IM4DEC : Identity Management for the Digital Emergency Call
UN convention Article 9 requires countries to take measures for the full and equal participation of persons with disabilities, including access to communication and information services. Despite this, there are still about 1 million deaf and hard of hearing persons in Europe who currently rely on outdated technology (e.g. fax) and help from others to make an emergency call.
DEC112 is a non-profit association that has designed and developed a standard-conform infrastructure (ETSI TS 103 479) for deaf emergency chats (ETSI TS 103 698). Since 2019, the association is now operating a system in Austria in collaboration with the Ministry of Interior that connects emergency chats to the appropriate emergency communication centre by utilising location information.
However, still a number of challenges exist that are addressed in our project:
- Presenting a verified identity when delivering an emergency chat: replace current SMS verification with an eIDAS 2.0 compliant identity based on DIDs
- Deliver relevant (pre-recorded) information in case of an emergency: extend current free-text stored on the smartphone with structured information stored securely online
- Operators struggle with chat from deaf persons: introduce an AI-based chatbot to train users and share this information with emergency organisations as basis for new training material
- Such data (identity, emergency information, training chats) are considered special category data under the GDPR and we will perform a formal DPIA (Data Protection Impact Assessment) for the end-to-end dataflow
- This is not only for the benefit of deaf people but also individuals oppressed by domestic violence can make use of this technology through the use of a silent emergency notification; already in operation since 2022 in Austria we will provide an SDK to include this functionality in an EU Digital Identity Wallet to get such functionality on every phone.
EU Authorities addressed these topics in Regulation 2023/444 that require all member states to ensure accessible communication services to emergency services from 2025 onwards: with our project we make sure that such future solutions take special needs of the deaf community and oppressed individuals into consideration.
Website: https://www.ownyourdata.eu/im4dec
- Motivation for the project: With our solution we want to enhance security and privacy protection when using a decentralised identity. Additionally, interoperability and user control & consent will be improved with the design patterns outlined in our project.
-
Use Cases and Essential functionalities: The project was built around the following 4 main topics:
1. DEC112 Onboarding with ID Austria
- To provide a verified identity in the DEC112 app (available on Android and iOS), the existing DEC112 registration element (Registration API) was updated to support the onboarding process using an existing eIDAS identity provider (in Austria the eIDAS conform "Bürgerkarte" and "Handy Signatur", and now the already available "ID Austria'' will develop into an eIDAS 2.0 compliant identity provider).
2. Triggering a Silent Emergency Notification from the Sphereon Wallet
- To give as many people as possible access to emergency services, DEC112 and the Austrian Ministry of the Interior extended its services in April 2022 to offer a "Silent Emergency Notification": either in situations when you cannot talk (e.g., shooting in a bank) or also for individuals oppressed by domestic violence. Especially, for domestic violence the challenge is to have an unobtrusive app, such that an aggressor does not remove the app from the victims smartphone. In this use case we use a government issued identity (ID Austria) with OwnYourData acting as issuer for a Verifiable Credential that holds this government issued identity together with personal data (name, date of birth, and registered primary residence address). Based on this identity, SIP credentials are created and also added to the Verifiable Credential. The Verifiable Credential is added to an EU Digital Identity Wallet (we are using the wallet from Sphereon [https://sphereon.com/sphereon-products/sphereon-wallet/] but it should work with any standard-conform EUDI wallet) and through the DEC112 SDK a silent emergency notification can be triggered from within the wallet.
3. ChatGPT Based Chatbot and Data Sharing
- On the other end of an emergency chat is an operator in a control room that needs to be specifically trained on how to handle text-based emergency communication. With the advent of AI-based chatbots (e.g., ChatGPT) we want to provide functionality to simulate a control room operator and enable all DEC112 users to test emergency chats without requiring a human operator. Those chats can be - upon consent - shared with emergency service providers to increase the available training material for operators.
4. DID Rotation
- DID Rotation refers to the process of changing (or “rotating”) the underlying DID method for a given Decentralised Identifier. The concept is rooted in the best practices of cryptographic key rotation, where keys are changed periodically to reduce the risk of compromise. In the same way, periodically rotating a DID could reduce the risks associated with a specific DID method. And of course it avoids a lock-in situation into a given DID method. - How these functionalities can be integrated within the software ecosystem: Through a partnership with DanubeTech, we are poised to extend the functionality of the UniResolver.io service by incorporating support for DID Rotation. This innovative feature is designed to bolster security and adaptability in digital identity management, ensuring that users can seamlessly update and manage their decentralized identifiers (DIDs) in response to evolving needs or security concerns. Furthermore, our collaboration extends to enhancing the Sphereon Wallet by integrating a novel feature that allows users to make a Silent Emergency Notification. Leveraging government-issued ID credentials, such as those provided by ID Austria, this functionality is crafted to offer a discreet method for users to alert emergency services or contacts under duress, without drawing attention.
- Gap being addressed: Our project tackles critical gaps in the emergency services domain by introducing a standardized, interoperable text-based communication solution alongside enhanced training opportunities. From a technical perspective, we are pioneering the implementation of DID Rotation, which allows for seamless switching between DID methods, thereby advancing the DID resolution specification efforts. Additionally, we are showcasing the practical application of DIDs within a real-world emergency communication scenario. A pivotal aspect of our work includes conducting and documenting a comprehensive Data Privacy Impact Assessment specifically for the use of DIDs, ensuring that our solutions not only meet technical and operational standards but also adhere to stringent data privacy regulations. This multifaceted approach addresses existing deficiencies and sets new benchmarks for innovation and privacy in emergency communications technology.
- Expected benefits achieved with the novel technology building blocks: Other projects and solutions will benefit from a registration element for onboarding based on a government issued ID and can use the Data Privacy Impact Assessments (DPIAs) as blue print for their own work. For wallet developers we provide a concrete implementation to offer a government service (emergency notification). In the DID community, the functionality of DID Rotation will lead to a convergence of the manifold DID methods.
- Potential demonstration scenario: DEC112 emphasizes a strategic approach to deploying new components in production, focusing on maintaining the integrity and security of safety-critical environments. Our user engagement strategy outlines clear expectations for stakeholders and uses a mix of qualitative and quantitative metrics to monitor progress. Key engagement goals for our research project include: Registration API: engage with 50 users Wallet: demonstrate new funtionality with 15 users Chatbot: achieve 200 conversations with at least 50 users DID Enhancements: reach at least 15 users These targets are designed to ensure statistical significance for valid conclusions and are manageable for effective data collection and analysis.
Repositories:
GitHub: https://github.com/NGI-TRUSTCHAIN/IM4DEC
Currently open to the TrustChain community only. Reach out if you need access.
Team
Christoph Fabianek
Dr Fabianek is the founder of OwnYourData.eu and senior lead scientist at Frequentis A
Fajar Juang Ekaputra
Dr Ekaputra is the Assistant Professor at WU Wien with focus on Semantic Web, Knowledge Engineering, and Data Integration
Jan Lindquist
Jan Lindquist is the privacy expert and data governance specialist, member of the Swedish Institute for Standards, ISO Swedish expert on information security
Gabriel Unterholzer
Gabriel Unterholzer is the president and developer of DEC112, self-employed software developer, studies computer science at University Bielefeld
Wolfgang Kampichler
Wolfgang Kampichler is the co-chair of the EENA Tech & Ops Committee of the European Emergency Number Association, ETSI Rapporteur, principal scientist at Frequentis AG
Mario Murrent
Mario Murrent studied at FH Wr. Neustadt and is SW developer and consultant. He is founder of MeeCode by Mario Murrent and a passionated App Developer and contracting party for DEC112
Entities
Verein zur Förderung der selbstständigen Nutzung von Daten (OwnYourData)
OwnYourData is a non-profit association and helps you to achieve unrestricted access to your data for your benefit.
Website: www.OwnYourData.eu
Verein zur Entwicklung von standardisierten und barrierefreien Notrufen (DEC112)
Rethinking emergency communication.
Website: www.dec112.eu