We had these electronic identity cards in Finland for quite a while, but I think they've been considered a failure:
It was initially planned as a general network authentication device for both public and private sector strong authentication needs. In 2009, however, the card was viewed by a government committee as a failure. There has been less than 300000 cards around by 2011 out of population of 5.3 million. The rationale to apply for a card has mostly been traveling abroad. Only few dozen government services have adopted it, and only one bank adopted it as login card to their netbank. All banks in Finland use a national standard called TUPAS, which uses one-time passwords. Banks also provide TUPAS authentication to other Internet-enabled businesses. Since TUPAS requires no dedicated hardware, cost of a card reader and card itself have been main causes in the failure of the eID card.
The problem is simply that smart card readers never got integrated into computers, and people didn't want to buy a USB dongle for that just to be able to authenticate with some government websites.
Instead, what happened was that the two-factor authentication system provided by banks became the dominant "secure authentication" method. By now it is supported by most sites that need such a thing, like banks, insurance companies, postal services, and several government sites.
I can for example authenticate with my bank user credentials to file my taxes (or could, when I was still living in Finland).
An additional benefit of the ID card is that you can use it for travel inside the European Economic Area. But I'll rather carry my passport with me, as that way I don't have to wonder whether the ID card is enough for my itinerary or not.
edit: ID cards are valid travel documents inside EEA (which is a larger area than Schengen)
In Belgium the electronic card took off ~10 years ago but it is seldom used outside of official state matters (on the top of my head: when you move in/out, when you get married, etc. Basically used for anything that the state has to formally identify you). Administration are well-equipped with readers and you can file your taxes with it if you have a reader (everyone that I know and own a reader bought one for that sole purpose).
We have two-auth for banking as well.
edit: oh and some public transport use it to fill in addresses field faster when creating bus or train card.
Basically it's a glorified unique address memento.
It's not considered a failure though.
edit2: Most importantly: id cards are mandatory in Belgium and most entities have switched to electronic card.
The picture on the site is Estonian ID card. Being an Estonian I'm pretty sure that unlike our neighbours Finns our card is actually used a lot. The main driver is the ability to do your stuff from home, without going to some office during business hours. Given the size of Finland I'd expect it to be very useful in northern parts of the country.
Can you explain this bit? My bank here in the UK has an OTP mechanism for internet access, but it uses a small key generator card provided to each customer, controlled by a PIN on each use.
"A proposition for a standard digital signature in every EU citizen's identity card.
....
No extra cards - it will just replace your existing ID card when it expires"
Well unlike most of the continent, Britain and Ireland have no mandatory I.D. card (thankfully) so this doesn't cover the whole EU...
I allways wondered about the aversion to id-cards. Doubly when I heard the story about catch-22 style schenigans I heard you need to go through in GB, if you want to open a bank account, and rent a flat at the same time (or so I heard, that most of the time bank accepts as proof of identity utility bills from place where you live, and landlord accepts similarily a proof of existence of a bank account) ... in czech republic I just show them my id card, and everyybody is hapy. I could even pay a little bit extra to have digital signature embedded, which would allow me to fill my taxes via web ...
U'll join in with the chorus and point out that this point of view is an outdated relic of the national identity card debates of the 80s and 90s. Back then it was possible to imagine a world where we weren't tracked permanently. With the advent of ubiquitous mobile phones, the Web (with cookies!), public transport electronic passes, license plate readers for cars, face recognition linked with CCTV networks, that era has gone. In my opinion, if we can't have privacy, then we should at least get some of the potential benefits that are possible when privacy is removed, and national ID cards give you just that.
Finland doesn't have a mandatory ID card either, but you've been able to get an electronic ID like the one described for quite a while if you want one.
What a joke. So you have no DL, no passport, you don't have any bank accounts or credit cards, no internet account or phone account, no national health insurance account, and no address?
Thats great! Since you're not required to have an ID card then you can't be identified and your privacy is secure.
Also you're homeless, probably destitute and unable to live or participate in society.
Portugal already has these. Our ID card is a smartcard, and contains a personal X.509 certificate, issued by a national certificate authority (and a bunch more stuff, like my address or photo). You can use a card reader and standard software to sign legally valid documents. You can login into government websites with it.
I'd wager about 80% of ID cards already use the new model.
Unfortunately, there are too few countries. Portugal, Spain, Estonia, Finland, Belgium, India and a few more. Everyone solves the problem in their own way, sometimes incompatible with the others, and not taking into account all privacy concerns. Hence my suggestion for a standard, interoperable solution
The description of this card's features are a little too basic to my taste. Based on the "anonymous credentials" they mention it seems to imply that they're using attribute-based cryptography* to preserve privacy, which would be awesome. Can anybody shed some extra light on this?
* = See https://www.irmacard.org/. It allows your card to reliably answer questions like "Am I allowed to enter this country?" and "Am I old enough to buy liquor?" without you having to communicate all your personal data (like full name, exact age, exact country of origin) to the party who needs to check it. In fact, that party would not even be able to gain more information. It just communicates parts of your identity on a need-to-know basis.
Its the first step to the EU mandatory-sex-offender-registry-for-everyone that most continental Europeans call the "resident register" or "population register". For all you uninformed, that's where you must register with the police whenever you stay someplace. (Which is why I'm so derisive.) And they are starting to use national ID cards for this purpose now.
So in that respect this makes perfect sense. An electronic EU ID makes (for example) mandatory registration with the police so much easier.
Some EU countries don't have an ID card, e.g. the UK.
Edit: Just saw it's some eurocrat's proposal, thankfully not an actual new imposed law. Not that it really matters once the referendum comes up as the UK will likely be out of the EU after that.
What is the problem with the idea of an ID card? There are situations where you need to prove your identity, and a government-supplied card can be useful in those cases.
The alternative is using a driver's license or a passport, both of which are also cards (or booklets), and government-supplied.
It is not like you'd be forced to get one, or carry it around. Finland has had ID cards as long as I can remember, and I never had to get one.
I had my passport stolen once, and identifying myself to the government to be able to get a new one was a bit of a pain in the ass, since I didn't have any other valid national ID (driver's license isn't considered one). The alternative way of authenticating involved maybe fifteen minutes of questions like What was your street address in 1987?
[+] [-] bergie|12 years ago|reply
It was initially planned as a general network authentication device for both public and private sector strong authentication needs. In 2009, however, the card was viewed by a government committee as a failure. There has been less than 300000 cards around by 2011 out of population of 5.3 million. The rationale to apply for a card has mostly been traveling abroad. Only few dozen government services have adopted it, and only one bank adopted it as login card to their netbank. All banks in Finland use a national standard called TUPAS, which uses one-time passwords. Banks also provide TUPAS authentication to other Internet-enabled businesses. Since TUPAS requires no dedicated hardware, cost of a card reader and card itself have been main causes in the failure of the eID card.
http://en.wikipedia.org/wiki/Finnish_identity_card
The problem is simply that smart card readers never got integrated into computers, and people didn't want to buy a USB dongle for that just to be able to authenticate with some government websites.
Instead, what happened was that the two-factor authentication system provided by banks became the dominant "secure authentication" method. By now it is supported by most sites that need such a thing, like banks, insurance companies, postal services, and several government sites.
I can for example authenticate with my bank user credentials to file my taxes (or could, when I was still living in Finland).
An additional benefit of the ID card is that you can use it for travel inside the European Economic Area. But I'll rather carry my passport with me, as that way I don't have to wonder whether the ID card is enough for my itinerary or not.
edit: ID cards are valid travel documents inside EEA (which is a larger area than Schengen)
[+] [-] johnchristopher|12 years ago|reply
We have two-auth for banking as well.
edit: oh and some public transport use it to fill in addresses field faster when creating bus or train card.
Basically it's a glorified unique address memento. It's not considered a failure though.
edit2: Most importantly: id cards are mandatory in Belgium and most entities have switched to electronic card.
[+] [-] pisipisipisi|12 years ago|reply
[+] [-] kitd|12 years ago|reply
Can you explain this bit? My bank here in the UK has an OTP mechanism for internet access, but it uses a small key generator card provided to each customer, controlled by a PIN on each use.
Does the TUPAS card itself generate the key?
[+] [-] c_plus_minus|12 years ago|reply
Well unlike most of the continent, Britain and Ireland have no mandatory I.D. card (thankfully) so this doesn't cover the whole EU...
[+] [-] a-saleh|12 years ago|reply
[+] [-] raphinou|12 years ago|reply
[+] [-] antimagic|12 years ago|reply
[+] [-] bergie|12 years ago|reply
https://news.ycombinator.com/item?id=7626555
[+] [-] xerophtye|12 years ago|reply
[+] [-] xerophtye|12 years ago|reply
[+] [-] nutjob2|12 years ago|reply
Thats great! Since you're not required to have an ID card then you can't be identified and your privacy is secure.
Also you're homeless, probably destitute and unable to live or participate in society.
[+] [-] sergiosgc|12 years ago|reply
I'd wager about 80% of ID cards already use the new model.
It looks like this:http://4.bp.blogspot.com/_4kQttk9aLQI/TT7-nale3lI/AAAAAAAAAC...
Its site is: http://www.cartaodecidadao.pt
[+] [-] bozho|12 years ago|reply
[+] [-] ozh|12 years ago|reply
"Will it hurt our privacy?
No"
Oh, OK then.
[+] [-] QuadDamaged|12 years ago|reply
[+] [-] nodata|12 years ago|reply
[+] [-] DCKing|12 years ago|reply
* = See https://www.irmacard.org/. It allows your card to reliably answer questions like "Am I allowed to enter this country?" and "Am I old enough to buy liquor?" without you having to communicate all your personal data (like full name, exact age, exact country of origin) to the party who needs to check it. In fact, that party would not even be able to gain more information. It just communicates parts of your identity on a need-to-know basis.
[+] [-] 1ris|12 years ago|reply
Good luck proving you didn't electrically sign that contract. Forget decrypting pay-TV this is the new shit.
[+] [-] xerophtye|12 years ago|reply
[+] [-] zokier|12 years ago|reply
[+] [-] esbranson|12 years ago|reply
So in that respect this makes perfect sense. An electronic EU ID makes (for example) mandatory registration with the police so much easier.
https://en.wikipedia.org/wiki/Resident_registration
https://en.wikipedia.org/wiki/Resident_registration_in_Russi...
https://en.wikipedia.org/wiki/Propiska_in_the_Soviet_Union
https://en.wikipedia.org/wiki/Hukou_system
(Note the latter systems are your ID.)
[+] [-] Pirate-of-SV|12 years ago|reply
[1](http://www.bankid.com/en/what-is-bankid/)
[+] [-] xerophtye|12 years ago|reply
http://www.bhorowitz.com/estonia_the_little_country_that_clo...
[+] [-] jmnicolas|12 years ago|reply
I wonder what countries are left where you can mind your own business without being tagged like some vulgar cattle.
[+] [-] Torn|12 years ago|reply
[+] [-] zokier|12 years ago|reply
Because that is exactly what this is. This is just an unofficial proposal by some random guy: "Page created by Bozhidar Bozhanov".
[+] [-] abritishguy|12 years ago|reply
[+] [-] ekianjo|12 years ago|reply
Haha. I like such statements, and I'm waiting for the first massive leak years down the road.
[+] [-] bozho|12 years ago|reply
[+] [-] blueskin_|12 years ago|reply
Edit: Just saw it's some eurocrat's proposal, thankfully not an actual new imposed law. Not that it really matters once the referendum comes up as the UK will likely be out of the EU after that.
[+] [-] bergie|12 years ago|reply
The alternative is using a driver's license or a passport, both of which are also cards (or booklets), and government-supplied.
It is not like you'd be forced to get one, or carry it around. Finland has had ID cards as long as I can remember, and I never had to get one.
I had my passport stolen once, and identifying myself to the government to be able to get a new one was a bit of a pain in the ass, since I didn't have any other valid national ID (driver's license isn't considered one). The alternative way of authenticating involved maybe fifteen minutes of questions like What was your street address in 1987?
[+] [-] kitd|12 years ago|reply
I swear sometimes it's like they actually want us to leave.
[+] [-] jergosh|12 years ago|reply
That's actually highly unlikely. Much as the Brits value their independence, the economic cost would be too high.
[+] [-] unknown|12 years ago|reply
[deleted]