Watch the video everything you need is there.
This country was once so resistant to any mandatory national ID that the Social Security Administration was only able to issue cards after assurances that the ID number not be used as such. That didn’t last long, and now we’re here.
And that’s the fundamental problem of the SSN. It’s a system designed not to be an ID, for a country that refuses to have an ID, that is being used as an ID despite it’s design, because it’s simply not viable to not have some form of an ID in a modern society.
The problem isn’t digital id, it’s the implementation.
The Estonian system is a great example of digital ID done well. It blocks unauthorized access to your data at a policy and technical level. So even if they change the laws, the technology means it’s literally impossible to make the system disclose information without your consent.
That being said, anything the current US govt. tries to implement around this should probably be treated with heavy distrust.
The problem is the government keeping track of you, in principle, if the government is not democratic and accountable to the people, which it is not.
Agreed, there is no democracy in Estonia.
A pretty good system, the crucial implementation being a robust consent management system for data access, and Metadata tracking to make sure the account identifier isn’t being used behind the scenes as a de-facto tracker by the public sector.
To me the risk of Digital ID is two fold, one it gives the government a centralized means of tracking individual behavior and thereby crushing dissent (from a Social Credit System, to straight up Russian style gulagging the opposition). On the flip side it gives private sector actors a central immutable identifiers to associate behavior with that can’t be erased by deleting or abandoning an account.
Age Verification is the point where these two concerns are merging into one. Abolishing online anonymity is tantamount to universal surveillance by both the state and private actors, setting up a system of automated persecution tyrants have dreamed of for ages but hasn’t been possible until today with Machine Learning making mass data processing automation both viable and feasible.
Fascist population control and the “final solution” weren’t possible in the way they were implemented until IBM sold the Germans early tabulating machines / computers. ML is the next phase of that same arc of development.
Use of Digital ID to log internet activity is what makes individual data streams continuous, contiguous, and compileable by default.
The consequences are clear, the question is what we can do to prevent it from happening.
So I 100% agree with everything you’ve said, and to be clear, I’m not Estonian, have never been to Estonia, and have never seen the system in question, but:
gives the government a centralized means of tracking individual behavior
gives private sector actors a central immutable identifiers to associate behavior with that can’t be erased
I don’t believe that either scenario is possible in the Estonian system. At least, they’ve gone to great lengths to make those scenarios very hard to achieve at either end.
This is my (probably simplistic, and definitely not guaranteed accurate) understanding of the process using the example of age verification.
Porn Site
Awants to verify UserD’s age.Dhas previously registered their DOB in Govt. SystemBAshows the request toD, which says: I would like to verify JUST that you are over 18. Not your exact DOB, and no ID’s, just enough to prove that you are authorized to view dem titties.Dthen goes to intermediary systemCand says: Please generate a 1 time use certificate that proves I’m older than 18.Cchecks withB, and generates a “YES” token that it presents back toA.AandBhaven’t communicated with each other andB(the govt.) have no knowledge of the transaction, butAstill has a valid method of authorizingDwithout identifying them.The problem is
Ccould be tracking the user. I believe in Estonia, this intermediary system is outside govt. control, but is regulated by them. They’re audited like banks. I believe this is supposed to be all local, and would just be a cryptographic wallet for your govt. issued certs, and requests should be betweenAand your device, not a 3rd party server.Another problem is “This site uses cookies” style abuse, and users just agreeing without understanding what they’re agreeing to. They have authorities and laws in place to prevent that theoretically. No idea how effective they are
Anyway, I kind of went off a bit here. Point is, the Estonian system is pretty robust, and really cool
Yes, the idea of the physical ID card they discuss makes a lot of sense, however that has the problem of associating your device with your ID.
When it gets to cloud hosting the personal data and an intermediary validation service that’s where I get skeptical.
All this said, in the US there are private services that validate physical ID cards using the codes on the back or a scan of a photo of the ID, so clearly the information has already been made available to private industry from the government through some channel.
Absolutely, C is the weak link. There are ways to mitigate that, though. Like I said, there’s no need for a server. The intermediary can and should be all local.
As for cloud backups, there’s no reason to keep a log of requests, so there shouldn’t be anything to back up, other than the certs themselves. Even if there is though, that’s in the user’s sphere of influence. De-googling is becoming more and more popular, and there’s nothing preventing you from disabling cloud backups.
All this is just to take it back to my original point: The idea has some great benefits, but the implementation matters immensely
Same for the Belgian implementation.
Had a quick look, and ye looks like the same kind of system with the scary and notable caveat that the belgium system isn’t govt. owned! It’s owned by: “Belgian Mobile ID, a consortium of local telecom companies and banks.”
That makes me deeply uncomfortable.
I think we should return to the way humanity did it for almost all of its existence and not have IDs.
My general policy to resist every sort of tracking corporations and authoritarian governments want to implement. The downsides outweigh any benefits.
Me too. Keep your carefully chosen PI in a physical wallet. Have to swipe a card, keep it in your hand. If you didn’t choose the pin# or password, it’s not ‘yours’. Suspect any ‘digital’ transactions … coupons, QR codes … that may expose your PI.
Coming soon to America.
I think it unlikely that the United States will have a National Digital ID system anytime “soon”. We may eventually end up with one but I’d be shocked if it doesn’t take at least two decades. As an example the Real ID Act was passed in 2005 and multiple states were still fighting in 2025. It doesn’t even completely take effect until 2027!
We also still have the option to not use Real ID
I doubt it purely because the resistance to any form of functional national ID there with the party in power traditionally being the ones that oppose it. Crazier things have happened, though.
I live abroad, but I need access to government stuff in both the UK and the Netherlands. If I didn’t have a digital ID, I’d have to travel there every time I had to do something with my pension, taxes, etc.
The Chinese Liberal Democratic Party referred to in the thumbnail seems to be a western organization, likely US-based, platforming anti-China propaganda without taking into account the desires of Chinese people.
What’s this source?
I agree with some of what he’s saying, but is seems like the main issue is surveillance, not digitizing IDs. I mean if you have a driver’s license you’re already in a digital database. Or if you were, know, born. If they wanted to track you, they can use your car (like Flock Safety) or just your face. They already know where you live and where you work. The problem he faced in China is being required to scan IDs everywhere (and get logged), and that the government has total control of their internet. Neither of which are happening here.
It seems like the current way it’s going to be implemented is basically storing ID information on your phone that’s signed by the government. So if the bank scans it they can see your information, that it wasn’t tampered with, and that it matches what the government has. Just some bytes that got cryptographically signed. Not much different from a physical ID that’s “signed” by having a bunch of security features. They already have to verify any identification you hand them, this will just make it more convenient.
Now if the government can see each time you use it and what for, that’s different. That’s what he’s against. But it doesn’t seem like that’s the way it will go. And it seems like digital ID is optional, you can just use a physical ID. So this seems very alarmist to me, IMO.
The govt doing something to attack my liberties? I’m shocked
Why? I already have and use one for years. Most people in the privacy community have no issue with it.
Do you represent “most people”?
This is the biggest struggle of the decade at least. It needs to be forced on every politician as an issue to make statements on. No votes for Digital ID supporters.
