© fedict 2008. All rights reserved Legal aspects Belgian electronic identity card Samoera Jacobs – November 2008

© fedict 2008. All rights reserved

Legal aspects Belgian electronic identity card

Samoera Jacobs – November 2008

© fedict 2008. All rights reserved 2

>Content of the eID

>Digital certificates

>eID and privacy


Legal aspects

Belgian electronic identity card

Content of the eID


Content of the eID

> From a visual point of view, the information shown will be the same as on the present identity card:• name• first 2 Christian names• first letter of third Christian name• nationality• place and date of birth• sex• place of issue• start and end dates of validity• card number• owner’s photograph• owner’s signature• National Register Number

Visual identification

of the owner


Content of the eID

> From an electronic point of view, the data on the chip is the same as the information

printed on the card, plus: • address• identity and signature keys• identity and signature certificate• Certificate Service Provider• security information (chip number, signature for

identity data, etc.)

> No other data is stored, no data container

Electronic identification of the owner


authentication

data capture

signature

Content of the eID


Content of the eID

“PIN protected” Use without PIN

IDID ADDRESSADDRESS

authentication

digital signature

RRN SIGN

RRN SIGN

RRN SIGN

RRN SIGN

PKI IDENTITY

private

private

public

public

authentication

data capture

signature


Content of the eID

eID as a tool (mean) to read efficiently, without mistakes identification data.

takes time

unefficient

prone to error

fast

efficient

exact copy


Content of the eID


authentication

data capture

signature

Content of the eID


Content of the eID

eID as a tool for strong authentication (in the electronic world)

Hi Jan !

Hi Peter !

physical worldphysical world online worldonline world

…


Content of the eID

!! The PIN usage for authentication is done ONCE until card is removed !!


authentication

data capture

signature

Content of the eID


!! The PIN usage for signature is requested each time for a signature !!


Content of the eID

> Belgian ID card Act of 19 July 1991 (amended by Act of 25 March 2003 to introduce electronic identity cards)

> Article 6 §2 : other content can only be added by law. No intention to have a data container -> access key model

> eID valid for 5 years> 24/7 helpdesk in case of loss, theft,

destruction


eID : the access key model home banking, online

opening of accounts,

…

proof of membership

SSO, …

Healthcare

e.g. SIS

driver’s licence

student cards, e-

learning, …

…

e-commerce


Legal aspects


Digital certificates



> eID contains two digital certificates:• one for electronic signature• one for authentication



> European Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community Framework for Electronic Signatures.

> The two main objectives: • free internal market for electronic signatures and certification

services (all electronic signatures, all certification services, all signature products)

• legal effect of electronic signatures (under certain conditions, for specific purposes, with many exceptions)



> Authorisation (mandatory) is forbidden, accreditation (voluntary) is allowed, supervision is obliged.

> General principle: legal effect + admissibility as evidence

for all electronic signatures.> Second principle: certain electronic signatures get the

same legal effect as hand-written signature.



> Liability for CSP> Respect of Data Protection Directive> National law determines in which fields electronic

documents and electronic signatures can be used> Standardization work to clarify the requirements of the

annexes of the Directive



> Belgian E-Sign act of 20 October 2000 on the introduction of telecommunication means and the use of electronic signatures

> Evidence; non-discrimination principle> New article 1322, 2 Civil law,

• For the purpose of this article, a signature can also mean data in electronic form which can be attributed to a certain person and which demonstrate the integrity of the content of the document



> Belgian CSP act of 9 July 2001 to create a legal framework for the usage of electronic signatures and certification services

> Article 4 § 5:• The qualified electronic signature is the only type of signature

that will automatically be given the same legal value as a handwritten signature. A qualified signature is an advanced electronic signature based on a qualified certificate and produced by a secure signature creation device.



> Digital certificates on Belgian eID cards• Issued by an accredited Cerification Authority• Allow signatures with same legal value as handwritten

signatures

> Signature function not activated for minors> Authentication and signature data not activated if citizen

does not want to


Legal aspects


eID and privacy


eID and privacy

>Visual control of the eID• Only obliged to show the eID in restricted cases (legal

authorities such as police)• Article 1 Royal Decree 25 March 2003 on electronic

identity cards


eID and privacy

>Electronic control of the eID• Strictly regulated, only by Royal Decree• Article 6 § 4 ID card Act


eID and privacy

>Use of national identification number• Act of 8 August 1983 (amended by Act of 25 March)• Use of national identification number

• only after authorisation of Sectoral Committee (Privacy Commission) and

• only for specific groups (Belgian public authorities, public and private entities for fulfulling a task of general interest, subcontractors of Belgian public authorities, Notary public and baillif, Pharmacists, Lawyers)


eID and privacy

>Rights as a citizen• Access right to data on eID and data in National

Register of identification data (via eID, via municipality)

• Correction right (mistakes or incomplete information)• Information right

• Everyone who accessed data in National Register of identification data during last 6 months


>Questions

>Samoera Jacobs>[email protected]

Documents

© fedict 2008. All rights reserved Legal aspects Belgian electronic identity card Samoera Jacobs – November 2008