The project has had a troubled path since inception. In 2001, Cabinet approved a programme to launch identity cards. The project has been in the Department of Home Affairs' budget since, but languished for years until 2008, when the “Who Am I Online” initiative, intended to upgrade the DHA's IT infrastructure and pave the way for a centralised identity programme, was brought short and eventually cancelled, after irregularities in the tender process were brought to light. A bitter spat between the department and Gijima, over spiralling costs, went to the courts, before Gijima settled, and was reinstated as the supplier.
Dlamini-Zuma was appointed home affairs minister in 2009, and promised to get the ID card project back on track, with a key milestone being the delivery of a pilot project in 2012. That pilot was successful, with proof-of-concept cards printed and the network of stakeholders on board, but there is a long way to go from the pilot phase to deploying services and scaling up from issuing cards by the thousands to the many millions required.
The man behind the project's technology is deputy director-general Sello Mmakau, the DHA's CIO. Mmakau visited a number of European countries to learn from their electronic ID experiences, and says he is confident SA can deliver a world-class project.
Global success
Around the world, electronic ID card projects are enabling next-generation e-government for millions of people, from simple identification cards to fully-integrated systems extending across public sector departments and into the private sector.
The DHA is aiming for the latter – a central ID programme which will not only overhaul the National Population Register, but deliver a platform to enable other departments' e-government services, and offer identity services to private sector entities like banks, insurance companies, and more.
“Electronic ID programmes can revolutionise related services, allowing users to access identity-related services electronically,” says Pierre-Luc Arnaud, head of marketing, government program division at Gemalto. “There are 30-40 programmes around the world, growing fast in Europe, Middle East and Latin America.”
In any country, electronic ID initiatives follow broadly similar lines, Arnaud says. “In every eID programme, there are two needs – security, through reducing fraud and identity theft; and state modernisation.”
Fighting fraud
One of the major upsides for SA is the reduction of fraud. The existing green ID book is famously easy to forge since it lacks security features, and corruption within home affairs makes sourcing fake documents directly from the source just as easy. With fake IDs reportedly costing as little as R100 and thousands of fake documents in the market, the DHA hopes the new ID cards will vastly reduce identity fraud. Stricter controls over the issuing process, and fingerprint biometric data on the card itself, will mean that fake IDs will not only be much more difficult to obtain, but also harder for a criminal to use, Mmakau says, since a bank or similar institution using biometric readers will immediately detect the fraud.
The ID card project also cuts to the heart of deeper information services issues in government, Mmakau says. “In Europe, most of the ministries involved are overseen by one minister, so it is easier for them. Some South African departments aren't ready to take the new system on board, or have different priorities – it will be a challenge.”
Better government
However, good identity management underpins IT services, and Mmakau hopes that the identity services behind the national ID card could promote better interoperability between departments. “Not many government departments are integrated yet, but this will be a key enabling factor. Identity is critical for many projects, and the DHA is the custodian of identity. We will be creating the interface for other stakeholders.”
Analysts have highlighted the lack of coordinated IT across government departments as a major concern in the country's ability to bring effective e-government to its citizens. A central initiative driving integrated services would be a major step forward for the government.
There is still a long way to go before full deployment can start. So far, Mmakau says, there are no deals signed or solutions deployed, but every component will adhere to international standards, such as ISO/IEC 14443 for communications, with the goal of easing the development process for other parties to get involved.
Upgrade and integrate
Extensive work will have to take place to upgrade home affairs offices with live capture technology, which will enrol citizens and capture photographs, fingerprints and electronic signatures.
Integration with other players, Arnaud emphasises, is vital. “Success depends on making it easy for service providers, either public or private sector, to get linked into the system. Many countries start with integrating basic services like tax and then grow into other services.”
“During the pilot phase we consulted with many key stakeholders, including the banks, the Department of Social Development, the Department of Health, the Department of Transport and others,” Mmakau says. “We have a solid relationship with the banks: our systems will be compatible with existing smart card systems. And we're working together with SARS on technology.”
In other countries, typical third-party projects include tax filing, transport services, healthcare, libraries, utility companies, drivers' licences, lottery tickets...any service which requires definite proof of identity, age, residency or similar personal data.
Digital certificates on smart cards are also used to legally sign electronic documents. Lawtrust was recently appointed as the first authentication service provider in South Africa, able to issue advanced electronic signatures. The company declined to comment on any involvement in the national ID card project.
More than a card
The cards themselves will be polycarbonate cards with embedded contactless smart card chips, printed with the citizen's details and photograph, as well as other security elements. The chips will hold digital certificates, fingerprint biometric data, and other data required to facilitate services with other departments. The exact details of what data will reside on the chip are still under discussion, Mmakau says.
The Government Printing Works will print the ID cards, Mmakau says, and took part successfully in the pilot project. However, the Printing Works will need to upscale its facilities to achieve the DHA's targets of one million smart cards a month once the project to replace existing ID documents is under way.
Unlike some countries, South African ID cards will not expire after a number of years. “The usual concern with ID documents is that the photograph might be out of date, but the fingerprint biometrics will never expire,” Mmakau says.
The minister has said the first issue of smart ID cards will be free, but subsequent cards will not. The cost of a card is expected to be in the same price range as the current ID documents, Mmakau said.
Across the world, electronic IDs are driving innovate e-government, reducing the cost of services and improving service delivery. South Africa has an opportunity to replicate the success of other nations, using existing skills and best practices. Whether Dlamini-Zuma and Mmakau can shake off the legacy of a decade of inaction and deliver electronic IDs to the nation remains to be seen.
---
Europe leads the way
Smart ID cards have gained traction across Europe as governments deploy them to enable services to millions of citizens. Estonia was one of the first countries to deploy “ID-kaart” systems in 2002, and today they pervade modern life to the extent that Estonian citizens use them for online elections and to sign off comments on newspaper Web sites. Sweden was the first to create an identity card which doubled as both a smart card ID and a valid biometric passport. Portugal and Belgium both have extensive deployments of eIDs and have encouraged widespread adoption of services which make use of the card's facilities, such as proof of identity, age verification, and online purchasing.
The UK is a notable exception. An initiative to deploy ID cards got as far as distributing cards to citizens but was met with fierce resistance, with the No2ID lobby group and opposition parties focusing on potential privacy problems. After the incumbent Labour party was defeated in national elections, the Conservative/LibDem coalition axed the project in 2010, decommissioned the cards and equipment, and destroyed the databases. Although a blow to the government, many of the UK public sector bodies are already tightly integrated and actively providing services through the Internet anyway.
Mmakau says he is confident that a UK-style resistance in this country is unlikely: “In the UK, they didn't have an existing national identity document, and there was a lot of resistance. South Africans are used to having identity documents.” But the DHA will take steps to ensure concerns are addressed, he says. “We have to communicate the benefits to everyone. The reduction in fraud, the new services... there is a value proposition to everyone.”
---
Security fears
ID card projects are not without their detractors, usually focused around privacy concerns. Two major areas of concern stand out: potential abuse by the government, and inappropriate access to information.
The concern which sparked the No2ID campaign in the UK, eventually leading to the cancellation of the national ID card project, centred around the potential for abuse. Centralising all the information about a citizen's activities, transactions and movements into a single central database could open the door to profiling or abuse. Strict auditing (the third A in the triple-A mantra of identity management) is the only way to allay privacy concerns.
Fears of inappropriate access centre on criminal activity. With fraud rife in many spheres of government, a central identity register is rich pickings for identity theft, fraudulent IDs and other malfeasance, as well as a target for organised crime. The DHA will need tight security disciplines to prevent insider attacks.
The actual security of the cards themselves is less of a concern. International standards set out strong encryption and secure communications protocols, and Mmakau says the department will ensure compliance with standards in its ID project.
Although the encryption on smart cards has proved effective around the world, there are always risks. Although the cards are tamper-resistant and mathematically secure, side channel attacks can potentially recover protected information from a card given enough time.
---
Cautionary tales
Two warning bells should be ringing for the DHA in this country: No2ID and its success quashing electronic ID cards in the UK, and OUTA's campaign against e-tolling, which has many parallels with the No2ID campaign – citizens mobilised to crush a widely unpopular project.
The minister will doubtless watch for signs of concern, and move swiftly to address them. The project has been delayed several times, partly due to resolving irregularities in the tender process, and the department will certainly want to keep its hands clean to avoid any repercussions once a project of this scope is fully under way.
---
Autor(en)/Author(s): Jon Tullett
Quelle/Source: ITWeb, 20.06.2012
Bitte besuchen Sie/Please visit:
