Over recent years, electronic national ID cards (aka eID cards) have been introduced in numerous countries around the world. Furthermore, they are being utilized with ever-growing enthusiasm by their citizens. But in countries yet to adopt such microprocessor-based smart card technology, serious concerns are still voiced. Common criticisms of eID schemes include the potential threat posed to civil rights and privacy, a lack of confidence in the reliability and safety of such systems, and a belief that they are quite simply unnecessary and irrelevant. However, a measured assessment of the many successful national eID deployments that are now up and running provides five clear and compelling responses to these and other fears.
#1: A guarantee of security and protection for citizens' data in a digital wo
In the past decade, the number of digital exchanges has increased exponentially. But obvious attractions of ease of use go hand-in-hand with the widely held perception that electronic media is relatively fragile. The absence of traditional "written proof" and eye witnesses, which are characteristic of electronic means of exchange, has very quickly led to the need for a solution that can guarantee the identity of the issuer or the receiver.
Since 1997, the design, production and deployment of secure national electronic ID cards have sought to meet just such a requirement. As a result, the idea of an ID card that is valid for both the physical and digital domains has become a reality for millions of people.
Some visionary countries have also made the leap to mobile identity or m-ID, meaning the creation of a mechanism - initiated using the national eID component - for accessing online services with a high level of security thanks to mobile devices as detailed in our December 2014 white paper on our national mobile ID schemes.
Today, more than 50 countries have set up a national ID scheme and most of them are issuing electronic national ID cards. What's more, the electronic format of such cards means that, in addition to being employed for electronic signature applications, they are also ideally suited to other use cases as detailed in 2016 ID trends published in May 2016. Typically these can include granting the user access to company infrastructures or secure locations, as well as incorporating social security cards and, in some countries, drivers licenses, healthcare cards, "pass cards" for transport services, payment cards and even bank cards.
#2: The technology used is robust and fit for purpose
Using 'smart' banking cards, billions of dollars are sent around the world every day without being stolen. The very same technology can be used to address the growing threat of identity fraud.
The microprocessor-based smart card (and SIM card in your mobile phone) protecting identity credentials is considered the most secure means of authentication. It makes it possible to prevent identity fraud and effectively protect citizens' personal data. That's why it is established as the media of choice for granting access to e-Government applications. This approach can also be used to host a range of other services and use cases, such as e-payments, e-purses, digital signatures, authentication, identification and travel cards.
It should also be noted that this technology now protects travel documents, commonly known as electronic passports, in close to 120 countries, dating back as far as 2006.
#3: A national eID card can lead to greater transparency
One example of a national ID scheme that empowers citizens is provided by Belgium's eID project. The law which accompanied the introduction of the new eID card in Belgium required the government to offer citizens a "My File" application, which can be accessed online. This allows people to know who has accessed their personal data. A query or complaints form is made available to citizens, who can also request that the government provides a justification for any recorded access. Similar rights apply in several other European electronic ID schemes.
As a result, a fundamental democratic principle is observed: when a new constraint is introduced (in this case, digital footprints), a new right is provided (transparency). A record is kept each time Belgium's National Register data is accessed by a government official, noting the identity and place of work of the official who accessed the personal data of a citizen, and the date it took place. In the six months following access, the citizen can consult their personal databases to view this information.
#4: "1984" did not happen
The fear that an ID card system represents the start of a slippery slope to greater surveillance and monitoring of citizens has proved unfounded. Quite simply, the oppressive scenario described by George Orwell in his novel "1984" did not happen. A national ID scheme is not synonymous with totalitarian governments wielding absolute power.
The reality is that "1984" did not come true in Austria, Finland, Italy, Sweden, Spain, Germany, Belgium, the Netherlands, Luxembourg, Estonia, Lithuania, Malaysia, South Africa, Uruguay or Chile – to name just some of the 50 countries that have so far moved to eID.
And remember: an eID card will always remain where you want it - in your pocket or mobile phone. You alone decide if and when you want to use it.
#5: e-ID is a central link in the chain of trust
The issue of legal continuity is at the heart of the digital transformation of our exchanges and transactions. Whatever the media, digital exchanges should enjoy the same legal security as their physical equivalents.
Governments worldwide are seeking to boost efficiency, economic development and inclusion with the ultimate aim of better serving their citizens in a reliable, secure and transparent way. They deploy national identity trust systems not only to rationalize services and processes in areas such as social services, taxes, local voting and administration, but also to promote private services by stimulating the digital economy, all while reducing costs.
Gemalto believes that modern digital economies are built on the implementation of reliable digital identities for citizens. Only this can ensure the necessary level of trust in the internet and the mobile devices of the future, with interoperable authentication and signature solutions, through the implementation of secure portable devices ("secure elements"), such as PKI (Public Key Infrastructure) SIM cards, identity cards, as well as many other innovative devices.
Our worldwide experience has shown that the implementation of secure trusted eID is essential for the unreserved and enthusiastic adoption of eGov solutions by citizens. They are the ones who must carry this physical object on their person – a digital safe containing their identity, personal data and rights – enabling strong authentication through at least two factors: "what I have" (my secure mobile device) and "what I know" (my confidential code).
Overall, the key message for those with concerns over electronic national ID schemes is that security and surveillance are not one and the same.
What is security in the digital age?
Security provides us with the power to be more creative in promoting our well-being - whilst also limiting the effects of uncertainty, as best we can. Security is not something that constrains, limits or restricts us. Instead, it is the very thing that opens up new possibilities; providing the reassurance we need to take full advantage of the benefits of human development, acting within - and protected by - the rule of law.
With stronger reassurance and improved security, we can do more, and in a more effective way, to bring about the changes which will shape our future.
Gemalto's business is focused on digital identity and security. As well as defining a corporate mission, our company slogan - "Security to be free" – echoes the values that are at the heart of any sustainable digital society.