I527-290 ESRIF Final Report (WEB).indd - European Commission
I527-290 ESRIF Final Report (WEB).indd - European Commission
I527-290 ESRIF Final Report (WEB).indd - European Commission
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
In 1997, the very fi rst secure electronic identity cards were produced, and called e-ID cards. Many projects soon emerged. In<br />
Europe, Finland deployed the fi rst operational project in 1999, Italy started the fi rst experimental emissions on 2001, quickly<br />
followed by Estonia, Belgium, Portugal and the UK. France and Germany could follow in 2010. Securing cards is a critical issue<br />
because without it, any individual’s e-ID universe can be unlocked. The security of all e-Ids, documents or certifi cates delivered<br />
by Governments is critical.<br />
ID theft<br />
The <strong>European</strong> Union is facing several challenges related to e-ID for e-Services and for e-Travel documents where identifi cation,<br />
authentication and signature are mandatory. Identity theft is when an individual’s personal information is stolen and used<br />
by a second party without the owners knowledge or consent. This is the primary threat to e-ID schemes. Statistics show<br />
that identity theft is increasing spectacularly: the latest study from the Identity Fraud Steering Committee (IFSC) of the UK<br />
Home Offi ce estimates that identity theft costs £1.2 billion annually to the British economy 1 . In this context, special attention<br />
should be paid to data and identity for applications in the public sector as they are designed for longer life cycles and should<br />
accommodate evolving security threats.<br />
With a threat of this magnitude, it is clear that the <strong>European</strong> Union must have a coordinated plan to fi ght identity fraud. In<br />
particular, it is important to reinforce the security of secure tokens, protocols, combined identifi cations, and both national and<br />
international infrastructures.<br />
Certain technical and other challenges must be considered, for example the potential danger associated with contactless<br />
communications (which off er a high level of convenience to the user) but may pose their own security threat if the contactless<br />
air interface is not well managed and protected. In some un-secure context, there could be a risk of capturing e-ID data<br />
without the consent of its owner, and re-use it for non-authorized actions.<br />
Similarly, if e-banking is to truly evolve it is essential to reliably identify parties and authenticate transactions for internet<br />
payments 2 . Chip and PIN increase security through “something you have” and “something you know”. There is always the risk<br />
that a PIN number is compromised.<br />
The next level of security can be reached by using biometrics; introducing “something you are” verifi cations can enhance the<br />
security of any such system.<br />
Cyber criminality<br />
On the Internet trusting the identity of the users and fi ghting cyber criminality is particularly challenging. The cost of online<br />
theft is estimated at $1 trillion per year 3 ! Contrary to what happens in the physical world, with the current infrastructures,<br />
governments do not really have a means to issue proofs of identity for their citizens on the Internet. Therefore, preventing<br />
fraud and identity theft is very diffi cult. Proving ones identity in the real world can be done by presenting a passport or an<br />
identity card but in the cyber world we do not yet have similar mechanisms in place.<br />
A report 4 from Fabrice Mattatia clearly shows the advantages and feasibility of using e-ID cards to solve this issue:<br />
“The increase of identity theft and illegal access to data threatens heavily the trust in the digital world. Passwords fail to protect<br />
effi ciently online services which create value by handling personal data or privacy information, such as e-government or<br />
fi nancial services. eID cards are identity cards supporting a chip with a personal authentication key and a certifi cate.<br />
Already in use in several <strong>European</strong> countries, they are a secure and user-friendly means to prove one’s identity in the digital<br />
world, at low cost, and for all applications. These cards do not increase the threat to privacy, such as tracking, divulgation of<br />
privacy data, or the constitution of illegal databases, compared to traditional authentication means.”<br />
1 http://www.identitytheft.org.uk/cms/assets/cost_of_identity_fraud_to_the_uk_economy_2006-07.pdf<br />
2 Identity fraud in banking cost 57 million Euros in 2008- APACS UK Payments Association<br />
3 “Cybercrime threat rising sharply” – BBC news article by Tim Weber, Davos 2009<br />
4 “The utility of electronic identity cards for a safer digital world”, Fabrice Mattatia, Ann. Telecomm., 62, n° 11-12, 2007<br />
173