Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.6: Study on ID Documents
 |
Title: EID INTEROPERABILITY ANALYSIS |
 |
In this section we aim to provide a high-level overview of the current status of international and European eID projects regarding interoperability. The research data of this chapter is primarily based on a working paper of the European Commission (CEN/ISSS 2004), a white paper of the Information Society Technologies (Ringwald 2003), a survey of a government advisory agency (Hayat et al. 2004), a global survey of legal systems of countries (University of Ottawa 2005), and complimented by extensive online research.
Technical Perspective
Trying to expand the scope of analysis, we identified an additional number of countries outside the European Union and based on data readily available concerning the implementation (or not) of an eID scheme along with the conditions underpinning that. A total of 67 countries (including the EU 25) were analysed with the purpose of getting a broader picture on eID implementation throughout several geographically dispersed countries (instead of solely focusing on one region). At this point, it should be noted that the level of information on eID projects in these surveys varied considerably from country to country. However, the information on the countries in these surveys quite often showed significant similarities in content, structure and length. In other words, it is anticipated that large amounts of information from previously published surveys was reproduced in later surveys with little additional research being carried out.
Using a bottom-up approach, the following paragraph takes a closer look at the technical level of global eID projects. shows 46 investigated countries supporting various eID functionalities, as far as data was available for them. Two thirds of 42 countries (excluding the EU 25) have made the decision to introduce an eID, and an even higher percentage of countries (80%) are planning one but have not yet reached a formal decision. This for instance is the case in the United Kingdom. Several countries including Australia, New Zealand and the US, have made the decision not to introduce a national-wide eID in the near future.
Figure : Number of Global Countries (EU 25 excluded) Supporting various eID Functionalities
For the latter discussion on the informal level of eID interoperability, it is assumed that the multifunctional eID solutions, identities which can be used in a great number of different domains, require an even more complex interconnection and are therefore of special interest to eID researcher. Multifunctional eIDs are not necessarily but almost certainly supported by Smart Card and Digital Certificate technology. Although, less than a third of the countries support or plan to support these features. In any case when Digital Certificates are used, the argument arises as to, who will be the Root CA. This is closely linked to liability, privacy and most importantly to power issues. Apart from Norway and Singapore, all countries surveyed operate with a government agency controlled Root CA.
Advanced biometric solutions are usually linked with data and identity security. Technologies like digital finger prints, DNA codes, iris scans or facial recognitions are classified as advanced in comparison to technologies like photos, signatures or physical descriptions of individuals. Advanced technologies are primarily used for all types of fraud prevention. However, less than 50% of the countries which either have or plan to have eIDs are supporting some kind of advanced biometric technologies.
In Europe, the current situation with regard to national eID interoperability appears different. While only a little more than half of the EU 25 countries have either already launched or are planning to issue a national eID, the projects seem to be quite ambitious in terms of interconnection complexity and use of advanced technology. Whereas 14 countries (56%) plan an eID solution, shows a greater number than 14 countries that are working on or are already supporting various forms of eID functionality. The reason is that some countries such as France and Italy have more than one national-wide eID project running.
Figure : Number of EU 25 Countries Supporting various eID Functionalities
Almost 80% of the EU 25 will offer a Digital Certificate service to its citizens and businesses by 2008 out of which Estonia, Luxemburg and Sweden do not have a government managed Root CA. While a relatively high proportion of EU 25 countries are in favour of Digital Certificates, their willingness to work with advanced biometrics is rather low in comparison to the rest of the world. Whereas 5 countries plan to use digital fingerprints, facial recognition and other similar advanced technologies, 8 countries have concluded that they do not believe that such high security measurements are needed. Another significant difference is the collaborative approach of a majority of the European eID interoperability projects. While a high proportion of tax, health, social security and other government agencies will be able to use the national eIDs for identification and authentication purposes, more than half of the countries plan to open its eID solution to commercial organisations.
Formal Perspective
On the formal level, interoperability of eIDs is primarily seen through the lens of legal frameworks. In order to issue a national eID systematically, the government has to gain access to all necessary information concerning its citizens and businesses required for the registration process. While most former Eastern European countries have a central registry for all citizens, most countries based on a common law system do not have similar databases. As a result, nation-wide eID solutions in common law countries require a greater number of interconnection, are of greater complexity and involve a higher level of interoperability. However, this also means that a common law country would need to change its laws and regulations considerably in order to allow for the implementation of such national eIDs in its government agencies (CIA 2003, University of Ottawa 2005). This is most probably one of the key reasons, why countries like the USA, Canada or Australia do not have a national eID nor do they plan to issue one.
Figure : eID Solutions in Countries Categorised by Legal Systems World-Wide
In fact, worldwide only 2 common law countries (5%) in comparison to 12 civil law based countries (16%) have a national eID solution in place or in preparation. By far the greatest proportion of countries having launched a national eID solution is found in the segment of countries with mixed legal systems of common law and of Muslim law. 14 countries (35%) with a mix involving common law legislation and 9 countries (38%) with a mix involving Muslim law already have decided or at least plan to launch a national eID. However, the real element of significance in is the fact that countries with pure common law legislation seem to have considerable less often a national eID solutions in place.
The analysis of differences on the formal level among countries in Europe (EU 25 countries have either a common law or a civil law based system) shows a considerably different trend than the developments on a global scale. By comparing and , it is easily noted that the percentage of 64% civil law based countries with a national eID solution in Europe compared with 16% on a global scale is noticeably higher. In contrast the common law based countries follow the international trend not (yet) having a national eID solution in place. Despite heavy discussion about the possible launch of a national eID in the UK and Ireland no formal definitive decision has yet been made by these two countries.
It can be concluded that by looking on a global and EU level common law based countries seem to have an extremely low adoption rate of national eID strategies. In contrast the civil law based European nations seem to be among the group of early adopters of national eID solutions. Despite that maybe surprisingly clear and evident finding, by far the more challenging and pressing problem appears on a pan-European eID interoperability level, as the national individual legislation has to be harmonised in order to allow EU Member States to share, interconnect and use national versatile identities. Issues like data protection, privacy, information liability, access authority and the quality of authentication are heavily disputed issues (Hollosi 2005, Leitold 2005, Martin 2004, Otter 2005a).
Figure : eID Solutions in Countries Categorised by Legal Systems in the EU
| |
   |
|
| Denis Royer | 16 / 56 |
