Stuart Hill, an older gent who lives in the Shetland Isles, says he’s stumbled onto “a scheme that threatens our fundamental freedoms”: “the new ‘National Entitlement Card’ that provides access to free travel for the elderly and disabled, in fact marks the introduction of ID Cards by the back door.” He’s written up his research here. The person who submitted his writeup to RISKS noted (and the RISKS moderator, Peter G. Neumann, apparently agreed) that Hill “has done his research, and this should not be dismissed as just another paranoid conspiracy theory.”
Hill mentions the “Poorvoo Group,” more correctly (it seems) the “Porvoo Group.” They don’t seem to have ‘their own’ website (which is notable in its own right), but the (Finnish) Population Registry Centre, which serves as PG’s “permanent secretariat,” describes them as
an international cooperative network whose primary goal is to promote a trans-national, interoperable electronic identity based on PKI technology (Public Key Infrastructure) and smart cards and chip ID cards, in order to help ensure secure public and private sector e-transactions in Europe. The Group also promotes the introduction of interoperable certificates and technical specifications, the mutual, cross-border acceptance of identification and authentication mechanisms, as well as cross-border, online access to administrative services.
The site also notes that, “[a]t present, some 30 countries from Europe, the United States, Canada and Asia have representatives in the Group” (emphasis added). Along these lines, note their most recent list of links to relevant non-PG documents:
European Health Insurance Card (EHIC): towards simplification for healthcare professionals, Article by Marc Lange
Common Specifications for eIDM Interoperability (draft)
Summary of existing authentication schemes (draft)
Proposal for a multi-level authentication mechanism and a mapping of existing authentication mechanisms (draft)
Privacy Enhancement for eIDs (draft of a discussion paper)
TLS-Federation (rough draft of a paper)
Rough writeup of a more concrete eID Interoperability Scenario
Review and Analysis of Current and Future European e-ID Schemes, by Siddhartha Arora, M.Sc. thesis, Royal Holloway, University of London
Thomas Myhr's report: Regulating a European eID
NIST Special Publication
(Another, partial version of the PG secretariat site is here.)
To date, PG has held thirteen meetings:
Porvoo 1 (Porvoo, Finland, 4-5 Apr 02): link
Porvoo 2 (Dublin, 20-21 Nov 02): link
Porvoo 3 (Oslo, 20-21 May 03): link
Porvoo 4 (Issy-les-Moulineaux, 24 Sep 03, “in connection with the 4th Worldwide Forum on e-Democracy”; e-ID workshop and "eEpoch"): link
Porvoo 5 (Tallinn, Estonia, 13-14 May 04): link, dedicated site—sponsors listed as Valimo Wireless, Setec, Trüb Baltic
Porvoo 6 (Rome, 9-10 Nov 04): link, dedicated site—participants
Porvoo 7 (Reykjavik, 26-27 May 05): link, dedicated site—sponsor listed as Verisign
Porvoo 8 (Brussels, 13-14 Oct 05): link, dedicated site—participants
Porvoo 9 (Ljubljana, 11-12 May 06): link, dedicated site—participants
Porvoo 10 (Porvoo, 2-3 Nov 06): dedicated site—commercial sponsors ("organised in co-operation with") listed as Fujitsu, Gemalto, TietoEnator
Porvoo 11 (Coimbra, Portugal, 24-25 May 07): link, dedicated site—commercial sponsors ("main partners") listed as Gemalto, Cisco, Accenture, Microsoft, Siemens, IBM
Porvoo 12 (Grosseto, Italy, 18-19 Oct 07): link, dedicated site—commercial sponsors listed as Microsoft, Cisco, Athena Smartcard Solutions, Elsag Datamat, Rama, Alberese
Porvoo 13 (Hurtigruten, Norway, 9-10 Apr 08): link, dedicated site—commercial sponsors listed as BBS, BankID, Det Norske Veritas, Microsoft, Telenor
Porvoo 14 is scheduled for Cardiff, 23-24 October 2008.
A quick scan of PG’s agendas over the last six years suggests that they've made a lot of progress.
This is the kind of public-private body that needs to be watched very, very closely. To date, it has operated fairly openly (including publishing pictures of meetings); its operations may close very quickly, though.