Anonymous, Liberal and User-Centric Electronic Identity Supports Citizen Privacy Protection in e-Government

OASIS eGov Workshop - 1 May 2008

Libor Neumann

2

Current electronic identity needs

• User-centric solution

• Technology-neutral solution

• Support of scalable levels of the security, including high security standards

• Protection against known and future attacks in the network environment

• Privacy protection

• Support for the functions and levels of security needed in the e-government

Current e-government privacy threats related to e-ID

• Digital certificates • Certificates include personal data

• The quality of the data is verified by Certification Authority

• No access control to personal data used in the certificates

• Biometrics• Biometric data are private data - data related to the body

• No access control or limited access control to biometric data used for remote e-ID

• Consequences• Huge unmanaged distributed “database” storing private data

• The name or body cannot be changed if the data is misused

• The issue• Personal data used by e-ID technology

• Not personal data stored in e-government systems

Anonymous identity (1)

• Anonymous identity – Nonsense?

• Real life examples of anonymous identity• Mail carrier or the neighbour’s cat or dog

• Dog and its master

• Mother and her baby

• Program variable in virtual memory

• ALUCID® separates distinguishing between subjects from naming of subjects

Anonymous identity (2)

• The ALUCID® principles related to anonymous identity • No user, and no service provider, works directly with

identifiers and credentials (secrets).

• No personal data are included directly or indirectly in the identifiers or credentials.

• Identifiers and credentials are shared only between the user and the service provider. No generally valid identifier or credential exists.

• Identifiers and credentials are very large random (or pseudorandom) numbers with limited validity in time.

Liberal identity

• User freedom in selecting his or her options • Selecting a product, producer, form, size, features,…

• No obligation to use that product

• Possibility to use more than one product

• Possibility to change his/her mind in future

• Producer and service provider freedom• Seamless interoperability

• Open standard interface strategy

• No registration, no central authority

• Production of “empty product” – supports mass production and standard sale of products

User-centric identity (1)

Local Communication

Channel

Logical Communication

Remote Communication

Channel

Personal Electronic Identity Gadget

Internet

Near Area Communication

Open Standard Interfaces

ALUCID® technology

subjects

User

Service Provider

SecureStableLink

Name SurnameRegister

index

John Doe 172584Donald Duck 589241Herry Potter 259863… … …

User Database

User-centric identity (2)

• The user scenario should be:• The user selects a PEIG. It is sold empty.

• The user teaches his or her PEIG to recognize him or her when activated.

• The user connects the first time to the service provider and uses the activated PEIG.

• The user can (but need not) give his or her personal data to the service provider

• The user will be able to open his or her personified service directly if he or she activates his or her PEIG.

• The same procedure can be used with any other service provider supporting ALUCID.

Missing entities

• No login names, no passwords. No forgotten password, no phished password, …

• No user certificate. No recertification, no extra charges, no names on the network,…

• No identity provider. No user communication with an identity provider, …

• No government-issued identity. No “numbering” of citizens, no misuse of state-issued identifiers,…

• No biometric data without access control. No cloned biometric data from e-ID use, no remote verification of biometric data origin,...

Personal data management in the e-government

• Government and personal data• The government stores citizens’ personal data in its internal

information systems.• Governments do not need any other personal or private data

stored by e-ID means.• E-government only requires a secure link between the

person and the personal data record• The link itself need not use personal information

• Government uses personal data in e-ID system only due to the e-ID technology needs it

• ALUCID® technology supports creation of a secure and stable link between a specific PEIG® and a specific user database record without any personal data

Personal data management in e-government

• How to link anonymous PEIG® with the right personal data in the information system?

• Who is the person using the specific PEIG®?

• Secure initialisation of the link between the user and the record.

• Governments resolve the same issue in the non-electronic communication every day

• The owner of a specific PEIG® will introduce his or her PEIG® to the e-government service provider

• ALUCID® technology will support so-called “remote heritage of PEIG® introduction”

Citizen Centric Administration & e-ID

• Citizen centric administration should be personified administration

• e-ID technology is a key enabler of personified administration

• Users needs user-centric e-ID (shared e-ID tools)• E-government services are minority services • User centric e-ID is needed condition of citizen

centric administration but not sufficient one!• Possible options

• Citizens will use government issued e-ID for all other electronic services

• Government will enable use of citizen preferred e-ID tools

• Privacy protection has to by solved in both cases

Conclusion

• Privacy protection is today an underestimated threat of e-government

• The longer e-ID technologies based on personal data are used the greater grow the risks to citizen privacy

• Government does not itself need the personal data used in e-ID means

• ALUCID® should solve the needs of government without additional privacy threats for citizens

• ALUCID® is a new concept, a new solution. The first prototype exists. It needs to be verified in a pilot test in real life before mass use.

• We look for partners (cooperation, verification, standardization, deployment,…)

Libor.Neumann@anect.com