U.K. Government Proposes Mobile Application for Settling E.U. Citizens Post-Brexit

Subscribe To Download This Insight

By Sam Gazeley | 1Q 2019 | IN-5411

A smartphone app is being utilized by the government of the United Kingdom to make it possible for citizens of the European Union (E.U.) who currently reside in the United Kingdom to remain in the country after it leaves the European Union on March 29th. With an estimated 3.5 million E.U. citizens living in the United Kingdom, the government has made ensuring there is an opportunity to retain that population post-Brexit a top priority. The loss of working population and income if these citizens were unable to stay would be significant; therefore, securing their futures is also significant, for both economic and political reasons. The Android app, named E.U. Exit: ID Document Check, has been devised as a convenient solution to enable E.U. citizens to apply for settled and pre-settled status before the United Kingdom separates from the European Union next month.

Registered users can unlock up to five pieces of premium content each month.

Log in or register to unlock this Insight.

 

U.K. Government and Apple

NEWS


A smartphone app is being utilized by the government of the United Kingdom to make it possible for citizens of the European Union (E.U.) who currently reside in the United Kingdom to remain in the country after it leaves the European Union on March 29th. With an estimated 3.5 million E.U. citizens living in the United Kingdom, the government has made ensuring there is an opportunity to retain that population post-Brexit a top priority. The loss of working population and income if these citizens were unable to stay would be significant; therefore, securing their futures is also significant, for both economic and political reasons. The Android app, named E.U. Exit: ID Document Check, has been devised as a convenient solution to enable E.U. citizens to apply for settled and pre-settled status before the United Kingdom separates from the European Union next month.

However, the success of the mobile solution has been heavily set back by the fact that the application does not function on Apple devices. With Apple devices comprising approximately 50% of the smartphone market in the United Kingdom, this would mean almost half of the E.U. citizens living in the United Kingdom would have to seek an alternative, and likely more complex, route to securing their residency in the country.

Application Functionality and Conflict with Apple

IMPACT


For an E.U. citizen living in the United Kingdom to apply for “settled status” on the mobile app, they must answer three questions and take a photo of themselves to be cross-referenced against their records at the Home Office. These functions work successfully across all mobile platforms; however, the issue arises in the third stage of the application. Until recently, the United Kingdom’s government was looking to utilize the NFC technology embedded within the smartphone, making it possible to scan the data chip on the user passport to finalize the application and begin the two-week application process. As it stands, Apple users cannot scan the chip embedded within the passport, meaning applicants must either utilize an Android device to complete the application or post their credentials to the U.K. Visa and Immigration Service (UKVIS), which results in significant delays.

It is not just Apple devices that have this limitation. Microsoft and Blackberry operating systems for smartphones will not be able to scan the passport chip, either. However, their combined market share is approximately a marginal 1% combined. Furthermore, Android devices that do not have NFC technology also cannot scan the chips. While the government was aware of the limitation with Apple devices prior to the announcement of the mobile solution, it hoped that Apple would provide an update to the OS that would enable passport chip scanning functionality. Despite numerous representations in the United Kingdom, this has not materialized. Curiously, this is not due to limitations with hardware on the devices; The Near Field Communication (NFC) chips required for scanning have been embedded within Apple devices since 2014, but Apple has been restrictive over the number of third-party applications that can utilize the technology.

Since its inception, NFC functionality has been limited to Apple Pay transactions to facilitate increased financial security for users and could be adapted for passport scanning, but Apple has still not released the necessary upgrade. As part of iOS 11, Apple added the CoreNFC framework, which permitted third-party app developers to read NFC Data Exchange Format (NDEF) data from NFC tags 1-5. While the iPhone XS, XS Max, and XR support background reading of NFC chips, the data must follow a strict format. The passport data does not follow supported standards of CoreNFC framework and thus cannot access the data. This has led to frustrations for the government, which is working to devise a unilateral solution before March 29, 2019.

OEMs and Mobile ID Solutions

RECOMMENDATIONS


The government of the United Kingdom is not the only government to experience issues with mobile OEMs. Currently, the Dutch government is looking to implement a solution to allow citizens to access e-government and digital services and has requested that Apple open the NFC technology to enable this functionality.

 

This shortfall allows other solutions to take place, however. In November 2018, the government of the United Kingdom finalized a contract worth approximately UK£90 million with Sopra Steria, a French solutions provider, for the installation of infrastructure at 56 local libraries, complete with the equipment required to submit passports and biometric data to complete the applications.  

 

Conflicts of interest between mobile device manufacturers and governments wishing to implement mobile credentialing solutions are not new. Each party involved in the mobile credentialing process will have different priorities that they wish to see implemented. Mobile OEMs such as Apple or Samsung will place emphasis on profit margins and maintaining control over their handsets while also protecting customer information as part of an obligation to data confidentiality. Conversely, the governments will focus on securing their citizens’ data, safeguarding it from fraud and making incidents of compromised data as limited as possible while devising a solution that will have minimal operational costs.

 

There are already solutions being devised that will act to solve as many of these credentialing issues as possible. Securing a citizen's information within a Secure Element (SE) on the handset provides a tamper-resistant credential which, even if breached, would only compromise the individual's data and prevent the risk of a larger scale incident. While having a back-end server system installed to manage credentialed information can ensure relevant authorities’ monitoring of identities, a breach in the housing server could theoretically place many members’ data at risk.

 

There are a number of ways in which a user can prove device ownership and present the credential they store on their device:

 

  • In browser: The credential is extracted from the secure storage location and moved to a mobile-enabled secured website utilizing a browser.
  • In application: The credential is extracted from the secure location and transferred to the application on the mobile device for signing in.
  • Using NFC: By utilizing card emulation, the credential can be extracted from the secured storage location and transferred to an NFC reader.

As each mobile OEM will incorporate differing software and hardware on their devices, a mobile credentialing solution will have to cater to a range of functionalities to achieve the maximum penetration rate of the population. With Apple developing Touch ID used mainly with Apple Pay payment, Google Face Unlock using a front facing camera to capture and use a facial biometric, and Iris Scanning developed by Samsung, a mobile solution will have to cater to each functionality.

 

For government-issued Mobile IDs such as mobile driving licenses and m-ID, several core principles must be met to enable successful implementation:

 

  • Be Voluntary: Program participation should be the decision of the individual citizen and they should control who can share the information.
  • Be Secure: The implementation should be based around a strong level of cryptography, supported by recognized standards.
  • Be Interoperable: The solution should work with major smartphone OEMs and their OSs and work across multiple jurisdictions and countries.
  • Be Private: Only the citizen should be able to access their data or track their identity and the data stored must be authenticated without the citizen being required to turn over the device.
  • Be Remote: The credential must be able to be accessed without connection to internet or mobile network.

While new developments and standards, such as the e-IDAS program in the E.U., are making headway in streamlining the implementation process for mobile credential programs, there are still several issues to overcome in providing a solution that works for the citizen, the government, and the smartphone provider.

Services

Companies Mentioned