Hoepman and Leisegang on the European Digital Identity proposal

Jaap-Henk Hoepman published the interesting article: Analysing the Architecture of the European Digital Identity Framework. He wrote this article because more technical details on the framework are available.

He mentions the following issues:

  • Unlinkability: the European Identity (EUID) will be less privacy friendly than it could have been, as it does not make an effort to make the use of attributes unlinkable.
  • The Architecture and Reference Framework (ARF) seems to ignore the importance of holder binding to ensure that the real owner of the wallet is actually using it; where the ARF does mention holder binding, it surprisingly appears to relegate verification of this to the relying party.
  • The ARF is ambivalent about the scope of the Personal Identification Data (PID), potentially including many more attributes (that could be made available as (Qualified) Electronic Attestation of Attributes) than necessary.

There are also other comments, like validity checks that could introduce privacy risks. Read the article for more information.

Daniel Leisegang wrote for Netzpolitik the article eIDAS 2.0: Beim europäischen ID-Wallet droht die Überidentifikation (eIDAS 2.0: The European ID wallet is in danger of overidentification).

Over Ellen Timmer

Weblog: https://ellentimmer.com/ ||| Microblog: https://mastodon.nl/@ellent ||| Motto: goede bedoelingen rechtvaardigen geen slechte regels
Dit bericht werd geplaatst in English - posts in English on this blog, Europa, Grondrechten, ICT, privacy, e-commerce en getagged met , , , , , , , , , . Maak dit favoriet permalink.

Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen.

WordPress.com logo

Je reageert onder je WordPress.com account. Log uit /  Bijwerken )


Je reageert onder je Twitter account. Log uit /  Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit /  Bijwerken )

Verbinden met %s