The UAE maintains digital security of individuals through Emirates ID and SmartPass.
Federal Authority for Identity and Citizenship (FAIC), earlier known as Emirates Identity Authority (EIDA) succeeded in launching electronic identity cards for the whole population in the country including nationals and residents. The card carries biometric details of the holders an, in order to verify and confirm the identity of each individual through the personal number and the smart card related to the biological features of the individual.
For more information about identity protection by EIDA, refer to the following links from newspapers:
SmartPass enables access to the UAE Government’s online services through a single account, using one username and password. The benefit of SmartPass is that one does not need to have multiple usernames and passwords to get government services. Having multiple usernames and passwords often leads to misplacing and/or resetting them. Even then, the concern of maintaining multiple usernames and passwords exists. SmartPass eliminates such hassles.
To use SmartPass, one needs to register. Citizens and residents holding Emirates ID cards can register with their Emirates IDs. In this case, the SmartPass account not only carries accurate information about the user relating to name, birth date etc. but also provides a secure digital identity. SmartPass is also available for use by visitors or those living outside the UAE.
The UAE introduced FedNet
which provides available, convenient, on-demand network access to a shared pool of configurable computing resources for all federal government entities. One of the features of FedNet is its secure architecture which enhances the UAE’s cyber security. This is done through the secured and private network, Multiprotocol Label Switching (MPLS) cloud.
The FedNet team is responsible for observing and monitoring the events and procedures of the FedNet round the clock, ensuring that the necessary actions are taken in case of errors or violations. A Security Information and Event Management (SIEM) system is operated by a dedicated 24/7/365 security operations centre (SOC) to manage all security events within FedNet.
The UAE is taking several other efforts to maintain and strengthen cyber security. Some of these efforts are mentioned below.
- Establishing aeCERT
The UAE dedicated a Computer Emergency Response Team (aeCERT) to improve the standards of information security in the UAE and protect the IT infrastructure from potential risks and violations. aeCERT aims to support and ensure a safer cyber space for the UAE nationals and residents and disseminate information about threats, vulnerabilities and cyber security incidents. Public may report any cyber security incidents through aeCERT.
- Launching initiatives on cyber security
- Salim- an online cyber security advisor
The UAE Computer Emergency Response Team (aeCERT) jointly with Aqdar, launched the initiative Salim, an online cyber security advisor, with the slogan 'Towards a safe cyber culture'.
The goal of this initiative is to spread knowledge about cyber safety to the entire community and have a generation that has integrated knowledge about information security and is mindful when conducting activities online.
- UAE Ambassadors for electronic security
This initiative from TRA aims to train top UAE students to serve as ambassadors in promoting and spreading cyber security awareness across the UAE. Read about other cyber security initiatives in the UAE.
- Cyber blackmailing
In 2016, the Dubai Police’s Al Ameen service in cooperation with the UAE's Telecommunications Regulatory Authority (TRA) organised a cyber-blackmail awareness campaign. The campaign aims to protect victims from blackmailing by chasing all criminals in all parts of the world, in addition to issuing requests to the Interpol to hunt these criminals wherever they are. Read more on cyber blackmailing and how to stay safe.
- Launching cyber security strategies
- Raising the minimum protection level of cyber assets and ensuring compliance to the UAE’s cyber security standards
- Developing incident and response management capabilities and improving threat neutralisation capabilities
- Informing and educating the public and workforce about cyber security and promoting research in the field
- Collaborating with international bodies to catalyse cyber security efforts nationally and internationally
- Developing initiatives to guide the implementation of the National Cyber Security strategy.
Read more on UAE National Cyber Security Strategy (NCSS).
- Dubai cyber security strategy
The emirate of Dubai launched the Dubai Cyber Security Strategy (PDF, 2.67 MB) which aims to strengthen Dubai's position as a world leader in innovation, safety and security. One of the main domains of the plan is to build a secure cyber space by establishing controls to protect the confidentiality, credibility, availability and privacy of data. Read more on the Dubai Cyber Security Strategy.
Studies showed that cyber criminals often choose to operate in countries with weak or non-existent cyber crime laws and within communities that lack awareness about the subject. Hence, the UAE issued may laws and regulations to counter cyber crimes.
Under the Federal Law No. 5 of 2012 on Combatting Cyber crimes (PDF, 120 KB) and its amendment by Federal Law No. 12 of 2016, the UAE criminalises the use of the internet to invade privacy of another person, the recording of audio or video conversation or communication, photographing others or copying the same and publishing news, statements or information. Violation of the law will be punishable with imprisonment and/or a fine between AED 500,000 and AED 2,000,000. Read about other cyber laws and regulations in the UAE.
eSignature and digital certification
What is an eSignature?
An eSignature is used in electronic messages to identify the signatory (the sender of the message) and distinguish them from everyone else. An eSignature also proves that the message received is the same message that was sent by the signatory and that nothing has been added, deleted or amended. It may consist of letters, marks, symbols, numbers, sounds or images.
An eSignature is as legally binding as a signature executed by hand.
Federal Law No.1 of 2006 regarding Electronic Transactions and E-Commerce approves the use of eSignatures in the UAE. To create an eSignature, you need an electronic signature creation device, and a digital certificate to be authorised to use this device. Certification services providers issue digital certificates. These certificates confirm the identity of the signature device holder.
Read more on eSignatures on the website of Judicial Department in Abu Dhabi.
What is a digital certificate?
A digital certificate is a certificate issued by a certification service provider, which confirms the identity of the person or entity holding an electronic signature creation device. An electronic signature creation device is a uniquely configured device or electronic information that enables a person to apply his e-signature in the form of electronic keys and symbols.
What is a digital certification service provider (DCSP)?
A digital certification service provider is an accredited or authorised natural person or legal entity that issues digital certificates and offers digital signature-related services.
How to apply for a DCSP license?
You can apply for a DCSP license through Telecommunications Regulatory Authority (TRA). Obtaining a licence from TRA is required for all digital certificate service providers operating in the UAE with respect to eRecords, eDocuments and eSignatures related to eTransactions and/or eCommerce. To apply for a DCSP licence, you need to submit the following documents to TRA:
- your company’s memorandum and Articles of Association
- details of your company’s organisational and ownership structure
- the commercial licence authorising you to act as a DCSP
- a statement of your commercial activities
- details of the company's accounts and financial resources for the previous two years (or less if your company has been trading for less than two years)
- an insurance policy which shows you have sufficient cover for your activities as a DCSP.
Digital signature and timestamp service
Federal Authority for Identity and Citizenship (ICA) offers digital signature and timestamp service. The service enables entities and individuals to sign documents and transactions digitally using their ID card, with a timestamp on the signature that shows the date and exact time of the signature. The timestamp cannot be changed or altered even by the owner of the digital signature which gives undisputed accuracy of document and transaction creation and updates.
ICA Validation Gateway-VG
To simplify the usage of the Emirates ID card and its certificates, Federal Authority for Identity and Citizenship (ICA) set up a Validation Gateway (VG). VG enables governments, organisations as well as individuals to make use of the Emirates ID card in an online scenario. The VG is a service available online that offers a wide variety of digital functionality related to the Emirates ID card. After approval from ICA, users can connect to the VG and perform online services using the Emirates ID cards for authentication and signing. Read more about ICA’s Validation Gateway.