The unspoken about the E-ID debacle
After the resounding rejection at the ballot box, people are already thinking about the next E-ID law without any deeper understanding. It would finally be time to look at the good practices elsewhere. The Swiss E-ID law, which was clearly rejected at the ballot box, was a politically conceived law in which the interests of the administration and the interests of a company came together and ideologically sold themselves to parliament. Before that, there was a long history, which was characterised by the administration’s desire not to be responsible for its success. Individual decision-makers in the administration even thought about private sector business models. However, the administration did not agree on whether one should design a minimally small ecosystem or strive holistically for the emergence of a large functioning ecosystem. Models for both approaches were developed on behalf of the administration. For the sake of transparency, I myself was responsible for a project that modelled a holistic ecosystem on behalf of SECO.
State-philosophical considerations were wiped away by the administration during the conceptualisation of the law, because there were few besides us at the BFH who could and would combine them with technical understanding. Technical design principles for the protection of privacy were implemented in the minimum possible form, or promised diffusely for the future regulation. Unlike in the EU with the eIDAS Regulation, there was no idea of how several providers could coexist. The corresponding project at SECO was mothballed because no one was interested in it.
Nevertheless, the law could have been adopted, because the problem with the law was the refusal to develop a sensible big picture and to learn from other states such as Belgium, Denmark or Austria. What one heard on the Sunday of the vote showed, as expected, that people again want to look for a political solution instead of a factual one and continue to be unwilling to think seriously about the issue. One only has to think of the proposal that has since emerged from the supporters’ side to rename the E-ID! In the run-up to the vote, this was matched by the opponents’ thesis that an international solution could be worked out in Geneva. The latter would mean nothing other than declaring war on the EU solution together with non-European states, nota bene with states that consider data protection significantly less important than the EU.
Faced with so much politics, I personally hoped that practical experience could bring the actors down to earth. Now things have turned out differently and we have – to put it positively – the chance to once again fight against political thinking and advocate for a factually reasonable strategy. For this, however, we should take a close look at how the law failed.
The referendum on the E-ID law was an example of successful campaigning on the opponent’s side, but above all a unique communication debacle for the federal government. Time and again, one wondered what devils were at work when one heard the clumsy statements. At times, the claims were so peculiar that one began to believe that they were meant seriously. But it was also very palpable that NOBODY from the Federal Council really wanted to be in favour of the law or put their political standing on the line.
Then there were the strange attacks – some even from civil society – on the Republic journalist Adrienne Fichter. I did not follow these skirmishes on social media and cannot judge whether they were indecent. In any case, on the merits, the accusations against Fichter were so far over the top that it was clear how counterproductive they were to the attackers’ cause. Fichter was a partisan, but he also did his research very well, as journalists used to be expected to do.
Everyone should learn their own lessons from these rather outlandish activities. I think that the holiday of language (Wittgenstein) in the argumentation for the law by the federal government indicates that there was a lot of conceptual confusion. Selling an E-ID as a login service is not political freedom (by analogy with artistic freedom), but probably an expression of problems of understanding. It is therefore appropriate that research and science educate the country about what E-IDs are (and why eCH, where such knowledge is cast into standards, is not a meaningless association). This also means that we talk about the doubtfulness of the law comprehensively, not just campaign-wise.
Content-related sticking points
Last Sunday’s vote was about four questions:
- Is it enough for the state to define the rules of the game and monitor the e-ID providers, or should it offer the e-ID itself – as many states do that have successfully (sic!) launched an e-ID on the market?
- Is the minimalist privacy-by-design – and thus the explicit renunciation of much better more modern options – sufficient or is more needed?
- Will a private sector E-ID that does not get an explicit commitment from the state be successful? Other countries have invested a lot to make the use of E-ID attractive.
- Is the minimalist idea of an E-ID ecosystem – which is far behind the eIDAS regulation – really a good approach to spread a technology use that in the past did not find acceptance in Switzerland and many other countries. (For the sake of transparency: I was responsible for a project that modelled a much more holistic approach on behalf of SECO)
Question 1 and Question 2 were very present in the discussion, above all Question 1. Questions 3 and 4 were answered YES by practically everyone – by supporters as well as opponents of the law. However, there are major doubts here. The intended Swiss approach has – if one does not regard declarations of intent as facts – not yet worked elsewhere in this way.
Behind the scenes, there were other issues at stake:
- The discussion took place in the context of what was at least not an unintentional lack of knowledge. As so often in Swiss e-government history, too much knowledge was thought to be a brake. à Those who move forward immediately now accept ignorance as the rule of the game.
- The federal administration did a great deal to pass the hot potato to the private sector. à Those who now demand a government solution should first convince the administration of this.
Moreover, the communication of the federal administration represented a legitimisation – perhaps actually unintended – of the slowness of the digital transformation of the administration. It was argued that the state was incapable of dealing with modern technology. And conceptual connections were twisted to such an extent that one began to doubt whether this argument was not actually justified. à If no course correction takes place here, the digital transformation of the administration will continue to proceed as slowly as before.
The causes behind the causes
But it would be wrong to blame the administration for all this. It is also the result of a development that has reduced the creative room for manoeuvre of the administration in recent years, starting with the rejection of NPM (New Public Management) by the parliaments (because from the parliamentary point of view this would have given the administration too much freedom). In the case, the administration has used the interests of the private sector to get political lobbying in its interest.
It would therefore be important to think seriously about whether we can really ignore everything that has been unspoken so far. I have experienced that in the federal administration digitisation projects can fail several times for the same reasons. In one case, there were even identical analyses afterwards. The idea of a renaming that emerged on the Sunday of the vote should set off warning lights for all of us.
It seems particularly tempting to find a minimalist justification for the bill’s profound failure – perhaps even as political horse-trading between the parties. But this is likely to fare just as well as the minimalist conception of privacy-by-design. It is questionable whether an investigation into the reasons for the rejection of the bill will help us. Those who already have a good reason to be against it do not necessarily think about three more good reasons.
Instead, the future law should make use of the conceptual, technical and empirically broad knowledge about state E-IDs in Europe that is available among researchers in Switzerland and Europe. Instead of staring, as usual, only at big Germany – or even in the case of small Liechtenstein – one should look at those European states where a state E-ID is used in practice. It is also advisable to take a closer look at the practical implementation development of eIDAS. One could also learn a lot from this.