Austrian ID service appears to be Cameron-compliant

WRITTEN ON February 9th, 2005 BY William Heath AND STORED IN Uncategorized

Austria seems to have an ID service with optional cards that conforms to Kim’s laws. See below for my first thoughts.
.

This is not the place to analyse Austria’s many high and low points. We should accept that there’s nothing degrading about a government calling its citizens “Burgers” (or Burgerinnen for women) – that’s just the way they talk there. But I’m grateful to the correspondent who mails me details of the Austrian Buergerkarte. Note much of the site (except FAQs) is helpfully in English also.

Overall –

Austria has a central residents register. The system derives a unique base ID number and stores that with just essential minimum data, encrypted. It then derives a sector-specific unique identifier for different applications. So Austrian government departments can help you by pre-filling forms etc but they can’t derive your base ID number and routinely match data.

To get the benefits, Austrians need an electronic signature, which can be on the card but it could be on a PDA, mobile phone, or USB earring for that matter. You can have one card, or several. Existing bank cards can be upgraded to work as Burger-cards.

So far the scheme is voluntary. People can stick to traditional means if they prefer. Liability, revocation etc is all explained in the FAQs (for German speakers only).

Does the Burger-card conform to Kim’s laws?

Use of the Austrian ID system and Burger-card appears to be voluntary and carefully explained. Data on the register is minimal and data on the card is PIN controlled, so the system appears to conform to Law 1 – Control (though I must get back to the man himself on his Law 1).

The whole system contains only the data that is absolutely necessary for online identification, and appears to conform to law 2 – Minimum Disclosure

It seems to conform to law three, involving minimum parties in the ID transaction.

I think it supports unidirectional ID – the AC/DC law 4, but checking it is testing my German and patience.

It’s technology-neutral and there are a variety of providers, so appears to conform to law 5 – Pluralism

It would seem they’ve taken the human component into account in the flexibility of issung arrangements and the thoroughness of the legal basis and what happens when it gets lost/goes wrong. So I suppose that means conformance to law 6. But I’m not exactly an auditor.

2 Responses to “Austrian ID service appears to be Cameron-compliant”

 
Richard wrote on February 10th, 2005 11:56 pm :

Does the Austrian ministry of defence still close down during winter months, to save the cost of heating its offices?

What a sensible idea.

Kablenet wrote on February 11th, 2005 6:52 pm :

“Oh no it isn’t” says Stefan Brands (who, unlike me, understands this technology). He says:

“The Austrian ID card system violates Cameron’s first law because the central register possesses the power to trace and link all user actions across departments, possibly in real time .... Cameron’s laws 2, 3, and 4 (which like Cameron’s first law are all about privacy or, more generally, power and control) are also violated, for pretty much the same reason.”

See
http://www.idcorner.org/index.php?p=18#more-18

Leave a Reply