man working with tablet server room

Security by design: considering security from the very start

published on 20.10.2021

Security by design combines stringent data protection standards with an optimal user experience. A research project by Bundesdruckerei GmbH demonstrates how the concept works in practice.

A secure basis instead of emergency management

Along with innovations and advantages, the increasing digitisation of the world around us also presents certain threats: Reports about data leaks, cyber attacks and security breaches in digital applications regularly attract attention. What’s the problem? It is often the case that security measures in IT solutions are only implemented or intensified after the damage has already been done.

This issue is precisely what the principle of security by design aims to tackle. The core concept is as follows: When developing new digital applications, security is the top priority from the start and plays a defining role in every other work step. The actual product development can only proceed once the guardrails for a secure IT infrastructure are in place. It is not just protecting against data leaks and external attacks that plays a decisive role here. The principle of data economy - with special consideration of the General Data Protection Regulation (GDPR) - is central to the security by design concept. This stipulates that data should only be collected for an IT application if strictly necessary. In addition to data economy and security, user-friendliness should also be ensured. Good usability is therefore another basic prerequisite for a successful security by design project.

If there’s one factor that is essential to design an IT application in line with the security by design principle, then it’s optimal preparation, because the specific requirements of the application must be established right at the start.

 ´Especially when it comes to collecting biometric data, you always need to ask yourself beforehand: Do I really need this fingerprint? Of course this also reflects the requirements of GDPR. The most important thing to consider is what the user actually needs from the application, rather than what they might need.`

Uwe Rabeler, MEDIAN Project Coordinator at Bundesdruckerei GmbH

MEDIAN: mobile identity verification for the police

One project which demonstrates the advantages of the security by design principle is MEDIAN. “Mobile contactless identity verification in the area of migration” (MEDIAN) is a project funded by the German Federal Ministry of Education and Research (BMBF) which was developed by Bundesdruckerei GmbH together with partners from business and research as a prototype which would later be used to assist the police. The catalyst for the research project was the growing influx of refugees in 2015 and 2016. This presented new and unfamiliar challenges for the police and security services. In a very short space of time, it became necessary to identify a huge number of people. However, this was only possible at police stations, as the technology for the mobile examination of personal details didn’t exist yet. This placed great strain on the asylum seekers as well as the police.

A mobile solution would have required technical tools to capture facial images as well as collect fingerprints without contact and match them automatically. To solve this issue, the consortium partners of MEDIAN developed an innovative technological solution to enable identity verification and comparison of personal details via smartphone using a “Jacket”. A Jacket contains the infrared camera necessary for checking infrared features on documents.

Since the data collected during an identity check are highly sensitive, data protection must take top priority. The principle of data economy is also of special importance in MEDIAN. For legal reasons, the officer conducting an identity check may only collect a very specific set of data. If the officer also requests information which is not strictly necessary to identify the person in question, they will find themself in a legal grey area or in breach of the law, even in the absence of intent. Therefore, when developing the mobile application, it was important to protect both the person being checked from data misuse and the police officers from reaching the situation whereby they accidentally gather data which they are not permitted to request.

Full data transparency with check receipts

The project team also looked for ways to make the process of identity data collection as transparent as possible. This gave rise to the idea of a “digital check receipt” to be issued to everyone immediately after they undergo a check. In addition, the basic information about the check, such as the time, place and result, are stored on a server not accessible by the police. The person undergoing the check then receives the check receipt with a private code which they can use to independently access all of the data about them which has been collected. This makes police checks more transparent and easier to understand for those affected by them. The receipt also allows them to prove that they were already checked on a specific date.

´The check receipt gives the person being checked full sovereignty over their data. They are always aware of what data the police have collected and are also entitled to access it.`

Uwe Rabeler, MEDIAN Project Coordinator at Bundesdruckerei GmbH

The MEDIAN research project therefore combines multiple tenets of the security by design principle. It ensures data security, data protection and transparency without compromising in terms of user-friendliness. The results of the research project and the development of the Demonstrator - a customised smartphone - are so promising that the technical solution is now used in general identity and border checks as well as at large gatherings such as demonstrations and events.

Security by design as a core concept

Is security by design only suitable for certain applications, such as in the security services? Absolutely not! The core concept is universal: Security doesn’t start once the threat is already imminent – instead, IT applications must be transparent, secure and therefore trustworthy for users. This prevents nerve-wracking crisis management and cuts costs which would be incurred for repairs or replacements.

´A solid architecture, data economy, state-of-the-art encryption – it’s more efficient to commit to security from the very start rather than patch up the holes once something goes wrong.`


Uwe Rabeler, MEDIAN Project Coordinator at Bundesdruckerei GmbH