Re: National Identity Card
Ish, were you quoted the relevant part of the law which states that
'hardware devices' are exempt when you received the reply from the CCA?
On Sun, Sep 20, 2015 at 3:38 AM, S Moonesamy <sm+mu_at_elandsys.com> wrote:
> Hi Ish, Ajay,
> At 07:23 19-09-2015, Ish Sookun wrote:
>
>> A lot of people think that if some "data" is encrypted it becomes totally
>> secure. Well, one might think that as security until the decryption key
>> does not leak. In the context of the National Identity Card, we need to
>> realise that once a person's biometric data have been compromised and
>> misused, it becomes complicated to prove who committed a certain
>> transaction using the biometric data.
>>
>> Are our local teams ready and equipped to investigate such incidents
>> should they arise?
>>
>
> I have heard people (outside Mauritius) with a strong interest in privacy
> saying that encrypting data makes it secure. You mentioned the issue of
> the "key" being leaked in the above. There are also other possible
> issues. There are several angles to the comment which you made in the last
> part of the first paragraph; it is not about software or hardware only.
>
> I don't know whether those local teams can investigate such incidents. If
> the incidents affects me, I would have to hire people with legal expertise
> about the topic. I would have to look for people who understand the
> technology to explain it to the legal people. I would have to pay for all
> that.
>
> If I recall well, during the two cases against the ID Card in the Supreme
>> Court it was said that the card readers will not do any checks on the
>> centralized database. What should I understand with "contrairement à
>> l’ancien système, (One to many)"?
>>
>
> I see a few issues. First of all, the government has not published any
> information about the "one to many". There isn't even a web site to find
> answers to some simple questions. There isn't any technical information
> about the ID cards or the card readers. What I understood from the two
> cases is that it opens several issues which affects technology.
>
> According to the technicians the conversion of fingerprint images into
>> minutiae requires a certain amount of time and that cannot be done on the
>> premises. As per the article the fingerprint images are then deleted to
>> conform with the Supreme Court judgment.
>>
>
> That sounds like the ink used to take fingerprints have to be left to dry.
> :-) The above answer may be good enough for people who are not conversant
> with the technology.
>
> The photo of a person is "biometric data", yet they are stored in the
>> database. The fingerprint minutiae are "biometric data", yet they are
>> stored in the ID Card.
>>
>
> It seems that nobody was aware of the photograph issue or else the focus
> was solely on the fingerprint issue as that issue had wide press coverage.
>
> In my opinion yes, it affects. We were told the MNIC was a Certification
>> Authority and was responsible to issue digital certificates in the National
>> Identity Card project. We're now told that the National Identity Card
>> Centre (NICC) has replaced the MNIC. What about the Certification Authority?
>>
>
> There isn't any information about the so-called Certification Authority.
> It is incomprehensible how people expect those digital certificates to be
> used if there isn't any information about it.
>
> At 14:59 19-09-2015, Ajay R Ramjatan wrote:
>
>> I'll add to this. We still do not know whether MNIS was authorised by the
>> CCA to act as a certification authority. As far as I recall, all our emails
>> to the CCA asking to clarify whether MNIS CA was recognised to operate as a
>> CA were not answered.
>>
>
> Ish received an answer about the MNIS from the Controller of Certification
> Authorities on 12 February. The reason given was that authorization is not
> needed as the digital certifications are issued to hardware devices. Is it
> possible to use digital certificates for a manual transaction? I do not
> think so.
>
> Regards,
> S. Moonesamy
>
Received on Sun Sep 20 2015 - 09:23:03 PST
This archive was generated by hypermail 2.3.0
: Sun Sep 20 2015 - 09:27:02 PST