IDN January 2023

EES Delay Should Make Holidaymakers Happy

Holidaymakers travelling to Europe this summer will be spared the anticipated longer queues at European borders, after the EU announced a delay to the rollout of the Entry/Exit System (EES).

Regula Continues to Grow

A spokesperson for the association said: ‘The EES system will be a game-changer for EU border management.

‘There are, however, a number of issues that need to be resolved to ensure a smooth deployment and operation of the new system so that air passengers do not face disruption.

‘Postponing implementation past the busy summer 2023 period will give airlines, airports, EU and national authorities the opportunity to address these issues and ensure the system is fully tested.’

What is the EES?

The new EES delay – which was predicted in the November 2022 edition of IDN – will require travellers from outside the bloc to record their photos and scan their fingerprints. The system was due to be introduced in May but has now been pushed back until at least the end of the year.

The news will be welcomed by British holidaymakers, in particular, who are booking overseas trips in record numbers after nearly three years of COVID-hit travel. It also comes as Brexit talks between the UK and EU over the Northern Ireland Protocol have shown signs of improvement in recent weeks, with hopes of a deal by the 25th anniversary of the Good Friday Agreement in April.

Problems to solve

Reacting to the EES delay, the International Air Transport Association (IATA) said there were issues with the programme that needed to be addressed to ensure holidays were not adversely affected.

The EES will be an automated registration system for non-EU travellers who don’t require a visa to enter the EU. Travellers will need to scan their passports or other travel document at a self-service kiosk each time they cross an EU external border. It will not apply to legal residents or those with long stay visas.

The system will register the traveller’s name, biometric data, and the date and place of entry and exit. Facial scans and fingerprint data will be retained for three years after each trip.

It will apply when entering all EU member states, apart from Cyprus and Ireland, as well as four non-EU countries in the Schengen Area – Iceland, Liechtenstein, Norway and Switzerland.

The EES is being introduced to bolster border security and identify travellers who overstay their permitted time in the Schengen Area (90 days within a 180 day period).

Continued on page 2 >

Document and biometric verification company, Regula, has recently helped Ecuador to update its national forensic capabilities and has had its devices recognised in two Gartner reports.

Ecuador modernises

After using Regula equipment for over a decade, the National Service of Legal Medicine and Forensic Sciences of Ecuador, which is a subsidiary of the national police, felt it was time to upgrade its capabilities and invest in modern technology. The organisation wanted to cover all the major issues of document analysis with a single device, which was powerful enough to perform an investigation of any document feature, including inks and print. On top of this, the public entity wanted a new technology partner and to receive comprehensive vendor support.

‘Upon equipping our forensic laboratories with Regula’s devices and databases, we finally managed to reach the required high level of technology to perform any kind of document investigation – quickly, conveniently, and efficiently. Not only did Regula provide its products, but the company also organised training for our experts to help them use the device to the fullest and get insights on security features of different documents,’ said Cristian Ernesto Salgado Ortega, Technical Coordinator.

Continued on page 2 >

Inside this Issue

The Most Significant Events, Trends and Controversies in Our Industry

Without question, the most significant recent event that impacted everyone around the world was the COVID-19 pandemic. Literally overnight, the way we worked, interacted, transacted, and proved our identities changed. Some of these changes were temporary and some continue to impact and improve the processes we use today.

From using a QR code to order dinner at a restaurant, to a virtual workplace becoming the norm, humans continue to adjust to the new ways of life.

Some things haven’t changed as dramatically. While central banks continue to test the merits of digital currencies, physical currencies continue to circulate around the world in record quantities. Similarly, digital identity platforms continue to grow together with an increased use of biometrics at borders. Yet the importance of physical identity documents remains paramount.

EES Delay (Continued)

ETIAS still on track

The EES is connected to the European Travel Information and Authorisation System (ETIAS). This new scheme obligates non-EU citizens who do not require an EU visa to gain travel authorisation to enter the bloc. The visa waiver will be mandatory for anyone wishing to visit the Schengen Area short term.

ETIAS is still set to be operational from November 2023 as planned. An implementation period of six months is expected, meaning it may not be mandatory immediately. A second grace period of six months may also be considered after that.

Travellers will be able to apply for ETIAS online before their trip at a cost of €7. Once approved, the electronic travel authorisation will be electronically linked to their passport. The ETIAS authorisation will last for three years (after which it will need to be renewed for future visits), or until the holder’s passport expires (whichever is sooner).

The ETIAS system is similar to the ESTA system for travel to the USA, where visitors pay a one-off fee (currently $21) for a travel authorisation which lasts for two years.

What we as an industry need to embrace and address is the known and growing threat from physical counterfeiters. The hundreds of millions of dollars in revenue that they generate annually from the sale of counterfeit documents enables them to invest in highly sophisticated production

technologies. As a result, the fake documents they issue are often better than the legitimate ones.

The great unknown is the threat to the digital frontier. While digital, mobile, and biometric technologies are highly sophisticated, we need to assume that the bad guys are on the heels of electronic technologies in use today. Large scale data breaches of highly sensitive personal information in government databases are only one example of this threat. As a result, drastic steps are needed to lock down the technologies that house every citizen’s identity.

As we collectively work to address these threats, our industry faces challenges from severe price pressure versus technical innovation, corporate consolidation, market saturation, and bankruptcies/company closures. These trends have created less competition, stifled innovation, and diverted the attention needed to truly thwart the bad guys.

The time is now to change our collective focus, drive innovation, enhance security and embrace the notion that there is no end to this battle. We must stay laser focused on making our futures secure.

Regula Continues to Grow (Continued)

Forensic laboratories in the two major cities of Quito and Guayaquil have been equipped with Regula 4308 dualvideo spectral comparators, which are designed for advanced examination of all documents, as well as art and collectibles. They allow forensic experts to thoroughly investigate document printing methods and surface relief, as well as overlapping objects, such as signatures or stamps. For efficient verification of IDs, this dualvideo spectral comparator has modules for reading MRZs, RFID chips, hidden images (IPI), and barcodes. This Regula model has 30 types of light sources, more than 20 light filters, and 320x magnification.

Along with the devices, the National Service of Legal Medicine and Forensic Sciences of Ecuador has obtained Regula’s information reference systems (IRS) on documents and banknotes. These are comprehensive databases of the vast majority of travel documents, banknotes, driving licences and vehicle registration certificates, with detailed descriptions and images of the documents captured in different light sources.

1 www.gartner.com/en/documents/4000261

To help support the new devices, special training was held for the Ecuadorian forensic laboratory experts. It was organised by Regula and delivered by Juan Manuel Padrón Primo, a forensic document examiner and Regula’s long-term partner.

Recognition from Gartner

Coincidentally, the technology research firm, Gartner has recognised Regula for the second time.

The company appeared in the 2021 Gartner report ‘Buyer’s Guide for Identity Proofing’1 as an example of a vendor that provides identity proofing solutions. This guide was created by Gartner analysts to help security and risk management leaders better understand the nuances of identity proofing that various vendors introduce to the market, and consequently make a decision when choosing ID verification solutions.

More recently, Regula was named a Representative Vendor in the Gartner report 2 in 2022.

2 https://explore.regula.app/gartner-guide-2022?_gl=1*1xxcsrv*_ga*MTc0NTg1ODUyNi4xNjUxMTU5M zg4*_ga_VWME7RJX77*MTY3MDk0MTU5NS4xNzQuMS4xNjcwOTQxNjQ3LjguMC4w

Biometric Devices Sold on eBay Contained US Military Data

German researchers who purchased biometric capture devices on eBay have reported that they discovered sensitive US military data stored on their memory cards.

The data reportedly included fingerprints, iris scans, photographs, names and descriptions of people, mostly from Afghanistan and Iraq – many of whom worked with the US army.

The researchers, who are the Chaos Computer Club (CCC), which had previously made a name for itself exposing security flaws with other systems and devices, explained that the US military used biometric devices to capture people’s data in Afghanistan. The biometric devices were used to identify individuals, and ‘on used US military equipment, we discovered, among other things, an unprotected biometrics database containing names, fingerprints, iris scans, and photographs of more than 2,600 Afghans and Iraqis,’ the researchers noted.

‘Allegedly, access to the biometrics database should not be possible without further technology, but our research shows that all data on the mobile biometric devices is completely unprotected. We were able to read, copy and analyse them without any difficulty,’ said CCC.

The researchers acquired a total of four Secure Electronic Enrolment Kits and two units of Handheld Interagency Identity Detection Equipment at the online auction house.

The devices were examined forensically, and the researchers found that ‘all storage media were unencrypted. A welldocumented standard password was the only thing needed to gain access. Also, the database was a standard database with standard data formats’. It was fully exported with little effort.

The devices CCC acquired ‘contained names and biometric data of two US military personnel, GPS coordinates of past deployment locations, and a massive biometrics database with names, fingerprints, iris scans and photos’.

Taliban

Could this possibly be linked to the disturbing reports that are emerging that the Taliban have possibly accessed biometric data collected by the US to track Afghans, including people who worked for US and coalition forces.

Afghans who once supported the US have been attempting to hide or destroy

physical and digital evidence of their identities. Many Afghans fear that the identity documents and databases storing personally identifiable data could be transformed into death warrants in the hands of the Taliban. Furthermore, a March 2022 report from Human Rights Watch1 indicated the Taliban have been collecting biometric data to potentially match against captured US and Afghan government databases.

This possible data breach underscores that data protection in zones of conflict, especially biometric data and databases that connect online activity to physical documents and locations, can be a matter of life and death.

By 2004, thousands of US military personnel had been trained to collect biometric data to support the wars in Afghanistan and Iraq. By 2007, US forces were collecting biometric data primarily through mobile devices such as the Biometric Automated Toolset (BAT) and Handheld Interagency Identity Detection Equipment (HIIDE) 2 .

BAT includes a laptop, fingerprint reader, iris scanner, and camera. HIIDE is a single small device that incorporates a fingerprint reader, iris scanner, and camera. Users of these devices can collect iris and fingerprint scans and facial photos, and match them to entries in military databases and biometric watchlists.

In addition to biometric data, the system includes biographic and contextual data such as criminal and terrorist watchlist records, enabling users to determine if an individual is flagged in the system as a suspect. Intelligence analysts can also use the system to monitor people’s movements

1 www.hrw.org/news/2022/03/30/new-evidence-biometric-data-systems-imperil-afghans

2 www.nist.gov/system/files/documents/2021/03/23/ansi-nist_archived_vermury-bat-hiide.pdf

and activities by tracking biometric data recorded by troops in the field.

Over the years, to support military objectives, the US Department of Defense aimed to create a biometric database on 80% of the Afghan population, approximately 32 million people at today’s population level. It is unclear how close the military came to this goal.

Digging up the road twice

With all of the personally identifiable data of the Afghan people that has been collected, it seems odd that many Afghans still lack national ID cards. Local officials in the Farah province of west Afghanistan have claimed that at least 70% of the residents of Farahrud district have no national ID card.

At least 14,000 people hold identity cards in Farahrud while the remaining 70,000 are yet to get the national document, according to the National Statistics and Information Authority in Farah. Residents of the district said that some of them are 40 years’ old but still don’t have any recognisable identity documentation. Recently, the media reported that many Afghans are angry about the delay in the issuance of electronic ID cards, saying that printing and issuing of ID cards from Kabul had already stopped. The applicants added that they are unable to register their names online due to technical issues with the Department for Statistics and Information’s website.

Realising that data for counter-insurgence activities in conflict zones is not the same as for civil registration, it still seems a bit like digging up the road to lay sewers and then digging it up again to lay water pipes.

Belgium and Philippines Discuss Digital ID Cooperation

Manila Bulletin reports that an official from the Department of Information and Communications Technology (DICT) recently held discussions with the Belgian ambassador in relation to the country’s plans for digital cooperation.

According to DICT, this is part of President Ferdinand ‘Bongbong’ Marcos Jr’s aim to accelerate the country’s adoption of digital innovations. DICT Undersecretary for Public Affairs and Foreign Relations, Anna Mae Yu Lamentillo, met with Michel Parys, Ambassador of the Kingdom of Belgium to the Philippines, to discuss areas for digital cooperation, including cybersecurity and digital ID.

‘We want to learn from digitally advanced nations in terms of building and improving digital infrastructure, improving the public’s access to the government’s delivery of public services through digitisation, and strengthening measures against cyber threats,’ Lamentillo said.

Belgium already has an operating electronic citizen identity system, an electronic proof of identity that citizens can use for electronic transactions, such as signing electronic documents and securely logging in to online public services.

One of Marcos’s priorities is to fast-track the issuance of national IDs to make transactions with different government agencies seamless and more efficient.

Lamentillo said that the DICT is also exploring partnerships with other nations to help pursue the Marcos Administration’s ‘Build Better More’ strategy, which aims to bridge the digital divide and improve the provision of public services through eGovernance.

Men More Likely to be Victims of ID Fraud

Men are about twice as likely as women to have had their identity stolen, a survey1 by UK’s Nationwide Building Society has found.

Nearly a quarter (23%) of men said their identity had been stolen, while 11% of women reported the same. A third (33%) of those who said their identity had been stolen reported that it had been used to order goods such as a mobile phone or a vehicle.

More than a quarter (27%) said it was used to access or steal from their accounts. One in five said it was used to borrow money in their name, such as by taking out a credit card or a personal loan.

19% said their details were used by criminals as part of a scam to impersonate their bank or building society, or a public organisation, such as the police, to trick them out of their money.

Nearly two thirds of men surveyed were concerned about becoming a victim of identity fraud, compared with 70% of women.

Women were more likely to say they protect all their social media accounts, with 63% doing so compared with 50% of men. Women were also less likely to have friends or followers on social media that they have never met — with 37%, compared with 53% of men. Nationwide warned that oversharing information on social media can make people vulnerable to fraud. Its survey of more than 3,000 people across the UK found that full names, ages, dates of birth, email addresses, mobile numbers and job titles were among the most common items shared. This information can be pieced together by criminals.

Some people shared their pets’ names, which could give criminals clues about their passwords or security questions. Some also shared their address or postcode.

PopID and Toshiba Partner on Facial Recognition

PopID’s biometric solution PopPay will be integrated into Toshiba Global Commerce Solutions’ Elera Commerce Platform, enabling the use of artificial intelligence (AI)-based facial recognition software that authenticates consumers’ identities. Biometric payments have been gaining ground in retail outlets like grocery stores because consumers, who are used to the speed and convenience of online shopping, are growing frustrated with the time-intensive process of traditional checkout.

With the new integrated solutions from PopID and Toshiba, customers can opt in, scan items and then select a button to have their face scanned. Because PopPay biometric cameras authenticate them, customers don’t need to use a card or phone.

‘With nearly a quarter of America’s consumer spending going through Toshiba’s point-of-sale solutions, Toshiba

is the largest retail-focused solutions company in the US and globally,’ PopID CEO John Miller said in a press release. ‘This partnership will enable Toshiba’s customers to use our technology to increase revenue, drive loyalty engagement, improve operations and lower costs while enhancing the overall customer experience.’

With the comfort level of younger demographics that have grown up taking selfies, PopID’s verification system is both familiar and trustworthy.

‘These college students have grown up taking pictures of themselves and putting them all over the internet with TikTok and Snapchat,’ Miller said in an interview. ‘The idea that you can take a picture of yourself to get your loyalty and pay is a natural extension of what they’ve been doing their whole life.’

Report Finds More US Service Members are Reporting Identity Theft

A new federal report shows an increase in military members experiencing identity theft. Officials say service members reported nearly 50,000 cases of identity theft to the Federal Trade Commission in 2021 alone.

‘This is having a real impact on service members and their families,’ said Tom Feltner, Senior Engagement and Policy Fellow at the Consumer Financial Protection Bureau (CFPB).

The agency said military customers had their information misused to fraudulently access government benefits, credit cards and bank accounts. Experts say this can impact the hundreds of thousands of service members who move every year and look for housing off base.

‘What they don’t have is the luxury of waiting to make sure that their credit report is clean,’ said Jim Rice, Assistant Director of the Office of Service member Affairs at CFPB.

Many service members are also required to pass a national security clearance check. This includes a review of their credit history. If that review shows excessive debt, experts say it can impact some military careers.

‘It’s not that everyone is at risk of losing their security clearance,’ said Rice. ‘But in that process, it is a combination of both gaining a security clearance and holding onto a security clearance.’

1 www.thenationalnews.com/business/2023/01/09/men-more-likely-to-be-victims-of-stolen-identity-than-women-survey-suggests/

Emerging Fingerprint Technologies for Smartphones

In the November 2022 edition of this publication, an article examined two use cases of fingerprint readers –smartphones and payment cards. The purpose of this article is to take the smartphone use case one step further, to examine emerging technologies for fingerprint readers on this platform. The aim is then to identify the opportunities and threats to existing business that this can bring to personal identity. The November article considered the security / convenience / trust balance from a consumer perspective in existing smartphone implementations. This work looks in a different direction, at technologies where the fingerprint reader is embedded beneath the display screen, and we will examine the implications of this. Finally, we will look at where ‘beneath screen’ technologies could take us into the future.

The issue of sensor size

It was noted in the November article that fingerprint sensors take a sample of the user’s fingerprint and, as a larger sensor gives a larger sample, it therefore provides higher security from two perspectives.

First, when the fingerprint is first taken on the device there is more data to inform authentication without multiple capture to populate the dataset. Second, during authentication the larger sensor captures more data to inform the process.

This is an area where fingerprint enabled payment cards currently have an advantage over smartphones. On a smartphone, ‘real estate’, particularly on the front surface, is at a premium as there are strong marketing drivers to increase the percentage area devoted to the display screen. In contrast to this there is a larger area potentially available to integrate the fingerprint sensor on a payment card.

The response from smartphone technology suppliers

Fingerprint readers are incorporated into smartphones to validate the identity of a smartphone user, mostly using capacitive sensor technology as part of a trusted system within the smartphone to guard against software attack. This type of system has become well embedded in smartphone design and is now implemented across a range of smartphone price points. However, there is still room for innovation in this area.

Secure Documents

One of the problems often cited with fingerprint readers in smartphones is that, although it is trusted technology, it requires a significant area on the smartphone front surface, a point of frustration to the design gurus. However, there are alternatives to this which include moving the sensor to the side or the back of the smartphone. Both of these can create further issues, not least of which is that they constrain the types of case that can then be used. But they have nevertheless found their way into a number of existing smartphone models. Moving the sensor to the side does have some interesting implementation implications. Using current technology, it can be integrated into the surface of the control actuators on the side of the smartphone. This then makes these buttons multifunctional, making better use of these areas and the potential to create a further marketing story, an important consideration in consumer electronic devices. For the needs of personal authentication, a better long-term solution may lie in the use of sophisticated electronics to embed the fingerprint sensor in the display area. Initial implementations already exist and this may well point to the trajectory the technology will take.

Under-display fingerprint readers

It is important to note that we are only at the start of this journey because the technology is demanding. Particularly in high end smartphone models, display image quality has become a marketing proposition. As a result of this, there is an imperative that any device hidden under the display must be invisible in normal use of the smartphone.

Initial implementations use a CMOS image sensor mounted under the display to detect and read a fingerprint. These only facilitate a fairly small sensor area (around 8mm x 8mm) so the display needs to indicate the touch area. And as a result, these are still limited to only one fingertip. A more secure solution may lie in systems that will allow the full display screen to become a fingerprint sensor, facilitating multi-finger authentication on the screen. Technology providers such as Isorg in France are developing full screen organic photodiode sensors that can go under smartphone OLED display screens (see IDN June 2023). This may add another layer of fingerprint authentication to smartphone systems while preserving the screen real estate.

While this sounds enticing as a solution to increase consumer identity security, it is important to add a significant caveat. Additional technologies add additional cost, so innovations such as this will percolate down, starting with the premium smartphone models. So rather than consider this as a consumer identity solution, we may be best placed to think of it as an enrolment or inspector technology. This is because this type of innovation has the potential to extend the use of smartphone fingerprint readers further into law enforcement and border control. At the moment, separate devices such as the GridLet iMatch series have to be purchased (and carried) to carry out finger enrolment. This may yet be another area where smartphones will become a disruptive technology.

There are a number of use cases where there is a potential need for large numbers of devices for multiple fingerprint enrolment and verification in the modern world of mass migration. Political, conflict and climate change issues have contributed to the mass movement of people and a resultant need for refugee and asylum seeker biometric systems. An example of this is the European asylum system EURODAC – could this technology find a home in systems such as this?

Other sensorunder-display technology

There are other sensor systems vying for location under the smartphone display that could have implications for identity management, for the same reasons as fingerprint sensors. The front face of some smartphones is also home to facial recognition camera systems and there are moves afoot to relocate these below the display screen too, utilising short wave infra-red (SWIR) technology.

The benefits of SWIR are a topic for another day, but it serves as an indication that innovation in the area of smartphone technology is far from over. The 2023 Consumer Electronics Show featured further optical technologies being implemented for the smartphone platform. Look out for a discussion of some of these at the 2023 Optical & Digital Document Security™ Conference, set for 17-19 April 2023 in Prague, Czech Republic (see page 8). opticaldigitalsecurity.com

World Bank Provides $250M for Indonesia Digital ID

Indonesia is set to receive $250 million in funding from the World Bank Group’s International Bank for Reconstruction and Development (IBRD) to strengthen the country’s civil registration in what could see sweeping changes to how people access services across both the public and private sectors.

Indonesia has already made significant progress in developing its foundational ID systems, especially when considering the challenges of its geography, size, and diversity.

In terms of registration coverage, the National Socioeconomic Survey (Susenas) survey1 shows that 97% of the population had a unique national ID number (NIK) in 2021, and 88.4% aged 17 and below had a birth certificate.

The 2021 ID4D-Findex Survey2 also found that 97% of eligible adults possessed an electronic national ID card (e-KTP) or KTP (the pre-2011 version).

Background

In providing background to the investment in the civil registry system, the Project Information Document3 for the ‘ID for Inclusive Service Delivery and Digital Transformation in Indonesia’ notes that foundational ID systems that serve as proof of identity for a wide variety of public and private sector services are recognised as a key enabler for development.

The ability to establish and verify legal identity is increasingly a prerequisite for access to public and private sector services such as social protection, healthcare, education, and financial services, as well as economic opportunities such as formal employment. It is also the basis for exercising rights, including those related to voting, nationality, business, and property ownership. Timely birth registration is especially important for safeguarding the rights of children. Having ID systems that are inclusive and trusted also boosts resilience to crises. During the COVID-19 pandemic, many countries – including Indonesia – leveraged their foundational ID systems to quickly scale up cash transfer relief payments, helping mitigate the economic impact of the pandemic. The countries that could use digital databases and trusted data exchange to identify social assistance beneficiaries reached on average 51% of their population, compared to countries that had to collect new information, which reached only 16%4

Strategic context and alignment

The historical context for Indonesia’s population registration (PR) and civil registration (CR) goes back to its colonial past (note: Indonesia gained independence in 1945). Various forms of registration and identity cards existed in the country from before independence, and these have evolved over time.

The Population Administration law (2006, amended in 2013) governs the PR/CR systems. The main components are the Population Administration Information System database, the NIK (issued at birth registration), the e-KTP (available from age 17), the family card, and various certificates for births, deaths, marriages, and other vital events.

In 2010-2011, the General Directorate for Population and Civil Registration (Ditjen Dukcapil) digitised the PR/CR systems, replacing the non-electronic national ID card (KTP) with the e-KTP, and introduced biometrics for deduplication of records and identity verification. Registration and data updates, including changes in address, are done by Dinas Dukcapil, which reports to local governments.

Both Dinas Dukcapil and Ditjen Dukcapil make population data available to institutional users: at the aggregate-level to allow production of statistics and at the individual-level to allow a service provider, such as a government agency or bank, to verify the identity of a client. This access is governed by cooperation agreements. The project is contributing to the government’s plans and priorities, including the National Mid-Term Development Plan (RPJMN) 2020-2024. Achieving universal NIK, birth certificate, marriage certificate, and death registration coverage is a target in the RPJMN and the Ministry of Home Affairs’ MidTerm Strategic Plan. Ensuring access to PR/CR services for vulnerable population groups, including disaster victims, remote communities, nomadic tribes, homeless persons, and migrant workers, is also enshrined in the National Strategy for Accelerating Population.

Project objectives

The five project development objectives are:

To improve the population registration and civil registration with digital ID systems, making identification processes more resilient and helping generate vital data

from lesser developed regions to aid with better civil planning.

To upgrade the existing ICT infrastructure nationwide, including building out the internal capacity of Indonesia’s PR/CR authority, Ditjen Dukcapil, to feature the ‘effective and responsible use of biometric technologies, including to strengthen personal data protection and to reduce exclusion and vendor and technology lockin’.

To encourage the actual adoption of identity verification technologies, including biometric e-KYC and digital IDs, along with secured, transparent data exchange to facilitate improved access and delivery of digital services from select private and public sector organisations.

To address regulatory and legislative framework reforms to make digital ID verification legally recognised throughout Indonesia, as well as enhance its impact on human capital, such as by streamlining how the workforce gets upskilled.

To provide the project management to ensure smooth project implementation, along with risk management, monitoring and evaluation ‘to proactively and comprehensively manage social, environmental, climate-related and other risks related to the Project’.

The beneficiaries

It is hoped that the project will benefit all Indonesians and residents throughout their lives. Starting with birth registration and certification, all Indonesians will benefit from having proof of legal identity. The opportunities for wider and deeper participation in the digital economy will also help to ensure the benefits of digitisation are experienced by more Indonesians and residents.

During and after climate-related disasters, affected communities and populations will also benefit from better business continuity of PR/CR services, which is crucial for delivering assistance, as well as other public and private services that can continue to be delivered because they are integrated with the identity verification and e-KYC platform and digital ID, rather than a manual process.

All Indonesians and residents will also benefit from stronger security and protection of personal data.

1 www.rand.org/well-being/social-and-behavioral-policy/data/bps/susenas.html

2 https://id4d.worldbank.org/global-dataset

3 https://documents1.worldbank.org/curated/en/099130011242236995/pdf/P17521806c90860d0b7a30cd0dc2753b1d.pdf

4 https://documents.worldbank.org/en/publication/documents-reports/documentdetail/099830009302217091/p1731660f8c52f062092ac00d53c648bac7

Emerging News for the New South Africa Driving Licence

In March 2023, the transport department is expected to go live with a new ‘smart enrolment’ for booking and renewing licences. The new enrolment system is said to mitigate standing in a long queue waiting for a time-consuming data capture process to finalise. According to the department, the system assists applicants in capturing details during the booking of a timeslot to appear at a centre.

Before visiting the physical licencing centre, the system integrates directly with Home Affairs online and ensures that photos, fingerprints and other information are checked and captured in real-time.

‘Smart’ Driving Licence Testing Centres (DLTCs) have been launched at the central train station as part of the transport department’s partnership with the Gautrain Management Agency. Licence card renewals, temporary driver’s licence applications and traffic fine payments can all be processed at the facility.

Toward the end of 2022, South Africa’s Transport Minister Fikile Mbalula announced that the current driving licence card would be phased out and replaced with a card compatible with international standards – (see IDN September 2022). Now, more details about the new card are emerging.

A new system of driving licence will be introduced, with the card linked to smart-card technology. The Transport Department previously noted that a trial on the new cards would run through to March 2024. Current cards will continue to be recognised as valid until 31 March 2029, the department said, also noting that the validity period for the cards would be extended from five to eight years.

Why now?

The current card was introduced in 1998 but now fails to meet international standards regarding the technology it uses. Furthermore, it has become costly to maintain the old infrastructure around the current card, Mbalula said.

‘The new proposed card will make the country’s driving licence compatible with the International Information Technology Personal Identification Compliant Driving Licence (ISO18013),’ he said.

The International Organisation for Standardisation (ISO) notes that certain physical and data attributes are necessary for licences. ISO states that the new standard allows for the card to be more secure from counterfeiting and alteration, integrates more personal data and allows for more opportunities to authenticate the document, among other things.

The new driving licence card in South Africa will have improved security features, including biometric data, holograms, and watermarks, to reduce fraudulent licences and improve road safety.

Discussions on a new card date back to the start of 2022, when the Driving Licence Card Account (DLCA), the sole producer of licences in the country, said that the new ‘smart card’ might even allow for blockchain integration.

‘The introduction of the new driving licence involves a new design of the driving licence card and the re-engineering of processes to allow for agility and focus on delivering services efficiently and quickly.

‘The project will allow for the adoption of digital technologies such as blockchain and other related technologies, which will form the platform of an integrated transport system,’ said the DLCA.

Over the course of last year, the single machine that prints driving licences faced technical failures, resulting in major backlogs. According to Mbalula, the machine is to be decommissioned sometime this year, and new machines spread across the country will be acquired to print the smart cards at a greater rate.

Other developments

The new driving licence card is just one of the initiatives motorists can look forward to in 2023. Other developments include setting up more smart systems to better handle applications and renewals, as well as an expansion of the offices where this can be done.

The transport department is also anticipating the rollout of 43 more satellite branches at South African banks, once agreements with the participating banks are signed in 2023. It said that negotiations with banks are expected to be concluded by the end of the current financial year.

Not just for mDL

It’s worth noting that while ISO18013 specifically refers to mobile driving licences, its scope goes further. The ISO standard points out that an mDL is a mobile document whose purpose is primarily to convey driving privileges to the authentic bearer of the document. It does so by providing a means to associate the person presenting the mobile document with the mobile document itself.

However, the transaction and security mechanisms in the standard have been designed to support other types of mobile documents, specifically including identification documents. Consequently the mechanisms in ISO18013 can be used for any type of mobile identification document, regardless of the additional attributes the mobile document may convey.

There is a caveat, as the details of the data elements to be used by other mobile documents are left to the respective issuing authority and are not within the scope of ISO18013.

ODDS Conference Hits the Phygital Nerve

Registration for the second Optical and Digital Document Security™ (ODDS) conference is now open with a programme that demonstrates the importance of this event in bringing together people involved in developing digital systems for identity and financial transactions with the more traditional security document community. The conference will be on 17-19 April 2023 in Prague, Czech Republic.

The first ODDS conference, in 2022, showed that there is a need for this event, the only one presenting the developments in and interface between the physical and digital worlds of financial transaction and personal identity security. The 2023 conference opens with a session which examines ‘phygital’ features. Paper and plastic currency and identity cards are still in everyday use, albeit they now often interact with a digital record, so this first session sets out innovative ways of making those links, which are becoming the key nerve in securing the protection of our financial transactions and proofs of identity.

The digital domain is becoming more prominent in our everyday transactions as we have to prove who we are for banking, for online purchases and even to use public transport. So the central sessions in the conference cover Protecting Identity in the Digital Age, with presentations from established and highly experienced security printers as well as research institutes and young companies. With identity theft on the increase, the information in these sessions gains added significance for everyone involved in identity security.

The physical security providers remain competitive and innovative, as the final two sessions on New Optical Techniques for Security show. Prevention of fraud and easy recognition of genuine items remains a key motivator behind some fascinating new approaches that will be described in these sessions. Many now established optical security features were first announced at the Optical Document Security™ conference – one of the ODDS predecessor conferences, with the other being Digital Document Security™. This continues at ODDS 2023, with exciting

innovations from well-known companies such as OVD Kinegram and SICPA alongside those from recent start-ups including 4Plate and NanoBrick.

ODDS 2023 opens with a seminar on smartphones, given by Dr Alan Hodgson, a knowledgeable and respected authority and regular contributor to ID & Secure Document News™. He will look at how and why smartphones are becoming a dominant tool in identity and financial transaction management, while setting out their shortcomings as security devices. He will also ask what this means for those who don’t have a smartphone or where network coverage is weak. This will be an eyeopening and thought-provoking seminar for everyone developing smartphone ID or financial systems or features for smartphone validation.

And don’t miss the conference dinner and table-top exhibition on Tuesday evening, where you can see and handle some of the technologies you’ll hear about in the presentations.

opticaldigitalsecurity.com

Upcoming Events

7–9 MARCH 2023

Publisher: Reconnaissance International Ltd

Editor: Francis Tuffy (right) francis@recon-intl.com

Advisors: Alan Hodgson, John Mercer, Monica Peralta, Tony Poole, Achim Hildebrandt.

Contributor: Dr Alan Hodgson.

Annual subscription rate: from £940 plus postage.

Subscribers to Authentication News®, Holography News™ or Tax Stamp & Traceability News™: 20% discount. Government agencies: special conditions available. Ask about enterprise/charter subscriptions.

The editorial team welcomes your news, contributions and comments. Please send these to publications@recon-intl.com

1B The Beacon, Beaufront Park, Anick Road, Hexham, Northumberland, NE46 4TU, UK Tel: +44 (0)1932 785 680 securedocumentnews.com

Charter Subscribers

No part of this publication may be reproduced, stored in a system or translated in any form or by any means –electronic, mechanical, photocopying, recording or otherwise – without the prior permission of the publishers. While every effort has been made to check the information given in this publication, the publishers cannot accept any responsibility for any loss or damage arising out of, or caused by the use of, such information. Opinions expressed in ID & Secure Document News are those of the individual authors and not necessarily those of the publisher. COPYRIGHT

HIGH SECURITY PRINTNG EMEA Abu Dhabi, UAE hsp-emea.com

17–19 APRIL 2023

OPTICAL & DIGITAL DOCUMENT SECURITY Prague, Czech Republic opticaldigitalsecurity.com

23–25 MAY 2023

ID4AFRICA Nairobi, Kenya id4africaevents.com

5–7 JUNE 2023

HIGH SECURITY PRINTING LATIN AMERICA Nassau, The Bahamas hsp-latinamerica.com