What does the 'E-ID Consortium' do with my data?

Expeditions Opendata.ch/2019
1

Session #2 room C.02 @ Opendata.ch/2019
Participants: ca. 4

Adapted from the original protocol in German of “Was macht das #eID-Konsortium mit meinen Daten?”.

Participants’ experiences on the topic

  • Board. Community. Developer. The question of electronic identity is hotly discussed at the Swiss Data Alliance, DigiGes, in the national media etc, but at Opendata.ch this topic is brewing in the background.

  • Technical career. For a long time interested in political topics, discovers interests between democracy and open data. Today wants to be enabler for others who do technical work. For this, an electronic identity is something very fundamental. I do not wish a profit-oriented company to sell us something.

  • CH Open, previously in OSBA. More concerned with Open Source than data. At the Winterkongress earlier this year, it really caught my attention. There we learned that the SBB, Swiss Post, Credit Suisse, SIX, etc. joined a sort of consortium to explore the issue.

  • Judith Bellaiche (@judithbellaiche) once said at the podium something like “I do not wish to buy my passport at the grocery”. I was surprised by André Golliez’s support for giving private companies the leeway.

  • For example, Schaffhausen provides electronic identities with just one company administering the process. Already today the Swiss identity card is produced abroad. The Bundesdrückerei in Germany was a private enterprise for a long time.

Are there different aspects to the subject? How are we progressing?

Private Operators or State Operators? Why should the federal government be responsible for the development or not?

  • The address is there, but not so much data is actually associated with the E-ID. In Germany, it is already enough to have just the full name and date of birth. There are few cases when that is not sufficient for clear identification. A place of birth is no longer mandatory. At least within the EU.

  • (The issue is when) the data is aggregated by different (market) players with behavioral data, for example with what you buy. The companies that collect the data may be taken over, or sold. This must be forbidden - as a fundamental detriment to democracy.

  • On the technical aspect - to one side the products must be testable - as we have seen with E-voting. This is a strong argument for Open Source. Publishing must be done by the state, and it is really an issue for within E-Government.

What happens when you start to link private health data with an ID?

  • (Whether you have to or not is another question). Until now it was always clear that a company could do it. (Now the incentives are stronger).

  • We can look into some community experience with health data as Electronic Patient Files, the projects of eHealth Suisse. Are there any opportunities for Open Data if we can simply decide which data is partially or completely openly available?’.

  • As an example from abroad, some health authorities from the Middle East have a completely different system. There is just one public health insurance, determined from above. They have been collecting all data about patients for years. People don’t have a choice [about whether to share that data], and so they are able to make a population analysis out of it. They were able to find that certain locations - factories, for example, are harmful to health. That has a very meaningful side. Of course it is not published, but there is a central place for the data.

  • Another topic is communication, at least an email address - a possibility to reach every citizen even outside of catastrophes, and to exchange with them. Pioneers in this case may be better prepared to deal with certain scenarios through their (more intense) participation in city affiars.

  • There is no reason why a consortium should not offer a login for the whole of Switzerland. Removals are an example where one experiences a bureaucratic vicious circle and wishes for a solution. In the City of Zurich one can order a resident’s confirmation online, in other municipalities this is only possible locally or by post.

  • If certain cantons overtake others, and there are 26 different solutions for the same thing, it’s not good either. At the moment there are about 5-6 providers that are betting for an E-ID market. From a Swiss perspective, it is questionable why only large companies have the option.

What could be an appropriate next step?

  • I wish the Opendata.ch association had a clearer positioning on the topic, at least from the board, potentially in combination with //ch/open.

  • We could ask the community how DigiGes came around to having some consensus/guidance. I believe they ran a survey of the community.

  • If the E-ID comes as it is, then we expect (as André suggested) that the board will have a way to monitor that, e.g. that the solution is open source.

  • Can we not clarify what the necessary securities are in the handling of data, in the sense of data protection. “Data octopuses” will start crawling out of every hole.

  • There has to be a clear overview for the owner of the E-ID what happens when something is signed in your name, so you can see what happens at any time.

  • We should look for ideas as to how we can identify the E-ID as a chance for our club.

Translated with www.DeepL.com/Translator