1 / 19

Electronic IDs are a key element of secure and accessible service delivery in the 21 st century

Electronic IDs are a key element of secure and accessible service delivery in the 21 st century. Agenda. Problems of security and service delivery that eIDs solve, create, and expose Principal forms of eID Service delivery using eID to authenticate identity

salali
Download Presentation

Electronic IDs are a key element of secure and accessible service delivery in the 21 st century

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Electronic IDs are a key element of secure and accessible service delivery in the 21st century

  2. Agenda • Problems of security and service delivery that eIDs solve, create, and expose • Principal forms of eID • Service delivery using eID to authenticate identity • Issues arising around eID implementation • Results of some existing eID programs and lessons learned • Different worlds, different routes to success

  3. Electronic identity, security, service delivery • Preventing identity fraud • Delivering government and commercial services to citizens • Disconnect between the needs and behaviors of people as citizens and as consumers • Disconnect between the desire to protect citizen privacy but offer them a range of commercial options • Privacy and civil liberties concerns • Linked databases • The combination of technology and compulsory identification raises significant emotional issues

  4. Electronic ID technologies • Security is based on PKI certificates • Authenticity, integrity, confidentiality, non-repudiation • Important to use standards-compliant encryption algorithms • Primary means of delivering eIDs • ISO 7816 plastic cards with integrated circuit chips • Contact or contactless • Wireless PKI: certificates reside on the SIM card of a mobile phone or in the phone OS

  5. Enhanced G2C service delivery • Delivery/signature of government documents • Health care • Access to medical records, filling prescriptions • Social security, pension • Voting • Tax declarations (VAT, annual return) • Other government payments (G2C, C2G) • School or work ID • Child safety, student benefits • Public transport

  6. Enhanced B2C and P2P service delivery • eBanking and mBanking • eCommerce and mCommerce • Peer-to-peer payments • Secure email • eSignatures (contracts etc.) • Age-proofing • Ticketing

  7. Development impact of eID • Improved quality of service delivery • Freedom from onerous identity verification processes allows more resources for service delivery • Greater automation improves speed • Improved stance regarding corruption • Reduced opportunity for identity fraud shifts the corruption landscape to the “endpoints” • Exposure in countries with historical documentation challenges • Principal remaining threats • ID proofing and credential issuance • Social engineering (credential bypass)

  8. Concerns about eID: General • Tendency to focus on the technology • The technology problem is largely solved — implementing an effective eID program is fundamentally a process problem • Primary success factors: ease of use and frequency of use • Security technology is worthless unless easy to use • Service delivery methods that can’t be used frequently have a far higher cost:benefit ratio

  9. Concerns about eID: Privacy • All countries use some form of unique general identifier • “Meaningful” or “meaningless” (MBUN) • Government-controlled, non-siloed databases of PII raise civil liberties concerns in some regions • “Match on card” has limited applicability • Private-sector use of public-sector issued identifiers • Easier to link data without permission • A privacy risk many governments won’t take on • Cross-correlation of identity information • AT solution harder, more costly, doesn’t scale well

  10. Concerns about eID: Interoperability • Lack of ICAO-like consensus on identity attributes, credentials, authentication mechanisms • Practical restrictions and policy preferences have won out over objective, universal criteria • Public sector identifiers useful for internal country use, but are limited in the international context • Cross-border applications are quite important, but: • Foreign govts ultimately won’t be able to verify (thus trust) the authenticity of the identity information • Private sector identifiers improve interoperability but take control out of public sector hands

  11. Belgium Began 2003, complete (>8m) early 2009 Basic personal info + certificates Linked to the national register; cert contains UIN National, regional, local public sector applications National register, health care, tax filing Private sector can adopt the government mechanism gratis Little uptake; few commercial applications to date aside from a few eBanking initiatives 12

  12. Estonia Began 2001, >1 million issued 80% filed eTax in 2006 (2001: 9%) Public services: eVoting, Tallinn public transport Any organization can “eID-enable” its service, handle customers online Few Estonians actually using the cards (ca. 55k) Little reason to switch to eID 13

  13. Austria No single, universal identity token Any smart card or other PKI-capable token meeting minimum reqts Token can be issued by the public or private sector: every bank card issued since 2005, every health insurance card, any mobile phone More flexible than relying solely on govt-issued card No increased use of citizen eIDs for commerce 55k of 6.5m bank cards in use activated as citizen IDs; 13k of the 9m health insurance cards 14

  14. Spain Began 2006, expected 8m by end 2008 300 eGovernment apps 13 public and private CAs Biometric data: ID photo + 2 fingerprint scans Success in attracting the private sector? Too early to tell Banks must accept eID on the same footing as bank cards + for electronically signing banking operations Some other parts of the private sector must accept the eID Some banks adapting, but eID will coexist with bank cards rather than replacing them 15

  15. What’s the common thread? Make government service delivery more efficient Enable the private sector to lower its security- and identity-related costs Allow citizens to use a single credential for a number of valuable services An almost complete lack of commercial applications exploiting the existence of the eID We have to turn to a 5th country: 16

  16. Sweden: an encouraging counterpoint? Centralized PKI in place for use of all banks, cooperatively owned/operated BankID in place for 5 years, covers 5.6m citizens (1.5m active) Early 2000s: Govt. decided to use Internet to improve G2C access Considered implementing its own PKI Asked banks to supply BankIDs that could also be used on govt. sites (hard work already done) Now one of more than 300 parties using the BankID PKI eID-based eGovernment services available since 2004 Much higher usage despite lack of legislative eID requirement 1.5m adults voluntarily added eID functionality to BankIDs; >2.5 transactions per eID holder per month 17

  17. eID can find success in different worlds • The European experience is that of rich, “wired” societies . . . • . . . But eID can be just as important (if not more so) to other countries • Mobile is changing the game (“leapfrog” countries) • Enhances service delivery to more remote areas • Service delivery to all, regardless of material condition • Better banking and (micro)lending services • Improved access to the ballot box • More access to govt services => improved public participation

  18. Thank you Bill Nagel +31 (0) 20 305 4381 bnagel@forrester.com www.forrester.com

More Related