Antivirus Advice - bits of advice to keep your computer safe

Introduction

Last week it was announced that the Dutch company NXP was selected to produce the new identification (ID) card for Germany. Starting from the beginning of November this year, 60 million mandatory cards will replace the older ID cards.

The new identity card in brief

The ID card is not legal identification (like a passport) throughout the world. However, it will be legal ID in the European Union, and thereby able to substitute for passports in most circumstances for ordinary German citizens.

One of the main intentions and advantages with the new identity card is that it allows electronic identification and the potential for entering into legally binding agreements also in the digital world – by the use of electronic signature. This is not set up by default, but requires an electronic certificate to be obtained.

Obviously an identity card as the German has numerous advantages!
The most obvious is probably a nation-wide system, which allows (secure) electronic signatures. The fact that it has been / is difficult in many countries to agree on common or interchangeable systems, has greatly restricted Internet-based commerce and the ability to enter into binding agreements online. This new ID card in Germany may have overcome this obstacle. The card also enables German citizens to interact online with the German authorities.

It will be interesting to see how this affects online transactions (of all kinds) in the coming years.

RFID chip

The new identity card includes an integrated Radio-frequency identification (RFID) chip, which is the most interesting item seen from a security point of view. 

RFID chips are constantly discussed in security gatherings, online forums and blogs, and have been the topic for two of our previous security articles:

• Upcoming? The age of the cyborgs
• Your pet can be infected by a computer virus!

The chip on the German national identity card enables storing personal information which may be read by (authorized) devices and organizations. It is for example optional for German citizens to store their fingerprints on this RFID chip. Technically other information may also be stored on the chip.

The fact that personal – and potentially very sensitive information - is stored on a chip raises interesting security issues. The security in RFID chip used on the first passports using this technology, were demostrated to be insecure. The new German RFID card technology uses an additional allegedly more secure protocol to protect the sensitive data on the ID card.

Skeptic comments regarding the use of RFID technology is nevertheless seen in abundance on web sites and blogs. One fundamental objection is that the RFID technology per se allows that information on the chip might be read without the owner’s knowledge (providing the right equipment, of course). This in itself allows for privacy infringement if it is misused.

Another issue often raised by privacy advocators, is that the RFID technology may be used for surveillance purposes, and Big Brother scenarios are frequently discussed with reference to implemntation of RFID technology on a wide scale.

The RFID technology has huge potential. It may be a useful tool for nations, organizations and individuals. However, its potential for misuse is not to be taken lightly. It seems safe to assume that we will see an explosion in the use of this technology in the near future. Let us hope that it will be used for benign purposes. 

References

• NXP Selected to Secure New German National Identity Card (Press release from NXP 19 August 2010)
• Der neue Personalausweis (“The new identity card” – Information from Bundesamt für Sicherheit in der Informationtechnik – German text)