On the conference where I spoke about e-voting, I had another talk that focused on e-identification (which is a mandatory step for e-voting).
It is in Bulgarian and EU context, given the new EU Regulation that aims at cross-border e-identification. Nearly 2 years ago I did a campaign for that, not knowing the European parliament is already discussing the matter.
In short, e-identification is the means to prove your real identity online (to both the public and the private sector).
That sounds very convenient. But I know many people are concerned about privacy. And they should be. But not having a national ID card, and not having an e-identification scheme is not the solution. The US and the UK don’t have ID cards or even a citizen database (which all ex-socialist countries do have). And yet, US and UK citizens are ones under the highest levels of surveillance.
On the other hand, the practical advantages of having a way to prove your identity online, especially when working with the public sector (but not only), are not to be ignored. Therefore, here are my slides:
You will notice that privacy is addressed in a very concrete way – it is not that the government doesn’t have access to one’s data – it already has, through all of its databases that store records about properties and card owned, current address, driver’s license, etc. Privacy is addressed by giving control to the citizen. He sees (and can be notified) about each and every time data about him from a given database (register) is accessed. The citizen also has control (including the ability to delete) data about his e-id usage. And if one doesn’t want to have an e-id, he can declare that and the chip will stay empty.
How is it guaranteed that this happens? Through our proposed law that mandates that all government software is open source, in a public repo.
Of course that doesn’t guarantee that they are not running a special version that gives the NSA counterparts undetectable access to one’s data. But that can happen regardless of the identification process or the connectivity between databases. And technically competent people know that simply having a chip in your card doesn’t let the government track you – it can’t “phone home”, it can’t connect to a cell tower, etc. If it is contactless, and it supports a PIN-less readable section, and the range is big enough, someone with the right certificates on a reader can read the e-id from the distance. But then what – he’ll end up with a meaningless UUID.
By all means, we should demand that the government doesn’t abuse the information it has about us, and we should not allow that information leaking uncontrollably to the private sector. And we must think of the means to abuse the system. And that is what our proposal is about.
The technical details – how a smartcard will be configured, whether it will be a contact, or dual interface (or contactless only, like in Germany), and how will fraud be detected and prevented, is a matter of a technical discussion we have already started.
I believe we can have security, privacy and comfort (usability) at the same time. And for that we don’t need to “just trust the government/company X”. We should trust the technology, though.