NGI Forward SALON ON DIGITAL SOVERIGNTY IN eID-Solutions Part I
Self-sovereign, Centralised or Privatised?
February began with a gathering of high experts discussing about electronic identification and about which form of it is the best solution, as time is running out. Should it be self-sovereign,centralized or privatized?
A small introduction was held by Professor Martini, highlighting the importance of E-ID in the era of ditalization of the public adminstration.
Starting from Mr. Helmut Nehrenheim from the Ministry of Economics and Digitalisation NRW/Germany, his presentation was oriented on the complex subject of the digital verification. It is a very complex issue to handle as it consists of a lot of personal and biometric data and also in the digital world we have multiple IDs for every registration. As he revieled the EU Parliament is considering all these issues and is currently processing the principle to sovereign ID.
Our next speaker,Ms Elizabeth M. Renieris talked about Digital ID infrastructure. She highlighted that the digital ID should be considered in the social-technological context. In order to build a robust, secure, sustainable Digital ID infrastructure, she insisted that we should think beyond the individual and enhance the level of coordination with the proper role of States and entities, as the privitized ID solution doesn’t seem well equiped.
After Ms Renieris, Mr Kai Hermsen took the floor. Mr Hermsen followed the pattern Ms Renieris proposed, as he insisted on the necessesity to think of what are the substantial impacts of the digital ID into the real world and consider the whole context, its use, the time space dimension etc. The focus of his speech was that Self Sovereing ID (SSI) should be time dependent/context dependent and to a limited aid in order to keep balance as all the power and control will be given to the individual.
According to Mr Christoph Sorge the core issue of the digital SSI is the regulatory framework, and a solution against mopolio would be different IDs in different contexts. SSI shouldn’t be considered only as a tool for blockchain but also as a verification method available for the individual.
According to Ms Renieris, the concept of social login wasn’t designed to promote personal autonomy but was the primary vehicle for tracking and surveillance for the benefit of big tech companies. Keeping this in mind would help us disconnect from what we think SSI could be and adopt a more realistic approach on this issue.
The role of Blockchain on this discussion was emphasized by Mr Hermsen. According to him it is questionable if blockchain provides the possibility of a neutral technology. SSI could support the transformation-evulation of blockchain technology. As cybersecurity loves standards and certification there is a high need of interoperability and trust, which could be secured by decentralization.
Regarding Mr Nehrenheim’s position, the decentralized approach is necessary but not for personal information. A big issue is that Federalism exists and it is very important to secure a common standard of interoperability.
Another issue which arose during the conversation was the surveillance for financial transactions. Is it yet blockchain and the wallet infrastructure necessary? It is a more centralized approach which makes the individual the only responsible and centralizes all the risk to the individual. It was held that this is a problematic approach as the real life impact is unpredictable.
While the discussion was around E-IDs, GDPR could not be left out. GDPR provides some guidelines and limits, while justification and consent are its most important elements. The actual ID provider could combine these elements in order to secure that this system works.
From a European perspective, interoperability is very important, this is why governments should provide Digital IDs and also support private initiatives for the EU Digital SSI. The core solution according to our guest speakers is to provide more alternatives and create a new institutional form which will enhance the cooperation between public and private sector. There is a need of creating new business models that fit with the SSI and achieve balance between individual autonomy and the value of data.
Crossing the Atlantic, in the USA things are different. The legal frameworks around E-IDs are limited and are heavily private/corporate led. Another issue is the fragmentation of the structures. What is needed for the US is more strategic planning, giving emphasis on the powerdynamics of society and building a common structure.
As for the future, Germany has already digitized its public administration and it is trying to build a new equal ecosystem with the necessary credential and ensure that individual has everything gathered for the public services.
Overall, after this fruiful conversation gaining a glimpse of the European, the German sepcifically and the American perspective, the concept of E-ID is a good starting point but it is common ground the different percpectives are needed in order to draw the foreseeable opportunities and build the proper infrastructure which will reduce the risks and maximize the benefits.
Professor Martini, Professor at German University of Administrative science, leader of digitalization at German Research Institute for Public Administration
Elizabeth M. Renieris, Tech & Human Rights Fellow at the Carr Center for Human Rights Policy at Harvard Kennedy School
Christoph Sorge, Professorship for Legal Informatics at the University Saarland
Helmut Nehrenheim, Ministry of economics and digitalisation NRW/Germany; UN/CEFACT; Blockchain-Initiative BiVD; Self-Sovereign Identity
Kai Hermsen, Global Coordinator of the Charter of Trust; Member of the Siemens Cybersecurity Board
Margrit Seckelmann, Managing Director German Research Institute for Public Administration,
Carsten Berger, Researcher German Research Institute for Public Administration,
Carsten Berger and Michael Kolain (FÖV Speyer) with Rob Van Kranenburg and Gaëlle Le Gars
German Research Institute for Public Administration