Marcus Hild

1
eIdentity Management

• Marcus Hild
• Austrian eGovernment Register Authority
• Austrian Data Protection Commission

2
Data controllers incorporating technologies to
protect personal information public sector
DPA are usually controlling not
controllers. The backbone of today's public
administrations are dozens or hundreds of
autonomous databases. eGovernment online
access to public services. It requires that a
specific citizen is represented by a unique
identifier in all the databases related to that
online service. Thats why the Austrian DPA got
a new competence.
3
The Austrian Data Protection Commission

• Data Protection Supervisory Authority according
  to Art. 28 Dir 95/46/EC
• on federal and state level,
• competent for the public and the private sector
• Supervisory Authority for identity management in
  eGovernment
• controls all processing operations of the
  Central Residents Register necessary for the
  management of eIdentities

4
Austrian e-government identity management system

• Electronic identity of natural persons

Central Residents Register Number (CRRn)
Base Register (simplified there are additional
registers used)
Encrypted by secret key
Source PIN
One-way encryption
fPIN statistics
fPIN taxation
fPIN education
fPIN social security
5
Privacy features

• Austrian E-Government Act

CRRn
The Central Residents Register provides for
unique identification
The SourcePIN represents the uniquely identified
person it is a hidden number, stored only in the
Citizen Card, which is in the possession of the
data subject
SourcePIN
In government data bases only the appropriate
fractionalPIN may be used to identify data
subjects
fractionalPIN
6
How does it work? (1)

• Using the Citizen Card

Citizen Card
Name, date of birth
Name,date of birth

Security layer
SourcePIN
fPIN

Electronic Signature
Signature value
7
How does it work ? (2)

• Exchange of data between government authorities
• only if allowed by data protection law
• about securely identified persons
• under the immediate supervision of the DPA
• the CRR is the service-processor of the DPA
• fPINs prevent easy linking of fully identified
  personal data from different sources
• fPINs allow for exact linking of not identified
  personal data from different sources (e.g. for
  statistics, when the names have been removed from
  the record)

8
Inter-Governmental data exchange
Example Social security data of a certain
student?
Social security agency
School
7
7
fPIN education name
Search soc.sec. data
Transmit required data
Public key Soc.sec.agency
Transmit encrypted fPIN
6
5
1
4
fPIN decrypt
3
2
encrypted
Source PIN
CRR
fPIN soc.sec.
9
Inter-Governmental data exchange about
quasi-anonymous persons

• e.g. for official statistics (inaccurate to
  improve the clarity)

data
stat. encr. key
fPIN1 name
1
3
data
2
fPIN statistics
fPIN statistics
3
stat. encr. key
fPIN2 name
data
CRReg
data
fPIN statistics
fPIN3 name
stat. encr. key
data
data
fPIN statistics
10
Why?

• The top principle of Data Protection
• Processing
• ( generating, saving, storing, transferring,
  revealing,)
• of personal data only if and as far as necessary
• vs
• the technical ability to keep (link) everything.

11
Discussion
Are the new data protection challenges a place
where these tools could be successfully
used? e.g. Medical records, Data retention,
Passenger data Thank you!