8/11/2019 41842798

1/30

fedict 2008. All rights reserved

Legal aspectsBelgian electronic identity card

Samoera Jacob s November 2008

8/11/2019 41842798

2/30

fedict 2008. All rights reserved 2

>

Content of the eID> Digital certificates

> eID and privacy

8/11/2019 41842798

3/30

fedict 2005. All rights reserved 3

Legal aspects

Belgian electronic identity card

Content of the eID

8/11/2019 41842798

4/30

fedict 2005. All rights reserved 4

Content of the eID

> From a visualpoint of view, the

information shown will be the sameas on the present identity card:

name

first 2 Christian names

first letter of third Christian name

nationality

place and date of birth

sex

place of issue

start and end dates of validity card number

owners photograph

owners signature

National Register Number

Visualidentification

of the owner

8/11/2019 41842798

5/30

8/11/2019 41842798

6/30

fedict 2005. All rights reserved 6

authentication

data capture

signature

Content of the eID

8/11/2019 41842798

7/30

fedict 2005. All rights reserved 7

Content of the eID

PIN protected Use without PIN

ID ADDRESS

authentication

digital signature

RRN SIGN RRN SIGN

PKI IDENTITY

private

private

public

public

authentication

data capture

signature

8/11/2019 41842798

8/30

fedict 2005. All rights reserved 8

Content of the eID

eID as a tool (mean) to read efficiently, without mistakes identification data.

takes time

unefficient

prone to error

fast

efficient

exact copy

8/11/2019 41842798

9/30

fedict 2005. All rights reserved 9

Content of the eID

8/11/2019 41842798

10/30

fedict 2005. All rights reserved 10

authentication

data capture

signature

Content of the eID

8/11/2019 41842798

11/30

fedict 2005. All rights reserved 11

Content of the eID

eID as a tool for strong authentication (in the electronic world)

Hi Jan !

Hi Peter !

physical world online world

8/11/2019 41842798

12/30

fedict 2005. All rights reserved 12

Content of the eID

!! The PIN usage for authentication is done ONCE until card is removed !!

8/11/2019 41842798

13/30

fedict 2005. All rights reserved 13

authentication

data capture

signature

Content of the eID

8/11/2019 41842798

14/30

fedict 2005. All rights reserved 14

!! The PIN usage for signature is requested each

time for a signature !!

8/11/2019 41842798

15/30

fedict 2005. All rights reserved 15

Content of the eID

> Belgian ID card Act of 19 July 1991

(amended by Act of 25 March 2003 tointroduce electronic identity cards)

> Article 6 2 : other content can only be

added by law. No intention to have a data

container -> access key model> eID valid for 5 years

> 24/7 helpdesk in case of loss, theft,

destruction

8/11/2019 41842798

16/30

fedict 2005. All rights reserved 16

eID : the access key model home banking, onlineopening of accounts,

proof of membership

SSO,

Healthcare

e.g. SIS

drivers licence

student cards, e-learning,

e-commerce

http://images.google.be/imgres?imgurl=www.linuxdevices.com/files/misc/ciit-pda.jpg&imgrefurl=http://www.linuxdevices.com/news/NS6770596476.html&h=261&w=308&prev=/images%3Fq%3D%2522pda%2522%26svnum%3D10%26hl%3Dnl%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8http://images.google.be/imgres?imgurl=aivwww.rug.ac.be/Onderzoeksbeleid/techno2002/imgs/univlogobw.gif&imgrefurl=http://aivwww.rug.ac.be/Onderzoeksbeleid/techno/&h=188&w=227&prev=/images%3Fq%3D%2522universiteit%2522%26start%3D20%26svnum%3D10%26hl%3Dnl%26lr%3D%http://www.kuleuven.ac.be/kuleuven/index.htm

8/11/2019 41842798

17/30

fedict 2005. All rights reserved 17

Legal aspects

Belgian electronic identity card

Digital certificates

8/11/2019 41842798

18/30

fedict 2005. All rights reserved 18

Digital certificates

> eID contains two digital certificates:

one for electronic signature

one for authentication

8/11/2019 41842798

19/30

fedict 2005. All rights reserved 19

Digital certificates

> European Directive 1999/93/EC of the European

Parliament and of the Council of 13 December 1999 ona Community Framework for Electronic Signatures.

> The two main objectives: free internal market for electronic signatures and certification

services (all electronic signatures, all certification services, all

signature products) legal effect of electronic signatures (under certain conditions, for

specific purposes, with many exceptions)

8/11/2019 41842798

20/30

fedict 2005. All rights reserved 20

Digital certificates

> Authorisation (mandatory) is forbidden, accreditation

(voluntary) is allowed, supervision is obliged.

> General principle: legal effect + admissibility as evidence

for all electronic signatures.

> Second principle: certain electronic signatures get the

same legal effect as hand-written signature.

8/11/2019 41842798

21/30

fedict 2005. All rights reserved 21

Digital certificates

> Liability for CSP

> Respect of Data Protection Directive

> National law determines in which fields electronic

documents and electronic signatures can be used

> Standardization work to clarify the requirements of the

annexes of the Directive

8/11/2019 41842798

22/30

fedict 2005. All rights reserved 22

Digital certificates

> Belgian E-Sign act of 20 October 2000 on the

introduction of telecommunication means and the use ofelectronic signatures

> Evidence; non-discrimination principle

> New article 1322, 2 Civil law,

For the purpose of this article, a signature can also mean data in

electronic form which can be attributed to a certain person and

which demonstrate the integrity of the content of the document

8/11/2019 41842798

23/30

fedict 2005. All rights reserved 23

Digital certificates

> Belgian CSP act of 9 July 2001 to create a legal

framework for the usage of electronic signatures andcertification services

> Article 4 5:

The qualified electronic signature is the only type of signature

that will automatically be given the same legal value as ahandwritten signature. A qualified signature is an advanced

electronic signature based on a qualified certificate and

produced by a secure signature creation device.

8/11/2019 41842798

24/30

fedict 2005. All rights reserved 24

Digital certificates

> Digital certificates on Belgian eID cards

Issued by an accredited Cerification Authority

Allow signatures with same legal value as handwritten

signatures

> Signature function not activated for minors

> Authentication and signature data not activated if citizendoes not want to

8/11/2019 41842798

25/30

fedict 2005. All rights reserved 25

Legal aspects

Belgian electronic identity card

eID and privacy

8/11/2019 41842798

26/30

fedict 2005. All rights reserved 26

eID and privacy

> Visual control of the eID

Only obliged to show the eID in restricted cases (legal

authorities such as police)

Article 1 Royal Decree 25 March 2003 on electronic

identity cards

8/11/2019 41842798

27/30

fedict 2005. All rights reserved 27

eID and privacy

> Electronic control of the eID

Strictly regulated, only by Royal Decree

Article 6 4 ID card Act

8/11/2019 41842798

28/30

8/11/2019 41842798

29/30

fedict 2005. All rights reserved 29

eID and privacy

> Rights as a citizen

Access right to data on eID and data in National

Register of identification data (via eID, via

municipality)

Correction right (mistakes or incomplete information)

Information right

Everyone who accessed data in National Register of

identification data during last 6 months

8/11/2019 41842798

30/30

fedict 2005. All rights reserved 30

> Questions

> Samoera Jacobs

> samoera.jacobs@fedict.be