Contracts are the foundation stones of collective life. They regulate relationships between economic actors and ensure reliability. Generally, mutual agreement is tacit. The same applies to the digital world, where contracts can be sealed with a few clicks. But there are transactions where the law demands the written form to be legally binding. The written word can also provide comfort to contracting parties. Seamless digital agreements are currently not possible on Switzerland. Although created electronically, contracts must be printed, signed by hand and returned by post – all unnecessary hassle in a digital age. Unfortunately, there is no technical prerequisite for unambiguously determining the identity of a natural person.
High penetration and many applications
A first attempt to introduce digital identity (E-ID) in Switzerland failed as the solution developed and offered by the federal government found few takers. The main drawback was limited applicability. So the government is well advised to choose a different approach for its new attempt. For the E-ID to work, it needs high acceptability and wide scope. Including private providers makes sense: they already have considerable experience identifying users. And they would generate most of the use cases in which an E-ID is necessary. For example, it is not yet possible to open a bank account online. The startups trying to get round this constraint have to make do with clumsy video conferences, where a physical ID card is placed in front of the camera.
The beneficiaries of an E-ID would not only be big banks and insurers, with their broad branch networks, or platforms like Amazon, Zalando and Airbnb. The latter all sell standardized consumer products or services and function without clear identification – a valid credit card is enough. The E-ID would help a much wider group, especially smaller providers. They could minimize the risk of default for purchases against invoice and protect themselves from legal disputes, especially in the case of non-standardized orders. And for customers, the E-ID meets growing demand for handling all types of business online and on the move. Even the disabled are better off.
The public administration would for the first time be able to offer a round the clock online ‘counter’. The fact that some cantons have made individual efforts to introduce digital identification of residents shows the need, although their efforts to date have been somewhat uncoordinated and correspondingly costly.
One alternative to the path currently being pursued by the federal authorities would be to use blockchain for a secure digital identity. In a technical paper, Walter Dettling of the University of Applied Sciences Northwestern Switzerland FHNW has spelled out how data protection could be guaranteed.
The state remains responsible for identity verification
In the distribution of roles envisaged in the draft law, the Swiss Confederation would verify a person’s details and create an appropriate identity office under the aegis of Fedpol. Technical implementation would be ensured by private sector identity providers. The state would remain responsible for maintaining the identification data.
The fact that there will probably be numerous identity providers using the same approach is to be welcomed, as it leaves the choice of technology or identity provider up to users. The ensuing competition will ensure high take up, as long as systems are technologically compatible.
Such extensive private sector involvement inevitably raises concerns about data security and breaches – not surprising in view of recent scandals. But there is no guarantee the state is, per se, any better guarantor of data protection. Historical experience to some extent even suggests the opposite. Data protection must not be limited to the question of responsibility for identification. It is important that the user should be able to decide which data he or she wants to disclose. Here we can rely on individual citizens’ own maturity and judgement. In the end, those solutions that make it possible to control the flow of data autonomously will prevail.
This article was published in the “Netzwoche” on 21 March 2019.