Last updated 18 March 2018
Over recent years, electronic national ID cards (aka eID cards) have been introduced in numerous countries around the world. Furthermore, they are being utilized with ever-growing enthusiasm by their citizens.
But in countries yet to adopt such microprocessor-based smart card technology, serious concerns are still voiced. Common criticisms of eID schemes include :
- the potential threat posed to civil rights and privacy,
- a lack of confidence in the reliability and safety of such systems,
- and a belief that they are quite simply unnecessary and irrelevant.
However, a measured assessment of the many successful national eID deployments that are now up and running provides five clear and compelling responses to these and other fears.
In this web dossier, we try to bring facts to the debate over national ID cards.
So, what are the benefits of national identity cards?
#1: National ID and the digital world
In the past decade, the number of digital exchanges has increased exponentially. But obvious attractions of ease of use go hand-in-hand with the widely held perception that electronic media is relatively fragile.
The absence of traditional "written proof" and eye witnesses, which are characteristic of electronic means of exchange, has very quickly led to the need for a solution that can guarantee the identity of the issuer or the receiver.
Since 1997, the design, production and deployment of secure national electronic ID cards have sought to meet just such a requirement. As a result, the idea of an ID card that is valid for both the physical and digital domains has become a reality for millions of people.
Some visionary countries have also made the leap to mobile identity or m-ID, meaning the creation of a mechanism - initiated using the national eID component - for accessing online services with a high level of security thanks to mobile devices as detailed in our December 2014
white paper on our national mobile ID schemes.
Today, more than 60 countries have set up a national ID scheme and most of them are issuing electronic national ID cards.
What's more, the electronic format of such cards means that, in addition to being employed for electronic signature applications, they are also ideally suited to other use cases as detailed in our report on national ID trends updated in January 2018.
Typically these can include granting the user access to company infrastructures or secure locations, as well as incorporating social security cards and, in some countries, drivers licenses, healthcare cards, "pass cards" for transport services, payment cards and even bank cards. These are are giving birth to a wealth of applications we detail in our dossiers on Estonia, Belgium, Portugal or Germany.
Typically, this is what we discovered in our winter trip study to Kuwait this year. We spotted innovative and usefull applications. With the new Civil ID, any citizen can access electronic social security services, using their eID as the primary authentication tool at a new network of self-service kiosks.
Kuwait Oil Company has deployed self-service kiosks for its employees to simplify the issuance of HR and payroll certificates. Employees can now access the service using their eID to view and print all required documents with complete privacy. Kuwait Credit Bank has deployed the national eID as the most secure tool to access its online services and apply for governmental loans. The card is also the key to authenticate through the bank's web portal.
Money tranfer and cash withdrawals are facilitated in the country with the use of the national ID card.
Using the online service provided by the Ministry of Justice, lawyers can now access the government portal using their national eID, and sign and upload lawsuits digitally.
So why are so many countries relying on smart eID technologies?
#2: The technology used is robust and fit for purpose
Using 'smart' banking cards, billions of dollars are sent around the world every day without being stolen. The very same technology can be used to address the growing threat of identity fraud.
The microprocessor-based smart card (and SIM card in your mobile phone) protecting identity credentials is considered the most secure means of authentication. It makes it possible to prevent identity fraud and effectively protect citizens' personal data. That's why it is established as the media of choice for granting access to e-Government applications.
This approach can also be used to host a range of other services and use cases, such as e-payments, e-purses, digital signatures, authentication, identification and travel cards.
It should also be noted that
this technology now protects over 1B travel documents, commonly known as electronic passports, in 120 countries, dating back as far as 2006.
#3: A national ID card scheme can lead to greater transparency
One example of a national ID scheme that empowers citizens is provided by Belgium's eID project.
The law which accompanied the introduction of the new eID card in Belgium required the government to offer citizens a "My File" application, which can be accessed online. This allows people to know who has accessed their personal data. A query or complaints form is made available to citizens, who can also request that the government provides a justification for any recorded access. Similar rights apply in several other European electronic ID schemes.
The take-away lesson?
A fundamental democratic principle is observed:
when a new constraint is introduced (in this case, digital footprints), a new right is provided (transparency). A record is kept each time Belgium's National Register data is accessed by a government official, noting the identity and place of work of the official who accessed the personal data of a citizen, and the date it took place. In the six months following access, the citizen can consult their personal databases to view this information.
#4: "1984" did not happen
The fear that an ID card system represents the start of a slippery slope to greater surveillance and monitoring of citizens has proved unfounded.
Quite simply, the oppressive scenario described by George Orwell in his novel "1984" did not happen.
A national ID scheme is not synonymous with totalitarian governments wielding absolute power.
The reality is that "1984" did not come true in Austria, Finland, Italy, Sweden, Spain, Germany, Belgium, the Netherlands, Luxembourg,
Estonia, Lithuania, Malaysia, South Africa, Uruguay or Chile – to name just some of the 50 countries that have so far moved to eID.
And remember: an eID card will always remain where you want it - in your pocket or mobile phone.
You alone decide if and when you want to use it.
But you may be thinking: “OK, I get all that. But HOW do we actually do it?”.
Let’s dig in.
#5: National ID system : Building the chain of trust
The issue of legal continuity is at the heart of the digital transformation of our exchanges and transactions. Whatever the media, digital exchanges should enjoy the same legal security as their physical equivalents.
Governments worldwide are seeking to boost efficiency, economic development and inclusion with the ultimate aim of better serving their citizens in a reliable, secure and transparent way.
UK said "no" to a national ID card but "yes" to a national eID scheme
The case of the UK national ID card is also interesting. The UK clearly said "no" to a UK ID card in 2010.
This decision was taken by the new goverment and announced by Theresa May, the Home Secretary at that time.
A separate scheme under which identity cards are issued to all foreign nationals resident in Britain was however confirmed.
To be fair, much of the protest was focused on the creation of a National Identity Register holding up to 50 different pieces of information on each citizen, rather than the card itself. The £60 price tag for the ID card was also much too high for a low perceived value.
GOV.UK Verify is born in 2015 and in a different context. Identity fraud is high in the UK and 84% of all identity fraud was committed online in 2014. As a result, there is far greater acceptance of the need for tighter security in general, and online identity protection in particular.
The rapid adoption of a host of mobile and online services, secure authentication of one form or another has become part and parcel of everyday life.
UK Verifify a single, legally recognized means of online authentication. It's the new way to prove who you are online.It gives safer, simpler and faster access to government services . It is designed to unlock the door to a new era of eGovernment in the UK.
The case of national ID in India: the ID is the number
Launched in 2009, Aadhaar is now the largest biometric identification scheme in the world with 1,2B people enroled.
With Aadhaar, each resident over 18 is issued with their own, unique 12-digit Aadhaar number.
It's a single, universal, digital identity number that any registered entity can use to "authenticate" an Indian resident.
The unique number and biographic information are printed on a paper document known as the Aadhaar card.
Anyone who has lived in India for 182 days can enrol in Aadhaar for proof of identity. So it's a residential card and not a citizen card per se.
Most importantly, the ID is the number, not the card. And it's purely digital and hence verifiable online.
In India, it's about you being the identity not the card.
National identity schemes
Nations deploy national identity trust systems not only to rationalize services and processes in areas such as social services, taxes, local voting and administration, but also to promote private services by
stimulating the digital economy, all while reducing costs.
They can reap the digital dividends quite effectively as evidenced by our August 2016 web dossier and The World Bank's May 2016 report.
Gemalto believes that modern digital economies are built on the implementation of reliable digital identities for citizens. Only this can ensure the necessary level of trust in the internet and the mobile devices of the future, with interoperable authentication and signature solutions, through the implementation of secure portable devices ("secure elements"), such as PKI (Public Key Infrastructure) SIM cards, identity cards, as well as many other innovative devices.
Our worldwide experience has shown that the implementation of secure trusted eID is essential for the unreserved and enthusiastic adoption of eGov solutions by citizens. They are the ones who must carry this physical object on their person – a digital safe containing their identity, personal data and rights – enabling strong authentication through at least two factors: "what I have" (my secure mobile device) and "what I know" (my confidential code).
Overall, the key message for those with concerns over electronic national ID schemes is that security and surveillance are not one and the same.
What is security in the digital age?
Security provides us with the power to be more creative in promoting our well-being - whilst also limiting the effects of uncertainty, as best we can.
Security is not something that constrains, limits or restricts us. Instead, it is the very thing that opens up new possibilities; providing the reassurance we need to take full advantage of the benefits of human development, acting within - and protected by - the rule of law.
With stronger reassurance and improved security, we can do more, and in a more effective way, to bring about the changes which will shape our future.
Gemalto's business is focused on digital identity and security. As well as defining a corporate mission, our company slogan - "Security to be free" – echoes the values that are at the heart of any sustainable digital society.
More on national ID schemes