The Authentication of Information in Egovernment in Administrative Law in Poland

The process of authentication of information is connected with the transfer of information in e-government. Provisions of e-government regulate the rights and obligations of participants in this process. These provisions are expressed in national and in European law. These participants are providers of authentication of information. The process of authentication of information is only partially unified, because of implementation of the provisions of European law. Means of authentication of information in e-government are necessary to determine the identity of the sender of information. There are types of means of authentication of information. They are ranked in order from largest to smallest degree of security of information. These types include: the qualified means of authentication of information, the public website and the private website. The type of means of authentication of information is coherent with the type of transferred information and the type of recipient of the information. Keywords: authentication of information, e-government, administrative law, Poland


I. THE PROCESS OF AUTHENTICATION OF INFORMATION
The process of authentication of information covers factual actions.Providers of authentication of information take these actions to verify the identity of the sender of the information and to associate this information with the sender.This process is related to transfer of information, which is the key element of e-government.The process of the authentication of information is strictly connected with ensuring the security of information and to counter accidental events or unlawful or malicious actions that compromise the availability, integrity and confidentiality of transmitted information 1 .DOI: 10.1515/wrlae-2018-0017 *Author is PhD, assistant professor at Faculty of Law, Administration and Economics, University of Wrocław, maciej.blazewski@uwr.edu.pl 1 A wider range of the security of information is expressed in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC [2016] OJ L 119/1, hereinafter g.d.p.r.According recital 49 g.d.p.r.personal data shell be stored or transmitted according to ensuring the security of information includes resist accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality.[Vol 7:2   The purpose of the process of authentication is providing security of the transfer of information 2 .Authenticity is in fact one of the characteristic elements of security of information 3 .The process of authentication refers to the two most complex levels of electronic communication involving the mutual transmission of information between two entities of the e-government.These levels include two-way interaction and transaction.The two-way interaction means the collecting of information, downloading and returning the completed templates of documents.Transaction means full electronic handling of proceedings, including the administrative proceedings 4 .
The principle purpose of the process of authentication is verification of the sender of information.The verification covers each of the three directions of electronic communication, including the internal direction -G2G (government to government) and external direction -G2C (government to citizen) and G2B (government to business).The external direction involves the exchange of information by a non-public entity to a public authority as well as by a public authority to a non-public entity 5 .According to Kinga Telecka, exchanging of information involves the transmission of information from public authorities and public entities to a non-public entity and from a nonpublic entity to public authorities and public entities.Kinga Telecka, 'Skuteczne doręczenie elektronicznych dokumentów i oferty w postaci elektronicznej zamawiającemu będącemu podmiotem publicznym '[Efficient delivery of electronic documents and offers in electronic form to the public contracting entity] ( 2011

II. LEVELS OF THE PROCESS OF AUTHENTICATION OF INFORMATION
The process of authentication takes place at the national level and the European Union level.It depends on the types of providers of authentication of information.
Public authorities and other public entities could be providers of authentication of information at the nation level in Poland.They verify the identity of the sender of information by Polish law.The national level refers to the provisions expressed in universally binding law (act of law 6 , executive regulations 7 and local law 8 ).They specify the authenticity of information between each type of provider of authentication of information, in all directions of communication.Acts of internal law also specify the verification of the identity of the sender in the direction of G2G, at national level.The provisions at national level unify requirements for the authenticity of transfer of information between entities in Poland.For example, there is the requirement to use qualified means of authentication of information and public websites such as the electronic public administration platform, abbreviated as ePUAP 9 .However, the unification is partial.The provisions 6 Provisions in acts on the process of authentication of information in the e-government are expressed, inter alia, in a.c.a., and in the Act of 5 September 2016 on trust services and electronic identification (Journal of Laws, item 1579), hereinafter a.t.s. 7Provisions on the process of authentication is expressed in ordinances, which regulate the functioning of IT systems of the exchanging information (inter alia: the Ordinance of the Minister responsible for Computerization of 5 October 2016 on the trust profile of an the electronic public administration platform, Journal of Laws, item 1633, hereinafter o.t.p.) and the registration of information (the Ordinance of the Minister of Infrastructure and Construction of 23 February 2016 on maintain registers of the applications of the construction permit and the construction permits and registers of construction notification referred to art.29 item 1 point 1a, 2b and 19a of the Act of the Construction Law, Journal of Laws, item 306, hereinafter o.r.c.p.; the Ordinance of the Minister of Finance of 18 September 2006 on the maintenance of the register of insurance intermediaries and the way of making information available from this register, Journal of Laws, No. 178, item 1316, hereinafter o.r.i.i.). 8Provisions on the authentication may also be expressed in local acts, including in resolutions of the council of a local government on the principles and procedure for conducting a public consultation, if these consultations are conducted with electronic means of communication.See art.5a item 2 the Act of 8 March 1990 on commune self-government (consolidated text Journal of Laws 2016, item 446 with amendments), hereinafter a.c.s.g.; art.3d item 2 the Act of 5 June 1998 on county self-government (consolidated text Journal of Laws 2016, item 814 with amendments), hereinafter a.p.s.g.; art.10a item 2 the Act of 5 June 1998 on voivodship self-government (consolidated text Journal of Laws 2016, item 486 with amendments). 9According to art.16 item 1-1a a.c.a., a public entity, which is obliged to provide transmission of data in electronic form, should also provide an ePUAP electronic mailbox.The issue of unifying of the exchanging of the information is presented inter alia by Wojciech Rafał Wiewiórowski, 'Rewolucja 2010?Czy nowelizacja ustawy o informatyzacji może pchnąć polski e-government na nowe tory?' [Revolution 2010?Can the amendment of the law on computerization push e-government in Poland on new tracks?](2010) 2 Czas Informacji 32.  also define the other means of authentication of information.They differentiate them depending on the IT systems 10 .
Public authorities and public entities of others the Member States are providers of authentication of information at the European Union level.They have an obligation to accept qualified means of authentication of information from the other Member State.The European Union's provisions regulate the transmission at the European level.They concern the transmission of information in the G2G direction, including between supervisory authorities as well as in G2C and G2B direction between the non-public entities or persons and the controller of authentication of information.These provisions harmonize the requirements for the authentication of information.The harmonization concerns, inter alia, qualified means of authentication of information, which should be recognized in all Member States.

III. PROVIDERS OF AUTHENTICATION OF INFORMATION
There are four types of participants in the process of authentication: the entity sending information, the controller of authentication of information, certificates provider and supervisory authority.All of them are providers of authentication of information.Each of these entities performs specific obligations.Their obligations are directly or indirectly related to verification of the identity of the user of the e-government.The providers of the direct authentication of information are: the entity sending information and the controller of the authentication of information.The providers of the indirect verification of the identity are: certificates provider and the supervisory authority.
The entity sending information is the public authority or public entity, in case of the internal direction of communication.It could be also the user of the e-government, in the case of the external direction of communication.The entity sending information is obliged to use lawful means of authentication of information in order to make a legal effect of the action.
The controller of authentication of information is the addressee of the information.It could be the public authority or other public entity.This authority or entity can verify the identity of the person who sends the information through the public IT system 11 .The control also includes verifying whether the sender has applied the required means of authentication of information 12 .The user of the e-government, who is the addressee of the information, also verifies the sender's authenticity.This entity should verify that the appropriate means of authentication of information is used during the transferring of information. 10IT systems, which maintain public registries, use separate means of authentication of information -other public websites. 11The controller of authentication of information may verify the identity of the sender of that information through a IT system.This IT system ensures the functioning of the public website.The IT system may, inter alia, generate a password and login to an electronic account, which is maintained through this system.See § 3 item 2 o.r.c.p. 12 Provisions regulating the exchanging of information expressing required type of means of authentication of information.

2017] THE AUTHENTICATION OF INFORMATION IN E-GOVERNMENT IN ADMINISTRATIVE LAW IN POLAND 62
The certificates provider shall issue a qualified certificate.This certificate verifies a qualified electronic signature and a qualified electronic seal.The entity sending information, including the user of the e-government, could be the certificate holder 13 .The certificates provider should confirm the data, which enables the verification of the qualified electronic signature and the qualified electronic seal 14 .It is also obliged to document activities of data protection and users of the e-government 15 .The certificates provider is also required to inform the supervisory authority of its activities 16 .
The supervisory authority carries out supervision of the activities of the controller of authentication of information and the certificate provider 17 .The supervisory authority is obliged to control the activities performed by other providers of authentication of information.It also controls IT systems which enables the authentication of the information.
The supervisory authority, such as the minister responsible for Computerization, controls the certificates provider through the auditor and observers 18 .The means of supervision over the activity of the certificates provider, includes inter alia: the decision on requesting the immediate revocation of a qualified certificate 19 , the decision imposing an obligation to remove the identified non-compliance with the provisions on trust services 20 , the decision to obligate to withdraw a qualified status of provider of a trust service or a qualified status of a provided trust service 21 , as well as calling the qualified provider of a trust service to correct his actions 22 .
The province governor is a supervisory authority over IT systems, which are carried out by local government units and their associations, selfgovernmental legal entities and other self-government organizational units.The government administration authority has a function of the supervisory authority over IT systems, which are carried out by a public authority subordinate to or supervised by this government administration authority.The minister responsible for Computerization is the supervisory authority over IT systems, which are carried out by other public entities 23 .Special provisions express other competencies of these supervisory authorities, inter alia application of the means of supervision 24 .

IV. MEANS OF AUTHENTICATION OF INFORMATION IN E-GOVERNMENT
The means of authentication of information in e-government are varied depending on the degree of security of information.There are types of means of authentication of information and they could be ranked in order from largest to smallest degree of security.These types include: the qualified means of authentication of information, the public website and the private website.The means of authentication of information is connected with all directions of communication, including G2G, G2B and G2C.
The qualified means of authentication of information are, inter alia, the qualified electronic signature and the qualified electronic seal.Both of them are verified by a qualified certificate 25 .This qualified certificate is issued by a qualified provider of trust service, who is a certificates provider 26 .The qualified electronic signature and the qualified electronic seal allow to verification of identity.Therefore, they bring legal effects for the action, which should be accepted by public authorities and other public entities 27 .
The other means of authentication of information is a public website.It allows transfer of the information in internal and external directions.The primary public website is the electronic public administration platform, called ePUAP 28 .This electronic platform provides authentication with an electronic signature confirmed by an ePUAP's trusted profile 29 .
The aims of other public websites cover collecting and publishing information through public authorities and other public entities.Transmission of the information, which is relating to authentication, is a secondary objective.Such public websites are based on IT systems, and are related with maintaining a public register.These IT systems ensure the functioning of public records.They should enable the identity and authentication of the person performing the transfer of information, including: making and changing of the registry entry 30 , or filling other data 31 .The transmission of 25 According to art.18 item 1 a.t.s. 26Art.14 a.t.s. 27Detailed provisions express when it is possible to use a qualified electronic signature.This signature is required, inter alia in administrative proceedings (art.33  § 2a, art.33  § 2a, art.54  § 2, art.63  § 3a point.1, art.76a  § 2a, 107  § 1, art.124  § 1, art.217  § 4, art.238   information also takes place through IT systems, which ensures the functioning of a public authority or other public entity 32 .They enable identification and authentication of the user of the public website.The user should have received a unique identifier, a user ID, and an identification certificate 33 .Public authorities and other public entities also transfer information to external entities through private web portals.Transmission of this information takes place in the external direction (G2B and G2C).A citizen or an entrepreneur may request for access to data by providing its email address 34 .

CONCLUSIONS
Transmission of information is related with the authentication of information.The process of authentication is a complex series of activities performed by various providers of authentication of information.They communicate in internal or external directions.The process of authentication takes place at national and European Union level.Provisions differentiate entities and means of authentication.These differences are due to the level of security of this information.At the European Union level, the authentication has been unified in a way to ensure greater security related to the transmission of information.For this reason, there has been a change in the provisions on the means of electronic communication.At the national level, the authentication has been significantly diversified.This affects the differences in the means of electronic communication.
§ 1 the Act of 14 June 1960 Code of Administrative Procedure, consolidated text, Journal of Laws 2016, item 23 with amendments) and the acts of self-government (art.68 item 1d a.c.s.g.; art.58 item 5 a.p.s.g.).The qualified electronic signature and the qualified electronic seal are accepted by the public authorities and other public entities in Poland and in all Member States.Art. 25 item 3 the Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC [2014] OJ L 257/73. 28 1 o.t.p.SeeWiewiórowski (nb 9) 30. 29Art. 3 point.15 a.c.a.See Sebestian.Paweł Zalipski, 'Są nowe akty wykonawcze do informatyzacji, czyli ePUAP-ką po łapkach' [There are new executive acts for computerization, that is ePUAP] (2011) 2 Czas Informacji 75.See alsoTabor (nb 2) 79. 30 § 2 o.r.i.i.; § 3 item 4 point. 1 the Ordinance of the Minister of Economy of 10 May 2013 on the registration of trade in strategic goods (Journal of Laws, item 619). 31 3 item 5 the Ordinance of the Minister of Health of 14 June 2005 on method of maintain a register of blood donors (Journal of Laws 2005, No. 109, item 918 with amendments); § 3 item 1 o.r.c.p.; § 3 point.1 in conjunction with § 2 point. 1 the Ordinance of the Minister of Agriculture and Rural Development of 2 August 2016 on the conditions of transmission and entry of information to a central database (Journal of Laws, item 1262); § 1 the Ordinance of 2017] THE AUTHENTICATION OF INFORMATION IN E-GOVERNMENT IN ADMINISTRATIVE LAW IN POLAND 64 ) 1 Czas Informacji 26.See Szewc (nb 4) 116.
Worldwide science also describes the directions of e-administration in a similar way.See Subhash Bhatnagar, E-Government: From Vision to Implementation -A Practical Guide With Case Studies (Sage Publication 2004) 19; Jeffrey W. Seifert, 'A Primer on E-Government: Sectors, Stages, Opportunities' in Rachel B. Ventura (ed) E-government in High Gear (Nova Science Publishers, Inc 2008) 104.