
Digital identity cards: Estonia takes the plunge - jkaljundi
http://www.economist.com/news/international/21605923-national-identity-scheme-goes-global-estonia-takes-plunge
======
dmix
Obligatory:

A National ID Card Wouldn't Make Us Safer

\- Bruce Schneier

[https://www.schneier.com/essays/archives/2004/04/a_national_...](https://www.schneier.com/essays/archives/2004/04/a_national_id_card_w.html)

> But my primary objection isn't the totalitarian potential of national IDs,
> nor the likelihood that they'll create a whole immense new class of social
> and economic dislocations. Nor is it the opportunities they will create for
> colossal boondoggles by government contractors. My objection to the national
> ID card, at least for the purposes of this essay, is much simpler:

> It won't work. It won't make us more secure.

~~~
jarrett
I understood this to be something different from what Schneier describes.
(Though I could be mistaken.) I took this to be primarily an API for Internet
applications to verify an end user's identity claims. I realize there are
physical cards involved, and those could be problematic, but the API part
sounds better.

The failure modes Scheier describes would still be applicable, of course. But
as a developer, I might still appreciate having the system available. I
couldn't trust its responses beyond a reasonable doubt. But still it might be
valuable to have some extra degree of certainty about a user's identity, in
some scenarios.

Let's say, for example, I'm developing an online liquor store. Let's say I
accept various forms of payment, some of which don't come with age
verification. I might appreciate a simple, unified ID API for that purpose.
Granted, it would still be possible for minors to exploit the vulnerabilities
Schneier describes and buy alcohol from me. But conceivably, if that happened,
the law might grant me immunity, because I checked against the government API
and the failure was on the government's part. Which would be a valuable
assurance for me as the developer or business owner.

~~~
kiiski
In Finland we have a system based on authenticating through your bank
(TUPAS[1]). It works pretty well, and is easy, at least for the end-user, to
use (you just select your bank and get redirected to their login site; the
banks system then passes your info to the site). I don't know what kind of
requirements there are for businesses to use it though.

[1]
[http://en.m.wikipedia.org/wiki/TUPAS](http://en.m.wikipedia.org/wiki/TUPAS)

------
mrb
_" in over a decade, no security breaches have been reported"_

False! If someone has access to your Estonian ID card for about 11.5 hours or
27 hours (depending if the card uses 1024-bit or 2048-bit RSA keys), he can
decrypt documents or forge e-signatures, even without knowing your PIN code:
[https://eprint.iacr.org/2012/417.pdf](https://eprint.iacr.org/2012/417.pdf)

More tech details about the card: [https://www.opensc-
project.org/opensc/wiki/EstonianEid](https://www.opensc-
project.org/opensc/wiki/EstonianEid)

------
jarrett
There are a few scenarios where I, as a developer, would find it very helpful
to be able to verify real-world identities. For example, I've worked on
applications where there were incentives for Mallory to impersonate Alice and
attempt to legally bind Alice to something. Having a way to verify that the
end user is truly Alice would be great in that type of scenario.

On the other hand, there are lots of apps where you don't _really_ need to be
able to verify the end user's identity. Like Twitter. I can imagine a world
where such applications require verified ID from all users, just because the
government makes it really easy to do so. That would be a big loss for privacy
an anonymity. As has been discussed at length elsewhere, providing an
anonymous (or pseudonymous) voice for people is one of the Internet's most
important function.

------
andypants
I did not expect to see so many people so strongly against identity cards. I
have had one for a while and it's very convenient and useful.

How is this different from passports? The government already has your basic
information. Why passports and not identity cards? To me, my ID card is like a
passport in credit card dimensions.

~~~
nostromo
In the US it's very easy to live your entire life without a passport.

At any given time less than half of Americans have valid passports.

~~~
riffraff
isn't in the US also possible to live without an ID card?

~~~
praxulus
There's no unified ID card system in the first place. Usually state driver's
licenses fill that role, but obviously not everybody has one of those.

~~~
ghkbrew
I don't know. Social Security Numbers (SSN) we have are a national ID number
in pretty much everything but name. And even though they are explicitly not
supposed to be used as identification (it says so on the card), that's how
it's used 99% in practice.

------
opendais
This is very impressive and I hope it works out well for them. It has some
serious risks in terms of privacy/government surveillance, however. A single
theft of a backup and the entire country's data is violated.

The other issue I see is Estonia/EU doesn't exactly have the most robust
freedom of expression:

[http://www.article19.org/resources.php/resource/37287/en/eur...](http://www.article19.org/resources.php/resource/37287/en/european-
court-strikes-serious-blow-to-free-speech-online)

Without that, I'm not sure I'd really want to participate.

------
ataggart
Some of the comments here bring to mind a quote by Eugene McCarthy:

"The only thing that saves us from the bureaucracy is inefficiency. An
efficient bureaucracy is the greatest threat to liberty."

~~~
GFischer
Have you read Frank Herbert's Jorj McKie series of books?

[http://infohost.nmt.edu/~shipman/reading/mckie.html](http://infohost.nmt.edu/~shipman/reading/mckie.html)

"The main theme of the two principal Jorj X. McKie stories, Whipping Star and
The Dosadi Experiment, is the Bureau of Sabotage, an interesting concept in
government that is kind of like a ninja GAO.

The idea is that all governments and other bureaucracies tend to snowball over
time, finally becoming juggernauts that crush mere humans unthinkingly. So the
Bureau of Sabotage was founded with a legal right to throw wrenches into the
gears of bureaucracies. No agency can sabotage the BuSab itself.

So what keeps the BuSab from turning into a juggernaut? Their promotion
policy. The way you get promoted is to sabotage your boss."

~~~
chimeracoder
> So what keeps the BuSab from turning into a juggernaut? Their promotion
> policy. The way you get promoted is to sabotage your boss."

That sounds like a fascinating set of stories and I'd love to read them.

That said, I have full faith in the corruptibility of human beings to assume
that they would find some way to capture that agency too.

------
chimeracoder
> Estonia’s approach makes life efficient: taxes take less than an hour to
> file, and refunds are paid within 48 hours

Yes, sacrificing privacy and liberty can provide conveniences - this is
nothing new; we've known it since Huxley's _Brave New World_ , if not earlier.

That doesn't mean these policies are something we want to emulate, such as
their stance on sex trafficking[0], free speech[1], and other human rights.
Authoritarian policies like 'national identity' initiatives are very strongly
correlated with abuses in human and civil rights.

[0]
[https://en.wikipedia.org/wiki/Human_rights_in_Estonia#Traffi...](https://en.wikipedia.org/wiki/Human_rights_in_Estonia#Trafficking_in_persons)

[1] Ibid,
[http://www.article19.org/resources.php/resource/37287/en/eur...](http://www.article19.org/resources.php/resource/37287/en/european-
court-strikes-serious-blow-to-free-speech-online)

~~~
Karunamon
Neither of those links support your assertion that identity schemes are
"authoritarian" or "are very strongly correlated with abuses in human and
civil rights"

~~~
chimeracoder
> your assertion that identity schemes are "authoritarian"

Well, no, that assertion is a subjective statement, so it's not possible to
cite that. (Hence why I didn't - the footnote appears immediately after the
portion of text being cited).

The links are intended to demonstrate that there are a number of other aspects
of Estonian society that we might not want to emulate. Cherry-picking one
benefit would be misleading.

> or "are very strongly correlated with abuses in human and civil rights"

The original sentence was "Authoritarian policies ... are very strongly
correlated with abuses in human and civil rights". Would it be clearer if I
replaced the word "policies" with "governments"?

~~~
Karunamon
Perhaps I misinterpreted your post, but what I got from it is that you were
against identity schemes (attaching the adjective "authoritarian" to them).

Estonia might be an authoritarian hellhole, but I wouldn't say the ID system
has anything to do with it. That edit probably would help :)

------
Centigonal
This is a very impressive, forward-thinking initiative. No doubt it'll falter,
act clunky and glitchy at first, and probably be cracked at least once, but
this is the direction societies are moving in, and it's good of (and likely,
for) Estonia to take the plunge first.

An interesting point to consider: How would a formalized electronic ID scheme
affect our present concerns with respect to governments spying on their
citizens? On the one hand, putting everyone's public lives online will make it
a lot easier to start aggregating data for unwholesome purposes, and puts
everyone's personal information in potentially vulnerable computer systems. On
the other hand, there are huge efficiency gains and convenience benefits that
come from digitizing everything, and maybe having a government bureaucracy
centered around digital records will confer that medium with the level of
discretion the bureaucracy currently gives paper records.

~~~
jarrett
Depending on the implementation, it would be possible to limit the
government's collection of data to the following:

1) The underlying identity info such as SSN, photo, name, birthdate, etc.
Which most governments already have even without this system.

2) A record of each request from a third party to authenticate a user. E.g. if
I user my government ID to sign up for Facebook, that signup event will be
logged.

Again, it depends on the implementation. The above two would almost certainly
be collected in even the most privacy-respecting implementation. But, it's
certainly possible to devise an implementation that enables the government to
collect far more.

------
vixin
'Estonia’s approach makes life efficient: taxes take less than an hour to
file, and refunds are paid within 48 hours.'

Exactly as happens when I pay my UK taxes online!

~~~
GFischer
I can't understand if you're stating that UK taxes online take exactly the
same time, or if you're satirizing it...

A textbook example of Poe's Law :)

[http://en.wikipedia.org/wiki/Poe's_law](http://en.wikipedia.org/wiki/Poe's_law)

~~~
arethuza
Most people in the UK don't have to do a tax return, if you do have to do a
tax return doing it online (at least if you have the relevant information
handy) isn't difficult - probably takes me 30 minutes on a simple year and on
a complex year I pay an accountant to do it.

~~~
newaccountfool
Exactly, if our going to allow all of the hackable information to be stored
online by your government so you can shave 20mins from a yearly task then your
a fuc __*g idiot.

------
esbranson
I like it. Its not as if U.S. states don't, as a practical matter, _require_
government issued identification.

I envision (I'm not the only one for sure) something like the Madison Project
[1], _i.e._ , an online voting platform where people can discuss and vote on
legislation, regulations, budgets, etc., in their jurisdiction (and submit
edits and amendments), while _allowing_ anonymous or pseudo-anonymous
participation and _allowing_ people to prove they're electors, political party
members, etc., for users' filtering. So we can invest our time and energy in
exhausting discussions with anonymous people, knowing they have a stake in the
outcome and that we're not wasting our time on a discussion with someone who
has absolutely no incentive to seek a successful solution.

This provides a missing piece. Only a government-issued digital ID can provide
sufficient reliability and trustworthiness for such an application.

[1] [http://opengovfoundation.org/the-madison-
project/](http://opengovfoundation.org/the-madison-project/)

------
driverdan
Without doing any other research this article seems like a total whitewash. It
doesn't discuss _any_ existing or potential problems with such a scheme. The
author isn't listed which makes me question whether they either know nothing
about technology, privacy, or have conflicts of interest.

~~~
jkaljundi
The author is
[https://en.wikipedia.org/wiki/Edward_Lucas_(journalist)](https://en.wikipedia.org/wiki/Edward_Lucas_\(journalist\))

~~~
oska
Just out of interest, how do you know that?

I can't see any byline on the article.

------
jkaljundi
Related: Estonia plans to create 10 million “e-Estonians” by 2025:

[http://estonianworld.com/technology/estonia-works-to-
create-...](http://estonianworld.com/technology/estonia-works-to-
create-10-million-e-estonians-by-2025/)

------
danmaz74
I really REALLY hope this takes off at a EU level. And that the Estonians will
reap some benefits by being the first to pave the way, so maybe some healthy
competition on providing the best services to citizens will ensue between EU
countries...

~~~
x1798DE
What is the major benefit of something like this? I can't think of a single
transaction I've undertaken in the past few months (either online or offline)
where it would have been to my advantage to authenticate my real name. I
frequently need to authenticate an ongoing relationship (my gym membership,
logging in to Amazon Prime), but in none of these situations does it matter
_who_ I am, just that I'm the same person I was before. Generally those
counterparties get that information anyway, but I consider that information
leakage an artifact of the authentication process, not a beneficial feature of
the system.

We already have solid methods for identifying ourselves as the same person as
we used to be (various public keys, for example), and if we want to establish
a consistent identity across multiple contexts/domains, we also have that
option. This really doesn't benefit consumers in any way.

~~~
GFischer
For government paperwork, it definitely helps to authenticate _who_ you are.

As long as you need to access government services, I'd rather have them be
efficient.

My country has had national IDs for close to a century, and they make life a
lot easier for databases and programming :)

~~~
Goronmon
_My country has had national IDs for close to a century, and they make life a
lot easier for databases and programming_

Strange, from my perspective, this seems like a negative result.

------
AlexeyMK
On that note, I'll be in Tallinn for September and October 2014 as part of
world travels. Any recommendations from locals or past travellers? I'm at
[http://about.alexeymk.com](http://about.alexeymk.com)

~~~
jkaljundi
Check out
[http://www.likealocalguide.com/tallinn](http://www.likealocalguide.com/tallinn)
and drop by our startup co-working space
[http://hub.garage48.org/](http://hub.garage48.org/) if you want to meet tech
people.

~~~
AlexeyMK
Thanks! I will.

------
cjoh
It's useful to note that, while a country, Estonia's population is smaller
than that of most large US cities (1.3mil). What can work for Estonia may not
be something particularly portable to larger nation states. Still interesting
stuff.

~~~
leorocky
1.3 million is a really tiny number. Why is it so small? The city of Tucson,
Arizona has about 1 million people and it's in the middle of an uninhabitable
desert.

------
johnlbevan2
For those in the UK for something similar, please see this:
[http://epetitions.direct.gov.uk/petitions/66905](http://epetitions.direct.gov.uk/petitions/66905)

------
droithomme
Will those who decline to participate in this system be subject to criminal
sanctions, or merely locked out of participation in public life.

~~~
scotty79
Probably the second one. It will be hard for anyone to believe what your name
is if the only thing you can present to back up your claim is piece of
oficially looking plastic and all other people can present digital signature
that can be verified online. You'll probably will be able to participate in
activities that don't require trust in your identity. Buying a muffin, sure.
Renting an apartment, no chance in hell.

~~~
newaccountfool
Does renting an apartment require an ID? I don't think it's illegal if you
don't! What's wrong with cash in hand every month?

~~~
pjc50
In the UK, you are now legally required to check the immigration status of
your tenants: [http://www.rics.org/uk/knowledge/news-
insight/comment/landlo...](http://www.rics.org/uk/knowledge/news-
insight/comment/landlords--agents-to-check-immigration-status-of-tenants/)

However, there isn't a national identity card scheme, so this will probably be
messy.

~~~
newaccountfool
Showing a drivers licence or passport is all you need, that's a valid ID card.

~~~
pjc50
The person presenting a UK license or passport is the easy case. The person
presenting a non-European passport and a pile of letters from the Home Office?
Not so much. But then, discriminating against foreigners was the point of the
law.

------
newaccountfool
When you can use some one else's ID then the system fails, and just wait you
will be able to steal some ones online identity.

------
zenogais
Creepy

------
miralabs
paywalled

