308 words1.2 min read

DIDAS Statement for E-ID Technology Discussion Paper


February 21, 2024

In this latest contribution to the ongoing dialogue surrounding Switzerland’s E-ID initiative, DIDAS has released a comprehensive document that critically evaluates the current technological proposals for the Swiss trust infrastructure. This document underscores DIDAS’s commitment to a principle-based, collaborative methodology in developing a secure, adaptive E-ID ecosystem, echoing the necessity for an approach that is both inclusive and forward-thinking.

It focuses on the existing scenarios’ technological shortcomings, and is proposing an ‘A+’ scenario that better aligns with EU standards, addresses aspects of privacy (specifically unlinkability and correlation) and fosters iterative development. This approach champions not only secure cryptographic practices but also advocates for the coexistence of various credential types, ensuring a flexible, future-proof infrastructure.

The imperative for cryptographically safe owner binding, a cornerstone for qualified digital identities are further aspects. The document elucidates the necessity for cryptographic primitives embedded directly within the secure elements of devices, particularly for high levels of assurance. This technical requirement is not merely a suggestion but a mandatory prerequisite to prevent any potential misuse or impersonation attempts. It confines of a device’s silicon is highlighted as a critical measure to prevent the unauthorized replication of private keys, ensuring that the sanctity of digital identities remains inviolable.

Furthermore, the document highlights the urgency of action, urging stakeholders to lead the way in establishing a continuously evolving, privacy-centric E-ID framework. It is also aimed at striking a balance between Swiss-specific requirements and EU interoperability, setting a precedent for digital identity management.

DIDAS’s insights into governance structures and the collaborative design of the trust infrastructure serves as a high level guide for policymakers, technologists, and industry stakeholders, emphasizing the collective responsibility in shaping a digital identity ecosystem that is secure, user-centric, adaptable by private sector businesses and aligned with broader societal values and international standards.