A wide range of key societal functions are dependent now on ICT systems for electronic identification (eID). Using eID technology, citizens of and residents in Norway can access a range of private and public services, access their digital health data, report to tax authorities, verify payments, bid on real estate, sign credit agreements, register a divorce and conduct many other transactions. Because of this foundational role in modern digital societies, eID systems pose societal security concerns regarding criminal activity, including financial fraud, money laundering, corruption and terrorism.
In this project, we will study how law and technology can work together to detect and reduce vulnerabilities linked to the use and misuse of eID systems.
The project will examine the technical features of eID systems in Norway and Estonia, and their interaction with applicable national and European Union (EU) legal frameworks. While Norway and Estonia are frontrunners in digitalisation, Norway reportedly experiences the highest level of online fraud and identity theft in Europe while such problems are rare in Estonia.
As part of the project, a legal aid clinic called the ID-lawyer will be established in Norway for individuals experiencing legal challenges related to use or misuse of eID. This clinic will facilitate the collection of aggregated and case-specific data and provide new insights into how the legal system deals with legal issues related to eID systems, including ongoing access to eID and the management and recovery of claims following eiD misuse. The project will be implemented by a multidisciplinary team of scholars, in collaboration with a range of non-academic partners (public and private).
The project is expected to have a high impact among both scholars and policymakers seeking to understand eID systems and to contribute to policy and technical development in ways that take human rights, ethics and societal needs into account, thereby reducing societal risk.
A wide range of key societal functions are now dependent on ICT systems for electronic identification (eID) and signatures. Consequently, eID systems pose societal security concerns when they come under attack from criminal activity. In Norway, there are regular media reports of individuals who have lost their homes and/or their life savings because of eID fraud. This project will study how law and technology can work together to detect and reduce vulnerabilities linked to the misuse of eID systems and thus contribute to the design of resilient and adaptable systems in Norway and abroad.
The project takes an innovative approach by gathering and examining a unique dataset on the design and regulation of eID in Norway, matching it with cybersecurity analytics, contextualizing it within European law, and comparing it to other relevant countries. It will be pioneering not only in terms of scope – large number of legal cases, complaints database, laws, cybersecurity attacks, and lab tests– but also in terms of depth of information. The research is enhanced by the use of interdisciplinary approaches ranging from cryptography to legal scientific methods, making it possible to fill specific knowledge gaps.
The project will be implemented by a multidisciplinary team of international and Norwegian scholars from four different research institutions, as well as three PhD students and four research assistants. The project is distinct for its planned systematic cooperation between subject fields, collaboration with partners (public and private), and involvement of end users, all of which will ensure that the knowledge, expertise, and solutions developed are targeted towards society’s needs. The project is expected to have a high impact among both scholars and policymakers seeking to understand eID systems and to contribute to policy and technical development in ways that take human rights, ethics and societal needs into account, thereby reducing societal risk.