Accelerating the creation and deployment of
e-Government services by ensuring Citizen’s
Privacy, Security, Convenience and Trust
Frédéric Trojani, Chairman Secure Identity Alliance
SDW 2013, 23rd May
1
The economic value of digital identity

SDW 2013, 23rd May

2
Today’s world is connected
6.8 Billion Mobile
Subscribers

2 Billion Internet Users
(Most Are Mobile)
50 Billion Connected
Devices

SDW 2013, 23rd May

3
Digital Identity can be a key growth driver in
an overall stagnant European economy

Digital Identity value
EU-27 in 2011 and 2020,
billion €
+14%
CAGR

European economy
EU-27 in 2011,
billion €

997

~ 8%
of GDP
~ 2×
budget
defícit

328
12,629

Organizations

315
53

Consumers

262
2011

Source: OECD, BCG

SDW2013, 23rd May

669

2020

520

GDP

Budget
deficit
4
Public sector and healthcare stand to profit the
most from personal data applications
PRIVATE- AND PUBLIC-SECTOR VALUE OF DIGITAL ECONOMY 2020, BILLION €

6
Further
potential

34

52

14

6

1

112

36

9

15

84%

5

16%

7
Current
value 2011

7

11

5

8

@
Source: BCG

SDW 2013 – 23rd May

Traditional
production

Retail

Financial
services

Telco &
media

Public/
health

Web
2.0
comm.

E-commerce

Info/
entertainment
5
However Public Sector and Healthcare are
lagging behind
Evolutionary path of digital economy value creation

III
II
I
Creating basic digital
product experience

Leveraging personal
data internally

Tapping data
ecosystem
opportunities

External applications
Internal enhancement
Digitization

Basic digital identity
uses as secure
authentication
Source: BCG

SDW 2013, 23rd May

Usage data for R&D,
delivery optimization,
etc.

Sharing data with
third parties in both
directions

Digital identity
intensity
6
Millions of bytes of data is being collected
Tax status
Social security
Birthday
Birthplace
Gender
Nationality
Cell phone N°
Address
Interests
Purchase history
Credit rating
Income
Address
Travel habits
Work details

@
SDW 2013 – 23rd May

Health Status
Blood group
Insurance
Address
7
Digital identity is the sum of all digitally
available data about an individual
Individual
preferences
• Favorite brands
• Taste in music
• Interests

• …

What does
she/he
like?

Acquired
attributes
• Address
• Medical record
• Purchase
history
• …

What did
she/he
do?

Inherent
characteristics

Source: BCG

SDW 2013 – 23rd May

•
•
•
•

Date of birth
Gender
Nationality
…

Where does
she/he
come from?

Digital
identity
Sum of all
digitally
available data
about an
individual,
irrespective of
its degree of
validity, its
form, or its
accessibility

8
Digital identity creates wealth
DIGITAL IDENTITY VALUE: EUR 330 BILLION BY 2020 (SOURCE: BCG)

Networks
Roll Out

Content
Creation

Service
Demand
Increases

Borderless
Services
Source: EU COM (2010)245

SDW2013 – 23rd May

9
2
The central principle of trust

SDW2013, 23rd May

10
Massive hack attacks show major flaws in
today’s internet security
major 2011/12 data breaches

40 million
employee
records stolen

Medical and
financial
information of 5.1
million individuals
stolen

Source: BCG

SDW2013, 23rd May

E-mail addresses
and names of
millions of third
party customers
exposed

77 million e-mail
addresses and
credit card data
stolen

UK database
hacked, clients'
e-mail addresses
and names
exposed

Exposure of
names,
passwords and
other personal
information of 35
million Koreans

Breach enabled
monitoring of
boardroom-level
communications
of more than
10,000
executives

Customers'
phone numbers
were logged and
exposed to
website
publishers

Files containing
6.4 million
LinkedIn
members
passwords were
found on
hacker websites

More than
200,000
e-mail
addresses, along
with other
customer
information
exposed

For Sony's PlayStation Network incident alone total
costs of up to $4.6 billion estimated
11
12
Today’s online issues
USERNAMES AND PASSWORDS ARE
BROKEN
 Most people have >25 different

passwords, or use the same one over and
over

 Even strong passwords are

vulnerable…criminals have many paths to
easily capture “keys to the kingdom”

 Rising costs of identity theft
• 11.6M U.S. victims (+13% YoY) in 2011 at a

cost of $37 billion
• 67% increase in # of Americans impacted by
data breaches in 2011 (Source: Javelin
Strategy & Research)
Source: NSTIC

SDW2013 – 23rd May

13
14
Today’s online issues
PASSWORD CHANGE AND NEW ACCOUNT
SETUP ALIENATE CUSTOMERS
 38% of adults sometimes think it would

be easier to solve world peace than
attempt to remember all their passwords

 38% would rather undertake household

chores, like cleaning the toilet or doing
the dishes, than have to create another
username and password

 84% of people dislike being asked to

register on a website

 Shopping cart abandonment: 38% online

users do not buy online because they
have to register before purchasing.
(source: Forrester)

Source: NSTIC

SDW2013 – 23rd May

15
16
Today’s online issues
IDENTITIES ARE DIFFICULT TO VERIFY OVER
THE INTERNET
 Numerous government services must still be

conducted in person or by mail, leading to
continual rising costs

 Electronic health records could save billions,

but can’t move forward without solving
authentication challenge for providers and
individuals

 Many transactions, such as signing an auto

loan or a mortgage, are still considered too
risky to be conducted online due to liability
risks

Source: NSTIC

SDW 2013, 23rd May

17
18
Today’s online issues
PRIVACY REMAINS A CHALLENGE
 Individuals often must provide more

Personally Identifiable Information
(PII) than necessary for a particular
transaction

 This data is often stored, creating

“honey pots” of information for
cybercriminals to pursue

 Individuals have few practical means to

control use of their information

 Almost two-thirds of adults (62%)

hesitant to enter personal information
line without knowing how the site or
brand was planning to use the info

Source: NSTIC

SDW 2013, 23rd May

19
Today’s online issues
Users behavior can taint the whole trust chain

Source Bearing Point

Thanks to information available online, one can ask a birth
certificate leading to a passport or an ID card

SDW2013 – 23rd May

20
Today’s online issues

TRUST : IF TRUST IS BROKEN SO IS THE SYSTEM

Networks
Roll Out

Content
Creation

TRUST
Service
Demand
Increases

SDW2013, 23rd May

Borderless
Services

21
3
The ‘logical’ role of government

SDW2013, 23rd May

22
In creating an environment where citizens are
empowered via

Convenience
/Mobility
Security

SDW2013 – 23rd May

Trust
Privacy

23
Where governments play the root identity
ID Service Provider

Government/
Root ID

Service Providers

REVOCATION

3

2

User

@

24

SDW 2013 ,

23rd

May
And where Digital Identity is stored in a Secure
Element
500 million

ePassport in use
(Source Icao 2012)

1350 million national
eID cards in use
(Source ABI 2012)

450 million eHealth
cards in use (Source
ABI 2012)

250 million eDriving

License cards (Source
ABI 2012)

25 billion SIM cards
shipped since
inception

EMV Payment Cards

have hit the 1 billion
mark in 2011 (annual
shipments)
SDW 2013, 23rd May

WHAT IS UNIQUE ABOUT THE SECURE ELEMENT?

 Private: Personal data stored in Secure Element

(health records, biometrics , others)

 Portability : different access devices can be used
 Citizen control: data transmission initiated by

owner

 Highly customizable: Multi-services platform

 Highly Secured: Certified at every stage of

lifecycle

 Connected: Remotely manageable
 Multi-party: Secured domains managed

independently by each entity

 Standardized
 Interoperable: devices/ physical support &

services

 Proven and mature technology – no relevant

fraud since inception

25
A Logical role however complex
 “AN ONLINE ENVIRONMENT WHERE INDIVIDUALS

AND ORGANIZATIONS WILL BE ABLE TO TRUST EACH
OTHER BECAUSE THEY FOLLOW AGREED UPON
STANDARDS TO OBTAIN AND AUTHENTICATE THEIR
DIGITAL IDENTITIES.” NSTIC

 REGULATIONS
 NSTIC in the US (National Program Office of the

National Strategy for Trusted Identities in
Cyberspace)

 e-IDAS in Europe (regulation on eIdentification,

eAuthentication and eSignatures and Trusted
Services)

 National specific initiatives: Sweden, Estonia, etc.

 STANDARDS: CEN, ETSI, ICAO, ISO AND OTHERS
 INITIATIVES : GSMA MOBILE ID
SDW2013 – 23rd May

26
To ensure the success of eGovernment Services

Only 15 % of eGovernement Services are considered as success

 Citizens benefited, no adverse results

Belgium

Estonia

50 % of Partial success
 Main goals not achieved
 Initial success but problems after one year
 success for one group but failure for others

35 % are not implemented or abandoned

SDW 2013, 23rd May

27
4
Establishing secure partnership

SDW2013, 23rd May

28
A Short Introduction
• The Secure Identity Alliance is committed to helping public bodies across the
world deliver e-government services to citizens through the widespread
adoption of secure e-document technologies.

• Founded in March 2013 by leading eDocument and eService Companies
• Board Members:

SDW2013, 23rd May

29
Objective
Accelerate the transition to smart eDocuments to support an open,
interoperable and efficient roll-out of eGovernment online services by:
 Describe and promote use cases of convenient value-added eGovernment

services

 Share experiences and best practices between industry and governments

modernizing their services, in particular towards ensuring the privacy of
end-users’ personal information

 Promote standardization of relevant and appropriate industry specifications
 Make recommendations on the most up-to-date means to properly address

the governments identity and privacy challenges

• eDocument hardware, software and secure printing technologies, materials and physical security

expertise
• Deliver the level of confidence and assurance needed for the rapid adoption of eServices that can
be trusted by citizens

 Provide consistent reference information on security, identity and privacy

challenges in a transparent manner

In short, the Secure Identity Alliance offers a trusted partner for governments
when defining their eDocument strategies and implementing associated
eGovernment services.
SDW 2013, 23rd May

30
Invitation

First Secure Identity Alliance Members
Information (Recruitment) Meeting
TODAY
at 12:40
In this Conference Room.
www.secure identityalliance.org

Accelerating the creation and deployment of e-Government services by ensuring Citizen’s Privacy, Security, Convenience and Trust

  • 1.
    Accelerating the creationand deployment of e-Government services by ensuring Citizen’s Privacy, Security, Convenience and Trust Frédéric Trojani, Chairman Secure Identity Alliance SDW 2013, 23rd May
  • 2.
    1 The economic valueof digital identity SDW 2013, 23rd May 2
  • 3.
    Today’s world isconnected 6.8 Billion Mobile Subscribers 2 Billion Internet Users (Most Are Mobile) 50 Billion Connected Devices SDW 2013, 23rd May 3
  • 4.
    Digital Identity canbe a key growth driver in an overall stagnant European economy Digital Identity value EU-27 in 2011 and 2020, billion € +14% CAGR European economy EU-27 in 2011, billion € 997 ~ 8% of GDP ~ 2× budget defícit 328 12,629 Organizations 315 53 Consumers 262 2011 Source: OECD, BCG SDW2013, 23rd May 669 2020 520 GDP Budget deficit 4
  • 5.
    Public sector andhealthcare stand to profit the most from personal data applications PRIVATE- AND PUBLIC-SECTOR VALUE OF DIGITAL ECONOMY 2020, BILLION € 6 Further potential 34 52 14 6 1 112 36 9 15 84% 5 16% 7 Current value 2011 7 11 5 8 @ Source: BCG SDW 2013 – 23rd May Traditional production Retail Financial services Telco & media Public/ health Web 2.0 comm. E-commerce Info/ entertainment 5
  • 6.
    However Public Sectorand Healthcare are lagging behind Evolutionary path of digital economy value creation III II I Creating basic digital product experience Leveraging personal data internally Tapping data ecosystem opportunities External applications Internal enhancement Digitization Basic digital identity uses as secure authentication Source: BCG SDW 2013, 23rd May Usage data for R&D, delivery optimization, etc. Sharing data with third parties in both directions Digital identity intensity 6
  • 7.
    Millions of bytesof data is being collected Tax status Social security Birthday Birthplace Gender Nationality Cell phone N° Address Interests Purchase history Credit rating Income Address Travel habits Work details @ SDW 2013 – 23rd May Health Status Blood group Insurance Address 7
  • 8.
    Digital identity isthe sum of all digitally available data about an individual Individual preferences • Favorite brands • Taste in music • Interests • … What does she/he like? Acquired attributes • Address • Medical record • Purchase history • … What did she/he do? Inherent characteristics Source: BCG SDW 2013 – 23rd May • • • • Date of birth Gender Nationality … Where does she/he come from? Digital identity Sum of all digitally available data about an individual, irrespective of its degree of validity, its form, or its accessibility 8
  • 9.
    Digital identity createswealth DIGITAL IDENTITY VALUE: EUR 330 BILLION BY 2020 (SOURCE: BCG) Networks Roll Out Content Creation Service Demand Increases Borderless Services Source: EU COM (2010)245 SDW2013 – 23rd May 9
  • 10.
    2 The central principleof trust SDW2013, 23rd May 10
  • 11.
    Massive hack attacksshow major flaws in today’s internet security major 2011/12 data breaches 40 million employee records stolen Medical and financial information of 5.1 million individuals stolen Source: BCG SDW2013, 23rd May E-mail addresses and names of millions of third party customers exposed 77 million e-mail addresses and credit card data stolen UK database hacked, clients' e-mail addresses and names exposed Exposure of names, passwords and other personal information of 35 million Koreans Breach enabled monitoring of boardroom-level communications of more than 10,000 executives Customers' phone numbers were logged and exposed to website publishers Files containing 6.4 million LinkedIn members passwords were found on hacker websites More than 200,000 e-mail addresses, along with other customer information exposed For Sony's PlayStation Network incident alone total costs of up to $4.6 billion estimated 11
  • 12.
  • 13.
    Today’s online issues USERNAMESAND PASSWORDS ARE BROKEN  Most people have >25 different passwords, or use the same one over and over  Even strong passwords are vulnerable…criminals have many paths to easily capture “keys to the kingdom”  Rising costs of identity theft • 11.6M U.S. victims (+13% YoY) in 2011 at a cost of $37 billion • 67% increase in # of Americans impacted by data breaches in 2011 (Source: Javelin Strategy & Research) Source: NSTIC SDW2013 – 23rd May 13
  • 14.
  • 15.
    Today’s online issues PASSWORDCHANGE AND NEW ACCOUNT SETUP ALIENATE CUSTOMERS  38% of adults sometimes think it would be easier to solve world peace than attempt to remember all their passwords  38% would rather undertake household chores, like cleaning the toilet or doing the dishes, than have to create another username and password  84% of people dislike being asked to register on a website  Shopping cart abandonment: 38% online users do not buy online because they have to register before purchasing. (source: Forrester) Source: NSTIC SDW2013 – 23rd May 15
  • 16.
  • 17.
    Today’s online issues IDENTITIESARE DIFFICULT TO VERIFY OVER THE INTERNET  Numerous government services must still be conducted in person or by mail, leading to continual rising costs  Electronic health records could save billions, but can’t move forward without solving authentication challenge for providers and individuals  Many transactions, such as signing an auto loan or a mortgage, are still considered too risky to be conducted online due to liability risks Source: NSTIC SDW 2013, 23rd May 17
  • 18.
  • 19.
    Today’s online issues PRIVACYREMAINS A CHALLENGE  Individuals often must provide more Personally Identifiable Information (PII) than necessary for a particular transaction  This data is often stored, creating “honey pots” of information for cybercriminals to pursue  Individuals have few practical means to control use of their information  Almost two-thirds of adults (62%) hesitant to enter personal information line without knowing how the site or brand was planning to use the info Source: NSTIC SDW 2013, 23rd May 19
  • 20.
    Today’s online issues Usersbehavior can taint the whole trust chain Source Bearing Point Thanks to information available online, one can ask a birth certificate leading to a passport or an ID card SDW2013 – 23rd May 20
  • 21.
    Today’s online issues TRUST: IF TRUST IS BROKEN SO IS THE SYSTEM Networks Roll Out Content Creation TRUST Service Demand Increases SDW2013, 23rd May Borderless Services 21
  • 22.
    3 The ‘logical’ roleof government SDW2013, 23rd May 22
  • 23.
    In creating anenvironment where citizens are empowered via Convenience /Mobility Security SDW2013 – 23rd May Trust Privacy 23
  • 24.
    Where governments playthe root identity ID Service Provider Government/ Root ID Service Providers REVOCATION 3 2 User @ 24 SDW 2013 , 23rd May
  • 25.
    And where DigitalIdentity is stored in a Secure Element 500 million ePassport in use (Source Icao 2012) 1350 million national eID cards in use (Source ABI 2012) 450 million eHealth cards in use (Source ABI 2012) 250 million eDriving License cards (Source ABI 2012) 25 billion SIM cards shipped since inception EMV Payment Cards have hit the 1 billion mark in 2011 (annual shipments) SDW 2013, 23rd May WHAT IS UNIQUE ABOUT THE SECURE ELEMENT?  Private: Personal data stored in Secure Element (health records, biometrics , others)  Portability : different access devices can be used  Citizen control: data transmission initiated by owner  Highly customizable: Multi-services platform  Highly Secured: Certified at every stage of lifecycle  Connected: Remotely manageable  Multi-party: Secured domains managed independently by each entity  Standardized  Interoperable: devices/ physical support & services  Proven and mature technology – no relevant fraud since inception 25
  • 26.
    A Logical rolehowever complex  “AN ONLINE ENVIRONMENT WHERE INDIVIDUALS AND ORGANIZATIONS WILL BE ABLE TO TRUST EACH OTHER BECAUSE THEY FOLLOW AGREED UPON STANDARDS TO OBTAIN AND AUTHENTICATE THEIR DIGITAL IDENTITIES.” NSTIC  REGULATIONS  NSTIC in the US (National Program Office of the National Strategy for Trusted Identities in Cyberspace)  e-IDAS in Europe (regulation on eIdentification, eAuthentication and eSignatures and Trusted Services)  National specific initiatives: Sweden, Estonia, etc.  STANDARDS: CEN, ETSI, ICAO, ISO AND OTHERS  INITIATIVES : GSMA MOBILE ID SDW2013 – 23rd May 26
  • 27.
    To ensure thesuccess of eGovernment Services Only 15 % of eGovernement Services are considered as success  Citizens benefited, no adverse results Belgium Estonia 50 % of Partial success  Main goals not achieved  Initial success but problems after one year  success for one group but failure for others 35 % are not implemented or abandoned SDW 2013, 23rd May 27
  • 28.
  • 29.
    A Short Introduction •The Secure Identity Alliance is committed to helping public bodies across the world deliver e-government services to citizens through the widespread adoption of secure e-document technologies. • Founded in March 2013 by leading eDocument and eService Companies • Board Members: SDW2013, 23rd May 29
  • 30.
    Objective Accelerate the transitionto smart eDocuments to support an open, interoperable and efficient roll-out of eGovernment online services by:  Describe and promote use cases of convenient value-added eGovernment services  Share experiences and best practices between industry and governments modernizing their services, in particular towards ensuring the privacy of end-users’ personal information  Promote standardization of relevant and appropriate industry specifications  Make recommendations on the most up-to-date means to properly address the governments identity and privacy challenges • eDocument hardware, software and secure printing technologies, materials and physical security expertise • Deliver the level of confidence and assurance needed for the rapid adoption of eServices that can be trusted by citizens  Provide consistent reference information on security, identity and privacy challenges in a transparent manner In short, the Secure Identity Alliance offers a trusted partner for governments when defining their eDocument strategies and implementing associated eGovernment services. SDW 2013, 23rd May 30
  • 31.
    Invitation First Secure IdentityAlliance Members Information (Recruitment) Meeting TODAY at 12:40 In this Conference Room. www.secure identityalliance.org