
Unified EU electronic identity card - bozho
http://electronic-id.eu/
======
bergie
We had these electronic identity cards in Finland for quite a while, but I
think they've been considered a failure:

 _It was initially planned as a general network authentication device for both
public and private sector strong authentication needs. In 2009, however, the
card was viewed by a government committee as a failure. There has been less
than 300000 cards around by 2011 out of population of 5.3 million. The
rationale to apply for a card has mostly been traveling abroad. Only few dozen
government services have adopted it, and only one bank adopted it as login
card to their netbank. All banks in Finland use a national standard called
TUPAS, which uses one-time passwords. Banks also provide TUPAS authentication
to other Internet-enabled businesses. Since TUPAS requires no dedicated
hardware, cost of a card reader and card itself have been main causes in the
failure of the eID card._

[http://en.wikipedia.org/wiki/Finnish_identity_card](http://en.wikipedia.org/wiki/Finnish_identity_card)

The problem is simply that smart card readers never got integrated into
computers, and people didn't want to buy a USB dongle for that just to be able
to authenticate with some government websites.

Instead, what happened was that the two-factor authentication system provided
by banks became the dominant "secure authentication" method. By now it is
supported by most sites that need such a thing, like banks, insurance
companies, postal services, and several government sites.

I can for example authenticate with my bank user credentials to file my taxes
(or could, when I was still living in Finland).

An additional benefit of the ID card is that you can use it for travel inside
the European Economic Area. But I'll rather carry my passport with me, as that
way I don't have to wonder whether the ID card is enough for my itinerary or
not.

edit: ID cards are valid travel documents inside EEA (which is a larger area
than Schengen)

~~~
kitd
> Since TUPAS requires no dedicated hardware ...

Can you explain this bit? My bank here in the UK has an OTP mechanism for
internet access, but it uses a small key generator card provided to each
customer, controlled by a PIN on each use.

Does the TUPAS card itself generate the key?

~~~
bergie
Think of TUPAS like _OAuth /FB Connect as envisioned by banks_. Typically
TUPAS uses a printed card of single-use passwords.

Here in Germany you instead get an SMS with a single-use password every time
you have to authenticate (for example, to pay a bill).

As an alternative German banks also provide smart card reading OTP generators
that interface with your bank card:

[https://www.sparkassen-shop.de/sfp/shop/tan-
generatoren,375/](https://www.sparkassen-shop.de/sfp/shop/tan-
generatoren,375/)

In Finland universities also have the need for federated authentication, as
students can take courses in different schools. Instead of TUPAS they
standardized on Shibboleth and SAML.

------
c_plus_minus
"A proposition for a standard digital signature in every EU citizen's identity
card. .... No extra cards - it will just replace your existing ID card when it
expires"

Well unlike most of the continent, Britain and Ireland have no mandatory I.D.
card (thankfully) so this doesn't cover the whole EU...

~~~
xerophtye
I thought UK wasn't part of EU in the first place.... (Hence it DOES cover all
of EU, no?)

~~~
c_plus_minus
Ahem, Ireland is also a member of the EU!

~~~
xerophtye
I thought i covered Ireland under UK when I asked if it wasn't part of EU

EDIT: oh not all of Ireland is in UK. I honestly didn't know about "Republic
of Ireland" being a standalone country

~~~
CalRobert
oooooh boy. Might want to do some research before your holiday to Belfast (or
Derry).

Edit - I realize that came off snarky - it was meant lightheartedly. In all
seriousness, though -

Republic of Ireland - a soverign nation of 26 counties. Split from the UK
nearly a century ago. There's some interesting (but very painful) history
behind that.

Northern Ireland - 6 counties at the northeast of the island

Ireland - a geographical entity (the island itself)

Ireland (or Eire) - the official name of the Republic

Great Britain - the island with England, Scotland, and Wales. Often used to
refer to the UK (but this isn't completely accurate, if we're being pedantic
it's a geographical, not political, term, and there's still Northern Ireland).

United Kingdom - England, Scotland (for now), Wales, and Northern Ireland

It would make sense for me to make an error in there, but I think I've got
that right. Hope it's helpful!

~~~
xerophtye
Finally someone who chose to explain things instead of just bombing down
votes. Thank you for taking the time to explain that.

And I'll just take solace in this (apparently) Scottish Proverb:

"He who asks is a fool for a moment. He who doesn't is a fool forever"

------
sergiosgc
Portugal already has these. Our ID card is a smartcard, and contains a
personal X.509 certificate, issued by a national certificate authority (and a
bunch more stuff, like my address or photo). You can use a card reader and
standard software to sign legally valid documents. You can login into
government websites with it.

I'd wager about 80% of ID cards already use the new model.

It looks like
this:[http://4.bp.blogspot.com/_4kQttk9aLQI/TT7-nale3lI/AAAAAAAAAC...](http://4.bp.blogspot.com/_4kQttk9aLQI/TT7-nale3lI/AAAAAAAAACE/ebQLh6RFrNI/s320/CartaoCidadao_f%255B1%255D.jpg)

Its site is: [http://www.cartaodecidadao.pt](http://www.cartaodecidadao.pt)

~~~
bozho
Unfortunately, there are too few countries. Portugal, Spain, Estonia, Finland,
Belgium, India and a few more. Everyone solves the problem in their own way,
sometimes incompatible with the others, and not taking into account all
privacy concerns. Hence my suggestion for a standard, interoperable solution

------
ozh
The FAQ is really helpful:

"Will it hurt our privacy?

No"

Oh, OK then.

~~~
nodata
It's a QAA (quickly answered answer).

~~~
lwhi
Please .. it's a DATQA (don't ask that question answer).

~~~
nodata
Well at least the FAQ wasn't a NAQ (never asked question).

------
DCKing
The description of this card's features are a little too basic to my taste.
Based on the "anonymous credentials" they mention it seems to imply that
they're using attribute-based cryptography* to preserve privacy, which would
be awesome. Can anybody shed some extra light on this?

* = See [https://www.irmacard.org/](https://www.irmacard.org/). It allows your card to reliably answer questions like "Am I allowed to enter this country?" and "Am I old enough to buy liquor?" without you having to communicate all your personal data (like full name, exact age, exact country of origin) to the party who needs to check it. In fact, that party would not even be able to gain more information. It just communicates parts of your identity on a need-to-know basis.

------
1ris
In germany we have the EPA or nPA or how this is called. Thank god we can opt
out the functionality of these features.

Good luck proving you didn't electrically sign that contract. Forget
decrypting pay-TV this is the new shit.

~~~
xerophtye
I thought it was easier to replicate handwritten signatures than digital ones,
no?

~~~
1ris
Probably, but I'd be pretty easy to convince a court you did not actually
transferrer your life time savings to Belarus because it is known that
handwritten signatures are weak.

But courts have idiotic trust in technology. They accept the output of anti
privacy program as a proof.

------
zokier
Note: This is just a page created by a random guy on the internet, with no
connection to any official EU entity or authority.

------
esbranson
Its the first step to the EU mandatory-sex-offender-registry-for-everyone that
most continental Europeans call the "resident register" or "population
register". For all you uninformed, that's where you must register with the
police whenever you stay someplace. (Which is why I'm so derisive.) And they
are starting to use national ID cards for this purpose now.

So in that respect this makes perfect sense. An electronic EU ID makes (for
example) mandatory registration with the police so much easier.

[https://en.wikipedia.org/wiki/Resident_registration](https://en.wikipedia.org/wiki/Resident_registration)

[https://en.wikipedia.org/wiki/Resident_registration_in_Russi...](https://en.wikipedia.org/wiki/Resident_registration_in_Russia)

[https://en.wikipedia.org/wiki/Propiska_in_the_Soviet_Union](https://en.wikipedia.org/wiki/Propiska_in_the_Soviet_Union)

[https://en.wikipedia.org/wiki/Hukou_system](https://en.wikipedia.org/wiki/Hukou_system)

(Note the latter systems _are your ID_.)

------
Pirate-of-SV
It's still a card. Why not go for a full software solution as the one used by
banks and government agencies in Sweden?[1]

[1]([http://www.bankid.com/en/what-is-bankid/](http://www.bankid.com/en/what-
is-bankid/))

------
xerophtye
Reminds me of Estonia

[http://www.bhorowitz.com/estonia_the_little_country_that_clo...](http://www.bhorowitz.com/estonia_the_little_country_that_cloud)

------
jmnicolas
I can't wait to be added to yet another database ...

I wonder what countries are left where you can mind your own business without
being tagged like some vulgar cattle.

------
Torn
Do you have any more information? At the moment it looks like a design project
showcase with a few links to wikipedia.

~~~
zokier
> At the moment it looks like a design project showcase with a few links to
> wikipedia.

Because that is exactly what this is. This is just an unofficial proposal by
some random guy: "Page created by Bozhidar Bozhanov".

------
abritishguy
I fully support something like this, but it should be optional.

------
ekianjo
> It will preserve privacy - no one can trace when and how citizens use their
> identity cards.

Haha. I like such statements, and I'm waiting for the first massive leak years
down the road.

~~~
bozho
Read about "anonymous credentials"

------
blueskin_
Some EU countries don't have an ID card, e.g. the UK.

Edit: Just saw it's some eurocrat's proposal, thankfully not an actual new
imposed law. Not that it really matters once the referendum comes up as the UK
will likely be out of the EU after that.

~~~
bergie
What is the problem with the idea of an ID card? There are situations where
you need to prove your identity, and a government-supplied card can be useful
in those cases.

The alternative is using a driver's license or a passport, both of which are
also cards (or booklets), and government-supplied.

It is not like you'd be forced to get one, or carry it around. Finland has had
ID cards as long as I can remember, and I never had to get one.

I had my passport stolen once, and identifying myself to the government to be
able to get a new one was a bit of a pain in the ass, since I didn't have any
other valid national ID (driver's license isn't considered one). The
alternative way of authenticating involved maybe fifteen minutes of questions
like _What was your street address in 1987?_

~~~
davidvaughan
"What is the problem with the idea of an ID card?"

In my view, the problem is that it increases the government's power over
citizens. Much government is useful and good, but it's an ineluctable law that
powers are abused. ID cards extend the territory on which the abuse of power
can play out.

~~~
bergie
In this case the power is "we can prove that you're a citizen of country X".
Unless ID cards come coupled with mandatory carrying of them, I don't see an
issue here. As long as countries provide services (like, say healthcare),
there are valid reasons for needing to prove your nationality every now and
then.

~~~
blueskin_
>there are valid reasons for needing to prove your nationality every now and
then

Such as passport, driving license, residential address, visa if a foreign
citizen, etc?

~~~
bergie
Driving license isn't a valid ID at least in most European countries. And
residential address would probably need some proof, like those stupid utility
bill scans some services require you to send.

Passport obviously works, but doesn't fit in your wallet. But that is the ID I
use when I need one.

