The Situation in Italy: Privacy concerns

1
The Situation in Italy Privacy concerns

• Alessandro Alessandroni
• Biometric Competence Centre (BCC)
• (CNIPA)
• 3 EBF Research Seminar
• Brussels, 2-3 October 2007

2
National Center for IT in Public Sector (CNIPA)

• Main tasks
• Give formal advice to the central Administration
  on projects concerning ICT (mandatory by law)
• Foster the use of new technologies enabling
  innovation
• Contribute at the definition of standards and
  technical rules with special care on security,
  interoperability, openness and performances
• Carry out key projects in order to strengthen
  public sector innovation (e.g. SPC)
• At the end of 2003 CNIPA established
• The Biometric Working Group (2003-2005) that
  published guidelines for the use of biometrics in
  Public Administration (Quaderni CNIPA no.9,
  no.17)
• The Biometric Competence Centre

Brussels, 2-3 October 2007 3 EBF Research
Seminar
3
BCC main concerns

• Quality
• Biometric systems (accuracy)
• Biometric data
• Standards and Interoperability
• Testing Certification
• Privacy

Brussels, 2-3 October 2007 3 EBF Research
Seminar
4
BCC activities

• Support to Public Administration projects
• Laboratory activities (performance and
  interoperability test)
• Monitoring of biometric market, technologies,
  standards and normative rules
• Training initiatives and spreading of knowledge
  about biometrics
• Collaboration with the Italian Data Protection
  Authority
• Collaboration with Universities and research
  centres (Bologna, Napoli, Roma)
• Participation in European research and innovation
  projects

Brussels, 2-3 October 2007 3 EBF Research
Seminar
5
DP Authority and CNIPA

• The DP Authority plays a prominent role in
  authorising (or not) the use of biometrics in
  Italy
• CNIPA collaborates with DP Authority
• (Guidelines, Quaderno n.9) - Section 5.2
  Biometrics and Privacy
• CNIPA supports the public agencies to set up
  biometric projects in compliance with DP rules
• adapted to the situation and proportional to the
  need
• encrypted template without centralised data base,
  match on card or on device, etc.

Brussels, 2-3 October 2007 3 EBF Research
Seminar
6
Italian Data Protection Authority

• General Rules
• Personal data protection code (2003)
• Guidelines on the processing of employees
  personal data within the private sector (2006)
  and in the public sector (2007)
• Rules on biometric data processing
• video surveillance (2004)
• Biometrics banks (2005)
• Biometric decalogue (2006)
• Advices on biometric projects
• E-documents (e-passport, ID card, migrant card)
• Physical Access control
• Logical Access control

Brussels, 2-3 October 2007 3 EBF Research
Seminar
7
DP Authority biometric decalogue (2006)

• Use is allowed only for high security context and
  clear ineffectiveness of other security measures
• Preliminary approval by Personal Data Protection
  Authority and notification of the processing to
  the DP Authority
• Prior, adequate information to data subjects and
  prior consent (private sector) alternative
  solutions in the case of poor quality biometric
  data
• Biometric data must be stored on tokens or
  devices that must be always at the users
  disposal. No centralized data base is allowed
• The security measures have to be applied by means
  of unambiguous systems and without risks, with an
  indipendent data surveiller.
• The data retention period has to be limited in
  the time and backup copies are forbidden
• The accuracy of the biometric systems, estimated
  by an independent committee, must be specified

Brussels, 2-3 October 2007 3 EBF Research
Seminar
8
Biometric projects in Italian Government

• Criminal identification AFIS (1994)
• Civil identification
• Electronic ID card (CIE) (2000)
• Electronic residence permit card (PSE) (2004)
• Visas (VIS) (2005)
• e-passport (2006)
• Physical and logical access
• Ministry of Defence (2003)
• Ministry of Justice (2006)
• Local government

Brussels, 2-3 October 2007 3 EBF Research
Seminar
9
E-passport

• Since October 26 2006, E-passport the only kind
  of passport issued in Italy
• Approved by Personal Data Protection Authority
  (27.01.06)
• Biometric data must be protected and can be used
  only to verify the identity of passport holder
• Passport database hosted by Ministry of
  Interior without biometric data
• CNIPA is testing the acquisition devices and the
  tools for quality control
• Security and privacy concerns
• Unauthorized reading
• Interception of transmitted data
• Counterfeiting by cloning

Brussels, 2-3 October 2007 3 EBF Research
Seminar
10
Electronic ID Card (CIE)

• For identification and on-line authentication
• Integrates an optical memory stripe, an IC-Chip
  with microprocessor ICAO machine readable zone.
• Optical memory used to store citizens identity
  information and two fingerprint images (1x1,
  500 DPI, WSQ)
• The embedded chip (gt 32k, ISO 7816) will be used
  to allow remote network authentication and
  telematic service usage (optionally digital
  signature certificate)
• Digital face image (23 x 28 mm. - 200 DPI)
• Two Fingerprint templates stored in the chip
• 2 million cards issued by municipalities

Brussels, 2-3 October 2007 3 EBF Research
Seminar
11
DP Authority advice on the new CIE ministerial
decree (01.08.2007)

• Contactless chip (optional) holders consent
  required for data reading
• Biometric data must be protected and can be used
  only to verify the identity of ID card holder
• Biometric data are not stored in a central
  database

Brussels, 2-3 October 2007 3 EBF Research
Seminar
12
Electronic Residence Permit Card (PSE)

• The PSE is issued to Italy regular foreign
  residents that are non-EU citizens
• Follows the same hybrid optical/IC chip card
  technology specification as the CIE
• Issued by Ministry of the Interior
• 2003 Data Protection Authority advice
• European Regulation EC 1030/2002 doesnt
  provide for the use of biometric data in the
  residence permit
• Biometric data can be used only during the card
  issuing process
• In 2006 the european data potection supervisor
  recognised the advantages of the use of
  biometrics and Ministry of the Interior started
  to store fingerprint data in the residence
  permit.

Brussels, 2-3 October 2007 3 EBF Research
Seminar
13
Ministry of Justice - Multiservices card (CMG
2005)

• Smart card for the justice personal used as P.I.
  document
• Digital certificates for on-line authentication
  and digital signature (Pin or biometric
  protected)
• Two fingerprints templates conformant to ISO
  19794-2 standard
• Match on device (21mmx21mm)
• Quality control (NFIQ)
• CNIPA
• Gave support to the Ministry of Justice in all
  the project life-cycle (rfp, Data Protection
  Authority approval, acceptance test..)
• Data Protection Authority
• Authorised project (27.10.2005)
• Fingerprint templates only to control the access
  to sensitive data cant be used for employees
  attendance control data cant be stored in a
  database

Brussels, 2-3 October 2007 3 EBF Research
Seminar
14
Physical access control to the workplace

• Its disproportionate to use biometric data for
  time attendance control its not permitted.
• Using biometric data is justified for access
  control to sensitive areas with high security
  or safety risks (dangerous or high-security
  production processes, premises intendend for the
  storage and preservation of secret or
  confidential goods or documents, valuables)
• In this case prior checking is not necessary if
  biometric system is based on encrypted template
  stored on card without centralised data base
• Authorised projects bank, airport, manufacturing
  firms

Brussels, 2-3 October 2007 3 EBF Research
Seminar
15
Logical access control at the workplace

• Personal Data Protection Code - Annex B persons
  in charge of the processing of personal data can
  use biometric feature as authentication
  credential
• Using biometric data is justified for access
  control to sensitive or judicial data
• In this case prior checking is not necessary if
  biometric system is based on encrypted template
  stored on card without centralised data base
• Authorised projects
• Ministry of Justice (2005)
• Bank (2006)
• Municipality of Alessandria (2007)

Brussels, 2-3 October 2007 3 EBF Research
Seminar
16
Review biometrics deployment in Italy

• ID and travel documents (e-ID card, e-passport,
  resident permit)
• Physical and logical access control for employees
  in private and public sector (only for sensitive
  areas and sensitive data respectively)
• Clients Access control to high risk banks

17
Overall challenges

• biometrics large scale projects, in particular
  the e-passport, pose the following problems
• Quality of registered data
• Interoperability
• Data protection
• Accessibility
• Requires collaboration between technical and
  privacy authority institutions from different
  countries

18
Conclusions

• Unrestricted use of biometric data is not
  permitted. Using biometric data may only be
  justified in specific cases by taking account of
  the relevant purposes and the context in which
  the data are to be processed
• Using biometric data its necessary to
  characterise technical and organizational
  solutions to safeguard privacy (i.e. template
  stored as encrypted templates on smart card held
  exclusively by the data subjects)
• Technical solution to safeguard privacy are
  available (i.e. match-on card)

19

• Thank you!
• alessandroni_at_cnipa.it

Brussels, 2-3 October 2007 3 EBF Research
Seminar