The German Electronic Identity Card: Lessons Learned

Abstract

Authentication is an important aspect of e-government applications, as in many cases the identity of a citizen has to be established before provision of a service. Germany is among the countries that have established an electronic identification and authentication infrastructure, based on an electronic identity card. The card enables both local and remote authentication to service providers and authorities. While privacy-enhancing technologies have been used to a large extent in its design and there are no known attacks on its security protocols, the eID card has been harshly criticized. Less than a third of the citizens requesting an identity card choose to activate the eID function. Using the example of Germany, this chapter discusses whether the establishment of an electronic authentication infrastructure makes sense and presents possible reasons for the German eID card's lack of success. In addition, the author considers electronic signatures and their integration in an electronic authentication infrastructure.