Digital Identity

Cybersecurity Map 08:26

Recommendations

The legislative basis required must be established to the level indicated above. The referendum should be used to conduct the public opinion-forming process as openly as possible.

 

 

State of the art

The long-term impact of digitalisation on our economy and how we coexist is beyond dispute. However, fundamental elements for digitalisation in Switzerland still have to be discussed and – in keeping with the spirit of the times – comprehensively tested in practice before widespread implementation. Questions like how society should deal with the rapid changes and how e-society in Switzerland should look have legal, regulatory and technical implications but also social and socio-political ones.

With digitalisation, the protection of the freedom and rights of the people as defined in the Swiss Federal Constitution (art. 1, para. 1) is extended mutatis mutandis to the virtual world. This extension is already under way in the commercial sector: Companies have understood that neither the physical nor network perimeters are the main objects to be protected in cyberspace. The identities of employees and partners and the associated roles, rights and capabilities/functions are seen as the new perimeter.

To lay the foundations for an e-society, a secure, trustworthy digital identity is required. It should nevertheless be noted that different tasks on the internet need completely different levels of trust in this identity. The same principle also applies in real life: for some tasks, we need a local ID document, for others a passport. But if we are to lay the foundation for an e-society, we need to establish an identity that achieves the same level of trust as the Swiss passport. The current legislation (Federal Act on Electronic Identification Services – e-ID Act) adopted by the Swiss Parliament lays the foundation for a digital identity.

The referendum against the e-ID Act submitted in early 2020 should now also be used constructively to hold a debate on which tasks should be performed by the state on a mandatory basis and which should be delegated to private companies – in the same way as in the real world, where this division of competencies already exists in relation to the passport. This division of competencies is nevertheless more complex in the digital world, as not just production but also usage must be taken into account.

Challenges

As digital identities and digital trust are very abstract notions, they are difficult to regulate – and that is before we even consider the idea that identity represents the boundary of the digital twin. There are lots of different players with various interests in this market who are trying to influence the political decision-making process.

The use of such an identity is also a contentious issue as far as privacy is concerned. Every authentication decision to reach the identity provider reveals sensitive information. Even though the use of this data is regulated, the issue of trust quickly arises in the public sphere.

Need for action

Switzerland requires a solid identity that covers companies, citizens, and foreign nationals with work permits, and offers a level of trust comparable to the Swiss passport. The legislation required must be established and the infrastructure set up.

References

SATW-Diskussionspapier: Überlegungen zu e-Society in der Schweiz

Volksabstimmung über das "Bundesgesetz über elektronische Identifizierungsdienste" (BGEID)

More articles from the Cybersecurity Map