REGISTER

email 14 48

Article Index

By Martin Kuppinger

April 26, 2010 - German bureaucrats really love an abbreviation, and their latest tongue twister, the "nPA" (short for "neuer Personal-Ausweis" or "new identity card") is a case in point. Scheduled to be issued in November, the credit card-sized ID document will not only replace existing paper and plastic versions, but also enable its owner to conduct digital transactions via the Internet. For that reason, it is being heralded by some as the "passport to the future".

Others are worried about the new ID card's most important feature, the built-in microchip, which will enable many potentially beneficial new functions, but which some fear could also lead to new forms of privacy abuse from both private hackers and government snoopers.

Germany will almost certainly prove to be a test bed for this type of state-sponsored identity technology, due in part to the fact that this is one of only a handful of European nations that requires its citizens to carry an ID card at all times. Over the next ten years, federal authorities will issue an nPA to every person over the age of 16 (EU nationals from countries outside the Schengen Zone will receive digital residence permit cards in the same format), so the question concerns virtually everyone. On the other hand, the new ID card comes at a moment when things like identity theft and online fraud are becoming serious enough to stunt the growth of e-commerce and other online activities as consumers and citizens grow increasingly worried about cybercrime.

The inventors of the nPA have made serious efforts to ensure that the new card will be both convenient and safe. In fact, security was a prime concern from day one among those responsible for its development in the German Ministry of the Interior and the Federal Office for Security in Information Technology, the BSI. As a result, experts in other countries are expected to follow the success of the new ID card closely.

In Germany, the debate revolves around a host of issues such as data protection, security, costs, and limited functionality. Like any large-scale project in this nation of nitpickers, consensus is hard to come by. However, when viewed dispassionately, the compromises reached in most of the contentious areas seem to be reasoned and practicable. And nobody really disputes the nPA's general usefulness.


Security talk

For one thing, any government-issued document needs to be as safe as it can possibly be. It must also address the concerns of the governed in the face of heightened surveillance and profiling by state agencies. In Germany, as in other countries, law enforcement have been granted increasing leeway in actively or passively monitoring telecommunications and transactions as well as in retaining intercepted data. However, some of these newly-passed laws and regulations have been deemed excessive by the highest courts in the land - not exactly an object lesson in trust building.

An unbiased look at what actually can - and can't - be stored on the new digital ID card might serve to inject an element of calm into the overheated discussion. The nPA has three basic components. One handles various sovereign functions, the second is the electronic ID proper, and the third is a qualified digital signature which at least initially will be offered merely an option. The card will be equipped with the same biometric features in use already for over two years in the digital passport (ePass") issued by most European countries and will contain two digital fingerprints of the bearer along with a digitized photo. The biometric data is stored directly on the card itself and not in any central government databases. Cases have been reported, though, of local authorities copying and storing the biometric data, which is not only illegal but senseless since it can serve no discernable purpose.

What this all boils down to is that the electronic ID card actually carries very little electronic information. Besides, in order to gain access to the data, authorities need to prove their legitimacy by obtaining the appropriate certificates from the Federal Office of Administration in Cologne, which is charged with examining such applications very closely.

The qualified digital signature, for which the ID card can be equipped, is based on technology that is subject to strict national law and is only an option, anyway. Besides, digital signatures haven't proven wildly popular in Germany over the past, to put it mildly.

Most of the threat scenarios being passed around nowadays don't really stand up to scrutiny, either. For one thing, unlike the electronic passport in its present form, the nPA does not allow direct access to the chip through the BAS (Basic Access Control) mechanism. Instead, the reader device is required to present a certificate every time it wants to access the data, and the card owner must confirm the legality of the process by manually entering his or her PIN (Personal Identification Number).

Of course, certain risks remain, but they seem manageable. They also appear to be more than balanced by the system's inherent advantages, mainly in the areas of strong authentication and secure access to identity data in controlled environments, both of which represent a big step forward when compared with today's existing arrangements which generally call for self-registration, or that at most rely on inherently insecure procedures involving usernames and passwords.


But will they use it?

As a general rule, technologies that fail to make the grade or that take a long time to achieve market penetration can be said to suffer from one or more of four basic inadequacies: they are either immature, poorly marketed, unpopular, or unable for whatever reason to achieve critical mass.

Lots of people have spent lots of time perfecting the system behind the nPA. Yes, the client software may still have bugs, and no one knows what other technical glitches may crop up during the early implementation stages. In all though the technical concept seems advanced enough to succeed in the market. Whether it will fly with the public is an entirely different question, though. The federal government plans to spend a tidy sum on a campaign to popularize the latest edition to Joe Citizen's wallet. They will have their job cut out for them, especially since bad news travels faster than good and people are more willing to listen to critics carping about real or conceived security problems than to more reasoned voices describing the facts. Still, the authorities are well advised to invest in marketing in order to ensure a smooth launch.

But what about that last point, critical mass? The government has earmarked 23 million Euros for a program to provide about a million reader devices for the nPA that can be distributed by companies to their own customers, so it seems that a sufficient number of readers will be available from the start. This may very well assure the necessary mass which will allow the system to achieve liftoff.

Marketing the system itself may prove slightly trickier. Many of the most obviously beneficial functions will only be optional, and all of them need some explaining. That a typical bureaucrat working, say, in a local motor vehicle registration office will be able to convincingly explain the benefits of the new ID card to the elderly or to foreigners who don't speak the language all that well defies the imagination. And getting consumers to sign up for the optional digital signature function will call for plenty of persuasion, since hardly anyone knows what they're good for and whether the cost is justified for a couple of online purchases a year. However, the real possibility remains that the nPA will help digital signatures to finally take off, too.

Private enterprise will have to come up with a wide range of interesting applications for the digital ID card if this is to happen. Health insurance companies could use them to access patient data, for instance, and airlines could find ways to shorten check-in times for those who can prove their identity digitally. The truth is, though, that nPAs will remain only one of many possible methods of authentication for the foreseeable future, and perhaps forever. Businesses may find strong authentication increasingly attractive and thus make them their identity verifier of choice, but it will take a while before every single customer will be able to present an electronic ID card or its equivalent (such as foreign ID cards or driver's licenses or a German-issued "foreigner card"). But in the end, the large number of users and the wide proliferation of reader devices may turn the scales in favor of the nPA which can provide an simple method for using strong authentication, for instance in the context of self-registration systems where it is necessary to verify the information provided by the customer or citizen.

Acceptance will hinge, however, on the usability of the system, especially on the creation of standard authentication procedures versus different hand-crafted client solutions for every application. Thankfully, things appear to be moving in the right direction. It will be important for developers to follow internationally accepted standards in order to avoid creating a patchwork of national solutions for each country. International corporations, especially, will be reluctant to program their applications against country-specific APIs.


Pseudonymity and minimal disclosure

The nPA in its initial form will already include two very interesting concepts, namely pseudonymity and minimal disclosure. The first calls for transmitting "links" instead of real data: Information that allows the owner to be matched to certain attributes without revealing his or her digital identity data. The appropriate information will already be included in the nPA's data set. Minimal disclosure, on the other hand, is a way of ensuring that only the information needed in the context of a certain transaction is actually made available. If the ID card is used, say, to access an adult website, all the provider really needs to know is whether the visitor is over 18, the exact date of birth is irrelevant. Contrariwise, the date of birth may be a necessary piece of information when filling out an insurance contract. The nPA will be able to provide this kind of discreet identity service.

The new German ID card will be able to integrate seamlessly with Microsoft's "U-Prove" system, which is based on open-source technology and already addresses some of these issues. The nPA's developers were aware of this development and were thus able to incorporate it into their own system at a very early date. The result is a high degree of technological sophistication for what is essentially a bureaucratic tool.


What's missing?

Nevertheless, work remains to be done. The "foreigner card", a vital element in the system, is still very much work in progress. Another major unfinished project is the development of a "teenager card" in order to provide similar functionality for younger people who aren't yet eligible for the "real" ID card, but who will still need to be able to authenticate themselves on the Internet and elsewhere. Ensuring interoperability between the German nPA and similar ID cards from other countries is another big concern, but one which primarily requires the use of common and open standards such as SAML at the higher levels of identity management. It will be important that all ID cards provide the same type of information, for instance during strong authentication or when exchanging postal addresses in machine-readable formats.

Legislators, too, will need to focus their attention on certain ramifications of family law where it is impacted by the new technology. For instance, if youngsters are issued a "teen card", will parents be allowed to monitor their use or usurp them, which could lead to potential misuse and legal battles. Laws will have to be modified to provide better legal protection for children and very young persons than simply blocking websites on the Internet or providing draconian penalties that fail to provide comprehensive safeguards.

In terms of interoperability, governments will need to develop a better understanding for the need of private business since the nPA and other ID cards can do very much more than simply allow authorities to provide e-government services. They should be seen as a powerful tool for the future promotion of trade and industry, where identity authentication will become increasingly crucial in ensuring the growth of the online economy. This is an area of national importance for every government, and Germany is well placed to play a leading role.

Arguments may go on for some time over certain details, but in sum it is safe to say that the nPA represents an important innovation which can and will provide greater informational security. There are signs that the new ID card may well be able to provide many more benefits than those that immediately spring to mind. Compared with some other major state-sponsored projects in the past such as the German highway toll system, the electronic health card or the electronic tax return, the nPA appears to be much more mature at this early stage. Other countries would be well advised to study this example when contemplating solutions of their own for the perennial and pressing problem of managing the digital identities of their citizens.

About the Author

Martin KuppingerMartin Kuppinger is Founder and Principal Analyst of Kuppinger Cole, which has become one of the leading Europe-based analyst companies for all topics around Identity and Access Management, GRC (Governance, Risk Management, Compliance) and Cloud Computing. Kuppinger Cole is the host of the European Identity Conference 2010, which has established itself as a leading conference on mentioned topics. Martin Kuppinger is the author of more that 50 IT-related books, as well as a widely-read columnist and author of technical articles and reviews. For more information, please click here: www.kuppingercole.com

MetricStream TPRM

CyberBanner

CyberBanner

CyberBanner

CyberBanner

CyberBanner

Log in

Please Login to download this file

Username *
Password *
Remember Me

CyberBanner

CyberBanner

CyberBanner

CyberBanner

CyberBanner

CyberBanner

CyberBanner

CyberBanner

CyberBanner

MetricStream TPRM

CyberBanner

CyberBanner

Go to top