Consult Hyperion, an independent consultancy which specialises in the field of secure transactions in contactless smart cards and mobile devices, has detailed a report it has written for ENISA (the European Network and Information Security Agency, working for the EU Institutions and Member States) about the management of multiple electronic identities (eIDs).
For about the past ten years European Member States and EEA countries have been implementing electronic identity management (eIDM) systems based on their national requirements, which have included improving administrative efficiency, improving accessibility and user-friendliness, and reducing costs. These requirements can be enhanced at the European level by improving the interoperability of electronic identification/authentication systems operated at the national level.
The increasingly digital nature of relationships between people is central to dealing with the issues of managing multiple identities. It is not a question simply of hardware or software, but more importantly of enabling people to enjoy and benefit from online experiences, while dealing with potential issues. These issues might include a lack of knowledge or training, difficult personal circumstances or simply irritation at the diversity and unpredictability of online privacy and identity mechanisms. It is therefore vital that we should have strong, reliable mechanisms, which can be easily understood and relied upon across the course of a lifetime.
“This is a very ambitious aim, but one which is potentially well supported by the range of technologies developing in this area. Privacy enhancing technologies have a major role to play.” said John Elliott, Consult Hyperion’s Public Sector Practice head, and one of the authors of the report. “Equally, simple good sense, such as using appropriate strength of authentication and not keeping credentials beyond their useful lifespan are important considerations. The adoption of open standards, with the flexibility this implies, also has a significant part to play.”
There is much scope for policy to assist by supporting and protecting people in their online experience. Problematic activities such as data mining and other identity-related attacks deserve close scrutiny. There are still questions to be resolved around the legal implications of ownership and also revocation of identities online. In such a fast-moving and interconnected area, it is likely that these and other issues will require the ongoing attention of policy makers in the coming years.
As experiences and expectations develop further, it is vital that the potential for management of multiple digital identities is not stifled by expectations based on traditional paper-based identity documentation. We should not aim to replicate offline processes, but rather to improve on them. We have excellent technologies at our disposal, which can provide a greatly enhanced level of user experience, choice, and privacy protection.
To create an identity infrastructure which will serve us well into the future, it is essential that policymakers should be fully aware of the opportunity that this presents. It must be managed well, with appropriate recognition of the needs of individual users and well chosen technologies. A well-designed infrastructure, with due flexibility and privacy built in, has the potential to deliver substantial social and commercial benefits.
The ENISA report is expected to be published in April 2011 and will have three main sections:
Electronic identity key concepts
Methods of management of multiple electronic identities
Guidelines and best practice
A paper on the results of this work was presented at the European Identity Interoperability Conference: “Bridging the Identity Divide” organised by eema in Leuven in March.
About Consult Hyperion
The four main sectors the company operates in are; financial services, including card schemes, banks, retailers and others; telecommunications and media; and the public sector, including central governments and transportation authorities.
About ENISA
http://www.enisa.europa.eu/about-enisa
ENISA is as a body of expertise, set up by the EU to carry out very specific technical, scientific tasks in the field of Information Security, working as a “European Community Agency".
The Agency also assists the European Commission in the technical preparatory work for updating and developing legislation in the fields of Network and Information Security.
