Would be nice to be able to see it in action to get a better sense of it.
Belgium has had smartcard-based e-ID for nearly two decades now (and they've recently added alternative forms of authentication for some services). It hasn't been a terribly great success. People do use it, if reluctantly.
My biggest gripe with it is that whenever I have to authenticate or sign anything, I have no way of verifying what exactly I'm signing. I'm asked to enter a PIN, after which something is signed on the eID. But did I really just authenticate to the VAT service? Or did I agree to sell my first born child to Satan? I have no way to tell.
As with the Proton payment network some 20 years ago, the Belgian state ceeded to all-powerful lobbying and weakened eID by e.g. disabling the encryption bit or by disallowing email signing outside of the state-sanctioned websites.
eIDs could have been wonderful little tools. Instead, they were forced on citizen's and now, we are facing an even worse setup with the Itsme app that links the smartphone to state services and degrades the owners of free, opensource or just rooted phones to second-class citizens by disallowing them access.
Some time ago Belgium also gave up its digital sovereignty by cancelling its Root CA. Instead, it now uses Digicert ROOT CA which is controlled by a US entity.
Proton was way ahead of its time. It was great. And I was saddened to see it fail.
Itsme is pretty terrible all around. Their idea of "security" is ... quaint. Sadly they're not the only ones who are forcing people onto the non-rooted Android/iOS-duopoly. But unlike eID, Itsme isn't required for anything yet. AFAIK anything that requires Itsme also works with eID ... for now.
The eID card was doomed from the start by terrible usability. No device can read those cards natively, you needed a dongle. It also didn't work with native web technologies, you needed browser extensions. And if you lose your card, you need a weeks long replacement process, and cannot use your eID in the meantime.
Same problem with proton. Payment terminals needed to ask the consumer if they wanted to pay with proton or debit, and that added a few seconds of delay for the processing of every customer, which actually cost a lot to big supermarket chains, more than they saved with proton, and thus they dumped proton, and everybody followed suit.
Their functional successors, Itsme and Payconic have on the other hand great usability and thus have achieved much bigger successes.
While I agree that using card with computer is usually quite a bit annoying, but misplacing the card is not so big deal. A quick replacement card can be issued in less than an hour but it is not a "physical ID" (no photo), only electronic. It costs a bit more than normal eID card and it has shorter validity period. This can be active in parallel with the full eID card.
I personally rarely use ID card electronically, but I use mobile ID (phone sim application) instead which is much more convenient. Unfortunately this is phased out in this year and I haven't seen any full replacement for it so far.
Ah yes, Payconiq, which only works on a small subset of walled garden devices. As opposed to a cheap card which fits in anyone's wallet. A proton payment was essentially two button presses, card selection + OK. It only added delay because some terminals were slow or weren't very user friendly. Paying with Payconiq in a shop isn't any faster than Proton. Someone (or something) still has to decide which payment method is going to be used. And quite frankly, if two seconds is too much friction for a physical payment, I hope you never find yourself in a shop when the Payconiq system is down.
Actually mTLS has been a native feature of browsers for more than a few decades now, still is.
A card reader is very common in both laptops and PC's in countries where smartcards are common. Kinda supply-demand thing. Not to mention the readers are cheap.
For mobile devices you can basically use a smartcard SIM that provides similar functionality. But there are other options for secure secret storage on mobile devices.
Most of the hindrance is behind the willingness to pick a solution and commit to it. Doing it half-assed and never reaching the tipping point will doom every solution.
I'm using X-Road services every day. Mainly for signing documents/contracts and doing bank transactions. But you don't have to use ID-card for that. Instead, you can use Mobile-ID and Smart-ID. Also, if I'm not mistaken e-residency[0] is built on top of X-road.
To me the interesting vulnerabilities in these schemes previously were the "offline mode," where you need to be able to present a verifiable cryptgram without access to the issuers network. As I remember from several years ago, compatability with chip-on-card schemes that lacked the processing capabilities for RSA or space for ECC keys meant you needed to design the ID scheme to use symmetric key protocols, which forced offline modes to cache single use keys and the security of those were provided by counters and timers.
Once you move to mobile devices and "digital id" like the SMART Health vax passports, you can use asymmetric key based protocols, and you can do the offline verification by distributing the public part of the user certificate signing key to verifier devices. If it requires compatability with physical cards, it's using single use symmetric or stored keys for offline mode, and if it doesn't, it can use asymmetric keys for a verification protocol. In the latter case, my impression was that absractly, the vax passport verification protocol was not unlike JOSE/JWS tokens today.
The main failure modes are if the signing key gets compromised (as there was news one recently did) and someone starts generating fake vax passports and dilutes the system, or exploiting the recovery process where people can duplicate someones cert by getting it reissued to them.
Reality is, in a society with an internal passport system where you have to show papers for everyday movements, any constitutional rights or freedoms cannot be guaranteed because by being obligated by law to present ID, you are no longer a protected member of a citizenry with rights to move and associate, and in that instance you are are reduced to a political minority of one.
I get we need ID for online services (I do a lot of work in this field), but we do not need national identity cards to accomplish any goals those services provide.
> Reality is, in a society with an internal passport system where you have to show papers for everyday movements, any constitutional rights or freedoms cannot be guaranteed
Well, theoretically they can, it's just a system that is so easy to exploit that it doesn't make sense to lose time talking about the unexploited state.
Anyway, the entire problem here is with the "show your papers for everyday movements" part, not with the government making your papers easy to use.
It seems so reasonable, but when you make something easy, people (governments) do it. ID cards are an attractive nuissance for authoritarian personalities, you just don't equip them if you want to live without abuse.
I've worked in privacy, and unless you make an explicit and specific law against something, orgs are going to find a way to abuse it. One can absolute be in favour of identity cards and internal passports, but they should just not couch their authoritarian urges in "convenience," and try to make it seem like it's our own idea for our own good.
2 proofs of address, bank statements/utility bills etc; that are sent to your address with your name on.
1 form of citizenship proof such as birth certificate.
Additionally, Depending on “proof” level: notarized passport photo (by someone who is considered trustworthy, police officer, business owner, doctor) and whom is not related but whom you have known greater than 5 years.
Also additionally, parents birth certificates.
Had to do the last two to get my passport, notarized passport photo with two different people that were not family that I’d known for 5 years.
Recently moved to the UK from Denmark. E-government wise I would say the UK is at least 10 years behind. And now instead of just one authority that has my details. I've lost count of how many places I've had to send a copy of my passport. It just does not make any sense to not have some kind of national eID.
How easy is it to access that in Denmark though if you're not a citizen? I moved from the UK to Finland and had to:
- Visit the Imigration office with my passport (as an EU citizen I might add) where they took a copy
- Visit the local registry office with a bit of paper from the above, and my passport, where they took a copy
- Visit the tax office with my passport, where they took a copy
- Only then could I visit the police station with my passport (where, you guessed it) and/or a bank, with the passport (yes the photocopier worked well there too) in order to get access to the E-ID service. Which I will agree does make e-government superior to that of the UK, but, it was not 'frictionless' in the begining.
Also, a lot of EU people get caught out by the first step requiring an appointment which is usually months out (as being non-eu, weirdly you're almost in a better position because you can, or rather have to, get that done before you leave your own country)
Completely agree though that even as a citizen and living there all my life (until a couple of years ago) - the 'gas bill/bank statement' thing is a massive PITA. However a lot of places are trying to work out a better system and will use credit reports and fuzzy logic to validate your information to a threshold they're happy with. This is also something the government themselves are working on. Interestingly, as much as the Finnish system has saved me time, I just don't agree with the idea that the government should maintain some centrally accessible and enforceable registry of where everyone lives.
"Important" is the key word there. Going to a restaurant, leaving ones house, going to concerts, participating in sports, are not an important time to show a linked identification document and have it remotely verified by an authority, and recorded. Contriving the important instances is what makes internal passport systems oppressive.
I mean, in the US for decades "are you a citizen" seems to have revolved around whether you can present a yellowed piece of paper that has absolutely zero security features: your social security card. Sometimes a birth certificate, which has only slightly more security features.
As technically interesting as using a card to sign stuff may be, I don't want that to be the government responsibility, as it then opens the door for it to be used in ways that limit our freedoms: a system that's too perfect can uniquely identify you, in ways that prevent disassociation (ex: the place of birth on the passport is of great interest to some totalitarian places, while only citizenship should matter..)
So for me, the ideal ID system is decentralized, self-declarative, and the weight of the proof depends on the length of history, not on "who" says it's true: there should be many such services where you could declare a name and an address and anything else you wish (phone, email...)
The value after a few weeks would be close to nil, so you could decide to "increase it" by having several people vouch for you (strength in numbers) instead of relying on a "who" (public notary).
Or you could totally decide that you care about your freedom/independence/whatever and NOT ask for any vouching. It may be hard, but after a few years of reliably receiving mail and orders at that address, it would acquire some serious weight - a bit like you tend to trust online accounts that have been open for some year.
Among many other things, this would also allow anyone the opportunity to "change" easily: want a new name/move to a new address/etc: create a revocation certificate for the old, sign it with the new, boom you inherit the credential history!
It's just a quick idea, but it shows how IDs could be more like URLs (multiple competing services, and you could have a few at the same time, why not!) by moving away from the current system that's a direct descendant of the census (give the lord a list of people to tax them) and the passport (limit freedom of movement during the war)
At the core, I believe people should be in control of their identity, not governments or states.
I have a governement id and a google logon. I worry a lot more about google than the gov.
There are legally enforced limits to what can be done with my gov id. Regulations say who can see it, what it can be used for, and a court for when things go wrong. If thing go too bad, a public backlash will occur, and politicians are very sensutive to it. Not perfect, but it works.
Google/Microsoft/Facebook, otoh, have no obligations to you. They use your id as they see fit. They revoke your id as they see fit. They prove to be bad stewards, have invisible everchanging rules, and only 1 punishment for violating it. Meanwhile you have to have an id with all if them, or network effects eill give you trouble when others use a service to contact you.
You're idea will not put people in control of their id, it would put the bigcorps in control of it. When big enough, a corporation is like governement's evil twin.
Well, we're the opposite then: If I want to be over and done with google, it's super easy. And if I don't think they delivered value for what I pay, I can have the payment reverted by my CC. And try as they might, google will have trouble putting me in jail or killing me :)
So yes, I really love that they have no obligation for me.
And if Google/Microsoft/Facebook can do ID, there will certainly also be a Linux solution, and I'll use it :)
The US government has no trouble killing or jailing people, even with only a half functioning id system. In fact I have no idea how it's acceptable to give everybody a social security number and then claim it is but a secret and a public identifier. It's the worst of both worlds.
Now without google account, you're locked out of a big chunk of the android world. I recently joined a group using hangouts, google account required. School and docter and a few others started to use ms teams since corona, requiring a microsoft account. I don't have facebook yet, but it costs me a lot of mini second hand sales in the neighbourhood. There are other such cases.
I could try to re-educate every one of these groups, but after a full time job and a family, that's not how I want to spend my time. There's a short amount of time to spend in life, and a worthy cause on every street corner. Feel free to mock me for not choosing these particular hills to die on.
I'd rather have consumer protection and/or anticompetitive action. The governement can spend some of my tax money on it, as it's their job. Meanwhile I'll use my id to log in at my healthcare provider, knowing that if they are stupid enough to sell that data, they get a backlash from the public opinion and some very unwanted attention of the courts.
> I don't want that to be the government responsibility, as it then opens the door for it to be used in ways that limit our freedoms: a system that's too perfect can uniquely identify you, in ways that prevent disassociation (ex: the place of birth on the passport is of great interest to some totalitarian places, while only citizenship should matter..)
You mean like social security numbers, which tell anyone where you were born, down to a fairly limited range of zipcodes?
Or how about driver's license databases, which include your ethnicity, possibly your religion, etc? You think the guys in black helicopters are going to let a pesky little thing like "get the state's drivers license database" stop them, particularly when there's already a national clearing house system so states don't issue duplicate licenses, licenses to people who owe money or have had their license revoked, etc?
General hand-wave-y conspiracies about national ID cards making it easier for everyone to be death-camped are just a right-wing attempt to harm federal government effectiveness so they can continue to hamstring everything it does and then shout about how ineffective it is and thus it needs to be cut.
If the government wants to ship you off to gas chambers, it can do that just fine without a functional federal identity system and in the meantime everyone's lives would be significantly easier. Imagine if everything you did with local/state/federal government and healthcare no longer involved a page worth of identity crap, just presenting a free ID card.
> You mean like social security numbers, which tell anyone where you were born, down to a fairly limited range of zipcodes?
Indeed, I want none of that. I wish I could ask the SS to delete my registration and let me deal with the consequences.
> You think the guys in black helicopters are going to let a pesky little thing like "get the state's drivers license database" stop them
It may be nothing much, but anything that can make the work of a potential abusive government HARDER should be done.
> particularly when there's already a national clearing house system so states don't issue duplicate licenses, licenses to people who owe money or have had their license revoked, etc?
And you nail it: with the system I proposed, there would be duplicates, and people owning money etc. It'd be messy. And that's good: because that's where freedom is often found, in messy systems.
> You’re an outlier in your belief systems. People don’t want messy, they want convenience and assurances.
It seems to me that people care more and more about their privacy.
As for convenience, most people I know use an iphone with an android tablet and a windows computer, so by revealed preferences I'd say their actions speak louder than their words.
Nice overview! IMHO all countries need e-government services ( with graceful fallbacks for old/technically illiterate/etc. people), and most can probably use X-Road without needing to reinvent the wheel.
> graceful fallbacks for old/technically illiterate/etc. people
That attitude toward offline people should not be so dismissive. Being able to continue operations without relying on the computer systems is a "when" not an "if". Maintaining those fallbacks is good practice to prepare for that situation.
In Denmark ~95% of the population receives all communication from the government on both national and local level electronically. The rest are exempt and receives them using plain old mail.
Why is it a "when" ? Most people are capable of using a computer or a mobile device to access government services, and for them it's much faster and easier ( and of course it also is for the government bureaucracy). The fallbacks should be the exception that works when needed, but digital services should be prioritized.
It has it's own pitfalls, like consent not being a founding design goal, but considering the alternatives it's only five steps forward one step back.
That aside, it would indeed be usable, but the realist in me sees that profit motives will cause a NIH-syndrome-like result. Ten years late since X-road was created and extra ten years late due to reimplementing and five times over the budget.
I have higher hopes that eIDAS and ASIC-E will gain adoption, those could significantly reduce the absolute pain in the ass that is dealing with some parts of Europe and their paper and fax-based bureocracy. (No, a faxed signature or a gas bill is not a valid method of identifying someone)
e-Estonia and X-Road have gotten a lot right over a long period of time, but selecting and relying on Gemalto was clearly not one of them--rolling out useless, vulnerable cards for 9 months is impressively bad execution.
In its current design and implementation, X-Road is interesting. For example, Data Embassies are a notion that I can get behind. I suppose that is why there are so many countries evaluating it.
The mistakes made have been described thoroughly by Arnis Paršovs if you want to read more, but I want to say that Gemalto is not necessarily the true cause. For example there are known cases of keys being generated outside the smartcard, Gemalto or no Gemalto, you can make grave mistakes when you have flawed processes or rules.
Belgium has had smartcard-based e-ID for nearly two decades now (and they've recently added alternative forms of authentication for some services). It hasn't been a terribly great success. People do use it, if reluctantly.
My biggest gripe with it is that whenever I have to authenticate or sign anything, I have no way of verifying what exactly I'm signing. I'm asked to enter a PIN, after which something is signed on the eID. But did I really just authenticate to the VAT service? Or did I agree to sell my first born child to Satan? I have no way to tell.