The Government’s wish to issue self-signed electronic signatures on the newly inaugurated biometric cards is more of a monetary mishap than a privacy Issue. However, some critics may say that this is more than a failure, it’s a way of doing business.
In 2001, Israel legislated an Electronic Signature Act, which allowed authorised bodies to issue digital signatures to encrypt and digitally sign documents, in order to replace their physical presence [further reading at the Israel Justice Department website]. To sum up: when acquiring a digital signature, a certificate authority issues a signature, and then validates your identity and warrants that you are who you say you are.
However, due mostly to overburden created by the state, Israel holds only one certificate authority, ComSign. The problem? ComSign is (a) a private company and (b) charges 300 ILS (~75 US$) per signature. The lack of competition caused the government to try a new approach: as every biometric ID has to be digitally signed, the government wishes to be both the certificate authority and the entity which relies on the validty. There are two main advantages for this scheme: first, the costs of issuing electronic ID cards reduce, as there is only need to pay the issuer of the plastic card; Second, the government is certain that the certificate authority will never go out of business.
However, there is one major flaw: when the government issues a person’s private key, it can never (and i mean never) hold a copy of that private key. Exposing this key to any person which may be able to access it is a major flaw that could assist identity theft and other causes. Here comes the need for a certificate authority’s liability. When inflicting liability on a CA, it may exercise best care and warrant that no information may be misused. Moreover, it, by itself, lacks the interest of infringing its users’ privacy. Therefore, opening the market to competition and allowing more private CAs is the solution, not allowing the government to have more force.
However, a minor tongue-slip by Adi Sagi, from the military’s CA, during last week’s discussion, may show that something is not all-that-ok wiith a self-issuing certificate authority; Sagi stated that the certificate exists “not only on service cards, but also for Keva [additional service, after the mandatory – jk], soldier service cards, smart ID cards for the military’s needs. I want to raise two other points: the first is the trust in the soldiers or loss of cards. Once a soldier loses a smart card or a card is stolen, he has to notify the police and the ministry of interior that the card was stolen. Then you need to operate systems where the certificate is not valid anymore and a new certificate needs to be issued. I don’t know, and i guess that Boaz [Dolev, the head of the computing unit in the government – jk] doesn’t know, any authority that if a certificate is stolen may…” here Sagi was interrupted, stating that he exceeded his authority.
But it seems that the architecture of privacy here was not in the main interest of the government. Issuing seven milion ID cards and paying a private entity 300 ILS per card may cost the government more than it is willing to pay for the biometric experiment. Therefore, the government decided, for monetary reasons to risk the citizens’ privacy, and be its own certificate authority.
When explaining it to the committee, i said that “I am afraid from my government. I am afraid from the government in a place where a corrupt social security employee was bribed to pass private information; I am afraind from a government that cannot investigate the leak of its own census; I am afraid from the government and I am entitled to do so, and it is still the government’s duty to protect me. But this is not the discussion. The question is a certificate authority could be the entity that verifies the identity and still hold my cryptographic keys“.
Something has to be done here, before it gets too late.