Welcome to the SecAware blog

I spy with my beady eye ...

27 Jun 2007

Identity cards and all that

Thanks to Paulo, an Italian blogger talking about his attendance at The European e-Identity Conference held in Paris earlier this month, I've been browsing the conference presentations. Many concern ID cards, massive PKI systems plus the national and international interoperability issues arising.

A case study [PowerPoint presentation and PDF paper] on the national ID card scheme in Estonia ("E-stonia") has several lessons for other nations currently planning their own schemes. It is surely one of the most advanced pilots with live applications in banking, eGovernment (including online voting) and of course routine personal authentication. Mind you, I do hope that Mari-Liis Mannik is happy to see her ID card (complete with mugshot, signature, date of birth and personal code number) displayed for all to see on the WWW.

A fascinating paper (for those with an interest in ePassports and PKI anyway) reveals the authentication schemes being implemented in today's electronic passports. I particularly enjoyed the author's description of Terminal Authentication - no, that's not the final check before execution but the mechanism by which an immigration official's system "convinces" the passport to release sensitive biometric data.

Finally, there's a Carnegie Mellon University study into the privacy implications of social networking sites such as FaceBook. The study team successfully downloaded 4½ thousand FaceBook profiles from the CMU community before being locked out by the site administrators, and then proceeded to analyze the profiles. They correlated information posted on the site with that obtainable from other public sources, and interviewed members to reconcile what people say about privacy to what they actually publish. It is clear that a large proportion of individuals are uniquely identifiable through voluntarily disclosing their real names, email addresses, photographs, birthdays, home towns, schools, interests and even phone numbers. Why people choose to disclose so much in this way is not nearly so clear, though.

No comments:

Post a Comment