With the “Smart eID”, the federal government wants to bring the electronic identity card to the smartphone and thus make it more user-friendly – but the start is being delayed further and further. In December, the new technology will no longer start, a project participant told c’t on Monday. A more realistic date is March 2022.
It would be the third rescheduling for the Smart eID. Initially, the project partners Samsung, Bundesdruckerei, Telekom Security and the Federal Office for Information Security had announced the start of 2020. The federal government later named June 1, 2021 as the date. In September 2021, the lead Federal Ministry of the Interior then declared that the Smart eID would start in December 2021.
At the request of c’t, the Ministry of the Interior did not want to say whether a start of the Smart eID can still be expected in December. One is currently working on the introduction, including extensive security tests, said a spokesman. A specific date has not yet been set. Samsung stated that the Smart eID will start “in winter 2021/22”.
Other partners besides Samsung?
According to information from those involved, the delay is due, among other things, to the fact that the federal government wants to win other smartphone manufacturers as partners in addition to Samsung. “It shouldn’t just be a manufacturer,” it said. Extensive tests are necessary for each model.
Since the identity card data is stored in a special security chip (embedded secure element, eSE) in the smartphone, the smartphone manufacturers must approve these chips and meet the security criteria of the BSI. So far, the federal government has only named the Samsung Galaxy S20 as a compatible device. Gradually, other models from the manufacturer are to follow.
BSI: It’s not up to us
the Daily mirror had also reported on Monday that a component of the Smart eID – the Trusted Service Manager (TSM) – could not be completed because the BSI had not yet completed the necessary guidelines.
A BSI spokesman rejected this statement to c’t: The technical guidelines would be further developed with the cooperation of the contractor. The progress of the project is decisive for the updating of the guidelines of the BSI, “not the other way around”. The partners are also aware of all the information and regulations necessary for the implementation of the TSM and the Smart eID. A certification of the TSM is not planned.
Result of the ID wallet disaster?
The spectacular failure of the “ID Wallet” app should also play a role in this regard. With this app, the federal government wanted to bring the driver’s license and a “basic ID” derived from the identity card to the mobile phone in autumn. A few days after its launch in autumn, security researchers showed that the app made it easy for attackers to steal identity data.
The Smart eID is based on a completely different technology (the BSI describes some of the basics in this PDF) than the ID wallet app and, among other things, meets higher security requirements through the integration of the Secure Element. But it is easy to imagine that the ID wallet debacle has contributed to the federal government wanting to be particularly cautious with the Smart eID.
(cwo)