[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) FC: Finland mulls national IDs in cell phones -- with li


------- Forwarded message follows -------
Date sent:      	Sun, 12 Aug 2001 19:13:01 -0400
To:             	politech@politechbot.com
From:           	Declan McCullagh <declan@well.com>
Subject:        	FC: Finland mulls national IDs in cell phones -- with little outcry
Copies to:      	decoy@iki.fi
Send reply to:  	declan@well.com


**********

 >FINLAND MULLS PUTTING NATIONAL IDs ON CELL PHONES
 >The Finnish government is considering using SIMs -- the subscriber
 >information modules inside every cell phone -- to take the place of
 its >national identity card, and eventually even a passport. Under
 the plan, the >computer chip embedded in every SIM would store
 personal information, >transforming the SIM into a person's legal
 proof of identity. Of course the >drawback would be what would happen
 if you lost your phone -- about 9,000 >cell phones are left on the
 London Underground alone every year. The >solution, according to
 Roger Needham, manager of Microsoft's British >research lab, is to
 store the information on secure servers accessible via >a WAP
 connection to the Web. The SIM in this case would store only a
 >personal identifier -- an encryption key -- that the owner would
 have to >punch in a PIN to use. The Finnish government is already
 taking the >initiative with a national technical standard called
 FINEID. Currently >FINEID uses a smart card and a card reader
 attached to a PC, but the plan >is to migrate to an SIM, says Vesa
 Vatka of the Finnish Population Register >Center in Helsinki. (New
 Scientist)
 >http://www.newscientist.com/hottopics/tech/yourphoneisyou.jsp

**********

Date: Sat, 11 Aug 2001 12:57:01 +0300 (EEST)
From: Sampo Syreeni <decoy@iki.fi>
To: Eugene Leitl <Eugene.Leitl@lrz.uni-muenchen.de>
Cc: <cypherpunks@einstein.ssz.com>

On Fri, 10 Aug 2001, Eugene Leitl wrote:

 >>FINLAND MULLS PUTTING NATIONAL IDs ON CELL PHONES
 >>The Finnish government is considering using SIMs -- the subscriber
 >>information modules inside every cell phone -- to take the place of
 its >>national identity card, and eventually even a passport.

Essentially they are thinking about putting FINEID into SIMs alongside
the GSM subscriber application. FINEID is PKI implemented by the
Finnish government, or more accurately, Vdestvrekisterikeskus
(Population Register Center). See http://www.fineid.fi/. It is
currently used in the smartcard version of our national ID card which
is used to enable dsigging transactions with governmental and
municipal authorities. If I'm not entirely mistaken, Finnish law has
already been amended to make dsigs binding in the eyes of the law, so
basically you can use the card for any transaction. The infrastructure
is not widely deployed, yet, and few people have FINEID enabled ID
cards.

About Eugene's fears, one already needs a national ID card here, since
it is needed to "prove" your identity whenever you have dealings with
governmental authorities, or try to withdraw money from a bank, or
whathaveyou. (In fact this is one of the fun countries where the
police has the authority to detain you until such time they can verify
your identity, for no reason whatsoever.) Since everybody has one such
document already, and the vast majority also has a cell phone, the
extension to FINEID on SIM ought to be relatively painless. I suspect
there will be little outrage over the matter, here.

 >>Under the plan, the
 >>computer chip embedded in every SIM would store personal
 information, >>transforming the SIM into a person's legal proof of
 identity.

That personal information is very limited in the current incarnations
of FINEID. The application is basically a government certified binding
between a running identifier (called SATU) assigned by person, and the
person's first and last names. It is pretty strange that even as we do
have a unique ID ("henkilvtunnus") in use for the populus, that is not
included on-card. SATU does constitute another such number, if it's
ever assigned to a significant majority of Finnish people, but there
seems to be no way for an ordinary reader of an ID card to tie SATU to
the national ID. VRK of course has the means, since they assign both
numbers, and the info likely leaks...

Now, it is quite probable that they'll include a digitized photograph
and maybe fingerprints if FINEID is ever used to sub for a passport.
That is something even I'm pretty concerned about. The same goes
doublefold for any attempt to make the FINEID app invokable remotely,
when the SIM is attached to a phone.

 >>Currently FINEID uses a smart card and a card reader attached to a
 PC, >>but the plan is to migrate to an SIM, says Vesa Vatka of the
 Finnish >>Population Register Center in Helsinki. (New Scientist)

Which, of course, are basically the same thing. I believe the
application already exists. It'll likely be put out in a year or two,
likely without a significant counter-reaction over here.

The interesting part for most people on this list is that if the
application ever gathers support on the phone manufacturer side, it
might well be that the app has some potential to spread abroad as a
result. I'm mainly speaking about Nokia, with its Finnish roots and
dominance of the GSM market, but also whichever companies thrive in
the 3G mobile arena -- the latter will work unchanged in Europe, Japan
and the US. If models are produced which support PKI-on-phone, they
might well be easy to deploy throughout the world.

Sampo Syreeni, aka decoy, mailto:decoy@iki.fi, gsm: +358-50-5756111
student/math+cs/helsinki university, http://www.iki.fi/~decoy/front

**********




----------------------------------------------------------------------
--- POLITECH -- Declan McCullagh's politics and technology mailing
list You may redistribute this message freely if you include this
notice. To subscribe, visit
http://www.politechbot.com/info/subscribe.html This message is
archived at http://www.politechbot.com/
----------------------------------------------------------------------
---

------- End of forwarded message -------