On 28 September, the Swiss will vote on the introduction of a digital identity card (e-ID). The proposal gives users the greatest possible control: personal data remains on the user’s phone. Neither the state nor private companies can track the use of the e-ID. And users decide for themselves with whom they share which information.
The example of pornography websites shows what this could mean in concrete terms. Today, children and young people can access these sites by clicking on ‘I am over 18’, even though pornography portals in Switzerland are actually required to block young people under the age of 16. In a future with e-ID, it would be possible to carry out age checks that protect privacy: Thanks to the e-ID, anyone who wants to visit the site does not have to reveal their name or date of birth. It is sufficient to disclose that the user is over 16.
The e-ID thus protects young people as well as the privacy of all users. To prevent the system from being exploited, the federal government maintains a register of companies that request too much information from the e-ID. If, for example, the pornography site wanted to register the name or date of birth of its users, users could report the site. The E-ID app would then warn other users about this website. At least, that is what the authorities hope.
No honey pot of data
The approach is clever. Nevertheless, when it comes to digitisation projects, no programme code in the world is 100% secure. The developers currently working on the e-ID code are well aware of this. They have therefore built a system without a central register – meaning there is nothing worth hacking.
To further increase the cyber security of the e-ID, the federal government has also published the programme code and launched a competition: anyone who reports a vulnerability will receive a reward. The 120 developers at the federal government want to harness the collective intelligence of the developer community.
Initial independent analyses of the programme code have shown that the programme actually does what the legal text promises. No more and no less. The code is not yet complete, and important components are still missing. But experts expect progress to be made soon. There is still time until the earliest possible introduction date in the third quarter of 2026.
One can say yes to the introduction of the e-ID, but no to its disproportionate use. Of course, no one wants to have to identify themselves with a government ID at every corner of the internet. We still need digital spaces where we can comment on political issues disguised as Mickey Mouse. Controversial opinions must also be able to be published and debated. This freedom must be defended.