Comment There are risks, of course. (Score 1) 83
Kudos for staying under budget, Estonia. But let's look at what we have here. An easy-to-use, ubiquitous identity solution that's easily integrated everywhere?
Sounds cool, right? But only if you trust your government, and every government thereafter. With small countries (Estonia, Iceland) this is much easier than with bigger countries. And I'm not even talking Russia or the US, but, say, the supposedly benign and enlightened folks in the UK. First there was the anti-child porn filter, that wasn't to be used for anything else, honest. Then there's that every internet connection is now to be filtered by default for the children's well-being and safety from porn; you have to ring up and admit you're a pervert and prove your identity to "opt-in to porn" (notice dishonest wordgame tactic, that "opt-in" is in the law itself). Let's take the logging and snooping by GCHQ on behalf of the NSA as a given and move on. For next up: The rightsholders mafia have figured out that a few simple lawsuits can make ISPs filter their client's internet connections on their behalf, too.
This sort of thing would be that much easier with an electronic identity card. Staying with the example, the UK already had identity cards, due to world war two, and only got rid of them in the fifties. During that time, the number of "functions" associated with the card rose from three (3) to thirty-five (35). That's quite a bit of function creep, well before the computer became mainstream.
There are many more examples. A canonical example would be the 100 flowers campaign. But now with the internet and ubiquitous electronic surveillance and handy dandy electronic identity cards attached. I don't think I want to live in such a country.
"It could never happen here" is not a valid excuse, even if you can prove that to be true in all cases in your country. So simply rolling out electronic identity cards is not something I want to happen. Exactly because they're so easy to use, they are a direct threat to my privacy.
The fix, by the by, is not to make them hard to use. It's to figure out how to make zero-knowledge identification work, to support multiple identities in a sensible way, and so on. Because we do need electronic identities, but the standard translation of one state issued identity per person is no longer good enough. Hasn't been for a while. Just count the number of times you've used a throwaway email address.
So if Estonia wants to keep on being a leader in this field, they will have to learn how to do this.