It has a personal, unique and exclusive identification number or número de DNI –made up of eight digits plus a control letter– that is assigned to the holder the first time he/she obtains the document and that keeps throughout his/her life as a general identifier.
The current document is an electronic identification laminated card –or polycarbonate– with NFC technology, in the standard credit card size, which details the full name of the holder, legal ascendant(s), place and date of birth, address, signature, and contains a photograph.
The DNI is enough to visit and register as a resident in the member countries of the European Economic Area (EEA) and Switzerland.
It can also be used for short-term visits in the rest of Europe (except Belarus, Russia, Ukraine and United Kingdom) as well as Georgia, Montserrat (max.
[2] The idea to create a new document began by instituting a law on 2 March 1944, with the purpose being to gather census data.
The card was green in colour and used the emblems of the régime in Spain at the time, and it also included the holder's social status.
In the next model –issued between 1985 and 1991– the profession, marital status and blood type were removed, which was causing medical issues.
In the 1990s, new models were being made with computers, the fingerprint was removed and the Royal Mint began producing the DNIs.
They are issued at the offices of the National Police by the Ministry of the Interior, which regulates their protection and their laws.
For example, under Spanish law, a driver's license isn't a document to identify a person, but an authority can choose to admit it.
There is evidence that there are thousands of people that share their DNI numbers from the time when its issuance was not computerized.
This version of the DNI has the following elements:[12] The electronic chip does not hold personal information that is not on the card, including from other government agencies.
[15] In October 2011, five years after its launch, El País newspaper reported that use of the electronic DNI feature was very low, with many people preferring to use a digital certificate.
[17] During the month of November 2017, the National Police Force disabled the digital certificates issued after April 2015 due to a study by Czech researchers at the University of Masaryk.
They found that those DNIs were vulnerable to an attack known as ROCA, which allows the hacker to find the passwords of the user.
The government informed that they had not detected any DNI to be affected by it, but they decided to take precautions to make sure that it wouldn't happen.
According to the study, the flaw was in a code library used by Infineon, one of the most important providers of smart chips.
The ruling implies that it cannot be verified if a digital signature was made by the owner of the DNI or that the encrypted data is exposed to third parties.