Enhanced Functionality Brings New Privacy and Security Issues – An Analysis of eID

Tamás Szádeczky

Abstract

As compared with traditional paper-based versions and the standard username-password login to e-Government services, the new electronic identity and travel documents have made on-site electronic and on-line authentication of citizen more comfortable and secure.

The biometric passport was introduced in Hungary in 2006. A decade later the electronic identity card (eID) was implemented. The reason for the improvement of such documents is twofold: enhancing security features and performing new functions. The development is certainly welcome, but it also generates new types of risks, with which governments and citizens must take into account.

In this paper, I will first analyze the most widespread technologies of data storage cards from the passive elements to the chipcards, including the biometric passport. The objective is to provide an overview of the technical development as a background to my paper. I will then proceed to an analysis of the relevant EU and national legal background, data elements, data protection and the functions (ePASS, eID, eSIGN) of the new Hungarian and German identity card, as well as the security risks and protection properties of the eID-type documents. The paper concludes with a summary of the lessons learned from and the risks involved in the current solutions in Hungary and Germany.

Keywords

Chip Data Protection, E-Passport, Hungary eID, Protection of Government Issued Documents

Full Text:

References

Show references Hide references

[1] Bachmeier, W. (2010) Verkehrszivilsachen. 2nd edition. München: C. H. Beck.

[2] Bamberger, H. G. et al. Beck’scher Online-Kommentar zum BGB. [online] 45th edition, § 823, Rn. 15–41. Available from: https://beck-online-beck-de.ezproxy.utlib.ut.ee/?vpath=bibdata%2fkomm%2fBeckOKBGB_45%2fBGB%2fcont%2fBECKOKBGB%2eBGB%2eP823%2eglI%2egl3%2ehtm [Accessed 7 June 2018].

[3] Calo, R. (2015) Robotics and Lessons of Cyberlaw, California Law Review, 103(3), pp. 513–563.

[4] Case no. 3-2-1-111-05 (2005) Supreme Court (Civil Chamber), 21 November 2005.

[5] Case no. 3-2-1-27-07 (2007) Supreme Court (Civil Chamber), 18 April 2007.

[6] Case no. 3-2-1-161-10 (2011) Supreme Court (Civil Chamber), 2 March 2011.

[7] Case no. 3-2-1-7-13 (2013) Supreme Court (Civil Chamber), 19 March 2013.

[8] Case no. 3-2-1-73-13 (2013) Supreme Court (Civil Chamber), 20 June 2013.

[9] Case no. 3-2-1-64-15 (2015) Supreme Court (Civil Chamber), 26 November 2015.

[10] Chopra, S. and White, L. F. (2011) A Legal Theory for Autonomous Artificial Agents. The University of Michigan Press.

[11] Code of Civil Procedure (tsiviilkohtumenetluse seadustik) 2005. SI 2005/26, 87. Estonia: Riigi Teataja (State Gazette). In Estonian. English translation available from: https://www.riigiteataja.ee/en/eli/506022018001/consolide [Accessed 7 June 2018].

[12] Contissa, G. et al. (2013) Liability and automation: Issues and challenges for socio-technical systems. Journal of Aerospace Operations, (2), pp. 79–98. Available from: https://pure.tue.nl/ws/files/3915758/24573390365552.pdf [Accessed 30 May 2018].

[13] Council Directive 85/374/EEC of 25 July 1985 on the approximation of the laws, regulations and administrative provisions of the Member States concerning liability for defective products. Official Journal of the European Union (L 210) 7 August 1985. Available from: https://eur-lex.europa.eu/legal-content/EN/TXT/uri=uriserv:OJ.L_.1985.210.01.0029.01.ENG [Accessed 30 May 2018].

[14] Dickson, B. (2017) What is Narrow, General and Super Artificial Intelligence. [online] Tech Talks. Available from: https://bdtechtalks.com/2017/05/12/what-is-narrow-general-andsuper-artificial-intelligence/ [Accessed 30 May 2018].

[15] Directive 1999/34/EC of the European Parliament and of the Council of 10 May 1999 amending Council Directive 85/374/EEC on the approximation of the laws, regulations and administrative provisions of the Member States concerning liability for defective products. Official Journal of the European Union (L 141) 4 June 1999. Available from: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.1999.141.01.0020.01.ENG [Accessed 30 May 2018].

[16] Geistfeld, M. (2017) A Roadmap for Autonomous Vehicles: State Tort Liability, Automobile Insurance, and Federal Safety Regulation. California Law Review, 105(6).

[17] Government Office EU Secretariat. (2017) Driverless buses arrive in Tallinn. [press release] 14 July. Available from: https://www.eu2017.ee/news/press-releases/driverless-busesarrive-tallinn [Accessed 30 May 2018].

[18] Greger, R. (2007) Haftungsrecht des Strassenverkehrs. 4th edition. Berlin: De Gruyter Recht.

[19] Grüneberg, C. (2007) Haftungsquoten bei Verkehrsunfällen. Eine systematische Zusammenstellung veröffentlichter Entscheidungen nach dem StVG. 10th edition. München: Verlag C. H. Beck.

[20] Hawkins, A. J. (2018) Uber ‘Likely’ not at Fault in Deadly Self-Driving Car Crash, Police Chief Says. [online] The Verge. Available from: https://www.theverge.com/2018/3/20/17142672/uber-deadly-self-driving-car-crash-fault-police [Accessed 30 May 2018].

[21] Hentschel, P. (2003) Strassenverkehrsrecht. Beck’sche Kurzkommentare. 37th edition. München: Verlag C. H. Beck.

[22] Himma, K. E. (2009) Artificial Agency, Consciousness, and the Criteria for Moral Agency: What Properties Must an Artificial Agent Have to Be a Moral Agent? Ethics and Information Technology, 11(1), pp. 19−29. Available from: https://doi.org/10.1007/s10676-008-9167-5 [Accessed 30 May 2018].

[23] Koziol, H. (2012) Basic Questions of Tort Law from a Germanic Perspective. Wien: Jan Sramek Verlag.

[24] Lahe, J. (2013) The Concept of Fault of the Tortfeasor in Estonian Tort Law: A Comparative Perspective. Review of Central and East European Law, 38(2), pp. 141−170.

[25] Lahe, J. (2017) Estland. In: Bachmeier, W. (ed.) Regulierung von Auslandsunfällen. 2nd edition. Baden-Baden: Nomos Verlagsgesellschaft.

[26] Lahe, J., Luik, O.-J. and Merila, M. (2017) Liikluskindlustuse seadus. Kommenteeritud väljaanne. Tallinn: Juura.

[27] Law of Obligations Act (võlaõigusseadus) 2001. SI 2001/81, 487. Estonia: Riigi Teataja (State Gazette). In Estonian. English translation available from: https://www.riigiteataja.ee/en/eli/510012018003/consolide [Accessed 30 May 2018].

[28] Law of Property Act (asjaõigusseadus). 1993. SI 1993/39, 590. Estonia: Riigi Teataja (State Gazette). In Estonian. English translation available from: https://www.riigiteataja.ee/en/eli/504012018002/consolide [Accessed 7 June 2018].

[29] Marshall, A. and Davies, A. (2018) Waymo's Self-Driving Car Crash in Arizona Revives Tough Questions. [online] Wired. Available from: https://www.wired.com/story/waymocrash-self-driving-google-arizona/ [Accessed 30 May 2018].

[30] Naughton, K. (2017) Ford's Dozing Engineers Side with Google in Full Autonomy Push. [online] Bloomberg. Available from: https://www.bloomberg.com/news/articles/2017-02-17/ford-s-dozing-engineers-side-with-google-in-full-autonomy-push [Accessed 30 May 2018].

[31] Nicola, S., Behrmann, E. and Mawad, M. (2018) It's a Good Thing Europe's Autonomous Car Testing Is Slow. [online] Bloomberg. Available from: https://www.bloomberg.com/news/articles/2018-03-20/it-s-a-good-thing-europe-s-autonomous-car-testing-is-slow [Accessed 30 May 2018].

[32] Säcker, F. J., Rixecker, R. and Oetker, H. (2012) Münchener Kommentar zum Bürgerlichen Gesetzbuch. Band 2. Schuldrecht. Allgemeiner Teil. 6th edition. München: Verlag C. H. Beck.

[33] SAE International. (2014) J3016. Taxonomy and Definitions for Terms Related to On-Road Motor Vehicle Automated Driving Systems. Available from: https://web.archive.org/web/20170903105244/https://www.sae.org/misc/pdfs/automated_driving.pdf [Accessed 30 May 2018].

[34] Smith, B. W. (2013) SAE Levels of Driving Automation. [blog entry] 18 December. Available from: http://cyberlaw.stanford.edu/blog/2013/12/sae-levels-driving-automation [Accessed 30 May 2018].

[35] Sterling, L. and Taveter, K. (2009) The Art of Agent-Oriented Modeling. Cambridge: The MIT Press.

[36] Russell, S. J. and Norvig, P. (1995) Artificial Intelligence: A modern approach. New Jersey: Prentice Hall.

[37] Strassenverkehrsgesetz (StVG) (Road Traffic Act) 2003. SI 2003/310, 919. In German.

[38] Tampuu, T. (2017) Lepinguvälised võlasuhted (Non-contractual obligations). Tallinn: Juura.

[39] Traffic Act (liiklusseadus) 2010. SI 2010/44, 261. Estonia: Riigi Teataja (State Gazette). In Estonian. English translation available from: https://www.riigiteataja.ee/en/eli/5211220 17002/consolide [Accessed 30 May 2018].

[40] Varul, P. et al. (2009) Võlaõigusseadus III. Kommenteeritud väljaanne (Law of Obligations Act. Commented Edition. Vol. III). Tallinn: Juura.

[41] Vladeck, D. C. (2014) Machines without Principals: Liability Rules and Artificial Intelligence. Washington Law Review, 89 (1), pp. 117−150. Available from: http://digital.law.washington.edu/dspace-law/bitstream/handle/1773.1/1322/89WLR0117.pdf?sequence=1 [Accessed 30 May 2018].

[42] Volker, M., Jänich, P. T. and Schrader, V. R. (2015) Rechtsprobleme des autonomen Fahrens. Neue Zeitschrift für Verkehrsrecht, 28(7), pp. 313−318.

[43] von Bar, C. (2009) Principles of European Law: Non-Contractual Liability Arising out of Damage Caused to Another. Munich: Sellier European Law Publishers.

[44] Weber, P. (2016) Dilemmasituationen beim autonomen Fahren. Neue Zeitschrift für Verkehrsrecht, (6), pp. 249−254.

[45] Weise, E. and Marsh, A. (2018) Video Shows Google Self-Driving Van Accident in Arizona. [online] USA Today, 5 May. Available from: https://eu.usatoday.com/story/tech/2018/05/04/google-self-driving-van-involved-crash-arizona-driver-injured/582446002/ [Accessed 30 May 2018].

https://doi.org/10.5817/MUJLT2018-1-1


Copyright (c) 2018 Masaryk University Journal of Law and Technology