Here’s what I feared most for my freedom, the EU is moving towards a centralized digital identity system.
In concrete terms, the regulation aims to create a “European digital identity wallet” that would centralize virtually all the identity documents of European Union citizens. All their private data would then be grouped together in a tool managed and controlled by the European institutions. This would enable them to access government services, but also private-sector services: banking and financial services, connection to healthcare applications, social network registration, etc.
In practice, this means that any EU member state or third party will be able to intercept the Internet traffic of any European citizen: banking information, medical data, private photos, etc.
I’d like to know how to anticipate and protect myself against this, knowing that cash will eventually be replaced by a digital Euro.
Thanks in advance.
Note: I haven’t found an article in English that talks about it in French alone, and there aren’t many of them.
Personally, I think this partly could also be a good thing.
In the current age, we often need to identify ourselves through a lot of sketchy data companies. F.x. when opening insurance, a bank account they require some kind of strange third party for facial recognition and a passport scan that is typically kept forever. This all in the name of security. A digital wallet, supported by your smartphones secure hardware and cryptography, could be in theory a much more private and secure way to handle identification. The government already knows who you are, and that’s a good thing as long as its power is limited by design.
The real challenge lies with making sure that we limit what can request when doing identification. Limit the attributes to send to an organisation based on need.
My thoughts exactly. This EU system is supposedly based on the id.gov.pt one we have in Portugal. One can nowadays open a bank account simply by using said id.gov.pt authentication, just by clicking a button that redirects to a government page where theres a prompt for a phone number and then theres an sms token. Thats it, the bank account is opened and theres no need to provide further documentation. Same method can then can also be used for homebanking login like you can use a google or microsoft account for authentication in some services.
In this id.gov.pt system theres a page stating exactly what data is being requested, you cannot however cherry-pick it.
Im just not too keen on the EU knowing about it given its stance on privacy and free speech
From an outsider perspective, it seems like the government doing government things. I mean you’d still have the equivalent of your Tax ID number, Drivers license, license to practice your profession. And those things dont really go away because of the need for it.
Theoretically, it should be fine. But again the problem is in its implementation: will the technically inclined people prevail or will the politicians/bean counters/some other weird agenda that wants their implementation above what the competent security minded technical people wants.
I am more worried at it being an super centralized point of failure at that point. Now you only have to fake/steal one ID. In which we ask, what is the benefit of having what we have now vs the centralized ID?
Most European countries already have government issued centralized IDs. This would just centralize the data of all EU countries and make it available in a digital wallet.
The problem I see has to do with any random country locking your ID in the database and preventing you from accessin banking and who knows what other services if youre wanted for something or as a result of sanctions. Theyd also have easy access to a log of all the services you use and thus would know exactly whom to contact in order to get more data on you.
For context, even if its not directly related, here in Portugal the government knows about your purchases, gets itemized invoices of everything even if you pay with cash, all directly tied to your tax ID
This law is dangerous for freedom and I’m surprised that some people approve.
Not long ago, the European Union wanted to force secure messaging systems to install a back door to combat “child pornography”, but then backed down so as not to find themselves unprotected as well.
They also wanted to ban VPNs, but backtracked again, as here too, he would be caught in the trap.
Not to mention that this new law will require web browsers to “facilitate the use of qualified certificates for website authentication”, so for example the police or gendarmerie will be able to demand their own certificate and monitor who goes to the Signal site.
Not so long ago, in France, several demonstrators went on trial because the intelligence services couldn’t understand why they were using Signal, Whasapp, Proton Mail, Tor, their phones didn’t have Android and they were on Linux. Why a trial because only terrorists use this kind of tool?
If this law passes, a simple visit to the Privacy Guides site or GrapheneOS and others could be seen as suspicious.
A simple donation to Signal or Tor could be seen as suspicious with the digital Euro.
So if someone does one thing bad, everything else they do or think is bad aswell? Then this is going to be a very short discussion.
We should focus on a good way of doing this not on impossibilities. If you come with good arguments for why to do things certain ways in secure and private manners we are able to influence the course. Working against new technology and ways of working has never been a successful strategy. You have to adopt and make sure you push it in the right direction instead.
It’s not mandatory, and I believe it won’t be next decade at least. We have such an old population that barely use a phone.
We both know that it’s not 100% true. You are not obligated to give your tax ID in your purchases… (Of course in bank and gov payments they know who you are so they associate it)
Same thing that was said when they started letting you do your taxes online and we know how it became mandatory in a few years. Its being pushed more and more with some banks when you open an account. Is there anything preventing banks, especially neobanks, from only accepting it for KYC?
Is it mandatory for 100% of transactions? No. Are more and more merchants mandating it? Yes. Can you under most circumstances get away with giving someone else’s number? Also yes
edit: just for another fun tidbit, nowadays, when you pickup a package at the post office they read the chip of your government issued ID. Can you opt out of it? Yes but the package stays there
From my experience, I can do my life only with cash and without sharing my tax ID to anyone. And I don’t even have to lie. It’s very interesting for the sellers and companies to avoid tax IDs, since they can manage their income to pay as lowest taxes as possible.
If I want my tax ID in the invoice, I have to ask them. Otherwise , both gain without “logging” the invoice.
I do agree. And everyone wants that. But I believe in a solution for the old man. And we can use those “holes” too.
That I didn’t know. I was never asked for that, but I don’t use CTT tho , so I can’t talk
Appreciate your input but sorry mate, its simply factual to state that more and more merchants are requiring it (wish that wasnt the case). Both in store for items worth more than a few hundred or online for any order regardless of amount, even if you pay cash on collection. Now, can you still avoid it by buying elsewhere? In most circumstances you still can. Thats besides the point though. Im talking about the trend and what most people are being subjected to, not how some of us who are weirdos can avoid it and keep off the radar. Case in point:
Yes, its also interesting for you not to have a warranty on anything you buy I suppose. Besides that, unless youre talking about small time car mechanics or grocery stores, everyone properly reports it and pays tax even if not requiring you to provide tax ID. Stating that in the parallel economy youre not subject to government regulation should not be news to anyone
edit: to elaborate on my last point, merchants have to use an accounting software that automatically transmits to the tax authority itemized invoices of every sale, the only difference when tax ID is not requested/provided is that the invoice doesnt include it so the sale isnt automatically tied to the individual. Im sure they still can get to it if they want to though (@toor Pacheco Pereira has talked about that)