Berlin Extend your ID card quickly on your mobile phone, apply for student loans or your passport: It could be so easy. In order for this vision of a digitized administration to become a reality, one thing is missing above all: the possibility of being able to identify oneself in a legally secure manner on the Internet. It takes a digital identity.
“A lack of digital evidence is one of the greatest obstacles to digitization of our time,” says the federal government. And Achim Berg, President of the Bitkom digital association, states: “The introduction of a digital identity and the abolition of the written form requirements would make it possible to deal with all administrative procedures digitally.” To advance the topic. “
The introduction of a digital identity is a basic requirement for liberating Germany’s administration from fax machines and paper chaos and transferring them to the modern world – the experts agree on this.
But the way there has so far been marked by controversial pilot projects, security warnings and a chaos of responsibilities between the ministries. A new attempt for a “smart electronic identity” is to start in December – albeit limited to very specific smartphone models.
Top jobs of the day
Find the best jobs now and
be notified by email.
The goal was honorable, but the implementation turned out to be more difficult than expected. Against the background that tech giants like Apple were increasingly working on their own digital identity systems, the federal government wanted to tackle the major project itself.
The federal government started three projects on the digital self
In contrast to the big tech platforms, the government promised a “citizen-centered” solution in which the data would not be stored centrally. In addition, she wanted to forego “monetization” and tracking of the data. The pressure in this regard is also coming from Brussels: by 2030, 80 percent of EU citizens are to use a digital identity.
So the federal government started three projects on the digital self. On the one hand, the Federal Ministry of the Interior wanted to make a version of the identity card available on smartphones with the Smart eID. On this basis, the “ecosystem of digital identities” managed by the Federal Chancellery should also provide additional evidence such as marriage certificates or extracts from the land register.
In addition, the Federal Ministry of Economics runs a showcase project with a research focus. A total of six federal authorities and the Federal Data Protection Officer are involved in the “Digital Identities” project.
So far, the ecosystem project has made the headlines. A first example of application was launched in May with the prototype “digital hotel check-in”. For this purpose, the Federal Chancellery had a kind of digital wallet, the so-called “ID Wallet”, designed.
She promised business customers that they would be able to check in digitally at participating hotel chains. Digital State Minister Dorothee Bär (CSU) was photographed at the start of the campaign with her smartphone at a hotel reception. But even then it should have been clear that the “ID Wallet” in this form was characterized by security deficiencies.
The introduction is not recommended
Because just a few days before the start of the project, the Federal Office for Information Technology (BSI) had drawn the BMI’s attention to some of the app’s weaknesses. Conclusion: “The BSI advises against using it in its current state”. However, according to information from the Handelsblatt, the BMI did not make it to the responsible chancellery.
In September, Federal Transport Minister Andreas Scheuer (CSU) proudly presented the digital driver’s license, which was also based on the “ID Wallet” concept, just a few days before the general election. However, since the BSI report was published, it has been retrofitted in terms of security technology.
Scheuer praised the project that the driver’s license has the potential to make everyday life much easier for drivers. What he did not mention, however, was that the “cloth” on the smartphone could not be used. At traffic controls, drivers still had to take the analog card out of their wallet.
Only a few days after the election, the “ID Wallet” app was taken off the market for revision. At first it was said that the process would take a few weeks. According to the Handelsblatt information, there is now talk of several months. Other planned user examples, such as the activation of prepaid contracts for cell phones, will be delayed until next spring.
One of the problems: the ID data is requested using a QR code. If a smartphone user reads this code, their stored personal data is retrieved. If fraudsters manage to change such a code, they can also view the ID data. The app did not provide for a control in which the “querying” entity also has to identify itself.
Although, according to IT specialists, attackers cannot do much with the data, this security gap caused considerable damage to the image for the first attempts at digital identity.
Specially founded company
The company behind the “ID Wallet” is Digital Enabling GmbH, which was only founded at the start of the project in April 2021. Behind this is Esatus AG, which developed the app in cooperation with the US technology company IBM. Bundesdruckerei is also involved in the project. The calculation: The new company founded specifically for this purpose left the option open that the federal government could join it at a later date.
Bundesdruckerei has already successfully carried out digital identity projects in other countries with one of its subsidiaries, Veridos GmbH. Since 2018, for example, drivers in Kosovo have been able to identify themselves with digital driving licenses issued by Veridos. Upon request, the company will let you know that it only conducts its business outside of Germany and that it is therefore unable to make any assessment of the situation in Germany.
Bundesdruckerei is working on the “Smart eID” project, which could transfer ID cards to mobile phones. It should start in December. The problem, however, is that only a few citizens are likely to benefit from this service. Because so far the Perso for the smartphone only works on the S20 models from Samsung for security reasons. Chips are only built into these cell phones, on which the data can also be safely stored.
More: Digitization is not sexy, it is hard work