Here we are: within this month the experimentation of the Single pin to access the digital services of the Public Administration. The measure is included in the package implementing decrees of the reform of the Public Administration that the Council of Ministers will approve on January 15th and its launch was announced just before Christmas by Marianna Madia. "From January 2016, citizens will be able to have a single PIN", said the Minister of Public Administration on 17 December in an interview with Repubblica TV, specifying that initially "300 digital services will be involved INPS, Inland Revenue e Inail”, as well as those of the local administrations that have joined the initiative.
In particular, the Municipality of has prepared the necessary to immediately start with the experimentation Florence and the Regions Piemonte, Emilia Romagna, Toscana, Liguria, Friuli Venezia Giulia e Marche. But the government's goal, Madia underlined, is to ensure that within the next two years "all administrations adhere to the Spid plan". The acronym stands for "Public System for the Management of Digital Identity", i.e. the new login system that will allow citizens and businesses to access the online services of the Public Administration and private individuals using a single digital identity.
On December 19, the Agency for Digital Italy communicated that InfoCert (linked to the Chambers of Commerce), Poste Italiane e Telecom Italy (with the subsidiary Trust Technologies) are the first three companies accredited as Spid digital identity managers (the so-called "identity providers"). As a result, starting this month, they can provide credentials to citizens and businesses that request them. The AgID and the Privacy Guarantor will carry out supervisory activities on the work of these companies.
Those who intend to take advantage of the new system must bear in mind that the Spid identity consists of credentials with different characteristics based on the level of security required for access. Exist three levels of security, each of which corresponds to three different levels of Spid identity. Citizens and businesses can decide independently or ask any digital identity manager for the level of Spid credentials that best suits their needs.
Il first level allows authentication by ID and password established by the user, while The second one allows access using a traditional password plus a "one time password" generated on the spot and sent to the user (as is used in many online banking). The third levelfinally, requires the use of a password and a smart card. On closer inspection, therefore, the expression "single PIN" is convenient but improper: there are more than one credentials to be provided for authentication, but together they form a single digital identity that allows access to many services.
This does not mean that the citizen cannot equip himself with different Spid identities, possibly with different levels of security or provided by different managers, using each time the most convenient one on the single occasion. On the other hand, at any time the user may also erase the obtained identity without providing any explanation. Credentials not used for 24 consecutive months, on the other hand, are automatically revoked by the manager.
As regards safety, the AgID points out that “Spid protects personal data more than a smart card", because "with electronic cards, the personal data useful for verifying identity on the net are all available to the service provider", while "with Spid, even if the user will always be authenticated with absolute certainty, they will be provided to the service provider, subject to user authorization, only the data strictly necessary for the specific transaction. For example, for services that only need to verify the age of majority of the subject or to know an email address, the identity provider will provide the service provider with only the strictly necessary information”.
