It has been long since we heard talking about SPID, the “Public System of Digital Identity” created by the AgID (Digital Italy Agency), for the first time; and finally it is real.

As a matter of fact, this System was conceived and announced by the Monti cabinet, but only now an outcome has been achieved. The SPID has been online just for a few days (since March 15^th) and it seems to have shown an innovative side of the obsolete Italian administration. But let’s see what is this all about!

Generally speaking, the SPID is a system thought to give everyone – as the scheme is addressed not only to private individuals, but also to companies – an easier access to the wide range of services that are regularly offered by the Public Administration.

Throughout the combination of a common username and a password with the identity of each applying User, it will be possible to access quickly to the chosen service with every kind of IT tool: computer, pc, tablet or even smartphone. In this way, the time usually requested for the process of identification and supply will be sensibly shortened and the service obtained more easily.

The SPID is aimed to substitute all those temporary identities created daily by the Users in order to access the huge number of services that are already offered online.

This System’s designers thought of the easiest and most intuitive method possible of access, in order to avoid this futuristic invention to be set-aside because of the high level of technical knowledge requested. The SPID does not require any special competence and really seems accessible to everyone.

More in the details, this System requires certain entities to play the role of Identity Providers, taking in charge the authentication of the data provided by the Users in order to produce a Digital Identity for each of them. At the time of the launch of the SPID, three Identity Providers have been appointed: Infocert, Poste Italiane and TIM, which are offering the same services.

These three Providers have been appointed accordingly to the requirements fixed at the Art.10 paragraph 3, letter a) of the Prime Minister’s Decree of October 24^th, 2014, which is asking a minimum capital of 5 millions euro for those companies willing to become Providers. However, this provision has been erased by the Council of State with a decision (judgment No. 1214 of March 24^th, 2016) confirming what has already been stated by the TAR Lazio on July 2015, in accordance with the claims presented by the Confcommercio Assoprovider and Assintel associations.

The Council of State ruled on the basis of a competition infringement caused by the provision that cannot be justified by the content of the activity carried out by those Providers – the activity is indeed based on a simple password system that cannot be compared to other stronger identification systems. The effects of the abovementioned decision will very soon greatly affect the mechanism for accessing the Providers’ market.

In order to get a Digital Identity, the User is required to present an application form with all the information needed to certify his identity: name, surname, sex, day and place of birth, fiscal code, ID details. Moreover, the User will have to provide additional information in order to be contacted, that is to say an email address (which has to be personal for every SPID identity) and a mobile phone number.

This login system is developing over three different levels: from the requested service’s criticality descend three security levels:

• the first level is combining an average complexity username and password to the identity in order to allow the authentication on the website. This authentication method is considered sufficient for the low risk associated to this level’s operations;
• the second level combines the username and the password with a One Time Code created and sent to the User (ex. via sms) by a particular device. They have to be inserted jointly on the website in order to authenticate successfully;
• the third level of identity created with SPID requires, additionally to the username and the password, an access device as a smart card. At this level a stronger security is needed, due to the services provided that are likely to create a serious harm to the User in the occurrence of a misuse of his identity.

 

The first two levels are provided for free to those Users registered within the end of the current year for the two years after; it is still unknown what will happen after, but it seems that the Government is trying to keep this System free at least for individuals. In order to avoid the possibility of being required a fee after this two-year period a free withdraw system has been thought.

Because of the high degree of security provided for by the third level of the SPID, for this level a fee is already required to the Users.

Even if the use of a Cloud Storage system can be alarming for a lot of Users, it seems that the Public System of Digital Identity is extremely reliable and also able to keep its Users’ Privacy and Personal Data protected. The SPID is indeed thought to prevent those data to be attacked or purloined both in the identity certification phase and in the service providing one.

Which kind of services is really accessible with the SPID?

Today, at the launch of the SPID, there are about 300 operating services, involving plenty of administrations – among them Inps, Inail and some Regions, as Piedmont, Tuscany and Liguria, as well as some Municipalities (ex. Florence).

However, according to the project, the system is expected to grow rapidly and within June it will encompass 600 operating services with the entry of the Revenue Agency. Within the end of February 2008, in a period of 24 months, every Public Administration and every service will be reachable through SPID.

The chance of being reached through this System is also given to every private company willing to pay a fee, widening further this web.

The registration to the System is not mandatory, at least directly, because, even if it is not expressly required to anyone, in the future these services will be provided only online through it. As a consequence, it is deeply suggested to join it.

The growth of the number of Users is reciprocally benefitting both the Users and the Providers, and that is one reason why its use is incentivized by being provided for free.

 

According to the Italian Digital Agenda, a lot of other actions will follow the entrance of the SPID in the Italian scenario, in order to keep the administrative innovation growing at a pressing rhythm.

Right now, the SPID is allowing Users to access different services with the same Digital ID, but it is nevertheless required to access those services logging in different websites, one for each Provider.

Therefore, in order to simplify further the access, from 2017 a new step will be undertaken and it will be called Italia Login. Italia Login will be a single interface to every service even when provided by different entities, accessible with the SPID ID. The outcome will be of speeding up even more all the processes entailed.

The Single ID System is indeed an innovative and revolutionary project in the outdated Italian landscape, and the purposes pursued in this way are at least desirable – among the others, SPID is supposed to be able to reduce the undeniable gap existing between the smaller and the bigger territorial entities, the minor Municipalities will be led mandatorily to an advancement.

Anyway, in order for SPID to be successful, it will have to show its effectiveness and ability to offer a qualitatively worthy service while, at the same time, it will have to prove the strength of the protection accorded to the Users. The only thing to do right now is to wait and see how this is going to develop, aware that if SPID and the Digital Agenda will be successful it will be a great achievement for everyone!

 

For further information http://spid.gov.it/