I was reading a presentation on the Belgian electronic identity card (PDF 150 kb, in French, by a friend). Compared to the old, analogic card, this new card has an electronic chip on it. This chip contains some information that are already visible to any human eye on the surface of this card and more information (like a photo, your address, digital certificates, …). I stopped on the 5th slide where it’s said that this new “e-ID” will allow someone to be identified, to authenticate (what?) and to fill in on-line administrative papers.

Being in the “general culture” of privacy-related subjects, I often heard these two words (identification and authentication). But I never paid too much attention to their meaning. So, once and for all, I decided to have a look in a dictionary.

Identification is the act or process of identifying somebody or something or of being identified. So, it’s an act or process of showing or proving who somebody is. The identity card (ID card) is a card bearing the holder’s name, signature, etc. and often a photograph, carried or worn by somebody to show who he/she is.

Authentication is the act or process of proving something to be valid, genuine or true (act of authentication). You even have the word authenticity, the quality of being authentic.

So, why put identification and authentication means in the same card? Aren’t they redundant? The old, analogic ID card was sufficient to prove who I am to a policeman and to retrieve administrative documents. I think the idea behind this new e-ID card is to adapt this identification process to the electronic world (internet being the most obvious one). It seems it’s far more easy to forge another identity based only on character strings and bits than on a real, physical human being. When paying on the internet with a credit card, you need your card number, your name and a “validation number” that is on the back of your card. Now, with the e-ID, you’ll have digital certificates to electronically identify yourself and authenticate this identification.

As I use to say, this is only a tool (like a hammer, a knife, a RFID tag, a video camera, etc.). But now, I often add that it depends on the goals behind the creation of the tool.

A knife was first created to cut meat, branches, etc. A hammer was first created to hit on a nail. A video camera was first designed to add motion to photographs. Now some people use knives to take control of planes, they use video camera to film their children playing around or British cars registration numbers. This diversion of usage, combined with an increasing “Western comfort” lead some people (in governments or not) to the need of preserving this comfort, this security. They now not only created new tools (DRM, RFID, …), they created tools in order to keep and further increase their profits, to control identities, …

I am not saying that the Belgian government is intentionally imposing the e-ID card in order to control Belgians. But, apparently, some points are not clear … Who will control who (or what application) will have access to the information stored on the chip? And who will control if the restrictions on information access are respected (and how)? Who will control data mining done with information retrieved from the chip (and how)? For the moment, only information already available from different sources are now grouped on the chip, making them easier to retrieve. Who knows what kind of information could be added on the chip, later? If you want more information on this topic, I suggest you to follow the news on the AEL website.

P.S. I really like dictionary: you are looking for one word and you finally read definitions of 2 or 3 words. And if you have an illustrated dictionary, you’ll also look at the pictures. For example, in my Oxford dictionary, “identification” is on the same page than an illustration of an iceberg. An iceberg is just “a huge mass of ice floating in the sea”. But, because it’s related to the idiom “the tip of the iceberg”, nearly 80% of the illustration is showing iceberg part below the see level. By the way, while I was there, I also checked the word idiom: “a phrase or sentence whose meaning is not clear from the meaning of its individual words and which must be learnt as a whole unit” (of course, I also read the other definitions of idiom …).

Some days ago, IDC published a study carried out on behalf of the BSA (Business Software Alliance). In this study, they promised the creation of 4 000 new jobs and the addition of 2.6 billion US$ to the economical growth in Belgium if software piracy is reduced by 10% between 2006 and 2009. For France, it is a promise of 30 000 new jobs and an addition of 13.7 billion US$ to the economical growth!

Although I know which companies are “hiding” behind the BSA (Microsoft, Adobe, …), I think that this continuous battle against software piracy could only be a benefit for the free software industry. With exceptions of some job-specific software, I think free software have now all the capacities to be used in the industry (imho ; and there are software which are only available as free for some jobs). Therefore, to oblige people to acquire licences is also, in a way, to oblige them to ask themselves questions of costs and dependences to their suppliers. And, perhaps that the idea of a migration to (or to remain with) free software can be seriously taken.

On the “other” side, a study on innovation and competitiveness in Europe (PDF 1.8Mo), carried out by PricewaterhouseCoopers on behalf of the Ministry for the Dutch Economic affairs, presents the future European law on the patents as a particular threat for the ICT industry in Europe. The study takes in example the rather moderate protection set up around IP protocol, the www, Linux, … (discoveries made in Europe) which made it possible to maintain a “competitive and innovating” software industry while limiting the entry of new actors on the market. However, according to the study, the nature itself of the patents could kill the innovations rate/rhythm in communication and information technologies. In conclusion, this study also identifies 10 potential important technological progresses and recommends to the European Union to lower the barriers of entry on the ICT market and to encourage the investment and the standardisation.

Linux, interoperability, standardisation, position on patents, … I prefer this study by PwC and you?

(J’ai également publié ce mot en français sur LinuxFr)