The German Home Office has confirmed that a new electronic identity card for German citizens will incorporate the use of pseudonyms for secure web access.
According to the plans of the German Home Office, a credit card sized electronic identity card will be introduced in 2009. It will replace the larger, non-electronic identity cards currently in use. “Apart from the usual personal information, the electronic identity card will contain biometric information, in particular digital fingerprints of both index fingers, and additional information for facial recognition”, says secretary of state August Hanning.
Hanning confirmed that the new identity card will contain a pseudonym function. In a leaked letter to Gisela Piltz, a Member of German Parliament for the Liberal Democrats (FDP), Hanning stated that the card could be used as a “passport for the internet” in the future. “The new identity card offers the possibility of an electronic identity proof for E-Government- and E-Business-applications”, writes Hanning.
The central idea is that the individual card number is used to generate a pseudonym that cannot be reconverted mathematically into the original card number. This pseudonym could then be used to register at, for example, eBay, or any other web service that requires personal identification.
Using the pseudonym, the operator of a web service is guaranteed that the user is a ‘real’ person. The user, on the other hand, does not have to reveal their real name. Since the algorithms generate different pseudonyms for each web service, there is also no possibility whatsoever of tracking a person through the web.
Privacy advocates have long argued in favour of such a function on the new electronic identity cards and it seems now that they have won the case. But this development is not just of interest from a data privacy viewpoint; it could also have implications for health based smartcards.
A pseudonym function on a mandatory electronic identity card has the potential to dramatically increase the interest of citizens to buy smartcard readers for their home PCs. These smartcard readers could also be used for healthcare smartcards. This, in turn, would probably increase the willingness of industry to offer smartcard based e-health solutions, for example smartcard-based personal health records.
Convincing citizens (and doctors) to use smartcard readers to access personal medical data is one of the critical points of the German smartcard project. Although there is a law ruling that access to shared personal medical data should only be granted if both doctors and citizens use smartcards, the reality looks different. More and more regional electronic medical record-projects are coming up, and practically none use smartcards.