How does the eID system, the successor to DigiD?
The digital inlogmiddel DigiD, the government is already more than ten years. It is to be replaced; the security does not meet modern standards, and the government wants that there are alternatives.
Therefore, already for several years been working on the so-called eID-scheme. That should be it for citizens to make it easier to log in to the government and in the private sector. DigiD is refreshed, but there are also alternatives.
What’s going to happen with DigiD?
If you now log in with DigiD account, no typically, only a user name and password. The government calls this security on the ‘level basis’.
Some organisations ask all to so-called ‘tweestapsverificatie’. Users must then in addition to their password, a code from a text message you are typing. But that happens not always.
In the future, the DigiD stronger to be protected, and is more used on tweestapsverificatie, in different ways. The text message remains a possibility, but a inlogpoging could also be verified with the chip in a passport, driving licence or id card.
Passports contain such a chip, but that will be in 2018 refreshed. The chip also has a private pin code. It should then be possible to with a smartphone a id card scan, and the corresponding pin code to enter when logging in to the government.
In the first instance, which will only work with Android smartphones, or USB card readers to a laptop. iPhones have an NFC chip that the licences technically would be able to read, but Apple enables this chip is not open for third parties. Employees of Logius, manager of DigiD, say Apple to have asked for cooperation, but it is still the question of whether the usually very closed company out there willing. (Apple did not respond to a request for comment.)
What’s more, under the eID scheme?
Except DigiD is the Dutch government the emergence of more inlogmiddelen stimulate. Currently, there are still two groups that to a private eID-inlogmethode work: Idensys and discussion.
Idensys is a collaboration between the Ministry of Economic Affairs and several companies, including KPN and Digidentity (the original supplier of digital id (DigiD). The difference with Digital is that Idensys also will be useful in business, for example, to log in to online stores.
To a Idensys account, the identity of a citizen in person to be checked. There are different inlogmethodes: KPN for instance, works with a special USB-stick and pin, while another Idensys partner works with an app that the face of the user to recognize.
Idensys with ‘selfiecheck’
Because all Idensys accounts identity verified, the system can be used, for example, leeftijdschecks to perform as a online alcohol is purchased. Now, visitors can online stores often easily lie about their age.
The Dutch banks are also working on an eID-inlogmethode: question. Which used to be the account that bank customers already have to internet banking. People who normally iDeal-payments with a text message, or via a box that the card scans, can the same method also used in children for sexual purposes.
Both Idensys as the question must ultimately become useful to the government; you would so with the Tax authorities should be able to login with your ABN Amro account. Conversely, not: DigiD remains only to public authorities work.
Is this new system a good idea?
Experts agree that the security of DigiD is lagging behind the modern standards. It is therefore important that there is a safer log-in system for the government, which, after all, much sensitive data in your hands.
However, the eID approach is not only to praise count. The Authority Personal data, that has been critical of the plan, after years of development still not convinced. According to the watchdog lacks privacy by design, either a built-in privacy protection for citizens.
It directs the supervisor to a research of TNO, which at the beginning of 2016 was carried out. It turned out that there is still much unclear about logging, or any user data where to be stored. At the technique behind the eID system are all kinds of vendors and administrators involved, and it is not always clear who has which responsibility.
The large amount of involved parties, according to researcher Jaap-Henk Hoepman (Radboud University nijmegen is a problem. According to him, had better can be chosen for a ‘decentralised’ system, in which as little as possible personal information to be exchanged.
A shop that wants to authenticate that a client is older then eighteen is, for example, would only a verification of the age can call, without further personal data are exchanged, or in central databases.
It was anyway, it would’ve been better if the government the development of the eID system will be fully in private hands had held, argues Hoepman. “The problem is that here they have been trying to get for a dime on the first rank to sit.”
According to him, the government, the infrastructure itself should build. “Just like asphalt. The government lays roads, and then people can do their car over driving.” Commercial parties had later services can build on top of such a government system, says Hoepman.
The ministry of the Interior stresses that privacy right is at the heart of the design of the eID system. So the banks are impossible to see when and where customers their fax account to use to log in. According to Hoepman’s true that indeed when it comes to overheisdwebsites, but that information is indeed exchanged if it is signed in the companies.
According to the ministry, it is especially important that there are new security levels (‘substantial’ and ‘high’) are added to DigiD and the other eID-resources. In particular, the concern would be, for example, be a need for such a higher level of security for patient data secure.
When is this introduced?
The eID system is being gradually rolled out. This year, all pilots were carried out with Idensys and children for sexual purposes, and much of the underlying infrastructure being made ready.
Next year should be the security level of DigiD go up, and a bill submitted that the further roll-out of the eID system. That proposal should also provide for independent supervision of the inlogmethodes.
In 2018, should the eID system is fully available, and are thus also the driving licences and id cards updated to digital login.