The civil register of Bosnia and Herzegovina was introduced to enable citizens to obtain their breeder documents in any municipality rather than just the one in which they were born. The introduction improves the security levels in national identity management and increases the efficiency of government administration. Citizens also benefit from the civil register by saving time and money. Finally, the civil register provides a secure basis for the introduction of future e-government services in Bosnia‑Herzegovina, as Dragan Mioković and Alexander Ristić explain.

Bosnia and Herzegovina is a country located on the Balkan Peninsula in Southeast Europe. Its capital and largest city is Sarajevo. Bosnia and Herzegovina has an area of 51,197 km2 and a population of 3,871,643 (2014 census). The sovereign country of Bosnia and Herzegovina consists of two political entities: the Republika Srpska and the Federation of Bosnia and Herzegovina (FBiH), which was formed when the Bosnian War was ended by the Washington Agreement of March 1994.

History of the Bosnia and Herzegovina’s civil register
Before the 1950s, records on births, marriages and deaths in the territory of today’s Bosnia and Herzegovina were kept in religious books and the entries of these records were carried out by religious officials. The records were entered manually, usually in a descriptive manner. As there was no standardised way of writing the entries, the content of these books differed greatly.
 The religious books containing the records were kept in the archives of the Catholic Church, the Orthodox Church as well as the Islamic Community of Bosnia and Herzegovina. Transcripts from these books, although very diverse in their form and content, were used by the citizens as official documents with which they could prove their legal identity and resolve their legal issues.
 Several years after the Second World War, the former Socialist Federal Republic of Yugoslavia, of which Bosnia and Herzegovina became a part, assumed the authority over the civil registers. Although religious institutions were not forbidden from keeping their records, these were no longer regarded as official records. Only the records entered and kept by the state were considered to be valid in legal dealings.

In all six Yugoslav federal units, including Bosnia and Herzegovina, local municipalities were by law assigned with the management of civil records. Special organisational units called ‘register offices’ were established within every municipality. All civil records were entered into and kept in register books which were permanently stored in the register offices. Records of births, marriages and deaths were created here as well as the special record of citizenship. Transcripts from these civil registers were used by the citizens in order to prove their legal identity. They also served as a basis for applications for personal documents such as ID cards and passports and later also for obtaining driving licences. 

At the time, both the structure and the contents of civil registers were standardised in municipalities in Bosnia and Herzegovina. The records were kept manually and managed in accordance with the place of birth, marriage and death. The law stipulated that transcripts from any of these records could only be issued by the municipality in which the register book was physically kept. On the level of Bosnia and Herzegovina, there was no central register of any kind of all the records entered in the register books that were kept and stored by individual municipalities.

Present day
Since the 1992‑1995 war, the public administration of Bosnia and Herzegovina is completely different. Nowadays, the state consists of two entities, the Republika Srpska and the Federation of Bosnia and Herzegovina (FBiH). The State Parliament of Bosnia and Herzegovina assigned the two entities with the management of and authority over the civil registers. The FBiH entity is administratively organised on three levels: on a municipal level, on a cantonal level and on the level of the entity. The entity consists of 78 municipalities and the city of Mostar which administratively belongs to one of the 10 cantons.

Following the decision of the State Parliament, and as part of the integration process towards EU membership, the FBiH parliament decided that its Ministry of the Interior had to put a civil register in place by 12 May 2014. Parliament passed the new Act on the Register of the Federation of Bosnia and Herzegovina in April 2012. The act was prepared by the FBiH Ministry of the Interior and came into force on 12 May 2012. The legal deadline for implementation of the Act was two years.

Authority over civil registers
According to this act, which represents a complete reform of the management of the civil registers, the authority over the management of civil registers lies with the municipalities. The main challenge in this process was establishing a new civil register: an electronic database containing the records of all register books kept in the FBiH. With the establishment of such a civil register, citizens of the FBiH are able to obtain transcripts in any of the municipal register offices in the FBiH. 

Why is a civil register required?
The purpose of a civil registration system is to create and maintain one or more data sources that provide legal documents that establish and protect the civil rights of data subjects. A data subject in this context refers to an individual whose personal information is processed for the purposes of the civil registration system. The civil registration system establishes all institutional, legal and technical prerequisites for carrying out the registration of the population in a technically correct, coordinated and standardised manner, taking into account the cultural, social and administrative circumstances of the country.
 The main idea behind the central system has been to combine the different databases and data sources in the country. The central system gathers the data from the existing databases which are then stored in and can be accessed from the central system. In future, the central system will be the only central database in the country.
Some of the databases of which the data can now be electronically captured, maintained and queried are:
• The register of births.
• The register of citizens.
• The register of marriages.
• The register of deaths.

Identity aspect for administration
The legal identity of a person entitles them to protection by the legal system and they can ask state institutions to protect their rights. A person’s legal identity can be proven by the presentation of official documents issued by the government. 

Cost-effective public management
In order to fulfil its duties, the state needs to have certain information about its citizens. A lack of accurate details of the citizens’ habitual residence would make the provision of various public services such as issuing identification and travel documents complicated and inefficient.

Travel and identification documents
Travel and ID documents are usually issued on the basis of civil register records. If the issuing authorities are able to access the register via a computer network, such documents can be issued by any registration office in the country. This is an example of efficient use of the data stored in the civil register.

E-government services
A central register system is the basis for establishing various types of e‑government services. E-government services could include:
• Online completion of tax returns.
• Online access to different government services.
• Electronic forms which can be submitted online.
• An electronic signature.
• An online platform for administrative decisions.
• Online help via various government portals.

Replication of existing data in the central register
It is important that the data responsibility and data sovereignty lie with one single entity. This is usually the entity at the level where the data are captured first. Other levels, departments or authorities only have read‑only access to the data in order to prevent unauthorised changes. This is to ensure that all changes and modifications are controlled by the authorised entity.
 The usual process is that the municipality or another institution captures all data and creates the record. This record is then replicated at a cantonal level and subsequently submitted to the central database. If required, other authorities can then obtain read‑only access to the record as well.

The replication process in detail
The central register provides a web interface that accepts data from regional systems and accumulates these data for individual queries and reports. End‑user authentication and authorisation will continue to be handled by the regional systems. However, the central register authenticates each individual regional system using cryptographic certificates (SSL client certificates), only accepts data from authorised systems. This means that no region can submit data or make changes to the central register on behalf of other regions. 
 Data manipulation is further controlled by recording the entire data history. For instance, when regional systems delete or change data, these actions are recorded by the central register and kept permanently together with the original data. Authorised users of the central system can audit these changes or do forensic analyses in case of suspicious activity. The central register in turn authenticates itself to regional systems via cryptographic certificates (SSL server certificates) to prevent unauthorised capture or modification of data. All communication is encrypted.

Authentication
There are several ways to administer the users of the various authorities who have access to the central register. The most effective methods allow local administration as it prevents unauthorised persons from gaining access through fake help desk requests known as ‘social engineering’. An effective method should therefore provide for the delegation of administration. Authorisation should be handled by the central register based on configurations maintained in the active directory. Users can be authorised to access data based on their role and the region they belong to.

Backup concept
All data stored in the registers will be additionally stored in backup systems. Not only does this provide data protection, but it also ensures operational continuity of the whole system, as the backup system can take over in case the main system fails.

Event tracking
For security and data protection reasons, it is important to include a system which tracks new entries, changes to the data and any other modifications. Therefore, the central system records and stores all these events by tracking: 
• When data were entered.
• When the data were changed.
• What data were changed.
• Who modified the data.

With the described user rights management procedure, a high level of security can be achieved.

Legal implications
Establishment and efficient operation of the central registers require new legislation and/or the amendment of existing laws. These laws must regulate the collection, processing, storage, updating, issuing and protection of personal details, provide a legal framework for the operation of the central register and describe the rights and obligations of persons and civil registrars in the country.

Central register data architecture in Bosnia and Herzegovina
Data ownership:Primary data include all the information about a person, i.e. data stored in the register books. Changes to primary data can only be made by the respective municipality that owns and administers the data. 
This is the municipality in which a person is born. Changes requested by other authorities (such as name changes requested by a ministry) have to be entered by the municipality.

figure 1.
Bottom‑up replication.

Replication of primary data:Bottom‑up replication of primary data was implemented as follows: municipalities submit data to the cantons, and cantons submit data to the central system and the backup site. As shown in the architecture in figure 1, each canton sends modifications to both the central site and the backup site. 
The Federation of Bosnia and Herzegovina consists of 79 municipalities and 10 cantons. In total there are 400 civil registrars (municipal employees) using this system.
In all scenarios each municipality stores only the data it owns, each canton stores all data from its municipalities and the central site stores all data.

Application access to data
Register applications only have direct database access to the local database at the same site. If a user of an application needs access to the data that are not stored in the local database, the application will contact the application at the central site and request the data via an XML-based web service. Information about data access, printing of forms (e.g. birth certificates) and other usage data will be stored in the central database and replicated down to municipal level.

Access to data of other municipalities
When users from one municipality need access to data that are owned by another municipality, their local application must contact the central site’s application server via web services. If the central site is not available, the backup site must be accessed automatically by municipal servers. As long as either a server at the central site or the backup site is operational, all data requests from municipalities can be dealt with.

Conclusion
In summary, establishing a central register has the following benefits:
• It protects the rights and freedoms of citizens.
• It collects, processes and stores the personal details of individuals.
• It enables the government to produce statistics on the country’s population.
• It increases government efficiency and helps implement government policy.
• It helps law enforcement and control authorities perform their duties.
• It integrates all civil registration entities into one common information system with centralised storage and ensures real-time renewal of registration data.
• It provides a basic platform for additional e-government services.