"Privacy Baseline" For European EID Cards 24
giles hogben writes "This paper from the European Network and Information Security Agency looks at the roll-out of privacy features in electronic identity card technology (PDF) over Europe. It includes numerous tables for easy comparison but doesn't make too much comment on the relative privacy-merits of different cards. Readers can draw their own conclusions though ..."
ENISA (Score:3, Interesting)
What you have to understand that ENISA is a completely useless EU agency [enisa.org] residing in Greece. It was installed by the lobby, and is back mostly by BSA members as Symantec, Microsoft,...
This year the Commission attempted to rewind it by merging its competences into a new regulatory institution for the Telecom sector. However the Telecom package debate lead to the rejection of the regulatory authority and thus to the survival to ENISA.
In other words, this institutione is owned by the industry lobby. It is just an advisory institution and its guidance is bullshit so far. It has no competence to propose laws or anything.
The studies carried out so far are of low quality and target imaginary audiences. For them Enisa experts have trivial recommendations. And Enisa openly says it lacks expertise and asks the vendor lobby for input. Enisa is a placebo institution for IT security. Anything that comes out of the body is suspicious.
Re:where are all the europeans? (Score:3, Interesting)
Ok, so I haven't exactly read all 24 pages, but I've given them a good skim and studied some of the notes.
It seems to me to be a good primer, but I don't for a second think that anyone who matters will pay it deserved consideration. (Such is my trust in and opinion of politicians.)
Anyway, Denmark, as I well knew already, is not really on the list except as part of the EU. But even so, we do have a central ID register that's represented in the form of a plastic card (no chip, only magstripe and barcode) with minimal info such as name, address, birthdate, and a few other things -- but nothing valid for getting you across a real border.
Still, this ID register --specifically, one's individual ID number-- is used *all over the place* where it's not s'posed to, solely because it's such a darn good unique ID for the customer database, you know? Wanna open a bank account or borrow a bucket of money? Fair enough, I'll need to give out my ID number so they can check I don't owe the Golden Gate Bridge worth in taxes. Wanna rent a video at Blockbuster? I have to give out my ID number as well, or entertain myself with my action figures instead. Nevermind that that's the key to privileged information which Blockbuster, bless 'em, just don't need. Making a statement to that effect is not going to get you a membership, as I suppose you've all guessed.
With this rant I really just mean to say that it's not about the KIND of key you have, it's how you USE it. And, given the (inter)national context, you don't get to decide how to use it, the politicians will take care of that for you -- and I don't think they've read this ... or Little Brother [craphound.com] for that matter. Of course, making sure it's not sniffable is important, but if the law requires us to have the thing glued to our foreheads it's going to be a pain anyway.
On a side note, though I realise that passports!=ID cards, our passports are going all "arphid'ey", and from what I've seen and read I'm very happy my old one still has a number of years left on it. /rant off. Sorry.