The so-called E-ID is a state-controlled but privately operated central login with proof of identity for communication with private and state agencies. Should it be state-controlled or private or a mixed form? The new law provides for a mixed form, but the referendum campaign shows that the matter is highly controversial.
Apparently, the law was drafted by the administration during years without consulting experts. Because now experts have called in an open letter to reject the law for technical reasons such as more data economy, decentralised architecture and transparent processes.
The national vote will take place in Switzerland on 7 March 2021.
Commentary, rants, not warnings of Downtime! Dave Birch runs a blog called Digital Identity to promote his consulting company (CHYP or Consult-Hyperion) which specialises in Money and Identity systems. His recent post on British experiences with Identity things is of interest to people here. Here’s a quick summary:
- A French ID card can be used to get you a job at Sainsbury’s, but not to buy alcohol.
- Banks can tell whether local passports are real, but foreign passports are just accepted. Because they can’t tell, they don’t.
- Remember the Irish Police force’s search for their most wanted speedster: Mr Prawo Jazdy. Once they translated the term into “driving licence” in Polish … all became clear.
- A car owner was arrested because his new form was a slightly different colour. The registration people thought it was a forgery and called the police…
- You can call the UK Border hotline to confirm a national ID card. They will tell you “to ask [your] customer for a ‘second proof of identity’.”
- It’s a smart card, and the smart way to check it is “to flick the card and listen for a distinctive sound, if they doubt the card’s authenticity.”
- More here on how it is easier to get a bank account if you are a criminal or a foreigner than a poor unidentified person.
That’s all good fun! We know where all this is going … indeed, one of the strengths of the CAcert Assurance Process is just this. Working with the documents might be called a competence of CAcert, if we were into management-speak.
Read the whole article for the fuller picture; it’s fun. One thing I will disagree with Dave on is his recommendation that there be a digital solution that either works or it doesn’t. Although I frequently remind people that, in a well designed security system, “There is only one mode, and it is secure,” I think actually it is a hopeless goal to expect the British government to field such a system. They will create a pink elephant.
Far better for new identity systems to emerge from the marketplace. As suggested by Dave, this is likely to be the mobile phone. We are around 80% of the way there; and with things like Android, the other 20% is now on the marketplace. Soon enough…