The European Union Agency for Cybersecurity (ENISA) and the European Telecommunications Standards Institute (ETSI) organised a workshop today to discuss cybersecurity challenges and remote identity proofing.
What is remote identity proofing?
Remote identity proofing is the process whereby an online user proves he or she is the owner of a claimed digital identity. The proofing process is usually carried out over a webcam or a customer’s mobile phone, where the customers show themselves along with their government issued document – an identity card or passport. It is a crucial element in creating trust in digital services.
Attacks techniques and ID proofing technologies under the looking-glass
Participants peeked behind the technological curve discussing deepfakes, adversarial attacks on machine learning models and other forward-looking topics. The experience of remote identity proofing technology from telco, banking and other sectors was also analysed and discussed. Crucial topics of testing, audit, standardisation and regulation were covered, including certification requirements for AI based identification services and possible moves towards EU harmonisation in this area.
Speakers also discussed latest experiences and likely future directions in remote identity proofing, remote identity proofing techniques, attacks and countermeasures and covered the technology users’ point of view. They also delved into testing, audit and standardisation, thanks to the intervention of ETSI.
The event was mainly addressed at EU companies and other public or academic organisations that run or prepare to launch their remote ID solution.
The workshop followed the recent publication of ENISA's report on "Remote Identity Proofing - Attacks & Countermeasures" and the recent ETSI Technical Specification TS 119 461 on "Policy and security requirements for identity proofing".
Background
Electronic identification under the eIDAS regulation is a digital solution designed to provide proof of identity for citizens or organisations, in order to access online services or perform online transactions.
The European Union Agency for Cybersecurity has been at the forefront of the developments of the eIDAS regulation since 2013. The Agency has been supporting the Commission and the Member States in the area of trust services in many ways, including but without being limited to the following:
- Security recommendations for the implementation of trust services;
- Mapping technical and regulatory requirements;
- Promoting the deployment of qualified trust services across Europe; and
- Raising awareness for relying parties and end-users.
The EU Cybersecurity Act of 2019 strengthened the Agency’s role is supporting the implementation of the eIDAS Regulation.
ENISA mapped the full landscape of remote identity proofing methods and countermeasures in a report published in March 2021.
EU's Digital Identity proposal
The EU Agency for Cybersecurity welcomes the European Commission’s proposals that will review the eIDAS regulation. The European Digital Identity is intended to be available to all EU citizens, residents and businesses in order to identify themselves or provide confirmation of personal information. Citizens will be able to prove their identity and share electronic documents from their European Digital Identity wallets with the click of an icon on their phone. They will be able to access online services with their national digital identification, which will be recognised throughout Europe.
The new European Digital Identity Wallets will allow all Europeans to access online services without having to resort to private identification methods or share unnecessary personal data. Thanks to this solution, users will have full control of the data they share.
Contact
For questions related to the press and interviews, please contact press(at)enisa.europa.eu