Legal aspects Belgian electronic identity card Samoera Jacobs – November 2008 © fedict 2008.
Download ReportTranscript Legal aspects Belgian electronic identity card Samoera Jacobs – November 2008 © fedict 2008.
Legal aspects Belgian electronic identity card Samoera Jacobs – November 2008 © fedict 2008. All rights reserved > Content of the eID > Digital certificates > eID and privacy © fedict 2008. All rights reserved 2 Legal aspects Belgian electronic identity card Content of the eID © fedict 2005. All rights reserved 3 Content of the eID > From a visual point of view, the information shown will be the same as on the present identity card: Visual identification of the owner © fedict 2005. All rights reserved • • • • • • • • • • • • name first 2 Christian names first letter of third Christian name nationality place and date of birth sex place of issue start and end dates of validity card number owner’s photograph owner’s signature National Register Number 4 Content of the eID > From an electronic point of view, the data on the chip is the same as the information printed on the card, plus: Electronic identification of the owner • • • • • address identity and signature keys identity and signature certificate Certificate Service Provider security information (chip number, signature for identity data, etc.) > No other data is stored, no data container © fedict 2005. All rights reserved 5 Content of the eID data capture authentication signature © fedict 2005. All rights reserved 6 Content of the eID data capture authentication signature PKI IDENTITY “PIN protected” Use without PIN public private ID ADDRESS authentication public private digital signature RRN SIGN © fedict 2005. All rights reserved RRN SIGN 7 Content of the eID eID as a tool (mean) to read efficiently, without mistakes identification data. takes time fast unefficient efficient prone to error exact copy © fedict 2005. All rights reserved 8 Content of the eID © fedict 2005. All rights reserved 9 Content of the eID data capture authentication signature © fedict 2005. All rights reserved 10 Content of the eID eID as a tool for strong authentication (in the electronic world) physical world online world Hi Jan ! Hi Peter ! © fedict 2005. All rights reserved … 11 Content of the eID !! The PIN usage for authentication is done ONCE until card is removed !! © fedict 2005. All rights reserved 12 Content of the eID data capture authentication signature © fedict 2005. All rights reserved 13 !! The PIN usage for signature is requested each time for a signature !! © fedict 2005. All rights reserved 14 Content of the eID > Belgian ID card Act of 19 July 1991 (amended by Act of 25 March 2003 to introduce electronic identity cards) > Article 6 §2 : other content can only be added by law. No intention to have a data container -> access key model > eID valid for 5 years > 24/7 helpdesk in case of loss, theft, destruction © fedict 2005. All rights reserved 15 driver’s licence Healthcare e.g. SIS eID : the access key model home banking, online opening of accounts, … student cards, elearning, … … proof of membership SSO, … © fedict 2005. All rights reserved e-commerce 16 Legal aspects Belgian electronic identity card Digital certificates © fedict 2005. All rights reserved 17 Digital certificates > eID contains two digital certificates: • one for electronic signature • one for authentication © fedict 2005. All rights reserved 18 Digital certificates > European Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community Framework for Electronic Signatures. > The two main objectives: • free internal market for electronic signatures and certification services (all electronic signatures, all certification services, all signature products) • legal effect of electronic signatures (under certain conditions, for specific purposes, with many exceptions) © fedict 2005. All rights reserved 19 Digital certificates > Authorisation (mandatory) is forbidden, accreditation (voluntary) is allowed, supervision is obliged. > General principle: legal effect + admissibility as evidence for all electronic signatures. > Second principle: certain electronic signatures get the same legal effect as hand-written signature. © fedict 2005. All rights reserved 20 Digital certificates > Liability for CSP > Respect of Data Protection Directive > National law determines in which fields electronic documents and electronic signatures can be used > Standardization work to clarify the requirements of the annexes of the Directive © fedict 2005. All rights reserved 21 Digital certificates > Belgian E-Sign act of 20 October 2000 on the introduction of telecommunication means and the use of electronic signatures > Evidence; non-discrimination principle > New article 1322, 2 Civil law, • For the purpose of this article, a signature can also mean data in electronic form which can be attributed to a certain person and which demonstrate the integrity of the content of the document © fedict 2005. All rights reserved 22 Digital certificates > Belgian CSP act of 9 July 2001 to create a legal framework for the usage of electronic signatures and certification services > Article 4 § 5: • The qualified electronic signature is the only type of signature that will automatically be given the same legal value as a handwritten signature. A qualified signature is an advanced electronic signature based on a qualified certificate and produced by a secure signature creation device. © fedict 2005. All rights reserved 23 Digital certificates > Digital certificates on Belgian eID cards • Issued by an accredited Cerification Authority • Allow signatures with same legal value as handwritten signatures > Signature function not activated for minors > Authentication and signature data not activated if citizen does not want to © fedict 2005. All rights reserved 24 Legal aspects Belgian electronic identity card eID and privacy © fedict 2005. All rights reserved 25 eID and privacy > Visual control of the eID • Only obliged to show the eID in restricted cases (legal authorities such as police) • Article 1 Royal Decree 25 March 2003 on electronic identity cards © fedict 2005. All rights reserved 26 eID and privacy > Electronic control of the eID • Strictly regulated, only by Royal Decree • Article 6 § 4 ID card Act © fedict 2005. All rights reserved 27 eID and privacy > Use of national identification number • Act of 8 August 1983 (amended by Act of 25 March) • Use of national identification number • only after authorisation of Sectoral Committee (Privacy Commission) and • only for specific groups (Belgian public authorities, public and private entities for fulfulling a task of general interest, subcontractors of Belgian public authorities, Notary public and baillif, Pharmacists, Lawyers) © fedict 2005. All rights reserved 28 eID and privacy > Rights as a citizen • Access right to data on eID and data in National Register of identification data (via eID, via municipality) • Correction right (mistakes or incomplete information) • Information right • Everyone who accessed data in National Register of identification data during last 6 months © fedict 2005. All rights reserved 29 > Questions > Samoera Jacobs > [email protected] © fedict 2005. All rights reserved 30