Massive criticism towards Swedish eID

http://www.idg.se/2.1085/1.550782/storbrak-kring-svenskt-e-id---myndigheter-tvingar-fram-granskning

It is as I have told these guys any number of times building a secure and useful eID system on platforms that weren't designed for that (The US never had anything like an eID).
If they are lucky Google will some day provide them with a suitable solution...

Google translate:
*Large Fractional about Swedish e- id - the authorities are forcing Review*

News MSB heralds a major safety review of the Swedish e-ID . The reason is that the insurance agency, CSN and Employment Agency sharply questioning whether the technology is safe enough.

 The new system may, in particular criticism for not being adapted to the mobile phone and for not being able to be upgraded as easily as the system used today.
The new system may, in particular criticism for not being adapted to the mobile phone and for not being able to be upgraded as easily as the system used today.
On Friday opened eID board doors to the vendors who want to participate in the new system of Swedish e-identification. But the system run into difficulties even before it even got started in earnest. IT managers at three of the largest users of e-ID in the Government of Sweden, Swedish Social Insurance , Central Student Grants Committee and the Employment Service question the safety of the proposed system .

- If there were an external provider we had opted out of them instead of trying to find a solution proposal , says Peter Sahlin, who is the business area manager at Social Insurance .

Now he is not the opportunity. Instead , the three authorities demanded that the Swedish Civil Contingencies Agency, MSB , to examine the security of the technology behind the new e-ID . The sharpest and with detailed criticism comes from the right insurance agency who believe that eID Board, which is responsible for the introduction of the new e-ID , were unable to give proper answers on a range of security issues. Now hope they get the answers of the MSB instead.

- We have a number of open issues that we need a neutral answer to why we have asked for a neutral party to watch , says Peter Sahlin.

Insurance Agency is concerned that the way the new eID designed to make it less safe than the alternatives that are currently used in several areas. Among other things , it must be more sensitive to the so-called distributed denial of service attacks .

But authorities also directs criticism that the user of the e- ID is not the same as today can see what he or she subscribes to . It opens under the Health Insurance for various types of fraud against the end user.

The new system is also criticized for not being adapted to the mobile phone and for not being able to be upgraded as easily as the system used today.

Peter Sahlin and Social Insurance is beneficial to the common system of e -leg but points out that safety requirements can be different for different agencies .

- It's a little different on each of the money flow chain you are. Where we are , on one of the largest money flows , we have high security requirements , he says.

Eva Ekenberg 's Cabinet on eID Board. She says that the Board has not taken note of the questions that the three authorities sent to the MSB , but she rejects including the fear that the system will be more vulnerable to distributed denial of service attacks .

- The services are exposed on the internet and services on the internet can always be vulnerable to attack. There is not much difference from how it is today , she says.

Eva Ekenberg think that the system eID committee specified are as safe as today's .

- In our framework , we have taken steps to maintain the security levels that exist today and we have not introduced any new security issues , she says.

Richard Oehme , director of operations for community information and cyber security at MSB and responsible for the planned investigation do not know how long it will take to give the authorities the answers to their questions.

- We add a project on this and bring in the expertise available in the country and from other agencies that have good knowledge in the field. We will do this thoroughly and carefully , and if it then takes three or nine months I do not know today.

Received on Monday, 17 March 2014 11:02:21 UTC