Documento Nacional de Identidad (Spain)

The Documento Nacional de Identidad (DNI) (which means in the official translation National identity card; literally National identity document ) or carnet de identidad is a national identity document compulsory to all citizens of Spain aged fourteen and above. It has a personal, unique and exclusive identification number or número de DNI –made up of eight digits plus a control letter– that is assigned to the holder the first time he/she obtains the document and that keeps throughout his/her life as a general identifier.

The first DNI was issued in 1951. The current document is an electronic identification laminated card –or polycarbonate– with NFC technology, in the standard credit card size, which details the full name of the holder, legal ascendant(s), place and date of birth, address, signature, and contains a photograph. The card also prominently displays the unique identification number. This number is required in many legal actions and business transactions. When used for tax purposes, it receives the name of Número de identificación fiscal (NIF).

The DNI is enough to visit and register as a resident in the member countries of the European Economic Area (EEA) and Switzerland. It can also be used for short-term visits in the rest of Europe (except Belarus, Russia, Ukraine and United Kingdom) as well as Georgia, Montserrat (max. 14 days), Turkey and organized tours to Tunisia.

The ID card is issued at offices of the National Police. To apply for a DNI, it is necessary to have Spanish nationality. Foreigners legally residing in Spain are issued a Tarjeta de Identidad de extranjero (TIE) or Foreign Identity Card with its own Número de identidad de extranjero (NIE) or Foreign Identity Number.

History
In 1824, King Ferdinand VII of Spain founded the first police force in Spain and gave it the exclusive right to create and maintain city registries which would hold information on each resident's age, gender, marital status and profession. This was its first role and something that has continued to today.

The idea to create a new document began by instituting a law on 2 March 1944, with the purpose being to gather census data. The government enlisted the public by making a contest to make the new DNI, which was won by Aquilino Rieusset Planchón.

The initiative to create a new DNI came from Francisco Franco, which got his first DNI in 1951. The first group of people who were required to get a DNI were prisoners and people on bail, house arrest or parole. The next group required were men who had to frequently move houses for their job, then people living in cities of 100,000 people and plus, then people in cities between 25,000 people and 10,000, and so on until everyone in the population had a DNI.

Zaragoza was the first provincial capital to issue a DNI. After that test run, the issuance was extended to Valencia and then it continued spreading all around Spain.

The first modern DNI included the name(s) of the holder legal ascendant(s) and what their jobs were. The card was green in colour and used the emblems of the régime in Spain at the time, and it also included the holder's social status. The second card in 1962 incorporated their marital status and their blood type. The colour of the DNI was changed to blue. This version didn't have the gender of the user. The next card –issued between 1965 and 1980– kept everything the same, except for the signature of the Director which was superimposed.

The most significant changes happened between 1981 until 1985 with the card replacing the previous emblems with the new constitutional ones. It also re-introduced the gender of the holder. In the next model –issued between 1985 and 1991– the profession, marital status and blood type were removed, which was causing medical issues. In the 1990s, new models were being made with computers, the fingerprint was removed and the Royal Mint began producing the DNIs.

In 2006, they included a chip inside the DNI, making it an electronic identity card. This card allows the card holder to use the Internet for communications with the government. In 2015, they launched the DNI 3.0 with NFC technology.

Rules
DNIs are personal documents and are not allowed to be transferred. They are issued at the offices of the National Police by the Ministry of the Interior, which regulates their protection and their laws. The cardholder is obligated to hold and maintain the card during its period of validity. Any DNI is sufficient proof of identity and all the personal information in it, and is also a proof of holding Spanish nationality. On each DNI there is a number which is considered a general personal numerical identifier.

To obtain a DNI it is necessary to have Spanish citizenship, and all Spanish citizens have a right to obtain a DNI. Spanish citizens fourteen years or older are required to hold a DNI if residing in Spain and for people who return to Spain for more than six months. People can be fined for not holding a DNI and have a requirement to hold one.

Everyone who is required to have a DNI are obligated to show the card to the authorities if asked. While people aren't required to have the DNI on hand at all times, they are required to identify themselves and give it to the police officer if having it on themselves. If a DNI is required but can not be given, another document can be given in substitution for the document, even if that document is not officially a way to identify themselves. For example, under Spanish law, a driver's license isn't a document to identify a person, but an authority can choose to admit it.

If it is not possible to identify someone because they don't have their DNI at the moment, it is possible that they are required to accompany a police officer to the closest place to identify the person. If someone doesn't present their DNI when they can or don't agree to the police station, it can be considered civil disobedience –which results in a fine– or it can be considered disobedience to an authority which is a felony under section 634 of the penal code.

Validity
DNIs have a validity period of two years for minors less than five years old, five years for people less than thirty years old, ten years for people less than seventy years old and does not expire for people who are older than seventy years old.

Number
The number of the National Identity Document includes eight digits and one letter for security. The letter is found by taking all eight digits as a number and dividing it by twenty-three. The remainder of this digit, which is between zero and twenty-two, gives the letter used for security. The letters I, Ñ, O, U are not used. The letters I and O are omitted to avoid confusions with the numbers 0 and 1. whilst the Ñ is absent to avoid confusion with the letter N. From the beginning up to the present day, DNIs are assigned to the different police stations. Thus, every police station that issues DNIs do not run out of numbers. If the station runs outs of numbers they are assigned a new lot, which is not necessarily the same as the previous lot. This stops the false belief that low new DNI numbers are actually old DNI numbers of someone who has died.

DNI number one was given to Francisco Franco, with number two being given to his wife, Carmen Polo, and number three to their daughter, Carmen Franco y Polo. The numbers four through nine are vacant to this day. The numbers ten through ninety-nine are reserved for the royal family. Number ten was given to King Juan Carlos I, number eleven for Queen Sofía and numbers twelve and fourteen for Infantas Elena and Cristina, respectively. King Felipe VI has the number fifteen, Princess Leonor has the number sixteen and Infanta Sofía has the number seventeen. The number thirteen was left out due to superstition.

There is evidence that there are thousands of people that share their DNI numbers from the time when its issuance was not computerized.

Elements
Since December 2015, version 3.0 of the electronic DNI has been issued at all police stations. The card is made of polycarbonate and has an electronic chip with the digital information of the cardholder. The dimensions are identical to a credit card (85.60 mm wide × 53.98 mm tall). This version of the DNI has the following elements:


 * On the front
 * The main section indicates the last names (all Spanish citizens are required to have two last names), first name, gender, nationality and date of birth. The serial number includes a security feature, expiry date and signature of the cardholder
 * On the lefthand side of the card there is a photo of the cardholder. The photo is in black and white and is a bigger size than all of the previous cards. Under the photograph is the holders DNI number and security letter.
 * On the righthand side there is a transparent window with a laser engraved physical support number. Below that there is a changing image made via a laser which consists of the issuing date and a miniature photograph of the cardholder and the Card Access Number to access the RFID chip.
 * On the back
 * The top includes the holder's address and country of residence. Under that is where the holder was born and the name(s) of the legal ascendant(s) of the cardholder.
 * On the left is the issuing code of the DNI and the cryptographic chip with an NFC antenna
 * On the bottom part there is OCR-B information, compliant with ICAO regulations on travel documents
 * On the cryptographic chip, in electronic form
 * Electronic certificate to authenticate the citizen
 * Electronic certificate to sign electronically, with the same legal power as a handwritten signature
 * Electronic certificate from the issuing body
 * Keys of every electronic certificate
 * The cardholder's fingerprint
 * The cardholder's photograph
 * Digitalized image of the cardholder's signature

The electronic chip does not hold personal information that is not on the card, including from other government agencies.

Security methods
In the electronic DNI there have been various security methods implemented to hamper attempts at falsification.


 * Visible security features to the naked eye include optically variable inks and moving letters
 * Visible security features to microscopes and electronic systems include ultraviolet light and micro-sculptures.
 * Electronic security features include encrypting the data on the chip, requiring a PIN to access the card and no connection to the Internet.

Use
To use the electronic DNI it is required to know the personal password. This can be changed at a police station that issues DNIs. It is also required to have a computer and a card-reader. Card-readers come in many different ways, including inside the actual computer or being connected to a USB port, and the card-readers must be able to read an electronic DNI, meaning it must be ISO 7816 compliant. Finally, one must download the software which the police provide.

In October 2011, five years after its launch, El País newspaper reported that use of the electronic DNI feature was very low, with many people preferring to use a digital certificate.

In 2015 the DNI 3.0 was launched, incorporating NFC technology which can be read by phones.

Vulnerabilities
During the month of November 2017, the National Police Force disabled the digital certificates issued after April 2015 due to a study by Czech researchers at the University of Masaryk. They found that those DNIs were vulnerable to an attack known as ROCA, which allows the hacker to find the passwords of the user. The government informed that they had not detected any DNI to be affected by it, but they decided to take precautions to make sure that it wouldn't happen. While the cards could not be used for electronic usage, they can be used for identification purposes. In December 2017, they informed the public that cardholders could go to a police station to fix the security issues.

This vulnerability not only affected the DNI certificates, but it is a generic vulnerability detected in some cryptographic cards from some manufacturers, among which were the DNI issued after the indicated date. According to the study, the flaw was in a code library used by Infineon, one of the most important providers of smart chips. The ruling implies that it cannot be verified if a digital signature was made by the owner of the DNI or that the encrypted data is exposed to third parties.

For this reason, the validity of the signatures already made with these documents is questioned since it cannot be shown who signed them. Another vulnerability has also been revealed in the issuance of the signature: it does not certify when a signature was made, or the date or time of the operation.

Foreigner Identity Card
To get a DNI it is necessary to have Spanish citizenship. Foreign residents in Spain can get a card similar to the DNI but in blue, called the Tarjeta de Identidad de Extranjero (TIE). This card is the document that proves that the foreigner is legally in Spain. This card shows that the cardholder has been granted permission to stay in Spain for more than six months. The card is personal and non-transferable. On the card it also has the Número de identidad de extranjero (NIE).