This ominous news comes from a new blog called The Identity Corner. The author is Stefan Brands, one of the top applied cryptographers in the world and author of Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy:
The Belgian State Secretary and Microsoft yesterday jointly announced an alliance to integrate Belgium’s national identity chipcard (the “eID card”) with MSN Messenger. Belgium is the first European country to have started distributing a national identity chipcard to all its citizens. The Belgian ID chipcards authenticate themselves on the basis of an X.509 digital identity certificate. This certificate is in effect a globally unique inescapable identifier that can be used to automatically trace and profile all citizen actions, possibly in real time. Perhaps even more dangerously, the current generation of national ID chipcards is based on the same kind of identity management architecture as that of enterprise employee chipcard systems for protecting access to physical areas and network use within the enterprise. Architectures for identity management that create all-powerful central parties may be perfectly suitable for enterprise needs, but for government the situation is (or at least should be …) drastically different. The central capability to lock misbehaving employees in real time out of internal corporate services is one thing, it is quite another for the government to be able to do so for citizens.
I shudder to think what the current government of the United States would do with similar technology. It’s one thing to have an immigration officer inspect your physical papers as you enter the country. It’s quite another to have a digital key that can be used to monitor and control access to the Internet, or to resources that are supposed to be public. Thankfully, the infrastructure isn’t available to support this sort of centralized on-line identity management. Yet.
Thanks to Prof. Froomkin for the pointer.