................................727.3 Determinants of intention to disclose among citizens

without e-goverment experience ..............................................................737.4 Benefits of e-government services ...........................................................747.5 Intention to disclose in various subgroups ...........................................777.6 Discussion ...........................................................................................................78

8 THE DETERMINANTS OF THE INTENTION TOCONTINUE USING, USE, AND APPLY FOR DIGID ...................... 81

8.1 Internal consistency of the online survey .............................................818.2 Patterns of DigiD ownership and usage..................................................828.3 Determinants of intention to continue using DigiD............................848.3.1 Analysis at item level .............................................................................................848.3.2 Analysis of the perceived problems in continuing use of DigiD .................858.3.3 Analysis of the perceived advantages of continuing use of DigiD ............878.3.4 Analysis of trust in DigiD.......................................................................................898.3.5 Determinants of intention to continuing use of DigiD ..................................898.3.6 Intention to continue using DigiD.......................................................................908.3.7 Bank log-in and DigiD compared ........................................................................908.3.8 Changes in decision to continue using DigiD ..................................................928.4 Determinants of intention to start using DigiD....................................948.4.1 Analysis at item level .............................................................................................948.4.2 Perceived problems in start using DigiD...........................................................958.4.3 Perceived advantages of start using DigiD ......................................................968.4.4 Trust in DigiD............................................................................................................988.4.5 Determinants of intention to start using DigiD ..............................................988.4.6 Intention to start using DigiD ..............................................................................998.4.7 Bank log-in and DigiD compared ........................................................................998.4.8 Changes in decision to start using DigiD........................................................1008.5 Determinants of intention to apply for DigiD .....................................1038.5.1 Analysis at item level ...........................................................................................1038.5.2 Perceived problems in applying for DigiD ......................................................1038.5.3 Perceived advantages of applying for DigiD..................................................1058.5.4 Trust in DigiD..........................................................................................................1068.5.5 Determinants of intention to apply for DigiD ................................................1078.5.6 Citizens characteristics and their intention to apply for DigiD................108


14/126

14



8.5.7 Changes in decision to apply for DigiD .......................................................... 1088.6 Discussion......................................................................................................... 110

9 IMPLICATIONS AND RECOMMENDATIONS .................................114

9.1 Implications and recommendations for future research............... 1149.2 Implications and recommendations for policy design and

decisions ........................................................................................................... 1159.2.1 Trust and intention to disclose personal data for e-government ........... 1159.2.2 The determinants of intentions to use DigiD................................................ 120

REFERENCES.....................................................................................................122


15/126

15



1 Introduction

As a substantial number of government agencies are heading into amore interactive and transactional phase, citizens are finding themselveseventually propelled to disclose their personal information before theycan avail of different government services online. Many regard onlinesharing of personal data very risky since they can be abused for variedpurposes either by organizations collecting them or by third parties thatcan easily accessed data stored on organizational databases with thehelp of sophisticated technologies. Perceptions of risks involved in onlinesharing of personal data foster information privacy concerns, which asone study shows (Choudrie, Raza, & Olla, 2009), influence citizens in-tention or reluctance to use e-government.

Risk perceptions related to online personal information disclosure andinformation privacy concerns, therefore, ought to be reduced and elimi-

nated before organizations can be guaranteed of massive user accep-tance of their online services. While it is said that risk necessitates thecultivation of trust (Kee & Knox, 1970), the fact that people perceiverisks in transacting online should serve as a call for online organizationsto establish their trustworthiness. This argument is built on the assump-tion that people would have lowered estimation of the risks in transact-ing with organizations they can trust.

With the perceived risks of disclosing information for an online transac-tion, users would be expected to look for a number of cues that will aidthem in estimating the trustworthiness of an online organization interms of how it will use, process, and protect collected personal data.

Empirical studies on the determinants of trust in online commercial ex-changes are copious. This could not be said to be true for e-government,as investigations pursued in that context have not yet looked into theimpact of several factors on citizens trust in online transactions withgovernment organizations.

Just as e-government is gaining momentum in the Netherlands, an in-creasing number of Dutch government organizations that offer theirproducts and services online have started to deploy DigiD, an identitymanagement system, as a way of verifying the identities of citizens whoopt to engage in an online transaction with a particular government or-ganization. While DigiD may be beneficial, it has its own set of usage-

related problems which could trifle its widespread acceptance. Studieson the factors that determine behavioral intentions to use DigiD are stillto be pursued, just as citizens concerns and problems related to the us-age of DigiD still need to be explored.

The questions on the determinants of trust in government agencies interms of how they deal with collected personal data from citizens andthe factors that influence citizens willingness to share their personal foronline government transactions were just two of the important issuesthat this research project intended to address. Concerns pertinent to theusage or non-usage of DigiD and the impact of trust on DigiD usage in-tention were also covered within the overall research project.

To address the many research questions that were formulated for thethree sub-studies, focus group discussions were conducted and two


16/126

16



online surveys were implemented. Results of the focus groups discus-sions and the online surveys on the determinants of trust in governmentorganizations in terms of their processing and usage of citizens personalinformation; the determinants of Internet users willingness to disclosetheir personal data for an online government transaction; and the de-terminants of their intention to continue using, use, and apply for DigiD

are presented in this report.

In the first chapter, the determinants of trust in organizations in anonline setting, the factors influencing peoples intention to disclose theirpersonal data for online transactions, and the issues and concerns re-lated to the usage of identity management systems are discussed basedon results of related studies and theoretical discussions on the afore-mentioned topics. Chapter two is apportioned for a discussion of the re-search models used in the sub-studies, the research questions providingthe backbones of those studies, and the research methodologies em-ployed to address the research questions.

The results of the focus group discussions can be read in Chapter 5.Since the demographic characteristics of survey respondents are re-garded significant in understanding their trust in government organiza-tions in terms of their processing and usage of citizens personal data,their experience with e-government transactions, their willingness toengage in online government transactions as measured by their disposi-tion to share their personal data, and their attitude towards the identitymanagement system used by most Dutch government organizations(DigiD), Chapter 6 is be devoted for a detailed discussion of the respon-dents profile.

Chapters 6 and 7 are allotted for a discussion of the results of the sur-

veys on the determinants of trust in government organizations in termsof their processing and usage of citizens personal data and the factorsthat are hypothesized to impact (positively or negatively) their willing-ness to share personal information to avail of government servicesonline, respectively. Results of the study on the determinants of behav-ioral intentions to continue using, use, and apply for DigiD are containedin Chapter 8. A thorough discussion of the implications of the studies forfuture research agenda and policy decisions and the recommendationsaddressed to both the research community and the policy makers basedon the results of the different empirical studies are presented in Chapter9.


17/126

17



2 LITERATUREREVIEWIt makes little sense to refute the value of trust as an exigent ingredient

in influencing decisions and actions in almost all social interactions.Without it, cooperation with and dependency on other parties for the re-alization of goals, both on the individual and societal level, would be al-most unthinkable (Kipnis, 1996; Sztompka, 1999) and social and eco-nomic exchanges far from probable (Buskens, 1998; Doney et al., 1998;James, 2002).

While empirical studies on the impact of trust on behavioral intentionsand social actions within the context of offline interactions proliferate,the depot of scientific knowledge about the causes and effects of trust incomputer-mediated transactions and exchanges is remarkably expand-ing which could be primarily attributed to the ever-growing interest in

the phenomenon of people living second lives in a digital world whereuncertainties and risks thrive.

Trust is imperative when risks abound since trust would be irrelevant ifactions could be pursued with a 100 percent certainty (Lewis & Weigert,1985). Nevertheless, even when risks in exchange situations are negli-gible, trust remains necessary as long as possibilities for the betrayal oftrust are never eternally banished (Kee and Knox, 1970). The profusionof definitions attached to trust is symptomatic of the non-existence of auniversally accepted trust definition (Barber, 1983; Das & Teng, 2004;Kee & Knox, 1970; McKnight & Chervany, 2002; Rosseau, Sitkin, Burt, &Camerer, 1998).

Out of the copiousness of attempts to define trust emerged a two-waystream of trust conceptualization. The first views trust as an expectationregarding the behavior of an interaction partner (Barber, 1983; Koller,1988; Luhmann, 1979; Rotter, 1967). The second perspective empha-sizes the coupling of trust with an acceptance of and an exposure to vul-nerability (Doney, Cannon, & Mullen, 1998; Mayer, Davis, & Schoorman,1995; Rosseau et al., 1998; Zand, 1972). Though both perspectivesspring from efforts to understand trust before the ascendancy of theInternet as an important medium for interaction and transaction, theyboth retain their significance when deployed to study trust in computer-mediated relationships.

The centrality of trust in this research project is evident in its assump-tion of a dual role - as a response variable (in the study on the determi-nants of trust in government organizations) and as an explanatory vari-able (in the studies on the determinants of behavioral intentions to dis-close personal data for e-government services and to use and apply forDigiD). The various determinants of trust in organizations within anonline context and the factors that influence intentions (or disinclina-tions) to share online personal data for computer-mediated transactionsbased on several empirical studies are discussed in this chapter.

The determinants that will tackled, however, are limited to the hypothe-sized factors that are included in the research model(s), which will be

presented in the next chapter. It is also important to note that almost allempirical studies cited in the chapter were conducted within the frame-


18/126

18



work of online commercial transactions, considering the proliferation ofresearch in that domain and the relatively limited number of investiga-tions on trust in electronic government. Studies on the issues pertinentto the usage of DigiD are presented in the last section of this chapter.

2.1 Determinants of trust in organizationswithin an online setting

For citizens, availing online government services implies completingelectronic registration forms, subtly forcing them to disclose pieces ofpersonal information before a particular transaction can proceed and becompleted. However, citizens are getting more conscious about therisks involved in the disclosure of their personal data in the digital envi-ronment. Whatever personal information shared to an online organiza-tion could either be exploited by the organization collecting the informa-tion or by third parties that can easily acquire unauthorized access to

such information with the aid of sophisticated technologies. Personaldata are vulnerable to abuse because they have become tradable com-modities.

With risks or the belief in their presence comes the urgency of cultivat-ing trust. In the context of online exchanges, Internet users need totrust online organizations in order for the former to relish the conven-ience and benefits of transacting with the latter. The imperativeness oftrust in online transactions would constantly push organizations to im-prove and maintain their trustworthiness to gain their clients loyal pa-tronage of their products or services. In coming up with a reliable esti-mation of an online organizations trustworthiness, Internet users are

expected to consider varying trustworthiness criteria, considering thattrust, at times, is based on a rational evaluation of something or some-one.

Although definitions of trust are far from unanimous, mainstream viewsof the said concept veer towards the notions of trust either as an expec-tation regarding the behavior of an interaction partner (Barber, 1983;Koller, 1988; Luhmann, 1979; Rotter, 1967) or as an acceptance of andexposure to vulnerability (Doney, Cannon, & Mullen, 1998; Mayer,Davis, & Schoorman, 1995; Rosseau et al., 1998). Trust in an onlinecontext is regarded as users reliance on an organization with regards tothat organizations activities in the electronic medium, and in particular,

its website (Shankar, Urban, & Sultan, 2002).

It is said that people readily trust those whose trustworthiness has beentested and those who did not fail them before (Sztompka, 1999). Suchargument fully underscores the importance of experience in the forma-tion of trust in the other party. A positive experience, which dependspartly on ones level of satisfaction with the transaction or exchange,strongly relates with trust (Pavlou, 2003). People who are satisfied withtheir previous online transactional experience tend to trust the transac-tional partner for future exchanges (Casalo et al., 2007; Flavian et al.,2006; Pavlou, 2003).


19/126

19



2.1.1 Organizational and web-based determinants ofonline trust

2.1.1.1 Organizational reputation as basis for trust

While the positive relation between experience and trust may be true forInternet users who have gone beyond the first encounter, people with-out prior experience with an online organization would have to resort toother criteria in assessing organizational trustworthiness. First, there isorganizational reputation. Previous studies on trust in online commercialexchanges reveal that people who do not have experience with an onlineorganization rely on its positive reputation in deciding whether or not totrust that organization (Chen, 2006; Kim, Ferrin, & Rao, 2003; Koufaris& Hampton-Sosa, 2004; McKnight et al., 2002).

2.1.1.2 Online privacy statements as trustworthiness cues

Risk perceptions related to the disclosure of personal data, which bothcause and affect privacy concerns, would also prompt Internet users toclamor for an assurance that their personal data once disclosed will notbe abused, but instead adequately protected. Users who consider theorganizational usage and processing of their personal data a seriousmatter and those who are very concern about their information privacywould be expected to consult privacy statements on websites (Jensen &Potts, 2004; Pan & Zinkhan, 2006). However, although such onlinedocuments are almost never read or consulted (Arcand et al., 2007;Jensen et al., 2005; Meinert et al., 2004), their mere presence on awebsite could suffice to improve users trust in an online organization(Lauer & Deng, 2007; Meinert et al., 2004; Pan & Zinkhan, 2006).

2.1.1.3 Security and usability: impact on online trust formation

Concerns regarding unauthorized access to users personal data in or-ganizational databases could also spur users to look for an indication ofthe deployment of security technologies, such as encryption and authen-tication mechanisms, to ensure the protection of their personal data, inparticular, and their transactions, in general. Koufaris and Hampton-Sosa (2004) point out that the presence of security mechanisms signifi-

cant affect users trust in initial online exchanges. One study reveals thatsecurity features are regarded as more important than privacy state-ments in building users trust (Belanger, Hiller, & Smith, 2002). The re-searchers argue that the ease of recognizing security and the difficulty inunderstanding privacy statements could be a reason for Internet userspreference for the security feature over privacy statements.

Trust in the context of online transactions denotes that users have todeal with two trust targets: the organization as the other party in thetransaction and the technology (the website) used for the transaction.Since users are almost always deprived of flesh-and-blood encounterswith organizational representatives in online exchanges, they have to

settle for organizational websites as their primary points of contact.Similar to trusting in physical interactions, in which the trustworthiness


20/126

20



of the interactional partners may be judged according to their appear-ance, Internet users may partly base their trust in organizations on theirwebsites.

Users would be more inclined to trust organizations with websites thatare professionally designed. Professionally designed website means that

it is easy to navigate. Users tend to trust organizations with websiteshaving features that foster an ease of use experience and enable themto reach their destinations quickly (Bart et al., 2005). Chau, Hu, Lee,and Au (2007) claim that the ease of using and navigating a websitesignificantly influenced customers trust in the electronic vendor, espe-cially during the initial encounter, for instance, when customers werestill searching for information. It has been forwarded that low levels ofusability and high levels of navigation complexity could spawn technicalerrors, which could heighten Internet users feelings of distruct andeventually discourage them from engaging in online exchanges andtransactions (Flavian et al., 2006).

2.1.2 User-based determinants of online trust

2.1.2.1 Level of Internet experience and trust

The newness of the Internet implies that it still has a lot of uncharteredterritories. People who are relatively greenhorns with the said technol-ogy may have a lot of apprehensions, concerns, and insecurities thatcould significantly impact positively or negatively - their trust in thetechnology and in doing things through it. This is to say that those withhigher levels of Internet experience may have high propensity to trustthe aforementioned technology and have lesser risk concerns related tousing it, thereby increasing their tendency to engage in Internet-mediated exchanges and transactions.

Level of Internet experience can be measured in terms of the number ofyears one has been using the Internet, the number of hours spent fordoing things through the Internet, or the kind of activities one is en-gaged in online. Results of empirical studies, however, are far fromunanimous over the impact of users level of Internet experience ontheir trust in transactions with online organizations. While one studyshows that users levels of Internet experience are positively related totheir trust in online exchanges (Corbitt, Thanasankit, & Yi, 2003), it

pointed out in a couple of studies that higher levels of Internet experi-ence are associated with lower trust (Aiken & Bousch, 2006; Jarvenpaa,Tractinsky, & Saarinen, 1999), and even with higher risk perceptions(Jarvenpaa, Tractinsky, & Saarinen, 1999), in online organizations. Apossible explanation is that with higher levels of Internet experience,users may have already accumulated sufficient knowledge about possi-bilities that things could go wrong online (Aiken & Bousch, 2006).

2.1.2.2 The impact of trust propensity

Trust varies from person to another, indicating significant differences intheir propensity to trust (Mayer, Davis, & Schoorman, 1995), defined as


21/126


22/126

22



The risks inherent in online interactions and transactions depend primar-ily on what one intends to do in the digital environment. Surfing a web-site exposes one to tracking cookies, while availing an online service orpurchasing an item online could result either in monetary loss or infor-mation privacy loss as a consequence of organizational abuse of ones

personal data shared originally to complete a transaction.

As this studys interest slants towards trust within the context of e-government, the concept of risks as used in this research will focus onthe risk of information privacy loss. There are strong and valid concernsregarding online information privacy due to the high probability of per-sonal data abuse, as they are now regarded as economic commodities(Franzak, Pitta & Fritsche, 2001; Olivero & Lunt, 2004; Turner & Das-gupta, 2003). Those who collect personal data can easily succumb to thetemptation of sharing them for commercial purposes, even without theconsent of those to whom the data pertain, or such data can be effort-lessly accessed by technically competent third-parties for unknown and

illegitimate purposes.

With these risks, Internet users would certainly expect that organiza-tions that collect their data have the good intention and the ability toprotect such data. This expectation evolves into trust according to thecriteria of ability, integrity, and benevolence. When users trust in onlineorganization is present, their intention and willingness to share theirpersonal data for online transactions with those organizations are ex-pected to increase (Belanger, Hiller, & Smith; McKnight, Choudhury, &Kacmar, 2002)

2.2.2 When expected benefits trigger informationdisclosure

However, higher levels of trust in online organizations and lowered per-ceptions of risks are not the only factors that impact users intention toshare information online. Studies have shown that users also considerthe benefits they can get from their decision to disclose personal data toan online organization. Viewed from a calculus-based perspective(Laufer & Wolfe, 1977), Internet users will not hesitate to share theirpersonal data, even when confronted by a potential information privacyloss, if benefits are forthcoming (Berendt, Gunther, & Spiekermann,

2005; Norberg & Dholakia, 2003) and the estimated value of the bene-fits is greater than the appraised costs of information sharing (Culnan &Bies, 2003; Olivero & Lunt, 2004). In the case of e-government, thebenefits that can be derived are purely intangible such as the conven-ience of transacting online and the possibility to save time and energyby availing government services through the Internet.

2.2.3 Belief in the law and willingness to disclose

While most countries do not have comprehensive personal data protec-

tion laws, countries within the European Union have their own laws toensure the protection of their citizens personal information. The Euro-


23/126

23



pean Union institutionalized the protection of personal data through EUDirective 95/46 EC. In the Netherlands, EU Directive 95/46 is imple-mented through the Wet Bescherming Persoonsgegevens (Dutch DataProtection Act). Bellman et al. (2004) claims that the existence of a lawon the protection of personal data considerably impacts peoples level of

concern regarding information privacy.

A survey with respondents from 38 countries bares that users fromcountries without privacy regulations expressed greater about data er-rors and online transaction security than users from countries that haveimplemented similar regulations (Bellman et al., 2004). Such findingnurtures the assumption that if users are aware of the existence of lawsthat protect their personal information, in both online and offline set-tings, they would be highly inclined to perceived lower risks involved ininformation disclosure, thereby augmenting their willingness to shareany information about themselves for an online transaction.

2.3 Identity management systems (IdM) for

secure online transactions

2.3.1 The nature and purposes of identity manage-ment systems

Huysmans (2008) refers to identity management (IdM) systems as theinfrastructures used for the definition, designation, and administration of

identity attributes such as names, addresses, social security numbersand personal identification numbers. The systems role in the domains ofe-government and e-commerce is critical as they enable secure and reli-able access to online services (Fiovaranti & Nardelli, 2007).

Several factors have been identified as important for the implementationof IdM: reduction of the cost of the organizations system, increased ef-ficiency and effectiveness of organizational activities, improvement inthe functionality and experience (via single sign on) of Internet users,and reduction of operational risks of organizational activities (Huysmans,2008). Aside from their ability to reduce costs, identity managementsystems are platforms for the interoperability of services, which improve

the quality of service and, eventually, foster a service-economy (Fiora-vanti & Nardelli, 2007).

Within the context of e-government, the implementation of IdM systemsis motivated not only by convenience, efficiency, and accountability inonline service delivery but also by law enforcement and national security(McKenzie, Crompton, & Wallis, 2008). The second point is fundamentalsince governments have the legal duties of not only assessing whetheror not a citizen is eligible to avail a particular service and also of enforc-ing rules, regulations, and laws. Hence, it is essential that governmentagencies identify individuals beyond doubt.

The focus of many identity management systems is primarily on userauthentication (Dhamija & Dusseault, 2008). Authentication refers to theprocess of verifying the claimed identity of a principal, resulting in au-


24/126

24



thenticity, meaning that the verifier can be sure that the claimant is theone he or she claims to be (Oppliger, 1998). Authentication is deemed acornerstone of most security systems and most users interact with thesemechanisms almost every day (Sasse, 2004).

Authentication is often confused with identification, but the two are sub-

stantially distinct. While the former refers to the proving of ones iden-tity, the latter refers to the announcement or revelation of ones identity(Curtin, 2002). Methods or mechanisms for authentication are catego-rized into three: (1) something the claimant knows or knowledge-basedauthentication (passwords and PINs), (2) something the claimant pos-sesses or token-based authentication (identification cards and personaltokens), and (3) some biometric characteristics of the claimant or bio-metric-based authentication (fingerprint, iris pattern) (Oppliger, 1998;Sasse, 2004).

2.3.2 Trust and privacy concerns in identity man-agement systems

However, the benefits offered by IdM systems are countered by belea-guering concerns. It is pointed out that the success of such systems inthe marketplace depends on their ability to engender the trust of user,which is only possible if security mechanisms and the flow of informationare improved and the processes of identification, authentication, and as-sertion of credentials are simplified (Dhamija & Dusseault, 2008). Trustbecomes an important determinant in the acceptance and eventual us-age of identity management systems because of privacy concerns.

Privacy concerns are deemed significant in influencing users willingnessto trust (or distrust) in online transactions, particularly in the context ofelectronic commercial exchanges (Hoffman et al., 1999). A recent studyalso reveals that privacy issues, alongside security concerns, suffice toinhibit users from trusting e-government services, which could eventu-ally lower their intentions of availing such services (Al-Awadhi & Morris,2009).

Since IdM systems deal with the sharing of identity attributes or somepersonal data with various entities (Bhargav-Spantzel et al., 2007) andinvolve many participants who assume different roles based on complextechnologies (Olsen & Mahler, 2007), privacy becomes a crucial concern.

Cross-context exchange of attributes or data amplifies users exposureto privacy and security risks (Huysmans, 2008). Furthermore, unsecuredmanagement of such attributes could result in attacks and identity mis-use with identity information susceptible to exploitation whenever usersare required to disclose their identity attributes for authentication (Bhar-gav-Spantzel et al., 2007).

In the context of e-government, for instance, the implementation of IdMcan take privacy and/or data protection requirements into account butthese are not often considered (Huysmans, 2008). Two privacy concernsafflict identity management systems: (1) observabilityor the possibilityfor others to gain information about another; and (2) linkabilityor the

potential to link between data and an individual as well as potential linksbetween data sets that can be tied together for further analysis (Han-


25/126

25



sen, Schwartz, & Cooper, 2008). McKenzie, Crompton, and Wallis (2008)argue that the risks associated with identity management are sometimesunfairly shifted to users who are not always in the position to bear themand might not be willing to do so.

Privacy concerns in online environments, in general, are grounded onusers lack of knowledge regarding how online organizations processestheir personal data (Reagle & Cranor, 1997) and their inability to controlother entities access to their data (Hoffman, Novak, & Peralta, 1999).Culnan and Armstrong (1999) note that two privacy concerns stem fromusers inability to exercise control over the further usage of their per-sonal data once disclosed. First, unauthorized access to users personalinformation caused by security failures and the absence of internal con-trols would eventuate into privacy intrusion. Second, ease in the duplica-tion and sharing of computerized information cultivates the risks of sec-ondary usage of personal data.

Perceived risks could contribute to users reluctance to use identitymanagement systems and may result in their aversion of online transac-tions that require the disclosure of their personal data. However, withusers trust in organizations and entities behind identity managementsystems, particular in the organizations ability to protect users personaldata, risks perceptions could be reduced, resulting in users increasedintention to engage in online transactions and use identity managementsystems.

2.3.3 The case of DigiD

DigiD or Digital Identity is a system shared between governmentalagencies, which facilitates the digital authentication of the identities ofcitizens when they applying for transactions online. The use of an au-thentication system is founded on the need for authorities to confirm theidentity of the users and that no one else is acting under their names,considering that online government transactions often include confiden-tial information, thereby prompting the necessity for verification to en-sure that data transfer is handled correctly and to check whether or notthe user is eligible for a particular government service. (www.digid.nl)

A substantial number of online transactions with government agencies inthe Netherlands are already requiring users to log in through the DigiD.

For instance, out of 441 municipalities in the Netherlands, 396 munici-palities already require citizens to use DigiD before citizens can have ac-cess to their many services (www.digid.nl). Other government agenciessuch as the tax administration are also using DigiD as an authenticationsystem.

DigiD uses three levels of authentication: basic, medium, and high. Ba-sic authentication requires users names and passwords only, while me-dium authentication involves both the two items and authentication viashort message services (SMS). High level of authentication, though notyet in use, necessitates the use of tokens, such as chip cards.


26/126

26



3 RESEARCH MODELS, QUESTIONS,

AND METHODOLOGIES

3.1 Research models

The research project was anchored on a research model postulating thatseveral factors can influence citizens trust in government agencies (spe-cifically in terms of how they process and use citizens personal informa-tion). The different factors are categorized into three: system-based,institutional-based, and users characteristics. Trust, eventually, is pos-tulated to impact behavioral intentions. This model, which is a revisionof the online trust model by McKnight et al. (2002), was used as theoverarching research model for the studies on

Figure 3.1. General model for the determinants of trust in organizations and the impact oftrust on behavioral intentions

When the general model was used for this research, factors that werehypothesized to impact trust in e-government were identified and as-signed to one of the three categories. Systems characteristics includedtwo factors: website security and website usability. Institutional-basedtrust cues included privacy statements and positive organizational repu-tation, while propensity to trust and quality of previous online transac-tional experience were categorized as trustors characteristics.

Aside from trust, three other factors were hypothesized to influence per-sonal information disclosure intention expected benefits of e-government (positive influence) and perceived risks involved in informa-tion disclosure (negative influence). A third factor that could positivelyimpact information disclosure is the existence of an information privacyprotection law, a factor that falls under the category institutional-basedtrust cues. The re-specified model provided the foundation for the con-struction of the discussion guide for the focus group sessions and for thedesign of the instrument for the online survey. Figure 3.2 presents there-specification of the general model when used for this research pro-

ject.


27/126


28/126

28



3.2 Research methodologies and questions

The entire research project anchored itself on a stepwise procedure inaddressing its three central questions: what are the determinants of

trust in government organizations, what factors influenced informationdisclosure intentions, and what are the important considerations Dutchcitizens have when deciding whether or not to use or apply for DigiD.Three focus group discussions and two separate online surveys wereconducted and implemented, respectively, to collect the relevant datafor the project.

3.2.1 Focus group discussions

Twenty-three residents of two cities in the Netherlands were invited to

participate in one of three conducted focus group sessions, with two ses-sions consisting of 8 participants and another session with 7. Partici-pants were selected based on their experiences with online transactionssuch as online banking or availing of government services through theInternet. In the selection of the participants, researchers ensured thatthere would be a balance in terms of age (old vs young) and level ofeducation (high vs low).

Before the start of every session, participants were asked to complete aquestionnaire to determine their levels of trust in different online trans-actions with different types of organizations (banking, filing of incometax returns, shopping) on a scale of 1 to 10, with 1 indicating very low

trust and 10 high trust. Participants were further instructed to indicatetwo reasons for their ratings.

A standard discussion guide was used for the three sessions, which werefacilitated by one of the researchers of this study. All three sessionswere conducted in Dutch. The following topics were covered in the dis-cussion guide used, along with the sub-questions for each topic:

1. Experience with online government transactionsa. When was the last time participants transacted with a government

agency online?b. What benefits did they derive from such form of transaction?

c. What were their concerns regarding transacting with governmentagencies online?2. Experience with and knowledge of DigiD

a. What were their experiences for requesting a DigiD account?b. For participants who do not have a DigiD account, what were their

reasons for not requesting one?c. What do participants think are the advantages and disadvantages of

using DigiD to transact with government agencies online?3. Comparison of the perceived security of online transactions with gov-

ernment agencies and banksa. How would participants compare the security of their online transac-

tions with banks and government agencies?b. How would participants assess the protection of their personal data

that they disclosed for transacting with banks and governmentagencies?


29/126

29



4. Behavior related to the disclosure of personal data for online transac-tionsa. What do participants do when asked to disclose personal data for a

particular online transaction when they think the data are not rele-vant for the transaction?

5. Website cues that influence users trust in online organization transac-tionsa.What website features or elements do participants look for when es-timating the trustworthiness of websites used for online transactionswith organizations?

All three sessions were audio recorded and respondents were assuredthat their responses will not be tied to their individual identities to guar-antee them anonymity.

3.2.2 Online survey

An online survey was implemented by two research agencies located inAmsterdam (Ruigrok Net Panel) and Zwolle (ADV Market Research) forapproximately three weeks to collect the necessary data. The said onlinesurvey generated a total of 2,202 completed online questionnaires 1,046 from the first agency, and another 1,156 from the second group.

The survey instrument was divided into three major sections. The firstsection contained items pertinent to the study on the determinants oftrust in government organizations in terms their processing and usage ofcitizens personal information, while the second section was apportionedfor items that aimed at measuring the determinants of citizens intentionto disclose their personal information for online transactions with gov-ernment organizations. The third section of the instrument containedquestions relevant for investigating the factors hypothesized to influenceusers intention to continue using, use, and apply for DigiD.

Some of the items for the studies on the determinants of trust in gov-ernment organizations and Internet users intention to disclose personalinformation for online government transactions were derived from exist-ing validated instruments, while a number of items were newly formu-lated specifically for the aforementioned studies. It should be noted thatmost of the items that were included for the variables perceived risksinvolved in information disclosure, expected benefits of e-government

services requiring information disclosure, perceived problems in usingDigiD, and perceived advantages of using DigiD were sourced out fromthe comments given during the focus groups sessions conducted duringthe first and second week of December 2009 in accordance with thestepwise procedure the research project is rooted on.

For a number of variable in the research instrument, a six-point Likertscale was employed (with 5 indicating strongly agree, 1 strongly dis-agree and 0 for no idea), while for some constructs a five-point Likertscale was used (with 5 indicating strongly agree and 1 strongly dis-agree). For the construct trust in government organizations, a 10-pointLikert scale was used with 10 representing very high trust and 1 very

low trust.


30/126


31/126

31



2. Internet users trust in government organizations necessitating the usage of DigiD positively impacts their intentionto continue using, use, or apply for DigiD.

3. Internet users perceptions of the advantages of usingDigiD positively impact their intention to continue using,

use, or apply for DigiD.4. Internet users perceptions of the problems in using DigiDnegatively impact their intention to continue using, use, orapply for DigiD.


32/126

32



4 E-SERVICES AND DIGID: FOCUS

GROUP RESULTS

4.1 Demographic information of FGD partici-

pants

The selection of the participants for the focus group discussion was alsohinged on the rationale of having a balance in the number of participantscoming from demographic clusters of age, gender, and education. How-ever, the ideal balance was not entirely achieved with some demo-graphic clusters having more representatives than others.

There were more male respondents than females, while those withhigher levels of education outnumbered those with lower levels of edu-cation. In terms of age, participants were almost equally distributed, al-though the youngest and the oldest age groups still had more represen-tatives than those clusters in the middle. Shown in Table 4.1 is a sum-mary of the distribution of the FGD participants in the different demo-graphic clusters of gender, age, education, and level of Internet experi-ence.

Table 4.1. Distribution of FGD participants in different demographic clusters

Demographic characteristics Freq. %

Male 15 65.22GenderFemale 8 34.78

20 29 years old 6 26.0930 39 years old 3 13.0440 49 years old 4 17.3950 59 years old 4 17.39

Age

60 years and older 6 25.09Low (HAVO, VMBO) 7 30.43Middle (MBO) 5 21.74

Education

High (WO, HBO) 11 47.83Less than 2 years 0 0.00

2 to 5 years 1 4.356 to 9 years 7 30.4310 to 13 years 8 34.78

Internet Experience

14 years or more 7 30.43

TOTAL 23 100

4.2 Experience and trust in online transac-

tions


33/126

33



Results of the small-scale questionnaire FGD participants filled out re-veal that most of them have high levels of experience with online bank-ing and online shopping and relatively sufficient experience with onlinefiling of tax returns, but not so much with transacting online with othergovernment agencies. Presented in Table 4.2 is a summary of the par-

ticipants levels of experience with various online transactions.

Table 4.2. Participants level of experience in various forms of online transactions.

Online TransactionsMean

(1 no experience /

5 much experience)

Online shopping 3.48Online banking 4.43Online municipal services (e.g. passport application) 2.87Online filing of tax returns 3.09

In terms of their levels of trust in various online transactions, almost all

participants trusted online banking, except for one who claimed not us-ing it due to lack of trust in such method of banking. Their levels of trustin online municipal transactions, online filing of tax returns, and onlineshopping were also relatively high. Table 4.3 shows participants ratingson the trustworthiness of various online transactions, on a scale of 1 to10 (1: not very trustworthy / 10: very trustworthy) and the percentageof participants who claimed to be using a particular service.

Table 4.3. Participants ratings on the trustworthiness of various online transactions.

Online transactions% of users among partici-

pants(N=23)

Mean

Online transaction with municipalities 83 7.84Online transaction with the tax ad-ministration

78 7.67

Online transaction with banks 96 8.95Online transaction with Internetshops

91 7.14

Participants who gave high trust ratings for their transactions with gov-ernment agencies, both for requesting government services and filingincome tax returns, cited that they believed government agencies willdeal with their transactions correctly.

I trust that the municipality has arranged/ organized it well.Ik vetrouw erop dat de gemeente dat goed geregeld heeft. (Participant No. 6)

Those who claimed to trust their transactions with their municipalitiesand tax service office also attributed their trust to their positive experi-ences with and knowledge of such transactions. This confirms the asser-tion that people are often willing to trust those who did not fail them be-fore (Sztompka, 1999) and further validates previous findings that us-ers satisfaction with their previous transactions with organizations con-tributed to their trust in those organizations (Casalo, Flavian, & Guinaliu,2007; Flavian, Guinaliu, & Gurrea, 2006; Yoon, 2002).

I have experience with and knowledge about online transactions with govern-

ment agencies.


34/126

34



Ik heb ervaring en kennis met online transacties met overheden. (Participant No.8)

So far, everything always went well

Tot nu toe is het altijd goed gegaan. (Participant No. 11)

I do not have bad and negative experiencesIk heb geen slechte en negatieve ervaringen. (Participants No. 14, 15, & 21)

However, there were also participants who expressed lack of trust inonline transactions with government agencies, especially transactionsthat required users to disclose personal data. Low trustworthiness rat-ings were justified by apprehensions ranging from a belief that collecteddata will be used for purposes outside of the real reasons for their col-lection and the ease of connecting them with other digital data accessi-ble elsewhere for profiling.

I have the feeling that the municipality does more with the personal data thanwhat they are meant for.

Gevoelsmatig het idee dat de gemeente meer doet met de gegevens dan waarvoorbedoeld zijn. (Participant No. 9)

Personal data can be easily linked

Gegevens kunnen hier makkelijk gekoppeld worden. (Participant No. 2)

Except for one who has not done online banking, all participants gavehigh trust ratings for their online transactions with banks. Their positiveexperiences with online banking are often cited as the main reasons fortheir high levels of trust in the aforementioned transaction.

I do my banking exclusively through the internet, nothing has ever gone wrong

yet.Regel bank zaken uitsluitend via internet, het is nog nooit fout gegaan. (Participant No. 1)

I have been using internet banking for years and nothing has ever gone wrong. Ik zit al jaren op internetbankieren er is nooit iets mis gegaan. (Participant No.

11)

I never had any problems

Ik heb nog nooit problemen gehad. (Participant No. 21)

Participants also emphasized the importance of effective security tech-nology for online banking as crucial in enhancing their trust in doingbusiness with banks through the Internet. Ones feeling of security inusing online banking also contributed to ones trust in such form oftransaction.

I trust that the bank takes security very seriously.

Ik vertrouw dat de bank de veiligheid zeer hoog in acht neemt. (Participant No. 6)

My bank uses security technologies.

Mijn bank gebruikt beveiligingsmethoden. (Participant No. 9)

Online banking gives me a safe feeling (Participant No. 22)

Bij online banking krijg ik een veilig gevoel


35/126

35



A number of participants also believed that banks will do whatever isnecessary to be trustworthy. This appears to echo the claim that failureson the part of organizations to fulfill their intentions would inevitably re-sult in the depreciation of their reputations (Herbig, Milewicz, & Golden,1994), which would most likely obliterate clients trust in organizations

and negatively impact their intentions to transact with those organiza-tions.

A bank does a lot to ensure that everything works well.

Bank doet er veel aan om te zorgen dat alles goed werkt. (Participant No. 15)

A bank must do everything they can to be trustworthy.

Bank moet er alles aan doen om betrouwbaar te zijn. (Participant No.21)

Competition between banks makes a mistake a catastrophe.

Concurrentie tussen banken maakt fout catastrofaal. (Participant No. 4)

It is, however, remarkable that a number of participants considered

convenience and necessity as factors influencing their trust in onlinebanking, since empirical studies on the determinants of trust in onlinetransactions do not consider those factors as contributors to the forma-tion of online trust. Instead, convenience and necessity, alongside trust,should be categorized as factors contributing to a persons intention totransact online.

It is easy and fast.

Het is makkelijk en snel. (Participants No. 12, 14 & 23)

Easy and the bank will be on its guard with the data.

Gemakkelijk en de bank zal waakzaam zijn met de informatie. (Participant No. 7)

It is easy and necessary.

Het is eenvoudig en noodzakelijk. (Participants No. 16 & 20)

Convenience also emerged as an important factor for participants trustin online shopping.

Everything is cheaper and processed properly.

Alles is goedkoper en goed afgehandeld. (Participant No. 7)

Fast and a broad selection, more than in the [regular] shop.

Snel en veel keus, meer dan in de winkel. (Participant No. 20)

Nonetheless, online shopping could not really claim the complete trust ofparticipants. Although, buying online is considered convenient, issuesregarding how customers personal data will be used once shared tocomplete an online purchase also surfaced. Participants also believedthat security mechanisms in online shopping are not adequate.

The result was good but what will happen with the data?

Het resultaat was goed, maar wat gebeurt er met de gegevens. (Participant No.19)

Less security on the website.

Minder beveiliging op website. (Participant No. 13)


36/126


37/126

37



Nevertheless, there were those who strongly believed that divulging per-sonal data to avail of government services online can be risky as it isimpossible to know the system behind the collection and storage of theirpersonal data. Anxiety related to the protection of personal data shared

to government agencies could have a detrimental effect on users inten-tion to use electronic government services, as users will have to disclosesome personal data before they can avail of a particular governmentservice.

I do not know what kind of system is behind it..

Ik weet niet wat voor een systeem daar achter zit. (Participant No. 21)

The [electronic] patient record is also not safe. How would you know that it [in

formation] will be safe with government agencies? There have been complaints

about that. I would prefer that they dont have my personal data. Simply because it

is private. I dont want government agencies to know everything about me.

Dat patientendossier is ook niet veilig. Hoe weet je dan dat het bij de overheid wel

veilig is? Daar zijn ook wel klachten over geweest. Maar ik heb liever niet dat zehet hebben. Gewoon omdat het priv is. Ik wil niet dat de overheid alles over mij

weet. (Participant No. 22)

Another apprehension regarding online transactions requiring the disclo-sure of personal data is the possibility for external parties to acquire un-authorized access to users data. This concern was also emphasized in arecent study that indicates that beliefs in the inadequate security of e-government services spur Internet users to suppose that their personaldata once disclosed online would be threatened and could be altered ormisused by hackers (Al-Awadhi & Morris, 2009).

Digitally, there can be break-ins, hacking. And then they have all the data.

Digitaal kan er worden ingebroken, hacken. En dan hebben ze alle gegevens.(Participant No. 17)

Although most FGD participants admitted to have transacted with gov-ernment agencies online, considering the benefits of online transactions,there were those who preferred to go to the offices of the governmentagencies whose services they wanted to avail of, instead of requestingfor such services through the Internet. The need to be assured that initi-ated transactions will be dealt with primarily influenced participantspreference for transacting through the government agencys physicaloutlet over its electronic channel.

You do not know exactly what they will need. It says so [on the site], but imagineyou send it in and it is not complete, a lot of time will be lost unnecessarily. If you

` go to the municipal office, you know that everything is arranged right away.

Je weet niet precies wat ze allemaal nodig hebben, het staat er allemaal wel,maar straks stuur je het in en is het niet volledig en dan gaat onnodig veel tijd ver-

loren. Als je naar het gemeentehuis gaat, weet je dat het gelijk geregeld is.(Participant No. 12)

The lack of physical presence also apparently inhibited some participantsfrom engaging in electronic transactions with government agencies. Oneparticipant even accentuated that she would fee

Documents

Citizens' Trust in Dutch Government and DigD