FB pixel

Cryptographers warn about EUDI Wallet privacy

Cryptographers warn about EUDI Wallet privacy
 

The European digital identity project, which aims to give each EU resident a digital wallet by 2026, is seeing more trials and apps come to life. But despite ambitious plans to digitize identification, authentication and personal data transfers, some security experts warn that the European Digital Identity (EUDI) Wallet could fall short of privacy requirements.

Security concerns related to the digital ID project could also mean that the November 2026 deadline for member states to issue the EUDI Wallet may be unrealistic, according to Thomas Lohninger, a member of digital rights group Epicenter.works.

“The whole security concept is based on certification,” says Lohninger. “The same member state that will issue the wallet will also certify its security. You can see why that’s wrong.”

Lohinger spoke last week at the Chaos Computer Club (CCC)’s 38th Chaos Communication in Hamburg alongside Anja Lehmann, a professor of cryptography at the Hasso-Plattner-Institute, University of Potsdam. Both experts are jury members at the German government competition to create a national EUDI Wallet prototype.

The duo presented a paper published by a group of cryptographers providing feedback on the EUDI Wallet Architecture and Reference Framework (ARF), a document providing guidance on security, privacy by design, and user control over personal data. The research, published in June this year, concludes that a larger redesign is in order, proposing a cryptographic mechanism called anonymous credentials, specifically the BBS family of anonymous credentials.

During the presentation, Lohinger and Lehmann analyzed issues mentioned in the paper alongside drawbacks of the eIDAS regulation when it comes to privacy.

“Digital identity systems are either extremely respectful to our privacy and do the utmost to protect it, or they shouldn’t exist because their harm probably outweighs the benefit,” says Lohninger.

Yubico enters German digital ID competition finals

While cryptographers are expressing doubts, companies are moving forward with digital ID projects.

Biometric security hardware firm Yubico has been selected as a finalist for the German national competition to create an EUDI Wallet prototype.

The 13-month prototype competition is organized by the German Federal Agency for Leap Innovation (SPRIND) on behalf of the Federal Ministry of the Interior and Community (BMI). The competition invited six companies to participate with state funding and another five companies within the non-funding track.

Yubico has been competing within the non-funding track as part of the wwWallet open standards identity project which also includes Sunet (Swedish University Computer Network) and GUnet (Greek Universities Network). The group demonstrated how a wallet can provision credentials from the German national eID (the Neue Personalausweis Smart Card), testing it within a Large-Scale Pilot with other relying parties.

The project involved Yubico’s hardware authentication devices YubiKeys for logging into and encrypting the wallet.

“The open standards nature of the wwWallet project is making interoperable and safe solutions for all users – all backed by the phishing-resistant, hardware-based security of YubiKeys which gives the ability to seamlessly use digital identity wallets in the ways that matter most,” says Yubico’s architect John Bradley.

Among other companies competing in SPRIND’s EUDI Wallet competition are Google, Samsung and German digital ID wallet maker Lissi, which also announced it has qualified for the final phase.

Related Posts

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Liquid identity verifications surge past 60M as Japan leans into chip-scanning

Liquid has reached the 60 million digital identity verification milestone with its online KYC service, with a surge in verifications…

 

Car dealerships rev up digital ID verification to counter rise in identity fraud

Whether it’s a fake credit history, a phony license or a test driver with a stolen identity who makes tracks…

 

GovTech to deliver $10 trillion in value by 2034, says WEF

At the meeting of the World Economic Forum (WEF) in Davos this week, tech is front and center – and…

 

Davos discusses digital wallets, AI economy

This year’s Davos World Economic Forum (WEF) is bringing not only tense trade talks between the U.S. and Europe but…

 

ASEAN updates guidance on deepfakes

The threat of deepfakes is entering high-level discussions from Southeast Asia to Davos. The Association of Southeast Asian Nations (ASEAN)…

 

Philippines faces 36 million backlog in ID cards

The Philippines are still facing a 36 million backlog in distributing the country’s national ID cards which will need additional…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events