Patrik Fältström wrote: > What is irritating with just that snippet on top of page 12 you > reference is that they say in more or less the same sentence that it > is important to decide who to trust, while one should be told to > trust whatever eID Brussels decides on.
That snippet, and the paragraph before it, are very confused pieces of thinking. > In particular, online platforms need to accept credentials issued or > recognised by national public authorities, such as electronic ID > cards, citizen cards, bank cards or mobile IDs. [...] > Further, the Commission will draw up a plan to strengthen public > authorities' capacity to process and analyse large-scale data to > support the enforcement of EU single market policies and to ensure > platform users are more aware of the data collected by platforms and > how it is used. The paper then mention fake online reviews as being an example that deserves particular merit. In the long list of things which cause erosion of trust, fake online reviews are pretty far down. Apart from the concerns you mentioned, there is a complete lack of understanding about the stupidity of using: 1. very widely or universally accepted access credentials. The more widely accepted an access token is, the more damage you can do by compromising the token. 2. irrevocable tokens (e.g. biometrics in national ID cards) as trust credentials on the Internet. One of the centre-pieces of trust is that it can be revoked. If something cannot be untrusted, it should not be trusted in the first place. In either case, it would be pretty catastrophic if trust databases of this form were compromised. The more widely used a trust database is, the more valuable it is and the more likely it is to be viewed as an interesting target by threat actors, whether state or criminal. Overall, while the intentions of this suggestion cannot be doubted, the idea of mandating wide acceptance of eIDs seems to be an extremely unwise plan of action. Nick
