Experts suspicious of European digital identity app | NOW
Brussels has plans for choosing a European digital identity (eID). According to experts, there are quite a few snags to the idea. “Over-identification is lurking,” they tell NU.nl.
The European Commission announced the plans in June 2021. Brussels wants an app – the European Union itself speaks of a wallet – in which you can find all kinds of things about yourself, such as a driver’s license, diplomas and affiliations.
With the digital identity you should be able to do business with the government, but also with companies. This involves signing up if you are of age want to buy alcohol, if you want to sign up with social media if you want.
The intention is not to build an app yourself. The apps must meet requirements well and can be based on each other. It is still unclear what exactly she will look like.
Bart Jacobs, professor of Computer Security at Radboud University Nijmegen, is positive about the European Commission’s plans. He thinks such an app is “a good idea in principle” and thinks it could help burgers. But, he also has some snags.
Security in case of a hack
According to him, they are mainly in the implementation of the plan. Jacobs, for example, that the app open source must be. This means that the source code is public. Anyone can check that no data is being piped away.
Jacobs also advocates decentralized data storage. This means that citizens’ data cannot be stored in one place, but on your own device. You can then log in somewhere yourself without a third party watching you, as Facebook now does when logging in via Facebook.
According to the professor, there is also an important role for the Dutch Data Protection Authority (AP). “People should be able to file a complaint somewhere, for example if a party requests more personal data than necessary. According to the GDPR, this is prohibited in any case, but with such an app the danger becomes greater.”
Don’t depend on Apple and Google
Jaap-Henk Hoepman, associate professor of privacy at Radboud University Nijmegen, understands why Brussels is working on the eID. According to him, the European Commission is in a difficult position.
“If they come up with European verification, Apple and Google will actually realize that. That’s a situation you don’t want to end up in.”
Hoepman, like Jacobs, thinks that over-identification is lurking. “With heteID you make it easy for providers to obtain information about you. But it is not the intention that they ask you how old you are when you want to send a postal package.”
According to him, there should also be an alternative for people who do not have or do not want a smartphone. They shouldn’t be left out, he. Incidentally, according to the European Commission, the use of the app is not mandatory.
More and more requests for services
Vincent Böhre, director of the Privacy First foundation, is anything but enthusiastic about the European Commission’s plan. “We mainly see consequences in this. ByeID you threaten to realize more services for horses. We think that is unnecessary anyway.”
A privacy-friendly app, according to him, remains to be overseen. “But the question still remains that this is not just a wrong path that we do not want to walk as a society at all,” said Böhre.