Mobile ID, a digital authentication system that is implemented into the user’s mobile SIM card, is ready to be used throughout Europe, according to Hubert Pujol of the French national cybersecurity authority ANSSI.
Pugol was one of six experts at the “Cybersecurity vs. User Convenience” debate hosted at the European Parliament this past Tuesday. Commissioner for the Security Union Sir Julian King reminded those present about the need for greater cybersecurity and urged for closer cooperation between the public and private sectors.
“Digitilisation carries risks, and we need to be aware,” King said. “Rights and security are two sides of the same coin.”
Mobile ID is an easy way for citizens to verify their identity online from their smartphones. Pujol believes that the program can now be implemented throughout the European Union securely – if implemented with caution.
In his presentation, Pujol mentioned the inevitability of technological progress and the necessity of change, but also emphasized the security risks of a faster, highly automated system.
“Yes we can unleash Mobile ID, but we have to be aware of the risks,” Pujol said. “We have to go on this mobile process, but we have to certify.”
The rest of the panel was dedicated to combining digital identity with private services – such as combining an ID card with a credit card – without sacrificing necessary identity protection.
Other panelists, such as Estonian Counsellor for Digital Affairs Luukas Kristjan Ilves, believes that there is no need to choose between convenience and user security.
“The question of user convenience is a red herring – the problem can be solved in a win-win situation,” Ilves said.
Ilves offered two-factor authentication as a way for the user to provide a digital signature that was as equally secure as face-to-face authorization.
Didier Sérodon, president of security nonprofit EuroSmart, disagreed that a one-size-fits-all solution could be applied universally and still be effective.
“Depending on what we need to protect, we need different tools, different levels of security,” Sérodon said.
According to Sérodon, how well a device is protected is currently hidden from the public. That needs to change if governments are to increase digitization safely.
“I can read private information from my phone, but how easy is it for someone else to read my phone? We don’t know,” Sérodon said.
An EU trust seal, dubbed the Common Criteria (CC) and Baseline (BL) certifications, would label all digital devices with their level of protection, and what level of security a citizen can expect from a device.