What are your thoughts on the #swiss law to for the new E-ID?
It will be an opensource solution, development funded by swiss government. It will be a #localfirst solution, that whoever wants one can store on the phone and give specified access to single datapoints of the ID.
In general, I think it’s a good idea, but it’s also risky if data about an entire nation is stored in one central place. Are there any legal requirements that prevent companies from relying solely on the E-ID for authentication?
Unlike, for example, the use of the Swiss ID at SBB or the Post.
There will be no central server to store every E-ID that was registred. They will be stored only on the phone of the individuals themselfes.
No. There is no direct restrictions in the new law. But unneeded use can be brought to a court. So I could Imagine that central services like the SBB will not be able to request this data.
Maby they can request if you are over 16 or not, which would be an improvement to today, where one has to put name and birthday to buy a ticket online.
Okay, that actually sounds pretty good.
If you store your data, signed by the issuing authority, and only the verification of the signature required checking a central point (where no data is stored, only hash and signature), it would be an acceptable solution.
But as almost nobody is able and willing to take the responsability of their data and backups, this is will never be implemented like it should.
As far as I know, no central server is included in the solution they bring up. You get the ID on your phone and can show the parts you want to a company or institution when you want to.
Didn't even the Swiss Military got hacked recently?
Good luck when your E-ID get stolen.
It is voluntarily? Voluntarily for how long?
Soon you have to sign up everywhere with this E-ID! Uncomfortable people can get banned everywhere with one click. It's the beginning of the social credit score.
If the people vote against the ID this time, they will just implemente in 2 years.
Privacy is death
only thing that concerns me is that I am not able to host the "truth infrastructure" in a self-sovereign way.
if they want to be a trustworthy issuer of digital credentials, they should let me use whatever cryptographic sytem i'd like to.
It can be made possible in the near future. Based on article 18:
"Der Bundesrat kann die Ausstellung der E-ID in weitere Anwendungen erlauben. Diese bedürfen der Anerkennung durch das Eidgenössische Justiz- und Polizeidepartement. Die Anerkennung wird gewährt, wenn:
a. die Bindung an die Inhaberin oder den Inhaber durch angemessene technische und organisatorische Massnahmen sichergestellt ist; und
b. die Anwendung nach Artikel 13 des Datenschutzgesetzes vom 25. September 2020 zertifiziert ist oder gleichwertige Garantien für den Schutz der Daten vorhanden sind."
