Experts from various security and data protection companies give their assessments of the EUid proposal recently presented by the EU Commission. Here are the opinions of the experts from ForgeRock, Onfido and Startpage on the proposal of the EU Commission.
The European Commission last week presented a framework for a European digital identity (EUid), which should be available to all citizens, residents and businesses in the EU by September 2022.
Proof of identity with a click of a mobile phone
EU citizens should then be able to prove their identity securely with one click on their mobile phone. The transfer of documents in electronic form should work without problems and online services should be used across national borders with the recognized national digital identification. According to the EU Commission, large digital platforms will be obliged to accept the use of EUid wallets - at the request of the user.
The experts from various security and data protection companies give their assessment of the EU Commission's proposal and give an outlook on what is needed for successful implementation.
Forge Rock, Gerhard Zehethofer
“We at ForgeRock welcome the initiative for a single European digital identity, the EUid. The corona pandemic was a real stress test for our digital systems and relentlessly exposed its weak points. Private individuals, employees, students - people of all ages have been using digital services more and more for over a year. What is still often missing in this new digital world are verified digital identities.
Worldwide analyzes of attempted fraud and data breaches show time and again that usernames and passwords are not a secure identification solution because they are relatively easy to steal or crack. Opening a bank account, using a new SIM card or a legally valid digital signature, however, requires secure, digital verification of identity using other means than user name and password, because without identity security there is no security. Everything begins and ends with identity. An increased use of modern technologies for authentication (e.g. through face recognition, biometric data or behavior) combined with the EUid will drastically increase the data security of EU citizens in the future. This requires a central platform solution with which users can verify themselves securely, but also easily and quickly. " www.forgerock.com
Clare Joy, Onfido
“The EU commissioner's plans to introduce a European system for digital identity are an important step towards a networked, contactless future. The pandemic has not only increased hygiene awareness, it has also significantly increased online identity fraud. This shows the Identity Fraud Report 2020 from Onfido. According to this, the average fraud rate for proof of identity in Germany increased by 23 percent compared to the previous year, from 6 percent in 2019 to 7,4 percent in 2020.
A secure digital form of proof of identity helps fight money laundering, prevent ID fraud and facilitate access to digital services such as online banking or hotel check-in. It is still unclear how the EU will handle the validation of an ID card issued by an EU member state, the guarantee of the security of this ID card and the linking of a person's physical identity with their digital ID card.
It is also still unclear how lost or compromised devices will be dealt with and whether the EU will allow third parties to access a digital identity with the user's permission. Ideally, a process based on digital identity could provide better protection against fraud. The digital IDs look like a boarding pass for the smartphone. They are less prone to loss and are therefore well suited for wide-scale adoption. It is crucial that the digital identity system is geared towards security and data protection and is user-friendly. " www.onfido.com
Robert Beens, startpage
“At Startpage, as the most secure search engine in the world, we have been campaigning for more privacy and rights on the Internet for years. This also means that we protect our users from being tracked by data octopuses on the internet. Login data is a particularly attractive gateway for them.
The planned architecture of the EU-ID aims at nothing less than a long-lasting super-cookie linked to the personal identity, with which every user gives his entire privacy in one hand. This could be the next privacy nightmare. This is one of the reasons why we see a lot of catching up to do in the current version of the EU ID from a data protection perspective. " www.startpage.com