E-ID: A success story together with DSwiss?11-07-2022 Author: DSwiss
In the following article, we explain the problems and possible solutions for the SSI-based E-ID using the current situation in Switzerland as an example. The EU is also pursuing the intention of introducing an SSI E-ID and is confronted with the same problems. The solution approaches discussed can be used in exactly the same way.
After last year's resounding rejection of the E-ID law, the Federal Council is making a new attempt. On June 29th, it opened the consultation process for a corresponding federal law. The draft law has great potential and seems coherent, but many details are still unclear. DSwiss sees itself as part of the solution to this generational project. With our many years of experience in the secure storage of digital documents and passwords, we can contribute to making the planned E-ID both secure and user-friendly for the end user.
The future E-ID (electronic identity) is intended to allow people to digitally identify themselves in a secure and simple manner. Unlike the failed E-ID law, the new approach by the federal government is to take charge of managing the ID, thereby strengthening the public's trust in this sensitive issue. A good overview of the new draft law can be found in a blog article by Acrea.
Maximum protection of personal data guaranteed
The Confederation's approach follows the same principles as our SecureSafe file and password manager: Privacy by Design and Privacy by Default. On the one hand, users' data is protected by leading and proven encryption procedures. On the other hand, the Self-Sovereign Identity (SSI) introduces a completely new identification method, intended to prevent misuse by central authorities and promote a data economy. More about this approach can be found on Digital Switzerland.
The need for secure backup and easy data recovery
The self-sovereign identity approach is convincing, but also comes with challenges. One of the main "stumbling blocks" concerns the creation of backups and restoration of E-ID wallets: Especially in the case of lost smartphones or changed devices, there is a risk of data loss and additional negative customer experiences which could undermine the population’s trust in the E-ID. It is therefore essential to define an easy way to securely store backup copies in a cloud environment and enable a recovery process. An analysis by Acrea concludes that in this particular case, a private provider could be used insofar as specialised in secure cloud storage and recovery management. "The backups would be encrypted directly in the wallet app (‘client side encryption’) and additionally transmitted end-to-end encrypted. The private cloud storage provider would thus have no way of viewing the data – but due to its other business activities and expertise, it would be better equipped than the federal government to successfully ward off criminal vectors and thus minimise residual risks." In addition, certain data would have to be stored in the cloud and accessed via Wallet to prevent Wallet apps from using too much smartphone memory.
DSwiss as a strong partner for wallet providers
An E-ID will only be accepted and actively used by the population if the wallet apps are as secure as they are user-friendly. A collaboration between DSwiss and SSI wallet providers lends itself precisely to this purpose. With its 15 years of experience and expertise, DSwiss could be particularly useful for the cross-device exchange of wallet data and as a backup solution. All stored information is encrypted at DSwiss using a multi-level crypto architecture and all applications are designed in such a way that even the company's own employees can never access login data and personal documents. In addition, DSwiss solutions offer a seamless user experience through versatile functions and a focus on the daily application of users. Major international banks, insurances and millions of end users are already using DSwiss services to store passwords and sensitive documents. Thanks to our DSGVO-compliant solutions, elaborate audits as part of international projects, and last but not least, being a DIF member, we would be ideally positioned for this task.
Safe, safer, SecureSafe
Since its founding, DSwiss has been committed to protecting privacy and thus the confidentiality of personal data, and has bank-compliant security standards as demonstrated with SecureSafe right from the start, having had zero occurrences of data loss or critical security incidents since 2008. Furthermore, DSwiss has specialised in a service that can be accessed with modern API interfaces, which can also be used by several wallets belonging to the same user in parallel. Finally, DSwiss also offers additional possibilities with its data inheritance function, which could prove valuable in passing on data in the event of death. We look forward to actively contributing to the development of the Swiss E-ID with our expertise.