A European IT security agency has called for a co-ordinated
strategy for the privacy of personal data in 23 national electronic
identity card schemes now in force or planned across the EU.
Enisa (the European Network and Information Security Agency) said
in a position paper on security features in European eID
schemes that they lack a co-ordinated strategy for how to
protect the private data stored by the card. "This is both an
obstacle to eID interoperability and limits its acceptance by the
users," the agency said.
Andrea Pirotti, Enisa's executive director, said, "Privacy is an
area where the member states' approaches differ a lot and European
eID will not take off unless we get this right. The fundamental
human right to privacy must be guaranteed for all European eID card
holders."
Enisa found 10 national eID card schemes in force, with 13 in
the pipeline. eID cards are currently used mainly for tax
declarations and other e-government services, but more commercial
applications are emerging, it said.
"In all these applications, the eID card is a gateway to
personal information, be it at national or European level," it
said. "It is vital to address privacy concerns related to eID,
namely the unwanted disclosure of data and subsequent misuse."
The paper provides an overview and comparison of the privacy and
protection measures used to reduce 14 risks to personal privacy
that result from eID cards. It also lists eight techniques
available to address and mitigate these risks.
Einsa has been unable to establish the specifications for seven
crucial aspects of electronic identity (eID) cards planned for the
UK and other leading EU nations. Its findings come as the House of
Lords' constitutional committee prepares to publish its report on
citizen surveillance.
The lords are worried that the increased use of CCTV, the NHS
electronic patient record, the national ID card, and other data
collection, storage and sharing systems affect the basic
relationship between the state, business and the citizen.
Technical aspects of eID cards
Interfaces and functionality
Write access
Access control and encryption
Authentications vs. electronic signature
Contactless operation
Personal unique verification
Personal information
Threats to privacy from eID cards
Falsification of content
Eavesdropping
Man-in-the-middle attacks
User signs a bogus document
User authenticates to a bogus server due to misplaced trust in a
server
Inappropriate delegation of card
Loss or theft of card8
Physical invasive attacks involving rewiring a circuit on the
chip or using probing pins to monitor data flows.
Side-channel attacks
Cryptanalytic attacks
Skimming attacks
Location tracking
Behavioural profiling
Proving the trustworthiness of personal information to a third
party
Source: Enisa