********** >FINLAND MULLS PUTTING NATIONAL IDs ON CELL PHONES >The Finnish government is considering using SIMs -- the subscriber >information modules inside every cell phone -- to take the place of its >national identity card, and eventually even a passport. Under the plan, the >computer chip embedded in every SIM would store personal information, >transforming the SIM into a person's legal proof of identity. Of course the >drawback would be what would happen if you lost your phone -- about 9,000 >cell phones are left on the London Underground alone every year. The >solution, according to Roger Needham, manager of Microsoft's British >research lab, is to store the information on secure servers accessible via >a WAP connection to the Web. The SIM in this case would store only a >personal identifier -- an encryption key -- that the owner would have to >punch in a PIN to use. The Finnish government is already taking the >initiative with a national technical standard called FINEID. Currently >FINEID uses a smart card and a card reader attached to a PC, but the plan >is to migrate to an SIM, says Vesa Vatka of the Finnish Population Register >Center in Helsinki. (New Scientist) >http://www.newscientist.com/hottopics/tech/yourphoneisyou.jsp ********** Date: Sat, 11 Aug 2001 12:57:01 +0300 (EEST) From: Sampo Syreeni <decoyat_private> To: Eugene Leitl <Eugene.Leitlat_private-muenchen.de> Cc: <cypherpunksat_private> On Fri, 10 Aug 2001, Eugene Leitl wrote: >>FINLAND MULLS PUTTING NATIONAL IDs ON CELL PHONES >>The Finnish government is considering using SIMs -- the subscriber >>information modules inside every cell phone -- to take the place of its >>national identity card, and eventually even a passport. Essentially they are thinking about putting FINEID into SIMs alongside the GSM subscriber application. FINEID is PKI implemented by the Finnish government, or more accurately, Vdestvrekisterikeskus (Population Register Center). See http://www.fineid.fi/. It is currently used in the smartcard version of our national ID card which is used to enable dsigging transactions with governmental and municipal authorities. If I'm not entirely mistaken, Finnish law has already been amended to make dsigs binding in the eyes of the law, so basically you can use the card for any transaction. The infrastructure is not widely deployed, yet, and few people have FINEID enabled ID cards. About Eugene's fears, one already needs a national ID card here, since it is needed to "prove" your identity whenever you have dealings with governmental authorities, or try to withdraw money from a bank, or whathaveyou. (In fact this is one of the fun countries where the police has the authority to detain you until such time they can verify your identity, for no reason whatsoever.) Since everybody has one such document already, and the vast majority also has a cell phone, the extension to FINEID on SIM ought to be relatively painless. I suspect there will be little outrage over the matter, here. >>Under the plan, the >>computer chip embedded in every SIM would store personal information, >>transforming the SIM into a person's legal proof of identity. That personal information is very limited in the current incarnations of FINEID. The application is basically a government certified binding between a running identifier (called SATU) assigned by person, and the person's first and last names. It is pretty strange that even as we do have a unique ID ("henkilvtunnus") in use for the populus, that is not included on-card. SATU does constitute another such number, if it's ever assigned to a significant majority of Finnish people, but there seems to be no way for an ordinary reader of an ID card to tie SATU to the national ID. VRK of course has the means, since they assign both numbers, and the info likely leaks... Now, it is quite probable that they'll include a digitized photograph and maybe fingerprints if FINEID is ever used to sub for a passport. That is something even I'm pretty concerned about. The same goes doublefold for any attempt to make the FINEID app invokable remotely, when the SIM is attached to a phone. >>Currently FINEID uses a smart card and a card reader attached to a PC, >>but the plan is to migrate to an SIM, says Vesa Vatka of the Finnish >>Population Register Center in Helsinki. (New Scientist) Which, of course, are basically the same thing. I believe the application already exists. It'll likely be put out in a year or two, likely without a significant counter-reaction over here. The interesting part for most people on this list is that if the application ever gathers support on the phone manufacturer side, it might well be that the app has some potential to spread abroad as a result. I'm mainly speaking about Nokia, with its Finnish roots and dominance of the GSM market, but also whichever companies thrive in the 3G mobile arena -- the latter will work unchanged in Europe, Japan and the US. If models are produced which support PKI-on-phone, they might well be easy to deploy throughout the world. Sampo Syreeni, aka decoy, mailto:decoyat_private, gsm: +358-50-5756111 student/math+cs/helsinki university, http://www.iki.fi/~decoy/front ********** ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe, visit http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sun Aug 12 2001 - 16:54:18 PDT