Current situation of the new electronic identification card In Taiwan
Taiwan is planning to replace national IDs with cards that integrated chip. The new electronic identification card (eID) will roll out to every Taiwanese citizens as early as the end of 2020. The quantity of manufacturing the new eID cards is estimated over 20 million. However, with Taiwanese citizens' private information digitizing on the Internet, Taiwanese government haven't established an independent data protection agency and amend the law to regulate the use of eID and protect the privacy rights. Taiwanese government haven't announced the details of the eID plan. Therefore, for promoting Taiwanese government to deal with above problems, OCF initiated a petition and FOUR DEMANDS:
1. The roll-out of eID should not be required. Non-chipped identity card should remain as an alternative.
According to the specification of eID, people need to remember THREE sets of passwords for different purposes. For people who are not familiar with technology, e-service provided by the government might be difficult to use. Moreover, National Health Insurance Card and driver license are planned to tie to the eID, which might lead to serious information security risks.
2. Always carrying eID cards should not be required
In this case, smart card attacks can be prevented.
Taiwan's Ministry of Interior doesn’t make any new law to regulate the use of eID. They insisted that Household Registration Act can be served as the legal basis for its plan to replace physical ID cards with a new electronic ones. As Article 56 of Household Registration Act stipulates, “One must always carry his or her National ID Card.” However, the new eID comes with RFID function, which may enable remote tracking of cardholders.
3. Establish an independent data protection agency to protect the privacy rights of all Taiwanese citizens.
Personal Data Protection Project Office, a subordinate institution of National Development Council, is the only institution in Taiwan’s government to interpret the Personal Data Act. We petition the government to establish an independent data protection agency and amend the law of Personal Information Protection Act. Taiwan’s regulations of privacy rights should be in conformity with the adequacy of GDPR, which will also benefits Taiwan’s overseas industry development in EU.
4. Open source code of the eID PKI Smart Card Client driver to the public scrutiny and build confidence among Taiwanese citizens.
“Open Source” can gather experts and scholars to review, fix the bugs in Taiwan’s eID system, and raise the security level of eID PKI Smart Card Client driver. This can prevent single company from monopolizing government bidding projects and hiding backdoors in the eID system.