Re: Australian ID and other IDs (like Germany)

On 2015-01-23 13:06, Timothy Holborn wrote:
> FYI
>
>
> "My ideal is to be in a situation where the MyGov platform was available to every level of government and people could have a single, secure, digital identity that enabled transactions from the local council, the state government, so everything from childcare allowances, to your rates, stamp duty, traffic fines," he said."
>
> SOURCE: http://www.smh.com.au/it-pro/government-it/tony-abbott-promotes-malcolm-turnbull-to-take-charge-of-egovernment-20150123-12wstp.html
>
> Tim.H.

Since this has been my working field since almost two decades back
I have a few things to add to the table :-)

Countries have come up with entirely different solutions to the ID-problem.

Uniting such concepts are as easy as solving the middle-east conflict.

The by far simplest and most efficient systems are the one used in Estonia
and Sweden where each citizen have a unique citizen-ID which serves as a
"key" in every public-sector database.  A difference between Sweden and
Estonia is that in Sweden physical ID and electronic IDs are provided as
separate items.  Electronic IDs are primarily supplied in mobile phones.
I believe this is a *much* better concept than eID-cards.

In the other end of the spectrum we find Germany and Austria who have created very
complex systems which may be fantastic from a privacy-point of view but suffers from
a dark side as well: The German system is very little used (=useless).  Pardon me Jörg :-)

In fact, I think that most of the s.c. privacy-preserving technologies including
Google's U2F in *practice* doesn't offer what they claim since you in almost all
cases need some kind of "handle" back to the user which typically is an e-mail address.
But an e-mail address is a globally unique static long-lived identity, aka GUID.

Yes, privacy-minded folks have bunch of different e-mail addresses to cope with
this but personally I care more about the other 98% who (naively?) anticipate
that their data and identities are handled in an appropriate manner.

To continue with my slashing of Germany, their famous "sicherhetsinstitut", BSI
have created a system for preserving privacy regarding biometrics in passports
which 10 years after the initial design have only reached pilot stage!!!  Again,
when you really analyze the system (EAC/SPOC) you will note that it doesn't
preserve privacy except when used in an ideal world (where such measures would
be unneeded anyway).  Just to round out the scheme they have created HSM-based
PKI-protocols that are completely broken security-wise as well. I implemented
this system for my previous employer...I still feel ashamed, it was the worst
IT-system I have ever worked with.

Good luck with the Australian ID program!  You'll need it :-)

Anders

Received on Friday, 23 January 2015 13:56:29 UTC