After Swiss voters rejected the e-ID Act, a new solution is required. The fact that Switzerland needs an e-ID remains undisputed.
On 7 March, Switzerland rejected proposed legislation to establish an e-ID. As a neutral and independent foundation for Swiss universities, SWITCH has over 20 years’ experience in the field of electronic identities and participated in the process of designing the e-ID. We interviewed Christoph Graf, Programme Manager of SWITCH edu-ID, about the next steps in introducing an e-ID in Switzerland and the role SWITCH can play in this process.
Christoph Graf: As we see it, there’s a broad consensus that Switzerland does need an e-ID. The people’s ‘no’ vote on 7 March was not a rejection of the e-ID itself; instead, it was a rejection of the act’s concrete proposal for how it should be implemented. The proposed division of roles between public and private entities was not seen as well balanced. The criticism focused on activities that are perceived as sovereign tasks being delegated to the private sector.
As I understand it, the verdict is not simply a vote of no confidence in the private sector. Instead, it’s more an expression of the belief that these sovereign tasks should remain within the remit of the state – and that the state is also able to carry them out.
The broad consensus that we need an e-ID is a good basis for starting afresh. The people have marked out the course in insisting that the state should take care of its sovereign tasks. We can use this for orientation. Unlike Switzerland, other countries have already been offering their residents e-IDs for years. We might lament this, but let’s view it as an opportunity: we don’t need to worry about inherited problems and we can find our way based on modern principles. We can therefore go all-out and focus on digital self-sovereignty, data protection, trust and encouraging innovation – in the service of society. That’s the opportunity that a greenfield approach offers. Let’s take advantage of it!
A viable solution will only emerge if we work together across disciplines and communities and develop consensus solutions on this basis. The key thing is to make it abundantly clear which tasks the e-ID should fulfil. Only on that basis can we develop a suitable implementation architecture with publicly and privately operated components and evaluate its success later on.
The central, underlying promise of the e-ID is that state-validated attributes can be disclosed to enquiring services, driven by the user and with as few restrictions as possible – in exactly the same way as we use identity cards in the real world. In addition, the e-ID should permit access to e-government services without any auxiliary means. The question of whether we should open up other applications must be clarified rigorously in consultation with the relevant stakeholders. It’s important that the next attempt at an e-ID doesn’t falter due to overloading or disagreements that fall outside of the underlying promise. Here too, there’s a comparison with the real world: there are some cases where we can’t, or don’t want to, identify ourselves with ID cards.
SWITCH has over 20 years’ experience in cross-organisational, federated identity management. We were already involved in this area before most people even knew what it was. All universities are now on the SWITCH edu-ID migration path together. As a universally applicable login for services in academic environments, the SWITCH edu-ID has established itself as the new standard and around 500,000 SWITCH edu-IDs are currently in use. With the migration to user-centred identities, SWITCH has been working much more closely in recent years with university officials in the field of identity management and has helped integrate them into organisational identity management processes and use cases.
SWITCH has also operated and coordinated a critical infrastructure for .ch domain names in Switzerland for 30 years. Data protection by default and by design are key requirements in both cases and are a matter of course for us. SWITCH has also operated and coordinated part of a globally distributed and federated infrastructure for the identification of domain names in Switzerland for 30 years. Domain names are centrally important to all security solutions and data protection. SWITCH wants to ensure that these aspects are taken into account appropriately to benefit our e-ID. As the registry operator of ‘.ch’, the activities of SWITCH are regulated by the Federal Office of Communications (OFCOM). SWITCH does not represent any commercial interests. As a neutral and independent foundation, we are solely committed to the mission of the foundation.
SWITCH recognises the potential in good integration between the SWITCH edu-ID and an e-ID which allows users to identify themselves to SWITCH unequivocally. The central importance of the e-ID to the education, research and innovation community in Switzerland means that SWITCH has already been involved in designing the e-ID model and will continue to be involved in the future. It is also highly advantageous to work with established identity providers to introduce an e-ID as quickly as possible. SWITCH’s ambition is to share the experience it has gained in developing the SWITCH edu-ID and its visionary role in the university environment and to be a partner in helping to shape our digital world in the interests of society.