The quill has seen better days – time for a public digital identity?
A forged petition for bankruptcy meant that CEO of Securitas, Alf Göransson was recently declared bankrupt by the Stockholm District Court. Am I surprised that someone fraudulently filed such a petition for bankruptcy? No. In the times we are living in, you have to be ready for anything. What amazes me is how, in 2017, we still blindly trust documents signed with a pen that has been popular since the 4th century AD.
Almost 200,000 people were affected by ID hijacking in Sweden between June 2016 and June 2017. That is an increase of around 20 per cent compared to the previous year. With increasingly advanced attacks and highly sophisticated tools, it is not a phenomenon that is going to go away any time soon. This kind of crime will continue to grow unless we address it immediately. The criminals are becoming more skilled and their methods are more and more sophisticated. The police has nowhere near enough time to investigate all of the reported crimes of ID theft. The risks associated with carrying out this type of crime are negligible and the penalties are perceived to be lenient. Financial ID Technology, BankID has come to the rescue of many who want to secure electronic transactions and avoid scandals like the one that affected Alf Göransson.
The service is based on four supporting pillars
- An effective issuing process in which the bank vouches for your identify. At the same time, you enter into an agreement of your personal responsibility for your electronic identity. An electronic identity is a valuable document.
- Reliability of the issue, renewal and blocking of individual electronic certificates that form the basis for an electronic identity. It must work as rigorously and as reliably as the issue of our bank cards
- A technical solution that is easy to use, thus lowering the resistance threshold for the customer. Mobile BankID is an incredible service that has deservedly made a big impact.
- Relying parties, in other words services that have introduced support for the technology, rely on the issuer and pay a fee to BankID to avoid having to deal with criminal activity and the bad will caused if customers do not see their service as being secure.
Could Stockholm District Court solve its problem by simply relying on filed petitions for bankruptcy that are duly signed electronically using BankID? Of course. It would be a simple matter and it would be guaranteed to stop most future fraudulent attempts.
Is it in the banks’ long-term interests to be responsible for the security of national services? Probably not.
The cost to society would be very high if all services relied solely on BankID. The Swedish Social Insurance Agency’s online case management largely uses only BankID and pays considerable sums for it each year.
It is no exaggeration to say that BankID has gained a monopoly and is in a good position to charge high fees for its identification service in future.
The highest price of all will occur on the day the banks announce that they no longer consider it to be in their interests to provide the public with electronic identities for socially critical services. Their original, official assignment is supposed to be providing their clients with secure login to Internet banks. The rapid, profitable spread of Mobile BankID was not planned. It occurred because there was no alternative.
The exposure of BankID as the only option may be reason enough for banks to go back to their original idea. Maintaining quality at all stages to accommodate community services that are completely alien to the Bank’s business concept – costs money, consumes skilled resources and entails a considerable risk of media attention and badwill if something goes wrong along the security chain.
Without any impact assessments or having any say in the matter, we have allowed citizens, businesses and community services to fall completely into the banks’ hands. We can’t accept this. Of course, the State must provide its citizens with a national procedure for issuing digital identities. It is just as obvious as the need to have a nationally trusted procedure for issuing passports.
Take the lead
Sweden has neglected the EU Digital Signature Regulation and has clearly shown that the State and the Government are not taking the issue seriously. Failure to provide a nationally-coordinated trusted procedure for individuals and citizens gives rise to legal uncertainty, hampers integration with the EU and creates a market for services that do not serve the country’s fundamental interests in securing citizens’ digital identities and the benefits that brings.
All Swedes should have a right to a digital identity for secure login and signing. A public digital identity would strengthen our national security and make case management much more effective. Almost 100 per cent of Swedes will be digitised soon (this sounds like the person themselves – what will be digitised – is it records?). Technology and knowledge in the field have existed for many years. How many ID hijackings need to be reported before the Government acts? Can we afford to be without it? Build a national State procedure for issuing e-identities now.
Show that Sweden is a pioneer in this field.