'Provisional Agreement' Reached on eID, a 'Digital Identity for All Europeans'

This week the Council of the European Union made an announcement. "With a view to ensuring a trusted and secure digital identity for all Europeans, the Council presidency and European Parliament representatives reached today a provisional agreement on a new framework for a European digital identity (eID)."

The proposed new framework would also require member states "to issue a digital wallet under a notified eID scheme, built on common technical standards, following compulsory certification."

"With the approval of the European digital identity regulation, we are taking a fundamental step so that citizens can have a unique and secure European digital identity," said Nadia Calviao, acting Spanish first vice-president and minister for economy and digitalisation.

From the announcement: The revised regulation constitutes a clear paradigm shift for digital identity in Europe aiming to ensure universal access for people and businesses to secure and trustworthy electronic identification and authentication. Under the new law, member states will offer citizens and businesses digital wallets that will be able to link their national digital identities with proof of other personal attributes (e.g., driving licence, diplomas, bank account). Citizens will be able to prove their identity and share electronic documents from their digital wallets with a click of a button on their mobile phone.

The new European digital identity wallets will enable all Europeans to access online services with their national digital identification, which will be recognised throughout Europe, without having to use private identification methods or unnecessarily sharing personal data. User control ensures that only information that needs to be shared will be shared...

The revised law clarifies the scope of the qualified web authentication certificates (QWACs), which ensures that users can verify who is behind a website, while preserving the current well-established industry security rules and standards.
"When finalised, the text will be submitted to the member states' representatives (Coreper) for endorsement. Subject to a legal/linguistic review, the revised regulation will then need to be formally adopted by the Parliament and the Council before it can be published in the EU's Official Journal and enter into force."

Stop! Show your papers!

[mileshigh]

Goodbye anonymity.

Re:Stop! Show your papers!

[bsolar]

Anonymity was never an option in most cases: if you want to access some services you need to identify yourself first.

Most European countries already have identity documents: this is merely the digital version of them which would allow for accessing services online in a consistent manner.

Re:

[bagofbeans]

The revised regulation constitutes a clear paradigm shift for digital identity in Europe aiming to ensure universal access for people and businesses to secure and trustworthy electronic

• ...identification

...and authentication.

They mean surveillance.

Re:Stop! Show your papers!

[mileshigh]

Fast forward a few years and it'll be required on all sites after some inevitable digital 9/11. "...and why not show your ID? You say you're just checking stock prices? Well, that might be just the clue authorities need to track down human trafficking or child porn or terrorism. Or insider trading. Honest people have nothing to hide. The ID makes everything totally convenient and secure for both your and the authorities."

Re:Stop! Show your papers!

[AmiMoJo]

On the other hand, the EU has consistently defended personal liberty and privacy. Germany, for example, has some of the strictest rules in the world.

Re:

[iAmWaySmarterThanYou]

In some senses, from corporations. Sure. Are Germans' activity private from the government?

Corporations want to gather personal information to sell you stuff. Governments want information to control you.

Re:

[NomDeAlias]

You just haven't been paying attention. It's not like this is a secret. They've been telling us this will happen for awhile now.

Re:

[ArchieBunker]

What, that the government would make a digital version of the physical ID they already give you?

Re:

[ArchieBunker]

Like I stated in another post. You have a real persecution fetish.

Re:

[iAmWaySmarterThanYou]

He's not being willfully ignorant. He is a huge pro-big-government guy. Government good, more government better.

Very simple.

Re:

[iAmWaySmarterThanYou]

After the OPM breach all I got was a letter saying I could get a year of free ID monitoring.

Not even an "oops, sorry!"

Gosh, thanks guys! Made me feel so safe and taken care of.

Re:

[quonset]

Anonymity was never an option in most cases: if you want to access some services you need to identify yourself first.

In the U.S. you need to show [voanews.com] ID [time.com] to buy [cnn.com] groceries [huffpost.com].

Re:Stop! Show your papers!

[mustafap]

God help you, there is a chance that nut-job could be back, with even more nonsense.
I'll pray for you.

Re:

[DrMrLordX]

That's just Trump babbling.

Re:Stop! Show your papers!

[quonset]

That's just Trump babbling.

This is him babbling [imgur.com]. His comment about needing ID to buy groceries is his senility kicking in.

Re:

[Calydor]

The closest I can come to needing ID to buy groceries is if for whatever reason the store wants to confirm it's not a stolen credit card. Last time I had to show ID to verify I was actually the owner of the card was pre-pandemic. I think the stores dropped that idea HARD when literally everyone was asked to please pay with card instead of cash if at all possible ...

Re:

[sarren1901]

That's funny because as someone that works in a fucking grocery store, that's 100% not true. I buy groceries nearly every work day and NEVER do I show ID. I even pay cash on some of these purchases with nothing else identifying me to the system.

Re:

[sarren1901]

I could buy supplies to make beer without an id and craft my own beer!

The vast majority of products in a grocery store don't have any ID restrictions attached to them. So to say you need ID to shop at a grocery store is really far fetched. Yes, we do sell controlled substances but it's a small portion of our business.

Also, beer isn't "groceries", its alcohol and totally an optional purchase that many people do completely without.

Nothing wrong with beer of course but let's not pretend beer is a banana or bre

Re:

[Bumbul]

They are not checking ID when you buy a six pack of beer?

Or is beer and such not allowed in grocery stores where you live?

Wait... are they REALLY checking ID when you buy beer in the U.S.? Even if the person buying it is clearly over the age limit?

Re:

[NomDeAlias]

Soon it will be all services. Almost everywhere on the planet has identity documents that doesn't mean there aren't major concerns about a digital ID that will obviously be linked to a digital wallet with a digital currency that will empower authoritarian control.

Re:

[VeryFluffyBunny]

If this is what I think it is, most EU member countries have this already within their own borders (I have one & it gives me online access to almost all govt services, including healthcare. It's very convenient.) It sounds like a proposal to have a standard so that citizens can use the same eID in other EU member countries, e.g. if you need access to universal healthcare, to enrol your kids in a state school, access employment & tax records, etc.. We can already do a lot of this with our physical na

Re:

[iAmWaySmarterThanYou]

Your tax guy can just grab money from your account?

Holy fuck!

The IRS said I owed $150k. By the time we were done and their bad numbers were corrected they sent me a check for $94k.

Fuck them just reaching in and grabbing 150k when they owe me almost 100k. Or reaching in at any time for any reason.

Re:

[VeryFluffyBunny]

If I'm concerned that I'm paying too much or too little tax, I can also look up my tax records online & correspond with or arrange to see someone at the tax office. No need for huge, once-a-year, surprise tax bills. I mean, I'm sure it is possible to do it that way if you want to but... why?

Re:

[billyswong]

While I have a bit concern in power concentration to EU, what "anonymity" you want to the government? If you want anonymity of your money, the solution is NOT refusal to link your bank account to that eID. Your bank account is not anonymous since the beginning. All banks are required to collect enough personal private data so that government can catch you when that bank account involves crime.

If we want better anonymity in what we buy and where we go in daily life, we should either (1) make sure everythi

Re:

[ctilsie242]

There is also a separation between anonymity and privacy. In theory, in a government that knows what they are doing, they may know a lot about Alice's banking, but Mallory working for Lower Elbonia's intelligence corps is not going to be able to find out anything about what Alice likes buying, and Mallory won't know what Alice likes a certain (legal, but odd) kink, which she could be fired from her job for if it was made public.

However, because this often isn't the case, where if the government knows somet

Re:Stop! Show your papers!

[znrt]

why on earth would expect or even want anonymity when transacting with the administration?

e.g. (quote from https://commission.europa.eu/s... [europa.eu]):

public services such as requesting birth certificates, medical certificates, reporting a change of address
opening a bank account
filing tax returns
applying for a university, at home or in another Member State
storing a medical prescription that can be used anywhere in Europe
proving your age
renting a car using a digital driving licence
checking in to a hotel

well, if this auth system were mandatory for any business or activity online you would have a point, but it just isn't. for that they would have to 1) pass an explicit law and ofc 2) get every single service (even your shady dealer) to comply. the existence of a common id would be indeed a prerequisite for that, but both are highly unlikely, .

Re:

[bagofbeans]

Why is "checking in to a hotel" transacting with the administration?

Re:

[mustafap]

Because you might wreck the place. Have you met any rock stars?

Re:

[bsolar]

Why is "checking in to a hotel" transacting with the administration?

Because the administration would be able to identify you through an online service and would allow for that identification to happen in an authoritative and standardized way.

In case you don't realize it, "contactless check-in" is actually a thing nowadays.

Re:

[iAmWaySmarterThanYou]

Contactless check in? Sounds horrible. How am I getting a free upgrade or extra services by checking in through a computer?

Hell, even small stuff is great. After an airline scheduling fuckup caused a missed connection I showed at a convention 8 hours late and was a wreck. No idea where my luggage was and needed to clean up. The front desk gave me a pile of shampoo, soap, tooth paste, tooth brush, comb, etc just for asking. Try that with a computer screen or a card reader.

Re:

[test321]

Hotels already have to report the name of their guests to the administration, at least for the non-nationals. I guess it has to do with immigration regulations (so they can check you do not overpass your visa days). Have you ever stayed at a hotel where you did not have to give your name?

Re:

[pjt33]

In some countries it has to do with immigration (e.g. in the UK hoteliers have to maintain a register of guests except those with British or Irish nationality). In other countries, AIUI, it was introduced to make it harder for criminals on the run to remain undetected.

Re:

[znrt]

it is in most of the world afaik. where have you checked in without supplying an id or passport?

Re:

[taustin]

well, if this auth system were mandatory for any business or activity online you would have a point, but it just isn't.

Yet.

Re:

[NomDeAlias]

Some people can't think more than one step ahead.

Re:

[taustin]

You have five extra words at the end of that sentence.

Re:

[UpnAtom]

Why would there be more identity checks than there is currently?

Re:

[NomDeAlias]

To surveil and control is why.

Re:

[UpnAtom]

OK but my question was actually why converting national schemes to this scheme would make that more likely.

Mandated ID for social networks

[loufoque]

How long until those IDs are mandated to log in onto social networks?

Re:

[mileshigh]

Social networks? Try again: EVERYTHING! Between butt-covering lawyers, marketers and organizational data-squirreling instincts, getting your ID will be the default for any site.

Re:

[NomDeAlias]

It is foolish to just dismiss what the most powerful people on the planet have openly said they are going to do. Paying attention isn't paranoia.

Re:

[UpnAtom]

Who are these people? Genuine question.

Re:

[NomDeAlias]

I just go watch some Youtube videos from the WEF or UN. They are doing this out in the open. "You will own nothing and you will be happy!"

Re:

[ArchieBunker]

Oh come on you can't forget about Soros!

Re:

[NomDeAlias]

Willful ignorance at it's best. They have you trained well.

Re:

[UpnAtom]

You've just waved a finger at WEF & the UN. That's your entire argument so far.

Do you have anything substantial?

Re:Mandated ID for social networks

[ArchieBunker]

These huge conspiracies fall apart when you ask some basic questions

1) Who is doing it?
2) Why are they doing it?
3) Who gets to benefit?

Re: Mandated ID for social networks

[MrNaz]

1. Powerful billionaires.
2. So they get richer and more powerful.
3. They do.

Those answers aren't all that complex. Just because there are stupid shitty conspiracy theories about the rich and powerful doesn't mean the rich and powerful are a benign group.

Re:

[Bumbul]

What limits does GDPR place on governments?

When it was new I read through it, don't recall anything like that.

GDPR also concerns MOST of the public sector. I believe the law enforcement is the only exception, but there is a separate directive to govern that: https://eur-lex.europa.eu/lega... [europa.eu]

Similar approach, but of course allowing exchange of information when investigating criminal cases.

A quote from the beginning: "(1) The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (‘the Cha

Re:

[geekmux]

How long until those IDs are mandated to log in onto social networks?

Yes, because the most dangerous thing about THE form of identification being hacked, stolen, or destroyed, is the ability to access your Instafarce account.

At least we know what the critical priority will be for Gen LookAtMe.

Re:

[NomDeAlias]

LOL it's not about the worry someone will access your account. If you don't tow the line there will be no account is the worry.

Re:

[UpnAtom]

Err, citizenship is guaranteed by EU treaty.

Re:

[NomDeAlias]

What does citizenship have to do with being banned from social media because you criticized someone in power?

Re:

[ArchieBunker]

Do you even live in the EU?

Re:

[NomDeAlias]

What does that have to do with the question seeking clarification about a comment that appears to be wildly irrelevant to what it was responding to?

Re:

[nicubunu]

European is NOT a race. You are probably thinking at Europoid, which is an alternate name for the Caucasian race.

Re:

[UpnAtom]

Since you can just pretend to be from the US, you can't be banned.

But why would the EU co-operate with democracy-damaging US corporations?

Re:

[NomDeAlias]

Well the original comment mentions mandating it for social media which is something many have floated as a way to stop disinformation. That would be future legislation. Governments around the world are chomping at the bit to censor dissent online. They won't have to let everyone have a an account they've already been caught pressuring social media to remove pesky dissenters. This shouldn't seem far fetched at all after the last 8 years since social media and Russia were scapegoated for Trump being elect

Re:

[Calydor]

One might be able to take you a little bit more seriously if you knew the expression is to 'toe' the line, as in standing right up against it rather than pulling it somewhere.

Re:

[NomDeAlias]

That's not a serious reason to dismiss what was said so we are at a stall mate ;)

Re:

[Calydor]

Maybe not, but it is a serious reason to not take you seriously as you appear to be regurgitating sound bites without an actual understanding of what you're saying.

Re:

[NomDeAlias]

You appear to be searching for ways to ignore the subject in order to combat cognitive dissonance. Seriously all you can muster is style criticism without addressing the subject.

not "mandated ID for social networks"

[pitch2cv]

Must be funny for those where Napoleon didn't visit, but the rest of us all have ID's since, just like we use the metric system. Now the digital ID is just being standardized.

For social networks? Nope, that's not how it works. Citizens use it for any and all communication with official instances.

Tax papers? Long since I've seen one. Medical documents? Previous and current residencies and real estate, criminal records (or better, lack thereof;) if the new job demands a clean sheet, you name it. It's all ther

Re:

[UpnAtom]

All the ID card schemes in existence are left over from WW2. Whilst the EU at least has the strongest privacy and other rights in the world, with the far right's prominence, it is far from guaranteed that this data won't be abused. It's not impossible the left will abuse it too.

I haven't looked at this scheme yet and will campaign for improvements. The devil is in the detail of course. Nobody should have access to this data except on a strictly limited basis where needed. The line about user control is

Re: not "mandated ID for social networks"

[pitch2cv]

Govt and it institutions has such data on is anyway. With eID, one gets to access it and has free access. Anytime, from anywhere.

Some muricans here think just because their data is handed out to the highest bidder in DC, corporate and commercial black boxes they never get to see, that it doesn't exist. They better think again.

Also, I'd pick my ID that I can block, revoke and change like any bank card over a hardcoded [p]Social Serial Number[/pun] any time. Any time.

Re:

[NomDeAlias]

Oh sweet summer child. Your naivety would be cute if it wasn't going to help damn us all.

Re:

[0xG]

How long until those IDs are mandated to log in onto social networks?

How long until social networks *prefer* you to "login with eid"?
If apple created an app for this, people would line up to try it.

Re:

[ArchieBunker]

How long until social networks *prefer* you to "login with eid"?
If apple created an app for this, people would line up to try it.

What's stopping social networks from requiring the number from the physical ID card people already own? This line of thought is so dumb.

Re:

[JeffOwl]

Yeah, social networks don't need this. They are already tracking most users at a level way beyond the average person's understanding.

Re:

[NomDeAlias]

It's stupid to see the surveillance/censorship state's explosive growth in the digital era and not understand the gov will mandate it under the premise of stopping dangerous disinformation and terrorist plotting. The ground work is being laid already. They aren't even hiding it. They are saying it to your face. You have to be seriously dedicated to ignorance not know what is coming.

Re:

[ArchieBunker]

You sound like conservative talk radio in the 1990s. Nothing they ever said came to fruition. The closest they came to being right was saying how bad a company Monsanto was.

Re:

[NomDeAlias]

That's a silly strawman that makes you sound naive and ignorant. Rather than addressing what powerful business leaders and politicians are literally saying you've chosen to go off on some irrelevant tangent rehashing an argument you've been having in your head since the 90s.

Re:

[sarren1901]

You've tried your best to convince them Nom. They seem to think that history couldn't ever repeat itself and that some future dictator could never gain power ever again.

It's the same problem here in the US. Democrats want to essentially ban gun ownership, thinking that there is no possible way we may need those guns when a future government goes full on authoritarian on us. You would think after seeing someone like Trump actually win and he could win again, would be enough to wake them up to the realities o

Re:

[NomDeAlias]

Prefer? Nah they'll be required to do so.

Re:

[znrt]

well, as soon as those social networks decide they want to see their user totals plummet ...

note i'm not defending or endorsing this particular initiative, but you folks could really take it a bit easier with the tinfoil ...

Re:

[NomDeAlias]

They'll just spin it as freeing their networks of bots and if all the social networks are forced to adopt it at the same time in each region there will be no ground lost to competitors. They will all just have a new baseline. The real pain they might feel will be the hit on fraudlent ads being served to bots but they'll just jack up the price of advertising to real people to make up for it.

Re:

[ArchieBunker]

Terrible reasoning. What is stopping social networks from mandating the number from the physical ID card you already own?

I must ask, do you give money to the NRA? All guns owners are scared to death of some national firearms registry. So they pay money to an organization which is a glorified registry of gun owners.

Re:

[NomDeAlias]

Terrible reasoning. You are pretending they will have a choice.

Re:

[sarren1901]

Do you really think it's not possible for a future law, think of the children!, to be passed requiring all social media to only allow people to log in if they use their official ID? Seems like a natural progression to me.

Re:

[UpnAtom]

Why would the EU let US corporations that threaten the EU's safety have that data?

Facebook caused Brexit.
X is run by an insecure MAGA-ist nut job and is literally actively promoting hatred of Jews today. It's listed as a trending topic FFS.

Re:

[WindBourne]

And then social networks will simply pick up from a nation and move to another. Issue SOLVED.

You and others like you, continue to push for conditions that will allow cyberattacks, political manipulation, and insane social media to continue.

Re:

[ctilsie242]

In some countries, one has to type in their ID in order to log onto Internet cafes and social networks already before access is granted.

This is a great idea

[backslashdot]

Also a brain chip that can be used to control people's movements. In case they do something illegal, or untowards (to the government, not each other).

Not Sure

[VampireByte]

tattoo in progress https://www.youtube.com/watch?... [youtube.com]

I'm sorry your social credit is now negative

[BigFire]

Kindly submit your body to the suicide booth and do society a favor.

What is the European Economic Community

[Mirnotoriety]

What has any of this got to do with selling produce in a Common Market [wikipedia.org]?

Re:

[UpnAtom]

The EU isn't a common market. It's part of a common market called The Single Market, which also includes non-EU countries like Norway and Iceland.

The EU is a level of multinational Govt with its power limited by treaty. Outside of that scope, all countries can veto measures on an individual basis.

And the EEC hasn't existed since 1993.

Re:

[test321]

It can simplify cross-border sales of products and services where you have to prove your identity, such as prescription medicines and tobacco. you presently can't do that because websites don't implement an ID verification that would work for all the member states.

But I don't think it's the main motive. The main reason is "harmonization". Each time the occasion appears to change a system (e.g. ID systems), they do it EU-level instead of national level. When I was young, identity cards where a piece of brown

Actually something similar exists.

[havana9]

In Italy you have to use, to access public administration services a form of Single Sign On with 2FA.
You could use SPID [spid.gov.it] That normally uses an email/password and a token or sms confirmation. An older system, that could also be used to digital sign documents it's the CNS [agid.gov.it] that require for 2FA a smart card, isn't widely used because it requires a smart card reader and it's difficult to use with smartphones. A new version stat uses NFC it's the CIE that's embedded with newer plastic ID cards.
So at the end i

About fucking time

[WindBourne]

Many a55holes here will claim that anonymity will disappear. Nothing could be further from the truth.
If you have a VETTED digital cert from the government: 1) it does not mean that the dark web will go away.
2) it does not mean that all social media sites will require that you use them (though MOST likely will).
3) if a social media site requires that you use these, it does not mean that they will require you to have only 1 logon (few will likely do that).
4) if a social media site requires that you use

Re:

[NomDeAlias]

Everything you said it doesn't mean is exactly what it means. Must be opposites day.

with a click of a button on their mobile phone

[MpVpRb]

I oppose this
What about desktop computer users?
Will we be prevented from participating?

Re:

[NomDeAlias]

It will be interesting after they mandate support for digital id be built into hardware and disallow legacy devices on networks. I'm sure there will be a game of cat and mouse to work around and spoof. There will certainly be a boom for black markets selling fraudulent credentials. There's going to be an awful lot of deceased people still magically using the internet. It's going to be a bumpy ride.

Some notes and insight on eIDAS 2

[kaur]

The new regulation is called eIDAS 2 in brief.
Google "eidas 2" for background information and opinion articles.
Relevant Wiki page: https://en.wikipedia.org/wiki/... [wikipedia.org]

I assume most Slashdot readers are from US.
Some notes for the non-EU audience.

1) EU had eIDAS 2 in 2014. It was a complete failure, unable to fulfil any of its goals to any degree.

2) EU is not a country or government. The laws it creates are mostly a framework that the real Europe - member states and companies - should implement. Amend the local,

Re:

[WindBourne]

I should have posted AC so as to mod you down.
This is what is needed to SLOW DOWN cyberattacks, social attacks, etc. Just because you get a DC does not mean that you must use it everywhere.
But, I suspect that you KNOW that you will lose your ability to troll, even though you would still be able to post AC, etc.

Re:

[WindBourne]

BS.
I have been working on Internet protocols/language patches since late 80s. This is DESPERATELY NEEDED, as long as it is a vetted ID, which is then served by non-government groups.
We need this to kill off cyberattacks and improve social media. The amount of spam, virus from e-mail, text, etc will never stop until we have IDs available so that we KNOW who we are getting things from.

Re:

[NomDeAlias]

Yes it is desperately needed by governments to censor and control the masses. Things have been rough for them ever since people started communicating outside of their gatekept broadcast system. Everything on your list is not worth the dystopian nightmare it will bring. Oh no my spam folder that I almost never look at might still be there if I have freedom, god forbid.

Re:

[MeNeXT]

We have valid old fashioned IDs and yet we still have identity theft. It was even renamed from bank fraud to ensure that the consumer pays the price and that banks are no longer held responsible. It even created a credit industry to siphon even more money from the individual.

Until there are laws protecting people's privacy and what information can be accessed/collected by whom and when, this problem won't be solved.

Re:

[Calydor]

I don't quite grasp your success criteria for the Microsoft vs. Google fights. I reckon you mean Microsoft doesn't control the PC because Linux exists, but surely other mail clients and servers than GMail also exist?