Today we publish our policy analysis together with @edri on the upcoming #eID Reform of the EU. What’s does the new European electronic identity system called #eIDAS mean for privacy? A thread 🧵1/13
Every EU citizen and resident will get a unique, live-long identifier. Such a persistent ID was deemed unconstitutional in several EU countries. That didn’t stop the EU Commission to propose every tracking companies dream. 2/13 
Governments have to offer their citizens a European Digital Identity Wallet App which will be free of charge and optional. But eGovernment services will use it and Big Tech companies like Google and Amazon will have to support it to log into their servies. 3/13
The Wallet App will be a ubiquotos platform to identitfy, authenticate and check attributes (about) us. The identity comes from the state. The attributes can be from public entities (age, drivers license) or from private institutions (medication, memberships, etc). 4/13
The architecture will allow the provider of the Wallet App to observe every transaction. So every time we verify our age to buy something or we rent a car with our drivers license, the government or the company acting on its behalf will know. 5/13
The system is open for the private sector and the industry wants to use this system to identify (and track) their customers and users. Concepts like selective disclosures are perverted in so far as there are no anonymous transactions to for example verify our age. 6/13
We don't know the security of the system, because this and many other central questions are left open and will be decided via deleagted acts once the law is already adopted by parliament. A stunning 23 times the Commission is giving itself the power to decide unilaterally. 7/13
Once a company is accepted in any EU country, they can use the system EU-wide. If a company is abusing the system, there is no redress mechanism or way to expell them. The bill contains no safeguards against abusive use cases like targeted advertising, insurances or profiling. 8/
The #eIDAS reform is breaking the security of the web by giving governments access to the security system of web browsers. This would allow for government surveillance on an enourmous scale. Many have warned about the devastating consequences of this. eff.org/deeplinks/2021… 9/13
Once this system is in place, the cost of identifying someone online or offline will be zero. That means anonymity online and offline will become increasingly under thread. Previously failed attempts to force a real name policy on social media platforms could then succeed easily.
Lastly, the proposal assumes everybody has a Smartphone that can operate the Wallet App securely. This is not true and will lead to widening of the digital divide, or worse identity theft. We already see Government servies becoming more expensive if citizens don't have an eID.11
Tomorrow morning we will give testimony in the expert hearing of the Industry committee of the European Parliament. This is the lead committe deciding on #eIDAs. We want to raise awareness to these serious problems. Read the blogpost: en.epicenter.works/content/orwell… 12/13
A more detailed analysis of the whole proposal can be found in this joint document with @edri: epicenter.works/document/3865 You can find the Parliament disucssion tomorrow here and there will be a live stream: epicenter.works/event/3866 13/13 END
• • •
Missing some Tweet in this thread? You can try to
force a refresh
