Every country must make sure its citizens have secure way of identifying online and creating qualified digital signatures
Estonia is a country that has managed to build digital society with everything in right place and extremely high digital eID usage so nobody is left behind. When COVID-19 virus hit then general public was affected very little as people can do everything remotely very well.
This short intro is meant for people who have not experienced well designed digital society so they can start asking questions in their countries and polling stations.
On 2019 McKinsley published report that states “Well-designed, digital ID not only enables civic and social empowerment, but also makes possible real and inclusive economic gains“.
Examples of great countries services for citizens are: place in school for every child, passport for every citizen, public road network etc. on 21st century this list has been extended with eID system for secure online identification and way for creating qualified electronic signatures.
Without proper eID solutions your state of the art technology will stay stuck to the level of drawing programs to insert images into PDF files to sign million dollar documents.
What are the cornerstones of well designed eID in your country?
First of all everyone must be included. Baseline for that is solved in many countries – mandatory national electronic ID card. ID card drawback is the need for ~10EUR card reader in the computer or NFC reader on higher end phones.
Second type of similar security eID method is Mobile-ID where SIM card chip performs same functions as ID card chip. This works on any mobile phone without installing apps.
3rd type of eID solutions are Mobile apps that can be installed on smartphones without the need of any physical token given by government. Quite often private companies like banks and post offices are managing these solutions. If these solutions are audited and found to be secure enough then also governments can give them official approval as has been done with some officially notified eIDAS eID solutions.
Public eID API-s must be well documented
Once basics are in place and all citizens have been distributed eID methods then country must make sure everyone is able to use them. For this it is needed simple documentation in multiple languages.
We have seen many countries that have all the opportunities but in order for private company to start using eID solutions they need to invest through the roof as nobody can get these solutions running and in the end they drop the idea after all.
Privacy and tracking is not an issue
If eID system is well built then there is no fear of tracking and system is as private as any self-issued identity.
Service providers can identify people without any government knowledge. ID card can be read in browsers directly by service providers if user enters the PIN code in browser and its certificate validity can be checked with CRL lists that can be downloaded by service providers for offline usage.
Typical service provider can be local water company, pharmacy, e-shop, school, NGO, sportsclub, cool Fintech startup etc. In Water company user might want to see his water consumption history and download any recent invoices. If service provider cannot determine if you are who you are then only option for him is to deny access to the system. In these kinds of systems currently you take your passport/driving license and go on site to prove who you are to get access password. In more modern solutions you photograph your passport and send it this over. In all of these solutions you reveal to the service provider your identity anyway.
ID cards usually contain user name and unique identifier. If user does not want to share this information with service provider then there is rarely any business to conduct at all.
There can be businesses that want to work with anonymous customers but in this case there is no identification so there is no need for eID and thus also no privacy or tracking issues arising.
