[Chapter-delegates] ISOC France consulted on "IDénum" by the Ministry

Eduardo Diaz eduardodiazrivera at gmail.com
Thu Feb 25 10:30:23 PST 2010 

Singapore has implemented a biometric id system to keep track of all
foreigners residing in their country.

http://egovasia.enterpriseinnovation.net/content/singapore-implements-biometric-identification-solutions-expats

Eduardo Diaz
ISOC-PR

On Thu, Feb 25, 2010 at 11:51 AM, Lucy Lynch <lynch at isoc.org> wrote:

> On Thu, 25 Feb 2010, Patrick Vande Walle wrote:
>
>
>>
>> Dear Odile and Gérard,
>>
>> Three years ago, the Belgian authorities have
>> introduced the electronic identity card, with chip and PIN. Website here:
>> http://eid.belgium.be/fr/ (French and Dutch). The only widespread use I
>> am
>> aware of is to allow people to file their taxes trough the Internet. It is
>> also used when requesting birth certificates, by the police for identity
>> checks, etc. See for example the income tax web site:
>> http://www.taxonweb.be/
>>
>> The adoption by the private sector has been very
>> low. There once was a project between authorities and Microsoft to use
>> this
>> ID card to identify minors when they want to access adult discussion fora,
>> but I am not sure it ever materialized. I know one insurance company where
>> purchasing contracts online is possible with this ID card.
>>
>> In general,
>> the public is quite reluctant to use such tools when they are unsure what
>> it is being used for and by whom. The fact that its usefulness is limited
>> to the home country is certainly playing a role, too.
>>
>
> There are a number of authentication related schemes being tested and
> (as Patrick indicates) many of the more complicated (2 and 3 factor)
> initiatives are tied to activities that require a high level of identity
> proofing to protect both parties in a transaction. One would hope
> that the required use is carefully scoped to protect both parties.
>
> This sounds like an attempt to nationalize two steps from the classic
> authentication chain:
>
>    * Something you know (eg. a password). This is the most common kind of
> authentication used for humans. We use passwords every day to access our
> systems. Unfortunately, something that you know can become something you
> just forgot. And if you write it down, then other people might find it.
>    * Something you have (eg. a smart card). This form of human
> authentication removes the problem of forgetting something you know, but
> some object now must be with you any time you want to be authenticated. And
> such an object might be stolen and then becomes something the attacker has.
>    * Something you are (eg. a fingerprint). Base authentication on
> something intrinsic to the principal being authenticated. It's much harder
> to lose a fingerprint than a wallet. Unfortunately, biometric sensors are
> fairly expensive and (at present) not very accurate.
>
> (see: http://www.cs.cornell.edu/Courses/CS513/2005FA/NNLauthPeople.html)
>
> and it stops short of the bio-metric data requirement.
>
> As several folks have already indicated chip+PIN has some known
> security issues so getting this right won't be easy.
>
>
>  On the practical
>> side, adoption may also have been slowed by the technical environment
>> required. A limited choice of supported reading devices, operating systems
>> and browsers means it is not easy to get it to work. See for example
>> http://eid.belgium.be/fr/Comment_installer_l_eID/Quick_Install/ It fails
>> teh "clueless grandmother test" every time.
>>
>
> The Swiss have a program running that tries to put tools in the hands
> of end users: http://www.swisssign.com/ but again, as Patrick says,
> adoption is limited due to usability issues.
>
> As end-users and service providers (including governments) continue to
> negotiate across the Internet with increasing valuable user data (bank
> information, private health care information, etc.) the needs for
> verification, consent, and accountability will rise on both sides of the
> equation. In some cases, as an end-user, I want a high level of trust
> before I share my valuable data!
>
> I think it's a positive sign that government is inviting you into the
> process and I encourage you to monitor this effort and report back!
>
> - Lucy
>
>
>  Hope this helps,
>>
>> Gérard,
>> toutes mes félicitations pour votre élection. Au plaisir de vous
>> rencontrer
>> bientôt.
>>
>> Patrick Vande Walle
>>
>
> _______________________________________________
> Chapter-delegates mailing list
> Chapter-delegates at elists.isoc.org
> http://elists.isoc.org/mailman/listinfo/chapter-delegates
>
> _______________________________________________
> Chapter-delegates mailing list
> Chapter-delegates at elists.isoc.org
> http://elists.isoc.org/mailman/listinfo/chapter-delegates
>
>


-- 
NOTICE: The information contained in this e-mail message is intended only
for the personal and confidential use of the recipient(s) named above. If
you have received this communication by error, please notify us immediately
by e-mail, and delete the original message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://elists.isoc.org/mailman/private/chapter-delegates/attachments/20100225/7edcb07a/attachment.htm>

More information about the Chapter-delegates mailing list