More and more countries are introducing electronic systems for identification and signature functions. In developing such systems it is crucial to make them as secure as possible against external interventions. In order to appeal they must also be easy to use. To satisfy both criteria is a huge challenge.
Electronic identity management is a complex technological and social innovation. The switch to electronic communication between public authorities and citizens or businesses requires new forms of identification and authentication using a personal signature. EIdentity analysed the legal and cultural contexts together with the different scopes for technology and organisation in the development of such systems in selected countries (Belgium, Germany, Austria, and Spain).
All four countries have decided to introduce eID cards for electronic identification in virtual contacts with public authorities. The following questions were examined:
There are big differences in the designs of these systems when it comes to the means used, the personal features, the scope of application, privacy protection, and security provisions. This is due to differences in the relationships between the relevant actors, priority being given to specific policy fields, institutional contexts and cultural patterns.
However, there were conspicuous parallels in the low levels of acceptance and usage of e-ID systems. Above all, this is due to the high complexity of the innovation and the demands on the users – citizens and public authority employees.
The emergence of identity management indicates that the process of identification has reached a stage where analog and digital environments converge. This is also reflected in the increased efforts of governments to introduce electronic ID systems, aiming at security improvements of public services and unifying identification procedures to contribute to administrative efficiency. Though privacy is an obvious core issue, its role is rather implicit compared to security. Based on this premise, this paper discusses a control dilemma: the general aim of identity management to compensate for a loss of control over personal data to fight increasing security and privacy threats could ironically induce a further loss of control. Potential countermeasures demand user-controlled anonymity and pseudonymity as integral system components and imply further concepts which are in their early beginnings, e.g., limiting durability of personal data and transparency enhancements with regard to freedom of information to foster user control.
12/2007 - 12/2008