The present NemID contract with Nets DanID expires in November 2018. The expiration of the current contract is a natural occasion to consider how the national infrastructure for e-identity and digital signature should look in the future.
NemID – A Public Matter
NemID is today a central element in the public ICT infrastructure and is a part of everyday life for many citizens and businesses. The present NemID solution is a secure, digital form of identification for citizens, public authorities, private businesses and their employees. Furthermore, NemID is also a digital signature. NemID is thus both used to document the user’s identity as well as to sign documents digitally. Most of the users, however, do not experience the separation between the two functions in daily life.
Approximately 4.7 million Danish citizens use NemID and more than 55 million transactions currently take place on a monthly basis. Citizens and businesses need NemID to log on to borger.dk, virk.dk and a long list of private websites (for example online banking), to use an array of digital self-service solutions and to read Digital Post (digital mail).
A Secure and User-Friendly Solution
In Denmark, we need to provide a secure and user-friendly solution for digital identification and signature for citizens, businesses and public authorities. It will be essential to continue an ICT security structure that unites user-friendliness with security and that benefits the maximum amount of citizens and businesses.
The tender for the next generation of NemID, MitID, is an opportunity to rethink the solution so that the technological possibilities are also in the future used in the best possible manner. The goal is a flexible and standard based solution which can be used on both public and private digital services.
There are many different user-needs, interfaces with other solutions, technical and security demands and possibilities and so on, which need to be included in the process of designing MitID. Focus will be on retaining the elements that work well and expanding with new elements to secure the solution for the future. The possible new elements include:
1. Better administrative solutions for businesses
Many different forms of businesses and associations use NemID each day for many different purposes. The businesses diverge in their needs, size, and number of employees as well as digital competencies. Therefore, a future solution could specifically aim to handle the needs of the many different types of businesses and associations who need to use NemID.
2. Extended use of private NemID for business purposes
One of the aspects of developing better administrative solutions for businesses is to extend the use of private or citizen NemID for business purposes. This can be done by connecting the user’s private NemID to a business’s CVR number which could prove beneficial for various businesses including companies with few or no employees.
3. Multiple login factors
NemID must be able to function on many different types of platforms and serve the needs of many different groups of users. This requires an extension of the use of alternative login factors, which are adapted to different platforms, including mobile platforms, or to special user needs.
4. Multiple security levels and a separation of eID and electronic signature
Some services using NemID require a higher level of security than others. The present NemID solution is designed to work well with services that require a high level of security due to the fact that the user needs two ‘login factors’ (a certificate and a key card) as the present solution is designed both to identify oneself online and to sign a document digitally.
The next generation of NemID aims to provide easier access for citizens, businesses and service providers to services with a lower level of security. Easier access with one ‘login factor’ will require the separation of the components concerning digital identification (eID) and digital signature (eSignature) in a future solution.
5. Privacy and context dependent information
The next generation of NemID must maintain the same standard of privacy as in the present solution. Therefore, the next generation of NemID needs to abide the same standards and regulations as the present solution. In addition, the Agency of Digitisation is further examining ways to secure further privacy and the coming solution.
6. Improved support options
Well-functioning support is a fundamental aspect of maintaining a good and user-friendly solution. The next generation of NemID will aim to reduce the overall cost of support as well as to improve user satisfaction. This can be done in several ways: By removing the obstacles that produce the need for support, by creating a more coordinated support from the different service providers and by improving online-support options.