It's nice that the EU is giving room to such innovation, but I wanted to point out that stuff like this is quite widespread in India:
Every shop on the road nowadays has a QR code you scan to make a payment using any UPI[0] compatible app. Thus, the age old problem of a shop not having change is quite rare nowadays (if you're not a minor that is, because all UPI apps are 18+). UPI is centered around your phone number, which is linked to your bank account as part of KYC. Thus, you can make a payment to anyone who doesn't even have UPI using their phone number, thus transferring funds directly into their bank account.
DigiLocker[1] is gaining popularity, with some airports allowing you in without physical ID if you have your ID on the app and scan yourself in. I've only been to one airport that does this before, and I sadly was not aware of it at the time.
It's nice that more and more countries are realizing the usefulness of this as tech becomes more and more ubiquitous and accessible to everyone.
So one stolen phone really is enough to now "steal one's identity", at least insofar as payment, day-to-day access to (and government tracking of) e.g. transportation, and other daily activities?
And how are damaged phones handled?
I feel like far too much faith is being invested in far too fragile, fungible devices.
It's already like that in countries like Denmark. A lot of people just walk around with just the phone, use apple/google wallet or MobiePay for payment, app for drivers license, Public Transport app slowly gets rolled out. Most of it is secured by 2fa from MitID.
You would also need to steal their fingers / faces.
But AFAIK for everything you can have a physical backup.
I read this article and was confused. Lot of asian countries already provide digital identities, its not some utopian impossibility. I often carry only my phone out of the house. Sure its convenient, but there are downsides as well.
You have to maintain infra for two major mobile oses (which you have no control over with apple and google as the gatekeepers). You also stifle innovation in the mobile space (ultimately the government will only produce an iphone and an andeoid apk).
Identity theft via scams is super easy. You dont need to stsal devices you just nred to convince ppl to hand over their identities.
Along with that there is the whole cybersecurity nightmare which Ive frankly found government agencies world wide the least competent in handling.
Finally while digitisation makes processes easier, governments also tend to become lazier about servicing corner cases. Lets say for some reason you dont have some information for a form or need some special assitance woth a process, earlier you would be harassed by incompetent officials, but with sufficient fervor youd be able to get the job done. Now, with automated systems you will never be able to get help cause there is nobody to help you.
On my phone it requires a new fingerprint validation on transaction. So still bloody. Depending on the fingerprint scanner "no blood present" might also not work.
this has been fantasized about since the first widely available smartphones with fingerprint sensors, and to date the number of cut fingers has kept pretty low
Way before that. Recall comic books showing a future where criminals mug people on the street and remove their "money chip" from the victims torso. It's a common dystopian trope.
But so far, stolen phones are already enough to pay your rent. Wonder when it won't, but the wallet inside would buy you something even nicer.
There’s no way this is an improvement over cash when it comes to privacy. It’s an onramp to a vast surveillance state that might be benevolent now but can’t be counted on to stay that way indefinitely. In fact, building the infrastructure to make authoritarian control easy, also makes it more likely.
It’s not hard to imagine a future where Dutch farmers go to a gas (or charging) station on their way to a protest find they suddenly can’t use their money.
While I feel the need of a nation-wide (EU-wide) digital identity because it's damn absurd to have eIDs and being not able to use them for all public services as mere keys, I do reject full strength the wallet concept.
IDs are serious business, smartphones are surveillance devices, out of the government and the citizen controls and connected 24/7/365, they MUST NOT be used for anything serious. I do want to have a simple NFC reader for public authority and activities needed some data from the citizens (like a bank to open an account, or just a major-age verification to sell alcohol at a supermarket, being just able to to se age) but FROM MY eID card, not from a mobile app.
The system could be pretty simple, a grocery store authenticate as itself to a public service, the public service get the citizen ID, and know the grocery store can only get a "major age or not", no privacy issue in the process, no needs to flash Qr and so on. Similarly a police officer can read ANY eID document (let's say driving license, national ID card, passport, even a public school card) and from it accessing other docs depending on the activity he/she declare, again no privacy issue. But again no damn need of mobile stuff.
Oh, and aside, public money, public code, so all IDs MUST be open hardware and open-source, the chip, the middlewire and the service as well. So the "no privacy issue" is a thing any citizen can acknowledge or not.
eID is a federated identity system that uses national electronic ID systems as the identity sources. That's useful especially for apps on the EU level, e.g. for customs, to submit what you're importing as a company.
In practice, I won't be able to use my phone as a replacement for my passport when traveling internationally. But I might be able to use my phone, in combination with my national ID card which has a NFC chip inside, to submit a government form in another EU country.
It could be done in a way that would work well, but it won't, because there's more money to be made by abusing people. So put me in the "nightmare" camp.
"After your flight touches down, you collect a rental car. You flash a digital driver’s licence to unlock the door. You drive to your new home. On the way, you stop off at a store and bag up groceries,"
... your phone screen cracks, and you can't afford a new one, even if there was a way you could pay for it without a phone ...
This effortless convenience of spending money might be a corporate-technology dream, but it's going to be a nightmare for so many people.
Wow, some pretty strong opinions here. Did somebody say Nazis?
Tech innovations are always a mixed bag, but there are some great ideas in this, like selective disclosure, where you don't have to reveal all your personal info (address on driver's license) when proving your age. Is uploading a picture of your physical credentials to pretty random web sites supposed to be a better solution?
I also think people deserve to have well described data and interactions, and their "wallet" should become a coherent place of organizing long term information. These standards create that possibility. Letting companies dominate and invent things to their needs as they go along is not a better solution.
It takes some strength from governments to do this properly, which some will point to as backward (witness the reaction to iPhone AI features). But companies have not found the end point of innovation, it needs to be kept open and directed by broad people needs, not the current shiny.
How will a centralized wallet used for everything solve the human factors problems?
We know there's a deep human factors issue here. Web sites and apps ask for permission seemingly all the time for as much as they can, and most people just agree, because they've learned that usually works.
"For Bagley, the fact that BankID is so commonplace is part of the problem. “It ends up not really being a security measure, but just another step in using a website,” she said. “You don’t really think twice about what the BankID app might say you are logging into.”"
You can blame Bagley for not double-checking the transfer before verifying, but she's not the only one. "Online fraud and digital crime in Sweden have surged, with criminals taking 1.2 billion kronor in 2023 through scams like the one Bagley fell for, doubling from 2021."
User education, personal AI, responsible vendors will be part of the solution. Seamless and safe transactions are very much desirable, there is a whole world to build on once they're in place, so there is a lot of motivation to solve them, but the solution shouldn't come from a few vendors that have no real regard for the collective outside their customers.
The same thing that did the education for people to learn a credit card or their smartphone, it's a mixture of banks, friends, work. It's a gradual thing, there's no need to remove curriculum.
I don't know what you're imagining as an alternative.
My question remains: to what extent is selective disclosure useful given the demonstrable human factors failures in existing selective disclosure systems?
User agreements are another example of failure. They give full disclosure, on a take-or-leave-it basis. Few people say no to GitHub when it means being blocked from participating in most software development projects.
Plus, very few actually read that full disclosure. I can guarantee you that most people do not come out of high school with sufficient training to read those agreements, much less immigrants like me who never received training in the Swedish legalese I am required to agree to use digital healthcare.
All these experiences tell me that a central personal information store as described will have exactly the same failures, and that selective disclosure will in practice be equally meaningless.
"Learn a credit card" is misdirection. We know from the number of people who declared bankruptcy due to credit card debt that they didn't all learn how to use it correctly, or had no alternative than taking on ruinous debt.
I think this discussion is going in a few unhelpful directions. These "wallets" are not used for financial transactions, they're for credentials. They are an alternative to paper/plastic driver's licenses, proof of majority, etc. Selective disclosure is a specific thing, it's not relevant to compare it to "full disclosure." If you must compare, it is much easier to understand what it means to use a very fine grained proof ("the person in this picture is over 21") compared to handing over many personal details on a typical physical ID (full name, exact birth date, medical conditions, address, country of birth, etc).
People going bankrupt through credit abuse is a separate issue from learning how to technically use such instruments. Many know how to "properly" use it, but have a weakness where the only solution may be to impose limitations. Many others are taken in by misleading tactics. Fine grained digital approaches can help those situations.
It is partially how you look at it. I want information systems to become coherent á la the semantic web, but in a specifically user-specific way (which is one of the ideas of Solid). I think that well defined digital credentials are an opportunity to give people a better view of the information they hold, and to enable ways to make issuers more accountable with a fine grained approach; eg evaluable axioms per credential fashioned after "law as code" approaches. This could be connected to a neuro-symbolic AI so the user can discuss scenarios outside transactions. Especially with an increase in inter-related credentials, that will make it easier to manage and less of a separate world that some institutions and companies control, which I think is incredibly valuable. Some of these ideas aren't possible yet, but we aren't going to get there by continuing to produce grey goo systems.
While credit has harmed some people (which is regrettable and should be resolved) it has enabled the vast majority of users to build better lives past other forms of capital. With digital systems and well defined data, the user can walk through clear, directly relevant, and private scenarios of what their next action will yield, without any dependency on a particular provider. But only if there is a forceful move to coherent data.
> These "wallets" are not used for financial transactions, they're for credentials.
Which is why I gave other examples of the human factors issues, not just financial transactions: configurable cookie warnings, configurable app permissions, and user agreements.
> what it means to use a very fine grained proof
Except you know that bars, etc. are going to ask for more details, including full name, address etc. And they'll say it's needed to prevent known hooligans and troublemakers.
Will people stop going to the bars until the bars only request the minimum required information? No - or at least not more than people currently click off all the "I agree to this surveillance" buttons on a web page.
So people just accept, and enter. Then the bar asks for more, and more, and more, and people have been trained to just agree to everything, because they have very little power to say no.
I've already heard accounts of people who bring their passport instead of state id for the simple reason that it does not contain a scannable address. If it's expected that everyone always has the ability to provide any required information, simply saying no is hard.
> Fine grained digital approaches can help those situations.
"Can" is pulling a lot of weight. I can click off all the cookie trackers. The vast majority do not. Is that from an informed decision, or is that simply the easiest decision?
I can disable geolocation tracking on my browser, but then - oops! - the county web site showing me the upcoming vaccination times doesn't work because the site assumes everyone has geolocation turned on, and they never tested for someone who voluntarily disabled that option.
Build a system that expects coherent data, and you build a system where people get trained to provide anything which asked for, with poor support for those who opt-out.
> Except you know that bars, etc. are going to ask for more details, including full name, address etc. And they'll say it's needed to prevent known hooligans and troublemakers.
I wouldn't expect this at all. Being visually recorded, maybe. I'd hope governments step in and prevent creating private databases around that.
I absolutely disagree that coherent data means people provide anything asked for.
You are more than making up for my "can" with your suppositions.
Cookies &c are examples of tech that got away without regulation when it was needed. This is regulation. It's needed.
Bernners lee is being a useful idiot on SOLID. It's a pipe dream that doesn't help anyone but companies trying to own your data INSTEAD of google. Basically replacing one evil with another, not solving the problem.
It is 100% a worse option than a cloud drive.
Anyone in the digital ID space knows there's a war going on. States will adopt digital ID. And everyone is rushing to own it.
Google <stores> most of your data. If you have your tax records on gdrive, google so far cannot target ads based on that content (i can't say forsure if you attach your tax form in gmail nowadays)
With SOLID any site can simply say "we need your tax records to prove you're a human or combat fraud whatever".
SOLID and all other not-solutions like it make your consent as useless as android app permissions. Accept a huge list they don't even bother to show anymore or go away.
Remember how android 2.3 you still could deny internet access permission? With SOLID it will be the same. Full ID data will eventually move to expandable list of permissions you will give by default.
I bet benners thought very hard about all the math and network etc. But he's being a buffoon when it comes to understanding applicability.
> With SOLID any site can simply say "we need your tax records to prove you're a human or combat fraud whatever".
This is not true. But there are human factors issues to solve. Personal AI will help.
Most of what google &c possess is inference and real-time metadata, which is the real dark magic. Giving people precise control over their identity and information via standards will be a huge gain, but it's not an easy task.
Companies will drag this forward anyway. Apple into their proprietary tent, everyone else in every direction they can. It's a very legitimate role of government to try to put some controls on this mess, and the ideas behind those controls is a better next generation system.
THAT'S why I hammer the point he is being a useful idiot.
He is doing their work and trying to force regulations that are good for that terrible end state. He's working so that government help it, not put some controls, which we already have today btw
The Nazis were literally a European organisation and still in living memory. They've still been prosecuting a few of them here and there. It is quite distressing at how quickly people start talking about the virtue of these grand centralised identity systems. They are a huge threat to minorities, dissidents and troublemakers.
A messy, badly communicating shambles might well turn out to be the optimum approach to this problem. There is reason to believe that efficiency is a bad thing when it comes to being identified and tracked.
Every shop on the road nowadays has a QR code you scan to make a payment using any UPI[0] compatible app. Thus, the age old problem of a shop not having change is quite rare nowadays (if you're not a minor that is, because all UPI apps are 18+). UPI is centered around your phone number, which is linked to your bank account as part of KYC. Thus, you can make a payment to anyone who doesn't even have UPI using their phone number, thus transferring funds directly into their bank account.
DigiLocker[1] is gaining popularity, with some airports allowing you in without physical ID if you have your ID on the app and scan yourself in. I've only been to one airport that does this before, and I sadly was not aware of it at the time.
It's nice that more and more countries are realizing the usefulness of this as tech becomes more and more ubiquitous and accessible to everyone.
[0]: https://en.wikipedia.org/wiki/Unified_Payments_Interface
[1]: https://en.wikipedia.org/wiki/DigiLocker