229 comments

[ 2.9 ms ] story [ 180 ms ] thread
The dutch government's SSO app is a complete pleasure to use for this- I hope they use it as a model for everything else.
That would mean getting the German government on board. And their track record around these things has been less than stellar, to put it mildly. They always find a way to add wrinkles and complications that make initiatives such as this one pretty much useless in the end.
I think the problem many people miss in this context is that it's not a bureaucracy or a technology problem — it's a cultural one. There's a reason cash is king in countries like Germany and Switzerland. As someone who lived in the latter as an expat for a while, they often simply prefer the option you can physically hold. Trust is the name of the game, and I think the cultural bridge will need to be crossed first before adoption becomes the norm.
> There's a reason cash is king in countries like Germany and Switzerland. As someone who lived in the latter as an expat for a while, they often simply prefer the option you can physically hold.

It might also be cheaper to use cash, given banking isn't typically free in Germany.

I'm not sure why you're trying to say here. Pretty much every German and most definitely every merchant has a bank account. Personally I've never had an account that wasn't free either, although some banks are changing this in light of the low/negative interest rates.
I don't agree with this analogy. Most Germans I know (especially those who like cash) are not against the existence of electronic payment at all, but about the choice to have both ways. It's mostly lamenting that you still can ONLY pay in cash in so many places. (Covid has actually improved the situation at a lot of places.)
I have nothing good to say about digital services in Germany. At best, you get a digital version of the old paper form.
UK expat in NL (3 years). Concur wholeheartedly. The Dutch have nailed their SSO app (DigiD) - this is the model to copy.

It eliminates a multitude of steps (sign up, proof of identity, credential management) to accessing any government service from booking COVID tests to paying taxes.

While it is pretty nice, I like Estonia's model even more. Achieves all the same things but requires fewer steps, all the while supporting multiple modes of logging in (with your phone, with a card reader, etc).
This is a joke, right?

Although I wouldn't be surprised if the prolonged use of the DigID app (i.e. because it keeps crashing, or is offline for maintenance again) would have caused maniacal insanity.

Edit: The app works most of the time, but it is very unstable and not at all user friendly. No QR-code scanning feature but manual code input only, no login confirmation, no active session management or insight, most services allow you to log in with just your username/password and don't require the app at all, etc.

I have honestly no complaints about digID. I don't use it much but when I do it just works.
But to call it "a complete pleasure to use"?
I mean, I feel like the main requirement of it needing to be secure is basically incompatible with pleasure. I think it is about as pleasurable it can be.
It definitely has a QR-code scanning feature, I used it about half an hour ago to log in to a couple of things.
Not on Android DigiD app version 5.18.1 (822), I just checked. The "koppelcode" can only be copied manually.
I guess i can understand wanting a second QR code instead of the 4 character koppelcode, but it seems hard for me to say that it's difficult or time-consuming to enter it.
ah, the koppelcode needs to be manually entered, but then the next step is to scan a QR-code (Android, latest app version, but it's been like that for a long time afaik)

I do wonder why that code has to be manual and not embedded into the QR code, I assume there's some reason for it. But it's also only four letters, not terribly tedious.

On the other hand eHerkenning is a joke. SMS-based 2FA...
I live in Belgium where we already have eID and SSO apps that work okish. But I fail to see the need for an EU wide ID. I don't think most EU citizens use services from other EU countries than the one they live in. Not services where they need to ID themselves. How much of the population would be in the category needing something like this?

I'd say this should be left to the national Governments.

The EU wants it to be as smooth and painless as possible to go from one EU country to another. If you see it under that lens, this moves makes a lot of sense.

Such a service would be useful for me for example: a french living in Belgium with relatives in Greece.

Absolutely, right now it's often incredibly difficult to establish residence in another EU country. If you move to Sweden, for example, it can take over half a year [1] before you can access government services, banking, healthcare, or even much of online shopping.

[1] https://www.thelocal.se/20210510/my-first-visit-to-the-swedi...

Really? I moved from the Netherlands to Romania a few years ago and all I had to do was register for residency at the immigration services. That took about 15 minutes. I opened a bank account the same day. Healthcare was also easy once I was employed.
You can survive, but most online services depend on the availability of a fiscal number, which sometimes takes ages to come especially if you are not employed. Once you're in the system everything becomes smoother. An EU-wide system would be absolutely great for those coming to live here from other EU countries.
(comment deleted)
I'm Swedish living in Sweden, but lived most of my life in the US. I too had many issues with this sort of thing. Frankly it's a national embarrassment. At the very least I think that Skatteverket shouldn't be allowed to assess any taxes from someone that hasn't been assigned a personnummer. Not even retroactively. Maybe then they'll have at least a little incentive to do their job.

But really this just makes me sad that cash is going away. It provided some ways to work around the system, but with so few people accepting it, you're just kind of the mercy of the bureaucracy. And good luck ever convincing common Swedes it's an issue when they've always lived in the system. They only see it as something that works so well, when it is basically broken for all newcomers.

eID and okish in the same sentence? Yikes. It's a terrible experience for me. It doesn't work well on non-Windows operating systems. It doesn't work at all on many operating systems. Which is silly, because it's just a smart card which should work everywhere, but somehow that isn't the case.

The "itsme" SSO app is even worse. You can't use it without using an iOS or Android smartphone (and even then it probably won't work if it's rooted). And it's got this really weird requirements of being secured by a 5-digit pin (no more, no less last I checked..).

that's why I said "okish". I think "itsme" works fine for most people. But yes, the system is far from perfect. However, do you have trust that the EU Commission will design something better?
Using the PKCS11 certificates on a Belgian eID is cumbersome because the whole 'client certificate' workflow has always been a pain in the butt UX-wise. Many workarounds have been implemented to improve on this, making it less platform-independent than theoretically possible.

The itsme app works totally fine for me, and my less tech-literate family members. It strikes a good balance in UX and security.

All in all, I think that the Belgian government is doing a good job in this. It needs to work well for the average user, which it does! I don't expect my government to spend time and money to support all fringe cases like smartphones that don't run iOS or Android.

> I don't expect my government to spend time and money to support all fringe cases like smartphones that don't run iOS or Android.

I expect my government to create solutions that work for everyone. Including "fringe cases". Including people in poverty. The marginalised. The contrarians. The smartphoneless. Everyone.

Edit: and I especially expect them not to further the de-facto duopoly of Google & Apple.

Note that itsme is not a requirement for anything, so the smartphoneless still have alternatives available. To file your taxes in Belgium, you have the option to file on paper, or online by logging in through one of: eID reader, itsme, 2FA using an app (e.g. Google Auth, Authy), e-mail, text message, or a EU-wide ID system. Who exactly is being excluded here? Also, which other smartphone OSes do you expect them to support?
> Belgian eID works (almost) flawlessly on Linux.

The software stack is pretty much standardized. I am a bit worried about aarch64 platforms, but hopefully they will also be supported.

OTOH, the itsme application is a huge security issue aside of being a serious vendor lock-in over passwords, 2FA and OTP. It is tivoising logins like OKTA, except that here, it is mandated by the state.

It's not just about working on various platforms. The whole thing is just ... weird. When you're signing something with eID, you have no idea what you're signing. It could be anything. You have to trust that's signing what you think it's signing. Even the difference between signing and authenticating isn't always clear. It would be super easy to trick a user into signing a document while pretending to present a login form.
We have different experiences then, mine are fine. I've been filing my taxes with eID on linux debian stable + firefox for years, maybe even decades. Had to add the apt repository for eid.
Having a unified way to e.g. verify the age of someone without getting their personal data would simplify some services (e.g. youtube) which currently require payment information or a photo of a physical ID and 3 days.

The german eID (and bank cards) already contain a way to sign whether or not the holder of the card is >16 or >18 without revealing anything else (e.g. for cash-payment at cigarette dispenser machines)

Similar functionality being available in a unified way across the whole bloc is something few other countries have done yet and would drive innovation

Why would you need an unified solution? Why not leave it to the national governments and Youtube or whomever can personalise their checks based on your location.
Because it will work for everybody everywhere the same way, which is part of creating a common market, instead of common mess.
Implementing a functionality for e.g. the danish national ID with a few million users, or Luxembourg, or Austria, isn't worth it.

So you'd have support for France, Germany, maybe Netherlands, and that's it.

With an EU-wide ID, the smaller countries profit significantly, and startups can integrate and use the functionality easier.

> Why would you need an unified solution?

To facilitate freedom of movement within the bloc.

The underlying standards are already international. And their production is spanned across the world.
Because they would implement for 5 of the biggest EU countries and left the rest of us behind.

Spottify advertised itself in EU for half a decade or more, but has been available in my country for less than a year.

Because interfacing with 27 different ID solutions instead of one is a waste of effort and most companies wouldn't do it?
For someone who makes use of the free movement within the EU for, jobs and residence, having a common system would be very useful.

Currently, moving to another member state would require multiple steps to getting access to eID services in that country. Such as requesting (and pay for) a conventional national ID, in order to set up an eID that can be used for banking and identification in that country alone.

I'll add that my experience is based on moving within EU in the Nordics, which historically promote seamless free movement between those countries that often exceed the goals set by the EU.

We're far from that. The gap between countries is big. Just to mention Belgium's example despite having an eID, you can't even change your address online in most communes and you need to physically present yourself and demand the address to be changed. About half of the EU countries don't have eIDs. Also we're talking of less than 5% of EU population (some figures I've seen are close to 3%) working in a different EU country than their own. do we really need to implement such a system that comes with major risks? given that it benefits such a small percentage of people?
I agree, but you have to start somewhere though. As much as fixing the issue you mentioned would make eIDs more useful, having eIDs in the first place would give us more reasons to tackle this and similar problems.
Why do you have to start somewhere? Why is it a requirement to have eID?

Because we can is not a reason. This is the same reason we have global warming. We can build gas burning cars, so we should, without thinking of the consequences.

Of what use is eID, when no one can secure anything network connected? When all eID will be subverted, stolen, misused, making the same useless? And meanwhile, causing endless misery for those experiencing the loss of privacy, the consequences of identity theft, abuse by foreign powers, and more.

On top of this, I absolutely don't need it easier for a state to track me. Now every time I show my eID, the state gets pinged to validate it?

No thanks!

"This is the same reason we have global warming"

Thats escalated quickly...

"he loss of privacy, the consequences of identity theft, abuse"

You are like 15 years late to the party, you can easilly buy/scrape/find enough information to get credutcards in sone poor sucker's name from the facebook and experian data leaks.

I would say that if you change a physical address it makes sense to be there in person to prove it. This could be seen as a kind of security/verification feature.
Some countries confirm it by sending a document to the address and you must respond with the provided code. Seems more secure than being present in an office?
I was recently in person to confirm my address in UK and they made a typo and placed me on an address that doesn't exist
Belgium checks this by sending a police officer to your address at a time you're likely to be home (~7:00 on a weekday evening, Saturday morning, or the like), regardless of whether you changed your address at town hall or online. The only reason more places don't introduce such features is that it's all done on the municipal level and not all municipalities have the same priorities.
Well since it's a greenfield project for many countries it might make sense to build a continent-wide solution rather than let each country cobble together their own incompatible platform?

Besides, it's not only for intra-EU Digital Nomads but also for business operations beyond national borders; reducing the overhead improves accessibility from the less developed countries to richer markets.

And there you have it ; risks. No one on the planet has been able to ever, and I mean ever, lock down data when connected to the internet, from hacking.

Ever.

If you have not been hacked when specifically targeted, it only means your data is not worth the cost/profit. Pre-zero days abound, firewalls will be bypassed, and worst?

People will be bribed, coerced, scammed, tricked.

There are only two options:

1.. Absolutely zero Internet access for anyone working on said computers. No mobile phones allowed in the building, no machine with internet access in the building, faraday cage around the entire building, etc...

Yes, no email.

Nothing.

2. Paper

And of course, the above with physical access controls, and scans / searches.

The real fix for all identity theft, is to make it a crime, and a serious one, including mandatory jail time for all CxO level execs (on the premise of gross negligence) for obtaining any data on individuals via illicit means.

And that has to be world wide.

The point is not just what is there today, but what we want for tomorrow.

In the US, it's normal for people to move to a different state to attend university, and then from there often to a different state again. Something like 1% to 2% move each year to a different state [0], which means in 10 years more than 10% of people will have done that. Some cross state borders multiple times in their lives. This is what we want to achieve, because it fuels economic growth and removes obstacles to happiness. (It's also, in a way, a restoration of what we had pre-Nation-State, when people were basically free to settle anywhere they wanted; but that's beside the point). Making the process of moving across the continent as smooth as possible is a Good Thing.

I would also move a point on terminology:

> working in a different EU country than their own

People don't own countries, they are born into them. (This is not just a pedantic remark - I think it's important that we move on from XIX-century nationalistic terminology if we want to achieve progress.)

[0] https://www.mymovingreviews.com/move/how-often-and-why-ameri...

>People don't own countries, they are born into them. (This is not just a pedantic remark

It doesn't really succeed as a pedantic remark, because 'their own' doesn't denote ownership. For example, here is a sentence in a BBC news article that I found by googling:

"Even his own boss said Andrew Gilligan, the BBC reporter at the heart of the Hutton Inquiry, 'paints in primary colours rather than something more subtle'".

This sentence does not suggest that Andrew Gilligan owns his boss.

> In the US, it's normal for people to move to a different state to attend university, and then from there often to a different state again.

European Union is not a federal government like the USA but a union of independent countries.

In Europe it’s normal to live your entire life in the country you were born. Of course you can move wherever you want whenever you want but it’s never needed because there is 99% odds that your state have what you need (specific university, companies offices …)

Since Europe have really poor democratic control and power structure as of today, we are far from a federal Europe.

Even European policies like RGPD are always enforced locally at country level, there is no such thing as European government.

> Since Europe have really poor democratic control and power structure as of today, we are far from a federal Europe.

I don't agree, partly because I don't share your view that democratic control and structure is "poor". Mainly because trying to flip the tables and redefine the goal and aspirations of the EU is a bit far fetched, as it doesn't even include becoming a federal Europe.

> Even European policies like RGPD are always enforced locally at country level, there is no such thing as European government.

That is by design, not a mistake.

You read my post like a criticism of EU, which it isnt

> I don't agree, partly because I don't share your view that democratic control and structure is "poor".

Current democratic control is mostly sufficient for what the EU is today : a union of independent countries. But this control is not enough at all if we wanted the EU to become a government with executive power.

> That is by design, not a mistake.

I never implied it was a mistake, neither that it was a bad thing.

Thanks for clarifying! My criticism was unwarranted.
1) The fact that we are far from a federal government doesn't mean we'll always be such.

2) I think you overestimate the involvement of the US federal government in law-enforcement across the country. A lot of (most?) laws are actually passed and enforced at state level, with the FBI only getting involved in the worst situations or where cross-state cooperation is necessary. California alone has tons of gdpr-like laws that it sets and enforces independently. There is an entire US political culture based around "state rights" that constantly pushes for having a looser federal structure that looks very much like what the EU is today.

3) it's not like they don't have universities in Minnesota or Nebraska, a lot of people sticks around where they were born. The difference is that the ones who don't, find it easy enough to relocate. This helps creating world-beating industrial districts like Hollywood, SF, Houston, New York, etc etc - because they can attract the best of the best among 400m people.

100 years ago people rarely moved from a village. 50 years ago they rarely moved from a city. Now they rarely move from a country. See where it's going?

> 1) The fact that we are far from a federal government doesn't mean we'll always be such.

Maybe, and I'm not even against the idea. But it would have nothing to do with European Union (the current entity)

> 2) [...]

I'm not an US expert, and I mostly have the same picture as you. I don't see what you are trying to prove ?

> 3) [...]

I never said that one system was better than the other, just that they are different with different strengths and different weakness but that migrating from one to the other is extremely difficult and probably require creating new entities. I totally can imagine an European Federation but I don't see it being the same entity as the European Union.

> But it would have nothing to do with European Union (the current entity

We are going into hypotheticals here. I am pretty convinced you are wrong, but only time will tell.

> I don't see what you are trying to prove ?

It was mentioned that the EU "cannot even enforce <some law>", but the reality is that the US federal government, that model of global cohesive superpower, more often than not cannot do that either. Do we go around saying the US government cannot do anything right, because coordinating 50 states is impossible? No, of course they can do some stuff right. Same for the EU. Already the fact that there is one "supreme tribunal" across the continent is quite remarkable, as well as a single currency for most of the Union, or a single arrest warrant, etc etc. Things move slowly but they do move, and if enough people keep pushing for a united Europe, sooner or later we'll get there.

As a Texan (yes, we have state loyalty more so than country) I would suggest taking a low and slow approach to unifying Europe under one federal entity. It took a few contentious iterations before the United American States became the United States of America and then a bloody war to fix absolute power with the central/federal government over states rights. Even today political tensions threaten to re-map state boundaries or outright dissolve the union.
> Some cross state borders multiple times in their lives. This is what we want to achieve, because it fuels economic growth and removes obstacles to happiness.

On the other hand, people are forced to uproot and discard their entire social support network - family, friends and others - multiple times in their lives. This does not only negatively impact happiness, but also has severe side effects and associated costs!

This can range from not having a place to crash (or a source to borrow money from) when getting priced out of a home or losing your job, but also having to waste money on childcare, family meetings / events being more expensive because people are spread all over the country and similar problems. And for the elderly, they are dumped in care homes with substandard but expensive care instead of being around their families in their final days. Call me old-fashioned but I find this disgusting.

And I didn't even touch the topic if this uprooting of people is detrimental to their mental health, especially for children - I would not be surprised if the rise of depression and other MH disorders can be linked to being constantly on the move in childhood!

The worst net negative for society as a whole is that enforcing mobility creates a massive concentration of people in urban areas (where rents explode and traffic becomes untenable) on one side and "left behind" rural areas on the other side where population erosion only leads to bitterness and erosion of trust in democracy itself, and any investment in infrastructure or life quality becomes prohibitively expensive.

We have seen the culmination of decades of neoliberalism in the rise of nationalist demagogues across democracies worldwide. We as humanity need to take a step back, cool down and ask ourselves if what we are doing is actually positive for society.

Being an EU migrant myself, I know the impact of all this very well. Every day I wake up hoping my parents are still healthy, because caring for them will soon be a massive problem. And still, chances are that sticking around my hometown, as beautiful as it is, would have doomed me to a much worse life - and not because it's been "left behind" in any way, but because I simply don't match the culture in very significant ways.

Obviously nobody should be forced to move. Nobody is "enforcing mobility" in Europe; they did in the past though, when Mussolini literally sold Italian labourers to half the planet and the UK shipped convicts to the colonies. The good ol' times often weren't that good. What we need is to provide all the freedom we can, and let people look for happiness wherever they see fit.

> and not because it's been "left behind" in any way, but because I simply don't match the culture in very significant ways.

I'm simply going to assume on a stretch you're either on the LGBT+ spectrum or socially progressive, please forgive me if I'm wrong.

I disagree with you on the "not left behind" part: the "rural flight" aka all young people fleeing to urban areas as soon as they possibly can has made rural areas "left behind" socially, because the ones who stay behind objectively see that the young people are fleeing, but instead of placing the blame on politicians who did jack shit to keep rural areas liveable (e.g. by providing high speed internet and public transport), many of them resort to blaming "the gays" for "corrupting their children" and similar - which in turn is even more incentive for those few youth that remain to flee. It's a vicious circle.

I don't match the stereotype (I just moved from a culture that ruthlessly exploits the honest to one that at least lets them live a tranquil life), but I do agree that phenomena like that do exist.

Something like 40% of my high-school classmates have moved to another city or country, for one reason or another, and the ones who've remained seem to have become somewhat hyper-localistic, almost as a reflex or justification for not doing the same.

I don't know what the answer is, but I don't think forcing me or others to stick around would have made much of a difference beyond generating even more social resentment.

> Something like 1% to 2% move each year to a different state [0], which means in 10 years more than 10% of people will have done that

Or it's always the same people who move a lot.

> Also we're talking of less than 5% of EU population

I agree, at first glance it seems like the global approach is an overkill.

I think it's a bit of a chicken-and-egg problem though.

Is the global eID/eWallet an overkill, because we're already at the peak of the within-EU movement of people?

Or, is the burden of switching countries too big and this prevents people from freely moving within the Union when looking for opportunities?

IMO it's the latter.

I agree the burden of switching countries is too big. But as a share of that burden the beaurocracy of getting a new residence would be somewhere at the bottom. The biggest burden of switching to a new country within the EU would be language, culture (there's a lot of things in common but as many differences too) and family/friends. I did change country 2x and my biggest worry has always been first securing a new job. I never cared about the beaurocracy because I knew it will be sorted out sooner or later once I move.
For me has always been the admin part. I don’t care particularly about the job and culture. I’m actually excited to try something new. It’s just a lot of documents to move and I’m bad at using paper. :D
The risks are significant, but it doesn't logically follow that by removing a barrier you are only helping the people that were already OK with getting over the barrier. I think the issue is that there are still a lot of hurdles that regarding residence, tax and local services that will need to become easier still for this to have a large impact. Language and local friends / family connections are still significant barriers, but I guess the EU could eventually resolve most other issues. A big one would be making tax returns for partial years in different countries easier, which in fairness having an EU wide eID does help with. Requiring and allowing accounts to offer full EU coverage would also probably help. The friction needs to be below tolerable levels for enough people to see the full benefit manifest.

As anecdata if I had to get VISA and only temporary right to remain I would probably have not moved to Netherlands, and it has genuinely stopped me considering moving to America.

As a British / Irish citizen I'm acutely aware that there are now new barriers to non-eu British citizens, and that'll impact how many people move around Europe from UK. Especially people who cannot afford to navigate the additional costs and bureaucracy, or who are scared of risking family security with temporary stays etc.

How many people in Belgium used an eID, or thought it's a good idea, in the first year? Were there privacy concerns, etc? I assume people were asking the same things as you are now.

In the Netherlands you can change your address in every municipality, using our DigiD system. Nowadays you can also use the European system to log in.

And don't forget, while 3% may sound insignificant, it is still over 13 million people.

> We're far from that. The gap between countries is big. Just to mention Belgium's example despite having an eID, you can't even change your address online in most communes and you need to physically present yourself and demand the address to be changed.

I see. Here in Finland electronic services has been widely implemented and very successfully so. I haven't been required to show up in person for anything in quite some time (altough I sometimes have). Government bodies are also very keen to inform about and push for the e-services available. Especially in these pandemic times, which I believe further incented the long tail - if there was one - to catch up and offer self-service online.

I belive Sweden is as far if not further than Finland, but I wouldn't know(!) because the ID and eID was a hassle I didn't cope with the last time I lived there ;) Thing were fine anyway, "because EU, Nordics".

Finland is also the only country that made rational choices in the setup of frequency auctions. Maybe better infrastructure delivers superior digital implementation of government structure because actual equal access to internet speed is guaranteed.
In Sweden the digitalisation of services is quite advanced, although there are still many things that you need to do via post. I cannot compare with Finland, but I can compare with Spain and the UK where I have lived and worked and probably Sweden is one or two steps ahead. The only gotcha is that you need to be inside the system and have an active BankId, otherwise you're a pariah.
> Just to mention Belgium's example despite having an eID, you can't even change your address online in most communes and you need to physically present yourself and demand the address to be changed.

I don't see why this should be done online. The registration/change of address requires a proof. Many services like bank accounts, pensions, tv tax etc. are linked to one's registration address. A one time physical presence (or a similar variant) is a reasonable tradeoff between verification and convenience. You create a meaningful hurdle and make people liable for their statements. Convenience is not the only metric to decide what should be done online.

In Belgium changing your official address is actually a three-step process:

1. You notify your new local council of the change of address.

2. A police officer visits your new home to check whether you actually live there.

3. Your official address is updated in the government's records and on the ID card.

Step 2 takes place in your home; step 3 requires you to physically go to the town hall because the information on the eID card needs to be updated. But step 1 should be doable online but isn't in every municipality. However, I think this is more a problem of every municipality doing this on their own rather than using a shared system. Also, the frustrating part is not that you need to go to the town hall, but that it has very limited and inconvenient opening hours and (in larger places) often long waiting times.

This will change very soon depending on the region.

Burgerprofiel has recently gone live ( because of Covid) after a long beta.

It was used for your "vaccinatie aanvraag".

Wallonia and Brussels are long from ready.

"I don't think most EU citizens use services from other EU countries than their own."

yes, but it's so common to expatriate nowadays, also for short periods. so it would be nice to have a digital ID thing to deal with different administrative stuff, in different countries...

only 17/448 (~4%) million EU citizens work in other country than their birth one. expatriating is not as common as you'd think living in a major EU city.
13M work, 17.9M live. [0]

However, ~1M goes back every year, so the affected people are more than the ones _currently_ living abroad.

Moreover, there are services that also intra-EU tourists can benefit from: - buying products >18 y.o. at automatic machines - simplifying buying drugs at pharmacies (we have EHIC, but it doesn't cover not-urgent care) - having fast track at airports without having an EU passport (in many countries people have an ID but not a passport) - easier lookup for police during random checks

[0]: https://ec.europa.eu/social/main.jsp?catId=738&langId=en&pub...

If you reduce that fraction it's close to 1/25. I know more than 25 people, and indeed I know several EU citizens who work in a different EU country.
Did you really just use the word "only" in relation to 17 million people? Are issues 17 million persons somehow beneath your notice just because they're a smaller part of some arbitrary selected whole?
4% of the population is a massive amount of people
When I rent a car I hate that some random person takes my id and xero copy it, then puts that copy on a pile of papers.

I would prefer if it worked the way "my id" works in Poland. When someone wants to confirm my identity, I am getting redirected to a "my id" provider (typically a bank I have account in), I log in, I see what data are required (for instance my age) by the data requestor and I am done.

Everything is recorder who was checking which data, when and why. If there is some leak, it is easy to find who should be blamed.

I am not a big fan of EU in its present shape, but if EU would make all countries to agree for some sane standard of identification in a secure, privacy preserving way, it would be definitely beneficial.

Ideally those requests would also include a "deleted after" date. If such a thing was implemented and trustworthy (kind of hard, admittedly), it would make me a fan of an EU-wide eID.
That would make definite sense and should be straightforward. Instead of sharing your data, you would generate a certificate with an expiration period with which they can access your personal data stored in the system. Ideally this would be short lived and require periodic regeneration.
As a Belgian having worked in Denmark, my access to Danish e-government services through NemID was revoked pretty soon after I left the country.

This was quite a frustrating experience. Some time after leaving the country I got e-mails saying that SKAT, the local tax authority, had documents/messages for me to read on the secure message platform eBoks.

However, try as I might, I was unable to convince anyone to restore access since I was no longer a resident. I agonized quite a bit over this since I dreaded inadvertently being a fraud.

It would have saved me a lot of grief if the Danish e-gov services would have federated with Belgian and other EU identity services.

Edit: Forgot to say this is something The Netherlands already does pretty well. Dutch e-gov services, or at least those from Belastingdienst federate with many European idenity service providers including Belgium. Great for cross border workers.

The various authentication services are already supposed to integrate through EIDAS but I don't know how well that works yet. I'm seeing the button to use it on more and more government login pages so I think it's getting picked up more.

As far as I know, the Dutch government has been pretty slow in their EIDAS implementation, even (nearly?) missing some deadlines, maybe the Belgian government has a similar problem?

In Belgium, we have several different regions ( Flemish, Brussels and Wallonia)

For some integrations with Wallonia, we are currently forced to use the federal integration, since their implementation hasn't even started yet :(

You are correct about eidas, it seems to be handled by the federal government currently, but there's not much documentation on it ( Belgium) and i have seen some applications integrating that way. So i suppose the issue is documentation and discoverability.

And the partial conflict of interest with itsme

Belgium with its four governments is quite a weird edge case on many aspects of international standardisation. I don't don't much about the Belgian systems other than that there are several, but theoretical Belgium could make four systems work separately to authenticate abroad with the right federal setup.

Like is the case with my own government, I don't have very great expectations of Belgium's federal government and their IT projects. I'd wish countries could just share their implementations with other governments. Hell, I believe any code developed with public money should be open source for the benefit of everyone, but governments aren't a fan of that because companies charge more for developing software in the open.

Some source code of the Flemish government can be found on GitHub fyi
Problem with e-gov services is actually getting your DigiD account. I have been trying for many years without luck and still don't have it
They're trying to create a single country out of the EU and this is a step in that direction.
do people want that? whenever there was a referendum on an EU constitution or anything of that sort, it got rejected.
The EU as a broader organisation wants that, and over time there has been a transfer of power from member countries to Brussels.
Referenda are routinely misrepresented in propaganda during debates, and often become proxies for unrelated issues and malcontents (brexit, anyone?). In practice, when you discuss actual issues, pro-Union sentiment is more widespread than reported, and most people agree that "it makes sense" to travel in the direction of closer integration. Even the issues where we kinda "agreed to disagree", like on electric plugs, there is constant moaning as soon as one moves across borders.
Are you sure? Because I seem to be bombarded with pro EU propaganda from every angle I can think of. None of it ever has any sources of course.
The Lisbon Treaty was, in practice, a repackaging of the earlier "EU Constitution". In general, people seem fine with the EU behaving more like a single country, as long as it doesn't _represent_ itself that way. Most people, say, don't have a problem with the Working Time Directive (which is quite a country-ish thing to do; there are actual countries with less unified employment rules than the EU) but would be a lot less comfortable with cosmetic stuff (like calling the Lisbon Treaty a constitution, even though it clearly is one).
For some reason we never see any polls, just opinion pieces, but I'd wager that

(1) people think cooperation is a good idea

(2) and they also want to keep their own countries and identities

Once we start moving towards a single country, the inevitable question becomes, which rules and values should people follow? Which country gets to assert its way of life on the others? Or perhaps the virtual state known as the "EU" should assert its own values (whatever they may be)?

Now imagine expanding the EU to Turkey. Can we change their legislation to be more liberal? Or should the EU countries follow the hard line authoritarian islam that Erdogan pushes? No one is willing to change. And no one has to as long as the EU stays as a form of cooperation between nations.

If the EU pushes towards a single country, power struggles over values will follow.

Turkey isn't allowed to join in part because democracy is a shared value of the EU. In fact there are mechanisms to suspend the membership of a country that regressed into authoritarianism, they just don't work.
The EU constitution was approved in half the referendums that were held. Also, opposing a concrete constitution does not mean opposing European unification in general.
Who are "they"?
Read the thread from the beginning...
I still don't understand. And I mean this genuinely. Except for Guy Verhofstadt, I haven't heard any politician talk about creating a single country out of the EU for years. I'm pretty sure most EU politicians have shelved that plan definitively.
The need is pretty clear in these covid times: do you want 27 different green/vaccine certificates? They would be super easy to fake.
It will be super easy to fake regardless. Based on how I've seen their system just a scan from the screen of another friend will do the job. There is no biometric crosscheck and I think we should never get to that. We don't need such complicated solutions with massive privacy risks for relatively small problems.
This could be a fantastic thing unless the EU apparatus manages to botch this, if only because some governments otherwise wouldn't make any progress in this regard in the foreseeable future, and that's painful not just for highly mobile people, but for local residents as well. I'd wager a guess that this is largely aimed at countries like Germany, large parts of which still rely 100% on lots and lots of paper-pushing for everything, and where, especially for non-citizens in rural areas, even the most basic services can be a tremendous hassle.
> I'd say this should be left to the national Governments.

As a Swede, I strongly disagree with this idea. My country is essentially a "democratic oligarchy" with a wealth inequality similar only to Russia.[1]

The current eID system in Sweden is a private oligopoly run by, amongst others, the Wallenberg family and a previous prime minister. This oligopoly is used to stifle competition.[2]

Since the politicians are so deeply involved in the banking sector,[3] the only real hope of change is that a higher power takes more control.

[1] https://www.ft.com/content/747a76dd-f018-4d0d-a9f3-4069bf2f5... [2] https://www.realtid.se/konkurrens-storbankerna-har-nekat-fin... [3] https://www.expressen.se/dinapengar/toppsossarna-som-tjanar-...

>>the only real hope of change is that a higher power takes more control.

A more durable solution would be to move. If sovereignty is ceded to that higher power, and that higher power subsequently becomes corrupt, your range of options significantly narrow.

It'd be much easier to move if their ID and all of their documents were available to other governments in an easy-to-use compatible way. If only there were some sort of bloc-wide digital wallet...
Name a country where political leadership isn't intertwined tightly with banking and finance.

Somalia maybe? But i doubt it.

The higher power you are talking about is even more of an oligopoly with only the Commission having any decision power.
> Since the politicians are so deeply involved in the banking sector,[3] the only real hope of change is that a higher power takes more control.

This is typical of a certain political mindset: too big of a state ain't working, but surely an even bigger state shall work. This time, believe us!

The answer is not "more of what doesn't work". The answer is less.

> the only real hope of change is that a higher power takes more control

Odin?

Eid is handled by an formal contractor and it's kinda ridiculous ( + Java based). We are currently checking options to circumvent that.

Itsme is really expensive to use ( private for profit company that is being pushed)

Okish is the right word ;), but progress is on the way.

> I live in Belgium where we already have eID and SSO apps that work okish. But I fail to see the need for an EU wide ID. I don't think most EU citizens use services from other EU countries than the one they live in. Not services where they need to ID themselves. How much of the population would be in the category needing something like this?

Is there reason why this isn't used because noone needs it or because it's too inconvenient to use because we don't have such a system?

EU also didn't do a lot of commerce cross-borders until Schengen, Euro and other agreements made such commerce significantly easier and more viable.

I live in Lithuania and they have an electronic ID system which is shared with Estonia and Latvia. You need to use it to access most government websites and utility services, so it's pretty much mandatory unless you want to go to an office and do things in person.

You can sign up directly through the service if you are a permanent resident of either of those countries. Although I was an EU citizen, I was not a citizen of these countries, so to be able to sign up I had to open a bank account - which I don't use, as I already have one in my home country. Opening a bank account was also harder than it should be, if you are a permanent resident you can do it online, but as I was a temporary resident - even though I had a Lithuanian issued ID card and personal code - I had to go to a bank to do it in person.

So is such a system really needed? Not really, but there are many arbitrary barriers in place that make freedom of movement harder than it should be. Systems like this should make it fair, and stop countries from discriminating (purposely or not) against citizens of other EU countries.

(comment deleted)
I have lived and worked in 4 European countries and there are always things that you need fix even years after, for example for taxes or pensions.

I currently need to maintain digital IDs for Italy, Spain, the UK and Sweden, plus different implementations of those depending on banks/services. Add the complexity of phone numbers that are no longer valid and / or services that do not allow foreign numbers / addresses (more than you think, especially with companies).

I would LOVE to have one single ID system to rule them all (supposing it's VERY secure).

This argument seems exactly backwards to me. If working abroad or using foreign services is difficult due to bureaucratic incompatibilities, then of course less people will do it. Anecdotally, I've certainly used foreign services where I had to ID myself and happily welcome any change that makes movement easier.

There will always be irreconcilable language differences and people do have a preference for staying in their birthplace, but that is no reason to not improve things.

I'm more worried about the EU actually implementing this well, but time will tell.

With free mobility, having a eID/wallet that covers all of the EU makes sense.

Being a Swede who now lives in Germany, I can tell you that the lack of system level integration or even compatibility is a real hassle.

As an italian recently relocated to Belgium, I really wished I could use my italian eID for some very basic stuff like checking your covid-test result (you cannot access it if you don't have a GP, and you cannot have a GP if you don't have a national number, and you don't have a national number if you don't first register at the city hall) or interacting with institutions.

The procedure to obtain a eID is solid enough that the states should really leverage all the work done by another state to verify who you are etc, and allow you to interact with institution in a safe way.

IMHO it is one of the best things which could really define us as Europeans.

I'm not really looking forward to using a government issued tool for payments. Especially one that's advertised with nonsense like "[..]can be accessed via fingerprint or retina scanning[..]". I'd love to see hard guarantees that these governments don't have access to said tool. Until then, it's a hard pass for me.
It's not for payment.

It's an SSO service with a strong proof of identity tied to your official id and a vault to store your official documents. France already has something very similar but which can only be used with the state. It works really well.

> an SSO service with a strong proof of identity

What about those of us who prefer proof of identity to be only as strong as necessary and therefore as loose as possible?

I don't want my mobile devices to have a strong proof of identity associated with them. Ever.

You don't have to use it.

It's for convenience when you do.

You don't have to use it ... yet. Give it a couple of years, and you won't be able to buy a beer without it.

Sure, sure, downvote. But it's no longer possible to buy beer from vending machines without inserting your ID card as proof of age.

Well I have never seen vending machine that had beer or other alcohol, so I'll take your word for it.

But that one small downside. It's not like you can't get beer anywhere.

I know I can order beer from our grocery stores online, and as far as I know they don't perform any age checks since I pay with cash on delivery most of the time. But I am in my 40s and look that way so I maybe they just don't bother asking.

Heh. Reminds me of a public debate a few years ago about forcing porn platforms to securely verify the age of their users. I think a government member said something like "We could use FranceConnect (the government SSO service) for authentication in these cases".

Needless to say, people were not enthused.

I agree, I hope this wallet will have some safeguards issued by the states, like “If someone crack you wallet and steal your e-money, the state will refund you”. Anyway you can still use it for the more useful things like personal ID, driver license, vaccine green pass, etc… I think the payments will be delayed in a next future, still there isn’t nothing like a testing of a ‘governament e-money’.
Next, we are waiting for a any central bank issuing "world-wide" digital wallet. EU-wide is a good step towards that.
Could it be worse than paypal?
As somebody who never had any issue with paypal, why is there so much hate about it? Are problems on the merchant side?
My only hope against ever-increasing surveillance and nascent social scoring remains the technological incompetence of the parties involved.
I think this is the biggest worry. With the vaccine passport system soon to be revealed and now an universal SSO tracking a variety of EU wide actions... I feel the risk of getting to a social credit score system as China is high.
Incompetence could mean you're both fully surveilled and at the mercy of other bad actors.
I recently moved to the UK from Denmark which has a national SSO solution. It feels like going back 10 years in time. The amount of times I've had to provide copies of my passport, drivers licences, council tax bills, credit card history, or other things to prove my identity/address is ridiculous.
To be fair, I think Denmark is living 10+ years in the future with respect to that stuff. It's far more the exception than the rule :)
Point taken. What I will say though is that a national SSO solution is a great enabled for digital government. Having to go through a multi-day authentication phase just to access a particular service is such a barrier for adoption.
Netherlands SSO (DigiD) isn't too bad either, on a stand alone basis. Onboarding could be improved I suppose which is an offline process but past that just about anything to do with the government is linked to it.
It's about priorities. Maintaining and managing millions of cameras is just more important perhaps.
There was once a plan for a national identity database. It even got as far as pressing and distributing id cards but was repealed due to immense opposition. Just look at the list of supporters for the NO2ID campaign:

https://en.wikipedia.org/wiki/NO2ID

All parties except one (Labour - who probably would oppose it now), most trades unions, the Scottish parliament, the Welsh Assembly, the London Assembly, major charities, famous authors, the list goes on and on. So it will be driving licences and previous addresses forever I'm afraid!

It's not that I am in favour of centralisation. It's just that I prefer it over scattering my personal information over multiple parties.
take a note from Italy!

The SPID system[0] is based around multiple identity providers, which are all allowed to interoperate against the public login systems.

You can have an account with identity provider X and use it to login to the regional health system, and at the same time have a separate account with provider Y and use it to authenticate with the pension system. Currently there are 21M users which is > 30% of the population. It's pretty nice.

[0] https://www.spid.gov.it/

As a French person, it feels incredibly weird to see how much opposition other countries have for a concept (a national id database) that we've had before the internet even existed.

Looking into the details, I recently learned that the generalization of the national id dated from the Vichy regime, which... okay, yeah, I get why we might be alone in this.

But in practice, it works pretty well, and with very few negative effects.

Same thing in Poland. Everyone always had an ID, now we have them with biometric info and RFID, which you can use by tapping it to your phone running an official app to log in to eGov portals. Very well executed in my humble opinion. I live in the States and when I show that to the locals, they cannot believe their eyes. eGov here is an absolute joke.
Denmark has a tiny population - 1.5% of the USA. I live in a small US state (Massachusetts) which itself has a larger population than Denmark. The country is over 90% white of European ancestry.

The reason I say this is that getting an entire country to agree to support a government plan like a national ID tracker is much easier when the country is a monoculture with a population the size of a city.

> Brussels is engaged in talks with member states to provide guidelines on technical standards for rollout of the digital wallet, which is expected to be fully operational in about a year

Big LOL. A year for a project like this is hopelessly optimistic. I'd expect it will take 2 to 5 years for the basic centralized infrastructure to be made available, and 5 to 10 years for for countries to actually integrate it in their existing systems.

It's a great initiative which I'd strongly support, I hope it doesn't get discredited by pursuing unrealistic deadlines.

I'm just afraid SAP, Telekom, or Big "O" will get the contract and it'd be over budget, delayed and half-assed as usual.
My hope is that the admin guys have already agreed on something they will cookie-cutter-copy, and that's why they suggested such a short implementation timespan. But yeah, it will be hard to keep the usual sharks at bay.
If we assume good faith in that piece of quote, I interpret it as "The system will be ready to start being implemented in member countries in about a year", not "All member countries will have implemented it 100% in about a year". With that lens the quote makes more sense, although it still seems a bit rushed.
It might be possible because there was previously work for that.

In other words, there was already a try in the past to implement an authentication federation between all UE countries. Tried to use that in a Spanish government site but it was broken at the time but it already supported authentication from other UE countries.

I'm hoping they get one of the teams from the DINSIC to do it, in cooperation with equivalent teams of other countries. They have lots of relevant experience.
This will be used for surveillance, and most likely immediately hacked and sold off.

The EU is absolutely incompetent when it comes to cybersecurity. Nearly every single one of their member governments have been pwned, including Germany, France and Belgium among others.

These people can't even keep their own communications secure (Merkel's emails were hacked less than a year ago), why would they give a damn about your personal data?

If you're worried about surveillance you should probably know governments already have your data right now... they issue your passports/ids/etc...

This is to just allow you to sign in to other parties with your government ID if needed. (instead of other parties asking you for passport/ID for compliance/KYC)

Instead of needing to hack 3,000 companies to get the data of EU citizens, you now need to hack 1 central repository. And guess what? It's run by an incompetent bureaucracy with a history of security mismanagement.
This is an SSO for ID purposes. (passport/national ID).

Central repository won't store anything, the same as google SSO doesn't store your data if you sign in to third party sites. (it just authenticates you).

Maybe this is what you are misunderstanding?

Also, government already has your data, so that 1 central repository for IDs already exists.

As for hacking... going after any one of those 3000 is less likely to get you in trouble then going after a government (as incompetent as they are). See oil pipeline hack to understand consequences.

The article says

> "The digital wallet will securely store payment details and passwords and allow citizens from all 27 countries to log onto local government websites or pay utility bills using a single recognised identity, the newspaper said, citing people with direct knowledge of the plans."

Doesn't that directly imply that it is more than a simple SSO?

Exactly, mostly it could be a good thing. The level of competence of government IT competence varies wildly across different countries, offices, etc. In places like Germany which shares nothing between government offices on principle, there is a lot of extra potential for your information to get compromised through security bugs, targeted intelligence activity by foreign nations, etc. just because there is all this extra data entry that happens with just about every interaction with governments. Every time you do that, it potentially ends up in the wrong place. From what I've seen, getting your hands on information is probably not rocket science. Ancient IT systems, underpaid staff doing who knows what, lots of potential for social engineering as well as there are a lot of people with access to information. Auditing is probably lacking as well. People still uses faxes here. Because it is supposedly 'secure' (#facepalm). You can't get them to email you but they'll happily put your data on a telephone wire unencrypted. All that rubber stamp work is easily forge-able as well.

So, given all that, the only thing you can safely assume that most of what EU governments store on you is known by a wide range of foreign intelligence agencies; some of them considerably more hostile than the NSA which we all love to hate. Mostly you're not providing any new information whatsoever when you fill in the forms to enter e.g. the US. It's just security theater.

This is most likely bad news, unless privacy is the #0 priority
The status quo in many countries implies sending scans of your ID to many administrations and service providers, which is way worse.
I think the recent attack against the Irish health services agency shows the need for something like this

Once you have an EU wide digital identiy+authentication (with multifactor and biometrics and all that) You can then move onto implementing fine grained authorization for people to manage what data various government agencies get and can share

They will probably create a system very similar to what Okta does which is great as it would save 27 countries reinventing the wheel, and one thing about security that is important is not to reinvent the wheel.

> The digital wallet will securely store payment details and passwords and allow citizens from all 27 countries to log onto local government websites or pay utility bills using a single recognised identity, the newspaper said, citing people with direct knowledge of the plans.

Does it seems like solution in search of a problem?

I'm sure there's a % of people who deal with multiple EU governments at a time or frequently move. But to me that seems like a tiny fraction. Would be good if they published some stats around this i.e., y% or x million would use this on a daily/monthly basis or some such. Would be a shame if such a mega undertaking would end up useful to a niche customer base.

To "aim to enable EU citizens to study, live, shop, work and retire in any EU country" is an official goal of the European Union. If not many people are able to do this, then perhaps it has simply not yet succeeded.
> Would be good if they published some stats around this i.e., y% or x million would use this on a daily/monthly basis or some such.

In 2019 1.4 million people migrated from one EU state to another [1], and 3.3% of EU working age citizens lived outside their country of citizenship (and that's rapidly rising - a 40% increase over the last 10 years) [2].

That's a baseline minimum of people who clearly need this. It doesn't count people who don't register because they only move temporarily (where it's not worth registering today because without such a system the paperwork can be a hassle!), it doesn't count migrants who now have citizenship in their destination country, it doesn't count the many non-working-age people who retire to southern europe, and it doesn't count people who interact with foreign EU governments for any reasons other than permanent residency. For example, you might want to securely access EU personal data while on holiday for health care (a digital EHIC), you might need to share your foreign driving license details with a car rental company, or your work may involve cross-EU business administration.

This wallet won't be useful for everybody, but if it works well it would be a very valuable tool for many millions of people today, and likely many more in future.

[1]: https://ec.europa.eu/eurostat/statistics-explained/index.php... (full article, first paragraph) [2]: https://ec.europa.eu/eurostat/statistics-explained/index.php...

Thanks for the details and context! Now it makes lot of sense to me.

I wonder if they should decouple solution to payments (to utility etc.,) from the identity.

As for the payments, I believe it's better to expand an existing solution than build one from ground up. iDEAL for example, is a proven solution that's been in use in Netherlands for a while now. And since it's based on IBAN that's understood by all (?) the EU banks I guess it's worth expanding iDEAL to pan EU.

It is more like solving a problem once rather than creating 27 different, incompatible solutions for the same problem. I don't see how the problem should get harder to solve, just because you apply the solution to 500M instead of 20M people. After all, it is mostly software.
The clients might not move frequently, but they might still access services abroad.

Even the simple case of age verification when buying alcohol or cigarettes or computer games on a web shop in a different country, or the more involved checks of identity when looking at within-EU online prescription drug buying, car or home insurance purchase, vaccination status verification etc.

I love the direction! Wouldn't it be amazing to have services exposed through secure APIs so that we can create a number of tools around the services, instead of using a single wallet?
Interesting to see how this will turn out. In Germany IDs already have NFC chips so you can use them to authenticate against platforms via your phone. Using it all the time, from filing taxes to authenticating myself to my bank. You get a PIN via physical mail when you get a new ID and you're ready to go.
That sounds great. Imagine if you could move to anywhere in the EU and continue using everything the same way, just have a country selector dropdown and everything works the same way.
Those IDs became accessible to Berlin's immigrants around a year ago. Even then, you only get it 2-4 months after your residence permit application, which might be 0-3 months after you land in Berlin.
So much potential... it's hard to know what this becomes.

I could imagine online service providers like a hosting provider etc. might start to integrate.

After all this would have 2FA and be administered by an authority that can actually verify who I am when access needs to be recovered.

Long term, maybe the EU could do a cheap micro payment system, one can dream :)

So much for the old saying "don't put all your eggs in one basket". What could go wrong?
There's no limit to the fake creativity of those idiots in order to justify their pathetic existence and more government spending.
In term of features, it would be awesome.

But in term of privacy and surveillance society, this will be a nightmare...

Imagine, the dream for all eu gov and tax/police forces to have a mandatory unified controlled system for identification anywhere. From there, it will be more easier to go one step further in surveillance for average citizen.

The thing is that currently, the multitude of not centralized, authenticated system allows to remain anonymous or quasi anonymous for a lot of things. But, once there will be an official guaranteed EU identity authentication system, everyone will want to use it.

You are visiting a city, and you need to pay the parking fee? the EU SSO will have to be used, and states will be able to know where you were, at what time.

You want to access a website that is required by law to do age verification? EU SSO has to be used and again, the state can monitor your internet browsing.

You buy/sell a few things online, on peer to peer website like "leboncoin" or "ebay"? or do car sharing on "blablacar"? Mandatory EU SSO id has to be used, and so everything you do can be monitored.

Wait until you become unwanted or fall through the cracks and your wallet is blocked.
That was my first thought as well. It could be a powerful weapon
And this is different for status quo in what way? In every EU country the government can go to a bank and freeze your account via a warrant.
But at least right now it won't block you from viewing websites as an example. If this becomes commonplace then most websites with accounts will do this kind of identity detection.

Why wouldn't they? Think about it. If people's real identities are involved then they're less likely to be abusive, because everything tracks back to them. But it also means that websites like Facebook and pornhub might not let new users in without that kind of authentication.

in the US we had laws protecting the privacy of mail going through the postal service, and conversations over the phone. now facebook and google know our every thought and move.

new technology is like the wild west for govts and corporations, and you can hold a larger crowd hostage with a gun than you can with a knife.

I'm also thinking that it will become one of those catch-22 problems for recent immigrants, who need a bunch of papers to settle, but also need to settle to get those papers.

For example, the German government assumes that every resident has a fixed, official, registered address. However for various reasons, many people can't register their address. They might for instance live in an illegal sublet. Since they can't register, they can't get a tax ID, health insurance or a bank account, which in turn make it hard to get an apartment that lets them register.

Lawmakers often forget that millions of people aren't born into the system, and do not always fill certain preconditions like the native population.

Or, you know, it's may be by design? There are n number of countries where you'll be deported immediately if you don't have the right documents, precisely to discourage the kind of challenges you mentioned. The only difference between those countries and the EU is that they actually enforce their laws almost immediately while the EU (and to an extent, the US) don't. A fixed address is practically required in any part of the world to avail of government services, insurance, healthcare and banks, from Mozambique to Monaco.
AFAIK, the US does not have a mandatory ID requirement ( nor does the UK ).
Birth certificates are kinda in the realms of manfatory and be it directly or indirectly (classed as child abuse in the case of the USA) illegal not to register a birth in many countries.

In the UK you have the 1953 Births and Deaths Registration Act requires a birth to be registered within 42 days of a child being born.

Also nice example that Google spat out here in the respect of the UK and trying to opt out not registering a birth: https://www.theguardian.com/uk-news/2019/jun/23/man-refused-...

So given that, I'd say birth certificates have in many ways and thru various avenues of law in one country or another, kinda become mandatory years ago.

People have a fixed address but can't register it. This is especially common with the sort of accommodation people get when they move to Germany.

It also affects Germans, but to a lesser extent since they register at their parents' house.

They don’t forget, they don’t care because those purple can’t vote for them by definition.
> Lawmakers often forget that millions of people aren't born into the system, and do not always fill certain preconditions like the native population.

That should be quoted and hanging upon the wall of every politician. Very easy to fall thru the net and undue social and mental stress trying to fix that when innocent and a local, dare imagine the nightmare of somebody less fortunate who just wants to have an honest life.

The aspect that Germany have a clear approach to dealing with those who they deem illegal, it clearly does not help those who fall into that definition without doing anything illegal. Rent the wrong place and suddenly the burden and fallout is placed upon the renter who becomes a victim of the process.

This isn't isolated to Germany, and the same thing patterns out in every country in one form or another.

In my experience, this is the case for the Netherlands as well!

I was at first perplexed when reading all the different requirements; it was hard trying to understand how to first approach 'the problem' to satisfy the circular dependencies in the requirements.

Thankfully, there was a lot of hand-holding involved between the HR department, the landlady (through a realtor), and the immigrant-friendly bank in order to allow us to bend the rules to solve the chicken/egg dilemma of residence/banking/insurance.

Being optimistic, which is perhaps not warranted here, but bear with me: The EU is perhaps one of the few places in the world where there will be controls mandated on the data. I'm not at all convinced they'll be anywhere near abuse-proof, but at least I would expect to see an attempt.
>The EU is perhaps one of the few places in the world where there will be controls mandated on the data.

For non-state actors. Government(s) will obviously get exemptions in ways we won't find out until later. Look at GDPR and the EU commission.

I don't know about other EU countries, but in France the CNIL is pretty damn serious at telling the government to back off and respect the GDPR.
EU governments are exempt from the requirements of GDPR. In some countries police can access large amounts of data without the need for a warrant. For example German police do not need a warrant to get passwords to email account, PIN numbers for mobile phones, mobile usernames, birthdates, telco information, or hospital data.
They do need a warrant for all the mentioned things in Germany (except birthdates if accessed in public registers).

The GDPR does apply to governments in general (see Article 2) but criminal law enforcement authorities are exempt.

> ... they'll be anywhere near abuse-proof, but at least I would expect to see an attempt.

All police-like institutions will likely have full access right from the beginning, because of child pornography, terror or other "serious crimes".

That will be softened and weakened by the time until someone finds out this system was misused for stalking some VIP or because police wanted to catch a guy who had 10 grams of weed.

It's all happened before, it will happen again.

The extremely high taxes of Europe are themselves a form of abuse.

These digital wallets and digital currency systems will just be used to enforce taxation.

Meanwhile, where do all those taxes go? To the welfare state (ie. pensions and healthcare for baby boomers), and to maintain the bureaucracy.

Hopefully the digital wallet will be leveraged to reduce the bureaucracy. We can’t continue like this without hurting ourselves.
Taxes are not abuse, especially not pensions or healthcare. You do realize that in all likelihood your parents benefit from both, and so will you, unless ofc you are a lot more wealthy than most citizens.
Nobody said that taxes are abuse.
> The thing is that currently, the multitude of not centralized, authenticated system allows to remain anonymous or quasi anonymous for a lot of things.

I don't really think that is the case.

There was a big scandale in Denmark a couple of years [1]. Where a tabloid had bribed a person at Nets which is the main digital payment processing solutions in Denmark. As a result they could set up trackers on people whenever they used their credit card. Tracking where the went on honeymoon or had dinner etc.

If a second-rate tabloid can end up tracking individuals' people use of their credit cards. I'm pretty sure it should be manageable for most governments _if they want to_.

[1] https://en.wikipedia.org/wiki/2014_Se_og_H%C3%B8r_media_scan...

I don't know about today, but 15 years ago when my company held presentations about the value of print advertising that's grossly under bought, (with permission) we'd put everyone's favourite take out Pret sandwich in front of their seats, with the advertising sources on green fanfold line as placemats. We couldn't get better than 50 50 for exact choices but given the advantage of permission to obtain personal information we asked the secretaries with a (disclosed as payment for data) bribe. The line prints did the talking just as raw data - in 05 data mining was too precious for stunts and Xeon hadn't surpassed our ES45 alpha servers for system bandwidth.
I think you read too much into this.

It is a service that will allow say a Dane to use Danish NemID instead of a Swedish bankid when working in Sweden.

And it is not for monitoring you. It is for authenticating you in a manner that is explicitly under your control.

not monitoring yet.
It really doesn’t have anything to do with monitoring. You are being monitored a plenty, just not via this eu initiative.
If it can be used to monitor you it will be used to monitor you. Let’s not fool ourselves here.
So how exactly will the auth request be impossible log/trace? And is it really going to be implemented that way?
They are logged. These are just SAML federations, ForgeRock has a bunch of these rolled out across Europe.

They are logged, and law enforcement does get the logs on request.

Read the ToS.

It is my understanding that this is why China is developing their own cryptocurrency, to be able to track all uses (and users) of it. The Wall Street Journal reported on it:

https://www.wsj.com/articles/china-creates-its-own-digital-c...

That applies to uses inside China and outside China. I can see the NSA/USA wanting to do the same, as well as all the other countries in the world. This might be what actually kills all cryptocurrencies unless it becomes mandated that all citizens use it, which could lead to many outside a country having to also use it. But maybe there will be ways to scramble the tracking? Or maybe not, anyone looked at the design of China's cryptocurrency?

Facebook is going to love this.
to everyone saying "My country has something similar". Yes we do, thanks to EU eAIDAS regulation. This also explains how they can implement this in a year. Most of the countries (probably all) already have a lot of groundwork done
This sounds great but will be counterproductive to any progress EU wishes to have in digital technology.

India have UPI and while that also on the surface sounds great it's filled with all sorts of wacky rules for implementation (on thing is that you have to show it prominently on the first page).

The primary issues is that it will basically be competing with a lot of private companies and thus once again hinder the ability for many startups to get off the ground because they are in competition with the government.

The never ending problem of the EU, they try to solve problems politically that the market is perfect for.

UK resident here.

I am a Brexit supporter; but I don't trust the UK civil service to build an ID system that is both secure and privacy-preserving. Based on past performance, they'd build a system that runs 10x over budget, and isn't secure.

I'd want to see the details, but I'd be much more inclined to trust an EU ID system than a UK one.

Haven't the UK delivered an ID system, Gov.UK Verify?
Yes. I think you can still use it; but it was not wildly popular.

The NHS is busy trying to sell all of our health data to companies like Google. Again. The NHS dataset is the most valuable and complete in the world - it's worth a lot of money, and it's unique. Unfortunately, NHS Digital haven't a clue how valuable - they sold a million records to the Society of Actuaries, for less than 4 grand.

So I don't trust any app from the NHS to be nice with my data. I think the app will be withdrawn soon, because most people don't use it.

Anyway, I simply don't carry a smartphone. I don't walk down the street, diddling away on my fondle-slab. I carry two vaccination cards in my wallet. There's nowhere I need to go that needs the NHS app.

"The digital wallet will securely store payment details and passwords and allow citizens from all 27 countries to log onto local government websites or pay utility bills using a single recognised identity"

I find it amazing that anybody would think this is a good thing. Then again, I shouldn't be amazed. There are numerous examples of people eagerly trading privacy for [perceived] convenience.

Consulting companies are already rubbing their hands and can't wait to produce garbage for a few hundred million.
i just hope they let countries like estonia with actual experience in some e-government projects lead the development and not germany and france who ruin every piece of software they touch. but the scenario most likely is that we end up with yet another completely useless high digit multi million euro project.