e-ID, SwissID and more
Digitalisation moves processes into the digital sphere and simplifies them. But an e-ID is the missing piece of the puzzle. An overview of the current state of digital IDs in Switzerland.
Text: Sarah Bizzarri, Image: iStock, January 7th, 2019
Print out, sign, scan for storage, archive and send by post – this analogue-digital process is currently required in a number of companies before contracts can be signed and transactions completed. In order for these processes to be completely digitalised, business partners must be able to trust their counterpart’s identity with a legally valid digital signature. Could an electronic ID (e-ID) be the solution? What solutions are currently available? Here is an overview of the current state of affairs.
The e-ID is the Swiss national electronic ID and is the digital equivalent of a passport and ID card. The legal framework for the e-ID is the e-ID law, which is expected to go into effect at the end of 2020, and the issuance of private providers.
SwissID is provided by the SwissSign Group, a joint venture of state-affiliated institutions such as Swiss Post, SBB and Swisscom, financial companies and insurance companies. SwissID currently works as a login for online services. Around 500,000 users are registered.
In future, SwissID will offer a range of functions comprising different modules that build on one another, ranging from a simple login consisting of a user name and password with optional two-factor authentication via SMS, Mobile ID and biometric features, to the creation of a state-certified ID. This would make it possible to create an e-ID using SwissID technology.
SuisseID was launched by SECO in 2010 and unlike SwissID is fee-based. A hardware token is used for identification purposes. SuisseID has around 30,000 users, and is due to be replaced by SwissID. Mobile ID is a joint solution that uses two-factor authentication and is offered by various Swiss mobile providers.
Mobile ID can be used as a login or authorisation method; for example, in order to approve a bank transfer. The user receives a request on their mobile phone in the form of a text message, which they then confirm by entering their Mobile ID PIN.
The e-ID law provides for a division of responsibilities between the state and the market. Private companies verified by the state, referred to as identity providers, will be authorised to issue recognised electronic identities and to operate e-ID systems. To this end, the e-ID law contains legal, organisational and technical conditions with which these providers must comply. A national certification authority will be responsible for ensuring that the providers meet these requirements.
The e-ID law does not define the basis on which the e-ID will be implemented; however, a variety of technologies such as smartphones, cards and chips will be offered in order to accommodate user preferences. Furthermore, the law leaves it up to the identity providers to decide whether they want to offer additional trust services alongside identification; for example, electronic signatures.
‘The federal government must establish the legal framework. We are too far behind the technology, and technology and industry move much faster than politics. It is now a matter of building an important structure for the future of our country.’
Damian Müller, Councillor of State canton Lucerne
In order for a digital ID to be successful, it must be easy to use and at the same time offer a high level of data security.
The advantage of a digital ID? Citizens and customers can decide for themselves which data they disclose. Today, with passports and ID cards, this is not possible. For example, if a young person shows their ID in order to purchase alcohol, they reveal all their personal data. With a digital ID, the seller would see only that the person is of legal age. This ‘data minimisation’ is just one of the legal requirements that private providers will have to take into account. Moreover, the law also stipulates that information about the use of an application or the completion of a transaction may not be linked in any way to personal data.
‘Our objective was clear: UX comes first! It has to be easy to use. But in terms of security, we make no compromises and have very clear requirements for data management. For example, we must keep identity data separate from user data. Furthermore, this data must be encrypted and stored exclusively in Swiss data centres.’
Markus Naef, CEO SwissSign Group
For many companies, the e-ID is the missing piece of the puzzle that will make it possible to digitally process contracts and carry out business transactions from start to finish. User-friendliness and availability on the market will determine whether the e-ID is successful. Two important factors will be the guarantee of compatibility with EU law and the interoperability of the systems. For this reason, identity providers will be anxious to create compatible solutions. This suggests that we will not just have one, but rather many different digital IDs in the future. This will allow us to identify ourselves with the e-ID that we prefer.
With ajila, Beat Steiner has offered digital form solutions for companies for some 15 years. His company specialises in seamless processes. Has the success of ajila proven that digital IDs are unnecessary? Or must CEO Steiner also contend with changing customer expectations? Steiner: ‘We currently offer processes that are not based on an e-ID, but rather use Mobile ID as an statement of intent. This technology is already on the market and can be used and implemented. As an entrepreneur, I should not wait for the legal basis for an e-ID to be established, or for SwissID to penetrate the market.’
More on the topic