This weekend I decided to change my Google account password. In response, Google sent me an email to the account address, notifying me of this fact. The email told me that if I did not change my password (and apparently someone else did it for me) I should click on a link to reset my password. Excellent service right? Until I realised we are all doomed!
Many countries that have an electronic identity (eID) system attach the eID chip to a classical identity card. From a historical perspective this is a natural approach (eIDs have evolved from the electronic or biometric passports). However, as a consequence, people can only own at most a single eID, and a significant group of citizens are excluded from owning an eID at all. This severely affects the coverage and inclusiveness of eID applications, and even prevents the implementation of certain types of eID applications.
Ideally, a relying party that needs to verify certain attributes of a user would do so all by himself. However, in the new German eID system there are currently 7 so called eID service providers that handle this task on behalf of many relying parties. The Germans did this to allow service providers to quickly adopt the new eID system, because they can simply contract an eID service provider instead of implementing the functionality themselves. However, this creates a hotspot. For all users the eID service provider sees all attributes verified for all relying parties it services. The eID service provider is therefore in principle able to link a user to all the relying parties it visits, together with the relevant attributes. This appears to be a serious privacy risk. Or isn’t it?