A good ID?

Published by Colin on 26th April 2005.

I was nosing around the Belgian government's website this evening (note to government: information architecture) and started reading up on the national electronic ID card.

What hit me first was that it feels more like a Microsoft ID card than a government initiative. Take a look at the TV program on the subject broadcast by Canal Z recently to see what I mean: view it in French first, the Dutch version has different content. I had to link straight to the Windows Media files as they wouldn't play properly inside the page (a technological omen?).

Digging deaper reveals the card is pkcs#11-compliant, meaning it should be readable on other platforms. Muscleis documented as having been tested, so basic functionality should be possible within Linux and OS X. The latter's keychain should theoretically work also.

I'm guessing that most developments outside email signatures and secure browsing will happen in windows-land, resulting in a quasi-monopoly anyway. That's perfectly understandable from a business perpective, anything government-related however, should not be subject to the infamous Microsoft lock-in.

Should I be worried about the technical know-how behind the project when, while reading their documentation, I stumble across gems like this one:

which translates as:

Who knew? I never realised I had a web server and browser all-in-one. And while we're at it: who's bright idea was it to lay-out the complete document in Tekton?

Moving on to real-world applications, the ID card can and will be read by people other than government officials. The TV show above features a school interested in monitoring students' presence via mandatory card scanners. It's easy enough to imagine similar scenarios in libraries, car rental firms, even nightclubs.

Granted, access technologies have been used in these situations for a while now, but the big brother implications of a unique government-certified identifier leaving breadcrumbs everywhere you go are quite chilling.

As far as the data on the card goes, what's to stop employee X of a hotel that uses ID card authentication from grabbing a perfect digital copy of your photo as well as all your personal details in order to create other, less secure, ID documents with this data?

The docs also indicate remote modification of card data is implemented. I couldn't find much info on that aspect of things but pray it's been incredibly well thought out (and hopefully not by the person who wrote the document quoted above).

I'm sure there are fantastically positive aspects to this project, but mixing bureaucracy and technology only induces fear in me. The former does a pretty good job on its own too...