Digital identity: German authorities do not monitor use

The German government is trying to dispel concerns about data protection and traceability in the planned e-wallet based on the legal act for a European digital identity (EUid). The wallet planned in Germany for the EUDI (European Digital Identity) will only use direct communication between the corresponding app and the receiving verifier, writes the lead digital ministry in a recently published answer to a question in the Bundestag.

This approach enables secure, local and user-controlled transmission of personal data, the government emphasizes. Central servers would not be involved in the on-site presentation of mobile driving licenses or vehicle documents, for example. The same applies to the use of the wallet as a ticket for local public transport as well as proof of certificates, professional qualifications, bank authorizations or credit cards.

In particular, the executive branch is responding to allegations recently made by civil rights organizations such as the American Civil Liberties Union (ACLU), the Center for Democracy and Technology (CDT), the Electronic Frontier Foundation (EFF), the Electronic Privacy Information Center (EPIC) and Epicenter.works. They fear that issuing authorities could, in principle, be able to track the use of digital identities. Such a "phone home function" must be ruled out in order not to make users transparent. Co-signatories such as eID expert Kaliya Young criticize the fact that the ISO mDL/mDOC 18013-5 standard, which virtually pre-installs such a server retrieval option, is prescribed in the reference architecture for the EUDI wallet and is also widely used in North America.

No phone calls to the home

The aforementioned ISO standard defines various modes for transferring data from mobile driver's licenses (mDL), the Ministry of Digital Affairs argues. It does not only include server-based calls, which should not play a role in Germany. The German blueprint for the implementation of the EUDI wallet stipulates that the exchange of proofs should only take place directly between the user's digital wallet and the receiving body. The respective issuer of the proofs would not be involved in this transfer process and would not receive any information about their use. There is therefore no feedback ("phone-home").

The German wallet is designed in such a way that signed data is used, the government assures. This means that the issuing authority is not involved in the ID card process. This principle of data sovereignty and purpose limitation is guaranteed by a targeted technical architecture, open standards and comprehensive data protection regulations. This ensures that the movements and activities of users cannot be tracked or disclosed by the issuing authority, either now or in the future. The implementation is based on a decentralized architecture; personal data remains stored exclusively on the user's end device. Access to this data is only possible with the express consent of the user.

State wallet linked to bonus programs?

The executive also asserts that the use of the digital identity remains voluntary and free of charge –, even in the long term. Despite the debate about a "digital only" strategy, citizens should have the option of dealing with authorities in person or using their physical ID card. The clause from the EU regulation, according to which people who do not wish to use the EUDI wallet must not be disadvantaged, applies without restriction.

The statement by Federal Digital Minister Karsten Wildberger (CDU) that the e-wallet could also be used for "loyalty programs" in retail relates to optional additional functions, according to the notification. These are voluntary and do not affect access to public services. A key advantage of the wallet is the improved data protection compared to existing solutions.

With regard to countries such as Pakistan, the government emphasizes that the online ID card can only be blocked in Germany in the event of theft or loss at the request of the holder, but not for political reasons. It has no concrete knowledge of "phone-home approaches" in the somewhat older digital identity systems of India, Singapore and Estonia.

(ds)