Privacy + Identity = Opportunity and Challenges

Date: 
Monday, May 8, 2017

How can identity be made secure, easy to use and private?  Creating an appropriate balance in the digital single market between privacy and security remains a core challenge and opportunity in developing and managing e-identity. Ensuring both privacy and security for our digital persona is the best way forward to combat identity fraud and other identity-related crimes and has to be considered at all stages in the definition and design of any technological project comprising electronic identity. Following the European Convention on Human Rights “Right to respect for private and family life”, disclosure of subjects’ personal data should be minimized according to the purpose of the service being accessed, i.e. some services may allow anonymous access with just proof of being of adult age. On the contrary, some sector specific regulations have strict Know Your Customer (KYC) requirements that prevent the provisioning of anonymous services under certain conditions (e.g. banking services). The more personal data about a user is collected, the higher the risks to the integrity of the underlying identity for it to be compromised, subject to fraud and become vulnerable if security is inadequate. How can the risks be minimised and trust maintained?  

H2020 funded project ARIES (ReliAble euRopean Identity EcoSystem) aims to do so by developing an innovative identity ecosystem, compatible with existing national and European level infrastructures, using novel technical capabilities to address more effectively the challenges posed by wrong identity, identity fraud and associated types of cyber and other forms of organized crime.  ARIES main technological concepts are designed to sustain an ecosystem that respects ethical, socio and legal requirements surrounding the deployment of a virtual eID derived from existing breeder documents which may include biometrics (e.g. e-passports or national eIDs).   ARIES framework and identity management processes aim to support law and enforcement agencies investigating fraud and do so in a novel manner with the aim of reducing societal barriers to the widespread adoption of strong digital identity mechanisms. ARIES shows how its virtual eID can avoid a trade-off between privacy and security and enable both in ways that allow development of ethical apps acceptable to society. We will supply a presentation of the scenarios, their related fraud issues and how they can be practically reduced by using ARIES ecosystem.

The ARIES ecosystem will be demonstrated in two orthogonal scenarios:- (i) online e-Commerce where the aim is to cut identity fraud to avoid fake orders and imposter receipt with relation to different KYC requirements depending on actual purchases; and (ii) airport where the physical aspects of the ecosystem will be shown from the point at which a traveller has to prove the authenticity of his entitlement to check-in, access air-side services, including tax-free shopping, and  board the airplane. In each case, different sets of personal attributes, with different levels of assurance are required and have to be securely provided.

ARIES shows how establishing identity and strong authentication by means of virtual eIDs contributes to meeting the challenges of ensuring ethical practice, societal acceptance and creating ICT solutions for the digital single market.

 

Authors: Nicolás Notario, Dave Saher, Alberto Crespo and Juliet Lodge