The European Union’s eIDAS regulation, which aims to revolutionize online interactions through the introduction of a digital identity, is closer than ever. However, this innovation raises privacy concerns, questioning the balance between efficiency and individual freedom. Are decentralized identity projects in danger?
What is the eIDAS regulation?
If the Covid-19 pandemic has had a beneficial impact, it’s certainly been to highlight the crucial importance of digitizing our economy.
In recent years, we have seen a growing gap between our traditional financial and administrative institutions and the demands of our digital lives.
Digitizing these institutions is not just a matter of updating or modernizing, it is an essential transformation to bring them into line with the rapid evolution of our society.
It is becoming essential for these institutions to modernize; the digitization of our currency and the digitization of our documents will soon no longer suffice. With the growing adoption of digital tools and the emergence of Web3, our institutions have no choice but to get up to speed.
That’s exactly what the eIDAS (electronic IDentification, Authentication and trust Services) regulation is all about.
This European Union regulation aims to establish a digital identity to facilitate electronic interactions requiring identity verification.
In short, this regulation, which is due to be voted on in the first quarter of 2024, aims to enable public authorities in EU member states to create a wallet by 2025 that will store the biometric data of citizens who wish to possess a digital identity (eID).
The technical problems posed by the eIDAS regulation
Although the idea stems from a real problem, the way the European Union is trying to solve it raises several questions about the reliability of such a tool.
In November 2023, two letters were sent to Members of Parliament and Member States of the Council of the European Union. The first letter, sent on November 2, 2023 and signed by 13 Internet companies, including The Linux Foundation and Mozilla, and the second letter, sent on November 8, 2023 and signed by 504 scientists from 39 countries.
In both letters, the signatories express their concerns about the eIDAS regulation, and more specifically its articles 45 and 45a.
Articles 45 and 45a would require web browsers to recognize new types of certificates for website authentication.
The current structure of this system uses special programs managed by browsers and operating systems, guaranteeing the reliability and security of websites and online communications worldwide. Changing this structure without detailed study and consultation could make the system more vulnerable.
Application of these two articles of the regulation could lead to fragmentation of the Internet, limiting access to websites outside Europe.
In these two letters, the signatories underline the effectiveness of the current system, and express their concern about the new vulnerabilities that could be created by the adoption of the new European Union directives.
The 517 signatories therefore call on the European Parliament and Member States to review these proposals in order to preserve the essential security of the Internet.
Digital identities would be one more tool to reinforce state surveillance
BREAKING: Very bad news. The European Parliament and Member States just reached an agreement on introducing the Digital Identity, eID
Directly afterwards, EU Commissioner Breton said: “Now that we have a Digital Identity Wallet, we have to put something in it…”,… pic.twitter.com/SVC5exas9b
– Rob Roos MEP (@Rob_Roos) November 8, 2023
As MEP Rob Roos points out in his tweet, the risk is also that of giving EU member governments the opportunity to link their citizens’ digital identities (eID) to their digital euro wallets (Cash+).
Indeed, the implementation of an electronic wallet integrating electronic identification (eID) and digital euro (Cash+), also scheduled for 2025, could raise serious concerns about privacy and individual freedom.
With such a system, governments would have the technical capacity to directly monitor the financial and social activities of their citizens, including the ability to trace, analyze and potentially prohibit certain transactions.
This extensive surveillance capability could lead to an excessive intrusion into the privacy of individuals, giving rise to scenarios where financial actions are constantly monitored and evaluated by the state.
Furthermore, it is important to note the irony of the situation when these same governments criticize other nations, such as China, for their surveillance and control practices over their populations.
These criticisms often focus on how the Chinese government uses technology to exert close surveillance and control over its citizens, particularly in the context of their digital currency and identification systems.
Finally, although the European Union’s eIDAS initiative aims to simplify citizens’ digital lives, it raises major concerns about privacy and state surveillance.
As efforts are made to strike a balance between modernization and respect for individual freedom, it is crucial to take into account feedback from industry players and experts to avoid falling into the traps of excessive surveillance, such as those observed in other countries.
