Speech by Rhodia Maas, National Office for Identity Data, at ICAO conference, October 2017 Innovation in the identity domain: is ICAO s TRIP prepared for innovations? Ladies and gentlemen, first of all I would like to thank ICAO for the invitation to speak at this prestigious thirteenth ICAO symposium. Introduction My organization, the National Office for Identity Data in the Netherlands, plays a key role in managing and distributing personal data to and from municipalities and other affiliates that use the data to provide public services of a variety of sorts. We also play a central role in managing and monitoring the infrastructure for the production, distribution and innovation of Dutch travel documents. In my presentation, I start with setting the scene on identity management. I will address three developments that are being explored in my organization, namely the development of a virtual identity card, the possibility that block chain technology offers and the risk of photo morphing. With exploring the collaboration and role of ICAO I shall end my presentation. Identity management Identity management requires well considered policy, good direction and a robust infrastructure in which registrations, documents, processes and expertise must interact in good coherence. Identity management in the public sector, organizing and managing the national identity infrastructure, requires constant concern of my organization. Changing needs of citizens, new forms of fraud and the availability of technical possibilities require a permanent attentiveness and investment in the improvement of the identity infrastructure. Experiences have shown that it is of vital importance that all the separate elements of the identity infrastructure be viewed and approached as a part of a unified whole. Nowadays, it is also conditional on the development of identity management, to include the international dimension. Since the 38 th ICAO Assembly in 2013 the concern of Identity management is also firmly embedded in the ICAO TRIP Strategy. Since then, the task of ICAO is no longer limited to standards for passports but with evidence of identity, document issuance and control, inspection systems and tools and interoperable applications, it is extended to the 1
whole identity infrastructure. With this development, the ICAO TRIP strategy is a direction for governments in developing identity management at national level. The ICAO TRIP strategy has impact on the research activities of my organization as well. Identity management and its infrastructure are determined by a large number of laws, traditions and social acceptable parameters. Nowadays all countries recognize the need for an undisputed proof of identity for each of their citizens. That is the mean reason why governments are investing significantly in their country s identity infrastructure. These investments are triggered by the TRIP strategy which push governments into taking timely action. A second reason for the fact that governments are becoming more and more aware of the need to professionally organize the national identity infrastructure is the increasing number of lost and stolen documents and growing risk of identity fraud. Cross border issues like document and identity fraud demand a cross border approach. The TRIP strategy is the fundament of a coherent identity management policy and systematic approach. This is one of the reasons why my organization supports the valuable work of ICAO with expertise and I will continue to do so in the future. I wonder however, if ICAO has sufficient attention to the dynamics with which the various developments are taking place. I will go into it later in my presentation. Developments As I announced in my introduction, I will now explain the various developments we are working on. vid Since 1994 the Netherlands have used an identity card. Dutch citizens must be able to identify themselves for instance to prove they are over eighteen if they want to buy alcohol. In addition to the passport, the Dutch identity card is also designated as an identity document. Characteristic of the Dutch documents is that they have great similarities to each other, which we designate as a family of documents. The Dutch identity card therefore has many similarities with the passport and complies with all specifications specified by ICAO in Doc 9303. I talked about the changing needs of the citizen. The use of smartphones seems to be a standard worldwide. This availability also affects the 2
products and services that can be purchased. There has been a whole industry that deals with the development of apps. The Dutch government also uses apps for offering services to its citizens. From that point of view, I started an investigation to answer the question of whether identity verification can also be made of a vid (virtual identity card). In order to answer this question, it was first defined what a virtual Dutch identity card is, namely an authentic identity document that can reliably verify the identity of the user in the virtual environment. The authenticity of the virtual identity card is guaranteed in several ways. The citizen must have a Dutch identity card and can start the registration process for a virtual identity card. The ID card is read with a mobile device and the biometric data is checked to determine that the document holder has a valid ID. If verification is positive, information is stored on the mobile device. It goes without saying that privacy, security, trustworthiness and ease of use are important starting points for the virtual Dutch identity card. Preparations are being made to test the virtual ID card in 2018. Perhaps at the next ICAO symposium, I will be able to inform you about the experiences we have in the Netherlands with the virtual ID card. Blockchain Blockchain is one of the latest developments that use technology that is also used for the bitcoin (a virtual currency). A blockchain is a chain of digital files (the blocks or links) that are linked together. The entire chain is in turn a digital file. A blockchain is never finished, as participants in a blockchain can always attach new links to the chain. However, once added, links can never be removed again. A chain can contain anything: a contract, a patent, a deed of ownership, or a piece of software. The Dutch government wants to explore whether blockchain technology can also be used for government services. A consortium has been established in which parties from industry, government and science closely cooperate. This collaboration is aimed at answering the question whether blockchain is interesting to be used by the government. During a hackathon organized in the Netherlands in February 2017, it became clear that reliable identity data are crucial for blockchain technology. This makes the National Office for Identity Data an important link to successfully use of blockchain. We are working on a test in which we will deliver attestation (statements ) about the identity of a citizen. Those attestation will be placed on the blockchain and can then be used. The citizen plays an important role in that, he can decide based on the selfsovereign identity principle, who can use information. This principle of 3
self-sovereign identity, as it were, guarantees the fundamental rights of citizens in the digital world. It goes without saying that I will also use the results of the blockchain test to find out if the blockchain can also be used in the travel document process. Photo morphing During an RFI held in 2013 in Montreal for the first time, photo morphing was discussed: a risk that photographs of two different people were merged into 1 photo but could be successfully used by 2 people. Since 2014, government and scientists have conducted a lot of research to determine how morphing risks can be reduced. In July, my organization held a 2-day workshop on photo morphing in cooperation with universities from Germany, Italy, Norway and the Netherlands. Also, other governments, international organizations and industry partners have participated in the workshop. Some conclusions from the workshop are: - Morphing has different risks and in order to develop the right measures, cooperation between the different parties is required. - The risk of photo morphing arises at the beginning of the chain, namely in the application process of the document. - There is currently no reliable algorithm available to determine morphing reliably. - Morphing poses a high risk for border control. - NIST continuously works on standardization of protocols, availability of reference databases and standards required for targeted research into the risks of morphing. Conclusions that encourage me, in cooperation with others, to continue looking for solutions aimed at reducing this risk. Collaboration with ICAO In 2015, my organization carried out a survey on the Identity Infrastructure in 2030. This exploration has worked successfully with ICAO, other governments, international organizations and universities. The results of that exploration are recorded in a white paper 'Identity Management in 2030'. It is interesting to see how the developments that I spoke about also relate to developments in this white paper. ICAO s role Characteristic of the various developments I spoke about is their international character. In my introduction, I outlined the dynamics that influence the development of the identity infrastructure from changing 4
citizens' needs, new forms of fraud and technologies. Cooperation and coordination on the various developments is necessary and international organizations such as ICAO and ISO play an important role. With the development of an ICAO TRIP implementation schedule, ICAO sets the direction for the future identity infrastructure. I hope that ICAO will be able to anticipate the various developments permanently. The National Office for Identity Data will continue to contribute ICAO with its expertise. I came to the end of my presentation and thank you for the attention. 5