diff options
| author | frankro <frankro@berlin.ccc.de> | 2009-04-18 19:12:41 +0000 |
|---|---|---|
| committer | frankro <frankro@berlin.ccc.de> | 2020-05-23 13:38:27 +0000 |
| commit | d5aded1dce7ff70a8945cf0367b69bbe391948b1 (patch) | |
| tree | 0a9e426c04ec7ce0859964061cc8b01f618c8274 /updates/2008/egk-verzoegern.en.md | |
| parent | 50039e24eb88c159ee154d44594bdc61728f3a01 (diff) | |
committing page revision 1
Diffstat (limited to 'updates/2008/egk-verzoegern.en.md')
| -rw-r--r-- | updates/2008/egk-verzoegern.en.md | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/updates/2008/egk-verzoegern.en.md b/updates/2008/egk-verzoegern.en.md new file mode 100644 index 00000000..3d16491a --- /dev/null +++ b/updates/2008/egk-verzoegern.en.md | |||
| @@ -0,0 +1,46 @@ | |||
| 1 | title: Electronic Insurance card: Please don't Smile | ||
| 2 | date: 2008-07-22 00:00:00 | ||
| 3 | updated: 2009-04-18 19:12:41 | ||
| 4 | author: frankro | ||
| 5 | tags: update | ||
| 6 | |||
| 7 | |||
| 8 | Some German health insurance funds started asking their members to send in photos for newly issued electronic insurance cards, despite the fact that important security questions regarding the system are still unanswered. The Chaos Computer Club advises all members to not send a photo as yet. | ||
| 9 | |||
| 10 | |||
| 11 | <!-- TEASER_END --> | ||
| 12 | |||
| 13 | In the past few days we received information about health insurers | ||
| 14 | asking their customers to send photos as part of the issuing process for | ||
| 15 | new insurance cards. The trade guild sickness fund of Saxony ("IKK | ||
| 16 | Sachsen") even insists on a picture that meets current biometric Photo | ||
| 17 | ID requirements, and refers to a legal obligation for providing it. | ||
| 18 | |||
| 19 | The concept of the electronic insurance card that is known to the Chaos | ||
| 20 | Computer Club bears some serious issues, such as in the implementation | ||
| 21 | of so called "voluntary services" ("freiwillige Dienste"). With the | ||
| 22 | electronic health record, the sensitive details leave the protected | ||
| 23 | environment of the doctor's practice and are stored on a central server. | ||
| 24 | According to the specification this information will be encrypted prior | ||
| 25 | to transmission, but there is no conclusive concept about who has access | ||
| 26 | to the cryptographic keys. | ||
| 27 | |||
| 28 | Without these additional services, the introduction of the new | ||
| 29 | electronics health insurance cards would neither be economically | ||
| 30 | justifiable nor bring any value-add for health insurances, doctors or | ||
| 31 | patients. Consequently, the introduction of such an ill-conceived system | ||
| 32 | is irresponsible. We therefore advise all policyholders to not comply | ||
| 33 | with the request for sending in a photo, so that the ubiquitous | ||
| 34 | implementation of the new health insurance card will be delayed until | ||
| 35 | these fundamental questions around protecting sensitive information are | ||
| 36 | clarified. | ||
| 37 | |||
| 38 | As a matter of fact, ยง 291 German Social Security Code | ||
| 39 | ("Sozialgesetzbuch") indicates that the health insurance card shall bear | ||
| 40 | a "photograph of the insured person", but the law in question does not | ||
| 41 | contain any further requirements about its nature. So there are no | ||
| 42 | limits to creativity. A biometrically usable picture, as it is used in | ||
| 43 | the controversial electronic passports, is not at all required by law. | ||
| 44 | |||
| 45 | Retention of the photo, exceeding the time frame required to produce the | ||
| 46 | card, is not required by law and therefore prohibited. | ||