"I can hardly wait," says Markus Linnemann, managing director of the Institute for Internet Security at the University of Applied Sciences in Gelsenkirchen, which is currently examining various security features offered by the new ID. According to Linnemann, "We live in a digital world. It therefore makes sense to work with digital data, and it's an obvious solution to store the data securely on the Internet where it can be made available for processing. But the all-important question that keeps coming up is one of trust."
Peter Schaar, Federal Commissioner for Data Protection and Freedom of Information, comments: "The new ID can make E-commerce and E-government processes easier and faster - as long as it's trustworthy, meaning secure, and user-friendly." In this case, security means protecting the bearer's identifying data. As Schaar goes on to explain, there has to be a guarantee that a person's identity will not be stolen by a third party and their name misused for transactions - without their knowledge, but at their expense. This protection against misuse must be ensured on various levels - from encrypted transfers over the Web, to security measures put in place by users on their personal PCs to prevent tampering through viruses and other malicious software, to securely identifying the person on the other end of an e-mails. The latter is especially important, as phishing attacks become more and more refined.
In addition to the usual passport data like a picture, name and address, which collectively form the E-pass functionality of the card, the new ID card also contains an online authentication function. The option also exists to have a qualified electronic signature included. Instead of insecure, error-prone magnetic strips, the electronic interface takes the form of a radio transmitter, which transmits encrypted signals. Biometric data such as photos and signatures currently appear as conventional print-outs, but in the new ID cards, the photo will be stored on the card as a digital biometric feature. In addition, but only with the consent of the card-holder, a print taken from the index finger can also be included.
