**5. Context of the study**

190 Security Enhanced Applications for Information Systems

Glaser (1992) and Strauss and Corbin (1990) differed on the role of the literature review as an influence on the methodology. Glaser (1992) believed that specific reading related to the area under study before or during data collection could strongly influence the emerging theory, thus, it should not be reviewed until the theory begins to emerge. While Strauss and Corbin (1990) believed that the researcher will come to the research area with a background about the relevant literature which is a basis of professional knowledge and it is important to acknowledge and use it, as will be discussed in the next section. They believe that some understanding of the research area through the literature review will enhance the theoretical

However, Grounded Theory has been presented as a general methodology applicable for both qualitative and quantitative studies (Strauss and Corbin 1994). Strauss and Corbin (1998, p.27) stated that "briefly, we maintain that the aim of theorizing is to develop useful theories. So, any methodology, whether qualitative or quantitative, is only a means for accomplishing that aim. We do not believe in the primacy of either mode of doing research" The study related in this chapter adopted Grounded Theory methodology to develop a substantive theory for the adoption of biometric authentication in m-government security in Saudi Arabia. In particular, this study followed Strauss and Corbin's (1990) approach as it allows researchers to take into account previous relevant theories and literatures to help gain insights into the data. It also provides extensive guidance and a comprehensive framework for researchers, while, Glaser's approach is much less structured. Further

justifications for the use of Grounded Theory are provided in the following section.

in m-government which are mobile users, service providers, and network operators.

According to Goulding (2002), the usefulness of the application of Grounded Theory appears where there is a lack of integrated theory in the literature. From the initial literature review provided in the earlier in the chapter, it can be noted that there was a lack existing theories regarding the utilization of biometric authentication and mobile government security, especially which might be applied in developing countries such as Saudi Arabia. Combining this finding with the main application of Grounded Theory for investigating actualities in the real world, the researchers use Grounded Theory to develop a substantive theory that describes how biometric authentication can play an integral role in providing secure mgovernment services by investigating the phenomenon within the real world entities involved

Moreover, comparing with other qualitative analysis methods, Grounded Theory provides systematic method of analysis including open, axial, and selective coding that helps to develop a theory that is grounded in data. This is consistent with Charmaz's (2006) indication that the main strength of Grounded Theory is that it provides means for the analyzing processes including specific steps for developing concepts, categories, and theory. Piantanada et al. (2002) point out the usefulness of the Grounded Theory in such interpretive research. They note "the procedures of Grounded Theory provide interpretive researchers with a disciplined process, not simply for generating concepts, but more importantly for coming to see possible and plausible relationships between them" (p. 3).

Urquhart et al. (2009) indicated that Grounded Theory has been proved to be extremely useful in the field of information systems, which led them to recommend its application to

sensitivity of the researcher when generating theory.

**4.2 Justification for using grounded theory** 

This study was supported by Saudi government and data collection primarily took place in the Kingdom of Saudi Arabia. Therefore, Saudi and Islamic cultural issues needed to be considered throughout this study. The Kingdom of Saudi Arabia is located in the southeastern part of the Asian continent. It occupies 2,240,000 sq km (about 865,000 sq mi). The total population reached 28.5 million in mid-2009 with an annual growth rate of 2.9 percent; however, it is estimated that approximately 5.5 million of the population are non-Saudis (World Fact Book 2011).

The need for the services, means and methods of e-government in Saudi Arabia has emerged by responding to the developments and changes of the modern world in all fields. Saudi Arabia, like other countries, is seeking to make use of the great technological advancements in communication means and information due to their importance in providing services which are better, faster, more accurate, and with stricter controls. Particular attention has therefore been given to e-government as an international approach and a general trend that requires a response to and the use of modern technology as a means for its success. Based on this, the e-government program was introduced in 2005 and was called "Yesser", an Arabic word meaning "facilitator". This program was set as a result of the execution of the communications and information technology national plan through the support of electronic transactions and applications by government organisations. It plays the role of the enabler/facilitator of the implementation of e-government in the public sector. Moreover, it aims to raise the public sector's efficiency and effectiveness, offer better and faster government services, and ensure availability of the required information in a timely and accurate fashion (E-government program "Yesser" 2011).

Due to the enormous significance of e-government applications, there are now more than 180 electronic services being offered by 50 different organisations. An example of a most successful e-government service is the payment system called "Sadad". Sadad was implemented by the Saudi Arabian Monetary Agency in order to facilitate and streamline the bill payment transactions of end consumers via all banking channels, including bank branches, ATMs, telephone banking, and Internet banking. In 2008, the number of transactions conducted by Sadad exceeded 5 million transactions per month, with a monthly growth rate of 22% (Sadad 2008).

The use of mobile devices is rapidly increasing among the people in the KSA. According to a recent report in 2010 by Communications and Information Technology Commission (CITC) in Saudi Arabia, the latest statistics in 2010 indicated that there were 4.3 million telephones

Developing a Theoretical Framework

until theoretical saturation was reached.

included in the analysis.

been possible with interviewing.

**6. Application of the grounded theory** 

and followed the guidelines of Grounded Theory methodology.

**5.2 Conduct of the study** 

for the Adoption of Biometrics in M-Government Applications Using Grounded Theory 193

As stated above, this study used both questionnaire and semi-structured interviews for the data collection. In particular, eleven face-to-face semi-structured interviews were conducted in the Kingdom of Saudi Arabia with the managers of online services and IT security managers of mobile e-government service providers including the Ministry of Interior, National Information Center, General Directorate of Passports, The Saudi E-Government Program (Yesser), National Centre for Digital Certification, Al-Elm Information Security Company, and Sadad Payment System. Four semi-structured interviews were also conducted with managers and IT security providers in mobile communication network

Theoretical sampling guided by Grounded Theory methodology was applied in this study, and refers to the selection of participants based on criteria specified by the researcher and according to preliminary findings (Glaser and Strauss 1967). The early stages of continuous data analysis pointed out matters that need further exploration, therefore, the process of sampling was directed by the on-going theory development and interviews were conducted

The interview questions were of an exploratory nature. More specifically, open-ended questions were designed to help identify the factors influencing the successful implementation of biometric authentication in m-government security. These comprised questions on benefits, challenges, barriers, and concerns about this application of biometrics taking into account the different roles of the target organisations. Furthermore, the data collected from the first interviews helped to modify the questions for the subsequent interviews. This was as intended

A survey questionnaire was presented to mobile communications users to explore their concerns and perceptions regarding applying biometric authentication in their mobile devices for government services. Users from both genders were chosen as participants from a range of relevant age groups and education levels. The questionnaire sought responses from a selection of choices under the basic headings of "Background Information", "ICT Experience", "Mobile Devices and Government Services", "Mobile Device Security" and "Biometrics and Mobile Government Services". It was also designed to give opportunity for the participants to make comments after each question. 420 questionnaires were distributed and 330 were returned from the participants. Nineteen of the 330 were excluded from the study because they were deemed incomplete. Thus, a total sample of 311 questionnaires was

It is noteworthy that interviews rather than questionnaires were conducted with the much smaller number of government service providers and network operators in order to more fully explore their individual perspectives. The questionnaire by comparison, was distributed to mobile users in order to collect larger amounts of data about mobile communication users' concerns and perceptions in a shorter time scale than would have

Collected data was subjected to analysis using Grounded Theory methodology which was executed by carefully following Strauss and Corbin's (1990) approach. As mentioned earlier,

services including the Saudi Telecom Company (STC) and Etihad Etisalat (Mobily).

(fixed lines) in use. By comparison, the total number of mobile subscriptions is 47 million with average annual growth rate for the last eight years at around 43%. This CITC report also stated that mobile penetration in Saudi Arabia stood at 172% which is higher than the world average of 67%, the developing countries average of 57% and the developed countries average of 114%. However, the CITC report indicates an estimated 11 million Internet users with an average annual growth about 33% over the eight years period (2001-2009).

Therefore, as the number of mobile phone users is higher than that of Internet users, the Saudi government is concentrating on developing delivery of its services through mobile devices. Currently however, m-government applications in the KSA are at an early stage and most are based on the use of SMS. For instance, the Ministry of Education has been sending final exam results to the final level high school students via mobile phones since 2003. In the process of this service, the Ministry of Education provides a soft copy of the students' final exam results to the Saudi Telephone Company (STC) and students are required to send an SMS message containing a student number to the STC to receive a text message containing their results. The main disadvantage of this service is the lack of privacy where anyone who knows a student's number can get that student's results without their permission (Abanumy and Mayhew 2005).

The Ministry of Interior also started to provide several services via mobile devices through its different sectors, such as the General Directorate of Passports and General Department of Traffic. For example, drivers can inquire from the General Department of Traffic about their fines via their mobile devices. A driver can send an SMS message containing their ID number and then will receive a text message containing the result.

Another m-government application is weather notifications. Mobile users can get an SMS message containing weather conditions from the weather forecasting authority. Moreover, a number of hospitals have started an appointment reminder application that reminds the patients of their appointments by sending an SMS message containing the date, time and clinic location.

#### **5.1 The use of biometrics in the KSA**

As mentioned earlier, several governments have implemented biometric authentication in various types of applications. The Kingdom of Saudi Arabia, as other countries, has implemented biometrics in several places as follows.

Fingerprint technology has been applied for registering employees' attendance in several government agencies such as Ministry of Interior, Ministry of Foreign Affairs, the General Organisation for Technical Education and Vocational Training, the Royal Commission for Jubail and Yanbu, and Supreme Commission for Tourism. Furthermore, a number of agencies such as the Ministry of the Interior, the Ministry of Foreign Affairs, and the Saudi Monetary Fund have implemented biometrics to authenticate employees in special security cases like entering via some doors in their buildings.

Recently, the Ministry of Interior started to require citizens submit their biometrics when they issue or renew their ID national card as well as residents' biometrics when they issue or renew their residential cards. More specifically, the Directorate General of Passports has implemented fingerprint technology in several cities in the Kingdom for foreign people. This system now has the biometrics for about 7 million Saudi residents.

## **5.2 Conduct of the study**

192 Security Enhanced Applications for Information Systems

(fixed lines) in use. By comparison, the total number of mobile subscriptions is 47 million with average annual growth rate for the last eight years at around 43%. This CITC report also stated that mobile penetration in Saudi Arabia stood at 172% which is higher than the world average of 67%, the developing countries average of 57% and the developed countries average of 114%. However, the CITC report indicates an estimated 11 million Internet users

Therefore, as the number of mobile phone users is higher than that of Internet users, the Saudi government is concentrating on developing delivery of its services through mobile devices. Currently however, m-government applications in the KSA are at an early stage and most are based on the use of SMS. For instance, the Ministry of Education has been sending final exam results to the final level high school students via mobile phones since 2003. In the process of this service, the Ministry of Education provides a soft copy of the students' final exam results to the Saudi Telephone Company (STC) and students are required to send an SMS message containing a student number to the STC to receive a text message containing their results. The main disadvantage of this service is the lack of privacy where anyone who knows a student's number can get that student's results without their

The Ministry of Interior also started to provide several services via mobile devices through its different sectors, such as the General Directorate of Passports and General Department of Traffic. For example, drivers can inquire from the General Department of Traffic about their fines via their mobile devices. A driver can send an SMS message containing their ID

Another m-government application is weather notifications. Mobile users can get an SMS message containing weather conditions from the weather forecasting authority. Moreover, a number of hospitals have started an appointment reminder application that reminds the patients of their appointments by sending an SMS message containing the date, time and

As mentioned earlier, several governments have implemented biometric authentication in various types of applications. The Kingdom of Saudi Arabia, as other countries, has

Fingerprint technology has been applied for registering employees' attendance in several government agencies such as Ministry of Interior, Ministry of Foreign Affairs, the General Organisation for Technical Education and Vocational Training, the Royal Commission for Jubail and Yanbu, and Supreme Commission for Tourism. Furthermore, a number of agencies such as the Ministry of the Interior, the Ministry of Foreign Affairs, and the Saudi Monetary Fund have implemented biometrics to authenticate employees in special security

Recently, the Ministry of Interior started to require citizens submit their biometrics when they issue or renew their ID national card as well as residents' biometrics when they issue or renew their residential cards. More specifically, the Directorate General of Passports has implemented fingerprint technology in several cities in the Kingdom for foreign people.

with an average annual growth about 33% over the eight years period (2001-2009).

permission (Abanumy and Mayhew 2005).

**5.1 The use of biometrics in the KSA** 

implemented biometrics in several places as follows.

cases like entering via some doors in their buildings.

This system now has the biometrics for about 7 million Saudi residents.

clinic location.

number and then will receive a text message containing the result.

As stated above, this study used both questionnaire and semi-structured interviews for the data collection. In particular, eleven face-to-face semi-structured interviews were conducted in the Kingdom of Saudi Arabia with the managers of online services and IT security managers of mobile e-government service providers including the Ministry of Interior, National Information Center, General Directorate of Passports, The Saudi E-Government Program (Yesser), National Centre for Digital Certification, Al-Elm Information Security Company, and Sadad Payment System. Four semi-structured interviews were also conducted with managers and IT security providers in mobile communication network services including the Saudi Telecom Company (STC) and Etihad Etisalat (Mobily).

Theoretical sampling guided by Grounded Theory methodology was applied in this study, and refers to the selection of participants based on criteria specified by the researcher and according to preliminary findings (Glaser and Strauss 1967). The early stages of continuous data analysis pointed out matters that need further exploration, therefore, the process of sampling was directed by the on-going theory development and interviews were conducted until theoretical saturation was reached.

The interview questions were of an exploratory nature. More specifically, open-ended questions were designed to help identify the factors influencing the successful implementation of biometric authentication in m-government security. These comprised questions on benefits, challenges, barriers, and concerns about this application of biometrics taking into account the different roles of the target organisations. Furthermore, the data collected from the first interviews helped to modify the questions for the subsequent interviews. This was as intended and followed the guidelines of Grounded Theory methodology.

A survey questionnaire was presented to mobile communications users to explore their concerns and perceptions regarding applying biometric authentication in their mobile devices for government services. Users from both genders were chosen as participants from a range of relevant age groups and education levels. The questionnaire sought responses from a selection of choices under the basic headings of "Background Information", "ICT Experience", "Mobile Devices and Government Services", "Mobile Device Security" and "Biometrics and Mobile Government Services". It was also designed to give opportunity for the participants to make comments after each question. 420 questionnaires were distributed and 330 were returned from the participants. Nineteen of the 330 were excluded from the study because they were deemed incomplete. Thus, a total sample of 311 questionnaires was included in the analysis.

It is noteworthy that interviews rather than questionnaires were conducted with the much smaller number of government service providers and network operators in order to more fully explore their individual perspectives. The questionnaire by comparison, was distributed to mobile users in order to collect larger amounts of data about mobile communication users' concerns and perceptions in a shorter time scale than would have been possible with interviewing.
