United Arab Emirates officials are laying the foundation for a national identity verification system that could change how people are ID'd for everything from passports to employment documents.
offices, with WiFi, refreshments, and childcare help. It also figured out how to get the application process, including capturing photos and biometrics, down to five minutes and conduct the background checks afterward.
By last year, all of the UAE's 9.4 million residents -- more than 85% of whom are expatriates working in the UAE's fast-growing service economy -- are now enrolled in the national ID card system.
The centerpiece of the EIDA program is an eighth-generation encrypted smartcard, with 144 KB of memory and near-field communications capability. The card has nine security features, including a PKI-enabled digital certificate and three-factor authentication, making the card more secure and falsification more difficult than most chip-based credit cards, according to Al-Khouri.
All United Arab Emirates residents must use an encrypted 144-KB smart card to conduct government transactions. (Image: EIDA)
But it's the vision of the UAE and Al-Khouri for how the cards will be used that bears watching.
"Today, it is mandated the cards be used everywhere in the government," he told a group of data experts in a private briefing following the Open Government Data Forum. But in the long run, "we're trying to inject it in the private sector," by serving as an online identity validation gateway for the UAE, said Al-Khouri.
Just as millions of credit card transactions get routed daily to a centralized authority to validate each credit card, the EIDA wants to play a comparable role, creating a UAE eTrust Center "where we verify the identity of the person doing the transaction," he said.
That raises enormous privacy protection questions. But EIDA officials insist their goal is to provide a higher level of trust in electronic transactions to help drive the UAE's economy.
"Our job is to verify the identity (of an individual), not collect the transaction itself," says an EIDA spokesman. "We do track where the transactions are occurring." The EIDA expects to aggregate data to make economic and investment decisions. But EIDA has taken a number of steps to protect and validate personal identification data independent of transactions.
The EIDA, for instance, uses a "zero-knowledge proofing" system, which separates biometric and digital certificates from personal information about the identity of a person. Requests for identity verifications must go through a secure service client provided by EIDA. While the Gulf nations lag behind Europe in data protection and privacy laws, the UAE has adopted the legal approach that privacy is a constitutional right. It has enacted several data-protection laws, according to Julia Glidden, a senior research fellow at the Vrije Universiteit Brussel, Institute for European Studies, who follows open-government trends.
Al-Khouri and EIDA officials point to a variety of benefits the national identity management program has already demonstrated. Courts in Dubai have shortened data-entry times from 10 minutes to five seconds. Banks have cut the time it takes to open a bank account by about 15% using the ID card. Law enforcement agencies have been able to solve thousands of cases in a fraction of the usual time by matching biometric information obtained at crime scenes with data on the EIDA's national registry.
The UAE, reportedly, was the first country in the world to use a single ID card in a national election. EIDA officials estimate government agencies have saved "hundreds of millions of man-hours" processing records because of improved speed and the reliability of digital identities.
However, the EIDA still faces a number of hurdles and an urgent set of deadlines. Although the core identity management infrastructure, including the deployment of roughly a million card readers, is in place, the EIDA still must complete a significant amount of work over the next two years to integrate fully the government's systems and services. The EIDA also is wrestling with how
Wyatt Kash is a former Editor of InformationWeek Government, and currently VP for Content Strategy at ScoopMedia. He has covered government IT and technology trends since 2004, as Editor-in-Chief of Government Computer News and Defense Systems (owned by The Washington Post ... View Full Bio
Security Job #1 For FedsThe 2014 InformationWeek Government IT Priorities Survey shows federal IT pros care about security - itís rated as very important by 69% of respondents, 30 percentage points ahead of the No. 2 priority, disaster recovery. Will the upcoming NIST cyber-security framework help manage risk?