Switzerland votes against electronic ID system provided by private companies
swissinfo.chSwitzerland has an awesome electoral system [1]. Instead of being ruled by a president or a prime minister who can be polarising, divisive, or selective, Switzerland has an Executive Council.
The 7 member Executive Council is composed of the top 7 candidates from each election. The chairperson of the executive council rotates each year, so that the top 4 vote winners each get a turn at being chairperson.
This means that different social and political priorities get implemented in turn. It also means the way the government works is more cooperative, because each council member, including the chairperson, knows there will be a new chairperson next year.
So, if a pro-business candidate places 1st, and an environment candidate 2nd, and a social welfare candidate 3rd, and a libertarian candidate 4th, it is in all their interests to cooperate and create legislation that serves all of their interests as much as possible. Instead of disregarding the environment, the pro-business council member is encouraged to develop green business initiatives that will be supported for the full 4 year term under the different chairs.
The system creates a leadership team that looks for win-win, rather than a sole victor who can abuse majority rule.
[1]. https://en.wikipedia.org/wiki/Federal_Council_(Switzerland)
i disagree wholeheartedly in that it is more cooperative. Switzerland is anything but cooperative.
But that's what makes this country so great. We take our divisions, within cantons, and leverage them for positive externalities to (accidentally) benefit the greater good.
In CH, every very canton sets their own citizenship policy. Its not a coincidence. Did you hear about the woman that's been living in Zug, and been denied citizenship for years? Why? Because she's annoying. She doesn't respect her neighbor's customs. That's literally why. Yes! Our canton can't even agree between about who can be a citizen, and who may not! But we argue far more... and it won't make the papers. We argue about the standard size of doors, whether we can vote electronically, whether a free trade agreement with andorra should be allowed. Etc etc
This means, big project ambitions get cut down to size, and few grand things if any, get done at the federal level. But this is glorious: it is very hard for regulations to become calcified within the state apparatus.
So, while spain sends soldiers to die in Afghanistan, or the UK wastes decades of development on a grand EU project, or US citizens get spied on by their own govt via Patriot Act.... CH is just sitting pretty, doing its thing. Arguing about every little detail to exhaustion.
The best thing that could happen to us, is to remain just as we are. I welcome the next 800 years of peace and economic development.
> This means, big project ambitions get cut down to size, and few grand things if any, get done at the federal level. But this is glorious: it is very hard for regulations to become calcified within the state apparatus.
And yet, Switzerland's nationalised train network is one of the most extensive and effective in the world.
How did that happen?
I will bite, although this moves away from the news that Switzerland votes against the electronic ID system.
> How did that happen?
Two hypothesis:
a) The railroad net in Switzerland is fairly small when compared to Germany.
b) The numbers in the punctuality statistics are skewed. For example, once a train from Germany is late and wants to cross the border to Switzerland (e.g. Freiburg-Basel crossing), it is put on hold and has to wait until it falls into the next swiss train slot, entering Switzerland "on time". In Germany, this would be counted as a delay.
Source: Lived in Switzerland for a while.
The rail network was mostly built by private enterprise prior to 1898 when it was nationalised and has been run in a pretty conservative way since.
>While European rail operators such as French SNCF and Spanish Renfe have emphasised the building of high-speed rail, SBB has invested in the reliability and quality of service of its conventional rail network.
As a Brit I'd probably prefer that to £100bn on HS2 and god knows what on the proposed Boris Burrow.
This reminds me of how elephants don't suffer from cancer, because of their size their tumors get tumors and die off before doing damage to the animal. The best bureaucracy is not an efficient one, but one so inefficient that it can't do harm.
One important thing that was not argued well in my opinion is that the Swiss National Bank pegged its Swiss franc to the euro on Sept. 6, 2011. I lost a lot of money on that day, because I had all my net worth in CHF, as I trusted it to keep its value and not be devalued fast.
The good thing that came out from it is that I realized that even Switzerland's central bank cannot be trusted, and moved to Bitcoin. I never looked back.
The tiny swiss were the last to delink its currency to gold. They tried really hard, under enormous pressure, but finally relented in 2000 with the new constitution, where the delink was tied to a bunch of other constitutional directives..
So in summary - The country can only do so much before the big guns aimed at it take their pound of flesh.
I am not sure the central bank is faultless in the example you cite, however, appreciate that we live in a world where other powerful people are not interested in the well being of swiss banking customers.
I understand the pressure that Switzerland was in, and I don’t really care as I got back the money I lost on that day by many times.
At the same time I was used to the trains and trams being precise by the second in Zurich (I loved taking the train to work every day), and everything being predictable, that’s why it was a wake-up call for me.
The central bank's priority is probably stability and the well being of Swiss people using SFR for wages and mortgages rather than maximising the profits of currency speculators. If you want the latter then indeed bitcoin is no doubt a better match.
I too still dont really understand why they did that. I mean sure i get it, but it seems so counter intuitive especially now where we can expect the usd and eur to devalue even more
>So, while spain sends soldiers to die in Afghanistan, or the UK wastes decades of development on a grand EU project, or US citizens get spied on by their own govt via Patriot Act.... CH is just sitting pretty, doing its thing. Arguing about every little detail to exhaustion.
Switzerland can afford to do this because it's surrounded by countries that protect it from the real world. It doesn't have a real foreign policy because it doesn't have to.
>The best thing that could happen to us, is to remain just as we are. I welcome the next 800 years of peace and economic development.
That's not up to you. As I've said earlier, you're lucky to be surrounded by countries with bigger fish to fry as long as Switzerland toes the line.
I am not sure what dangers you imply here.
America to the West, Africa to the South, Russia and China to the East. Constant tensions at the borders of Europe. To me the neighborhood looks incredibly dangerous and increasingly so. On that subject, the lackadaisical attitude of some EU nations towards defense is bewildering (looking at you Germany).
USA is basically surrounded by large oceans and they still spend by far the most on defence.
The US's military expansion (and by extension its defense budget) is directly correlated to its domestic industrial expansion and its need to keep supply lines flowing. They basically spend a lot because they need to jump over two oceans to afford the economic model they chose. That wasn't the case when the US was still content with self-isolation, before the Spanish–American War.
Switzerland used to be surrounded by Nazi Germany on pretty much all sides.
They remain independent because they are a mountainous country that set its defenses up cleverly so that any invasion would be a pyrrhic victory at best.
Most of the population lives in the flatter parts of Switzerland, which are of no real concern for invasions from the West and North. The linguistic border runs inside Switzerland because the geographic border does as well.
That is a myth. These defenses you talk about were built partly with cheap material and therefore significantly less effective. This caused a major post-war corruption scandal.
Nazi Germany did not invade Switzerland, because Switzerland was actually more useful as a neutral state for Nazi Germany to exchange gold for commodities, for spying and Switzerland produced militiary equipment for Nazi Germany anyway.
Switzerland has also had a policy of armed neutrality since 1815 or before I think and the armed bit would probably be a headache for anyone invading.
The Nazis did plan an invasion. See Operation Tannenbaum[0].
Switzerland didn't end up getting divided between Germany and Italy thanks to the Red Army hurtling more humans west than the Wehrmacht could supply bullets east. Swiss munitions production wouldn't be risked.
There's this joke in Switzerland: When the war wasn't going so well Hitler sent a note to the Swiss government demanding a supply of tanks. The Swiss council deliberated and responded in due time: "Will one be enough or do you need all six?"
It has its advantages and disadvantages. It is also the political system that caused this:
"In 1991 following a decision by the Federal Supreme Court of Switzerland, Appenzell Innerrhoden (AI) became the last Swiss canton to grant women the vote on local issues."
Notice how it was a court decision, not a result of the political process. I'd say 1991 is a bit too late to have full voting rights for women.
https://en.wikipedia.org/wiki/Women%27s_suffrage_in_Switzerl...
If you think that is the worst example dig deeper :) Sennerburm for example, basically legal child slavery totally normal in europe until not to long ago. And yes switzerland took a bit longer than our neighboors
> Sennerburm
Google returned zero results– did you misspell it? Google usually can't find documents for misspelled rare words
Yeah i missspelled a dialect word, cant google it either. Try 'Verdingkinder' i dont think there is a real translation for that
How can you so sure that your ideal is how they should live?
What I admire about the Swiss is how they live and let live - they may disagree with the neighbour, but let them be.
Granting the right to vote is a bit of a different ballgame because it's a meta-question. Not consulting women (or just everyone, or all citizens, or all adult citizens, etc.) on this issue indicates, to me, that the will of all people concerned in AI was not even considered. There is no consensus in AI to disagree with, from this perspective.
Why am I not surprised that HN is a place to find people who argue against women's right to vote.
HN is very diverse :) But we all argue in good faith and are willing to yield to reason
"argue in good faith"? "willing to yield to reason"?
Please.
Please don’t taint HN with this type of response. HN is such a rare place on the internet, and let’s keep it excellent.
The idea you’re dismissing is that of allowing small groups of people rule themselves which does mean some will use unconventional ways they consider best. Note that the Apenzellers didn’t hinder anyone who disagreed to leave or refuse to trade with them. They also didn’t force their way onto others.
Switzerland was once just a bunch of small independent nations in a military alliance, which allowed them decentralisation and having multiple competing systems, without everyone having to do it one way. If you have that, you must agree that your neighbour may live in a way you disagree with - but in exchange they will let you live in a way they disagree with, as I’m sure many from Apenzell think of the Züricher.
I imagine the Apenzellers argued that the job of the state is military protection. Conscription means the state forces you to give your life for it, and voting rights for conscripts means soldiers will only go to wars they collectively agree with, effectively ruling out wars of aggression. That’s how it was in my country, but I’m not familiar enough with Apenzell (except for their cheese) to talk about their history in this depth.
This is what you said: "But we all argue in good faith and are willing to yield to reason" I am in disagreement with this sentence. "we all" is definitely wrong and I haven't seen many "yield to reason" here or in any forum apart from few examples.
So I found your comment disingenuous and that's why I left a sarcastic remark, not aligned to HN rules sure, but yeah I did it. Also, if you think HN is an excellent place and not tainted, I have no words.
Edit: Grammar, wording.
If “we all” was the part where you disagreed, why did you quote every part of my reply but that?
HN is not perfect, but it’s far from the norm online regarding good faith rational discussion, and I’ve certainly witnessed people here accepting and learning facts and from rational arguments.
Why? I also said I mostly disagreed with "yield to reason" part. Ok, sure, the let me say it again then, I fully disagree with "we all" and mostly disagree with "yield to reason" and "in good faith" parts of your sentence.
Actually at the same votation, Switzerland accepted a law which forbid women to wear Burka. Which is not exactly let live.
We need to be precise here.
Firstly "accepting a law" implies - in western liberal democracies - a legislative process in which a law is proposed and accepted by some kind of parliament. This is not what happened here - in Switzerland, laws can be given to the population directly by non-parliamentary, non-governmental organisations in referenda, which then become binding. The law you are referring to was accepted by the general Swiss population with about 51% of the votes yesterday.
2. The law is not specifically forbidding women particularly forbidding to wear burkas. It forbids anyone to hide their faces when in public (with the exceptions of traditional customs, e.g. during carnival season). The basic idea behind this is that in a free society, we meet each others face to face. This generally good idea was abused by right-wingers to point out that this prevents visible Islamisation of an ultimately christian-conservative country, and by left-wingers to imply it was sexist and islamophobic.
3. Men and women can still wear whatever they like ... in private. In public, all societies have acceptable clothing standards. Try going out wearing nothing but three straps of leather and a gimp mask in front of a school, anywhere in the world, and see what happens.
Exactly. Genital mutilation of minors is next (Scandinavia is front running here). Nothing judeo-islamophobic, just the protection of what is dear to all of us (in this case bodily autonomy of children), and in no means against circumcision: you may still do it when you are 18, just parents should not be allowed to do it to you.
A little tyranny of the majority is not always a bad thing.
> you may still do it when you are 18, just parents should not be allowed to do it to you
You can read this in a positive light or a negative light. I know a guy who had that surgery done as an adult and it was incredibly painful and took a while to fully heal. I want to say it was almost a month. You could certainly argue that it's a lifetime of pain if it's done and you don't like it but that's likely a slippery slope in some regard.
I can agree that we should probably be doing a better job of explaining to parents the pros and cons of each so they make more informed, realistic choices but some of the outrage rhetoric around circumcision is a bit much.
Your friend had medical indication I guess? That's a whole other story, that's not "mutilation" but "the best in the given situation according to medical science".
Medical science is very clear about both male and female genital mutilation: lots of risk and potential harm, not real benefits.
And this does not grow back like nails and hair. It's not a fashion. It's literally putting a knife in your baby because some old culture prescribes it. No problem with that: just do it when the kid reaches the age of consent.
Don’t you think it hurts a child to cut their genitals? I’m ashamed it’s allowed in my country, and due to socialised health care I must fund it. It’s child abuse.
Exactly my sentiment. Tax paid child abuse. We should implore how this ever got this far, and fix the system to ensure this never happens again. As a result I've come to believe that religious freedom should have well enough protection by freedom of expression and freedom of association; and hence should be removed from constitutions and put into the regular code of law.
Freedom of religion may not constitutionally compete with bodily integrity (nor with freedom of expression (blasphemy)).
> Firstly "accepting a law" implies - in western liberal democracies - a legislative process in which a law is proposed and accepted by some kind of parliament. This is not what happened here - in Switzerland, laws can be given to the population directly by non-parliamentary, non-governmental organisations in referenda, which then become binding.
This is more of a tangent, but I would contest the idea that "accepting a law" implies that it is passed by a parliamentary body. This was maybe true in the 1800s, but not today when plenty of western liberal democracies have some form of direct democracy with electoral referendums on important issues. Some (e.g. California) have a system roughly comparable to Switzerland, although it's obviously at the state level in the case of CA.
The second part of the law in question disallows anyone to order someone else to wear this or that.
Imho that was the deciding part.
Which is exactly what the first part of the law does.
Hey, "But only in public!" Are you really defending imprisoning Woman to their homes by maybe robbing them of their few privileges? I am utterly disgusted how they frame this bs.
Does the anti-masking law imprison these women, or are they being held captive (against Swiss law) by their husbands/fathers/brothers?
If it's the latter, that's a reason for them to seek help from the authorities.
You realize this is a cultural and not political issue?
What they don’t do though is tell people in Muslim countries that they must live like a European.
The Swiss rule their house, and let others rule theirs, and this is what I mean with living and letting live.
Not allowing one group to have an equal voice is the opposite of live and let live
Taken to its conclusion should this not include every living being? Why not children, or animals? Ageism and speciesism indeed.
My point is that while the majority of Swiss cantons decided to not have gender restrictions on voting, they allowed Apenzell to keep being the weird one, and in response the people of Apenzell don’t force their way onto others. If I don’t want my neighbour to tell me how to run my household, I must also not force them. Apenzell didn’t force their way into the Züricher.
Although in the end, the people of Apenzell were forced to change their way.
Every time you say "the people of Apenzell" you really mean roughly ~50% of the voting age population. Would you make this same argument if only one person was allowed to vote in Apenzell? What about when that one person starts rounding up the people in Apenzell he doesn't like and imprisoning them?
When you say “voting age population”, you really mean roughly 70% of all residents?
You and I probably agree that a 12yo should not have the right to decide what the state should do with its might, but the argument is the same regarding how the legal voting population of this tiny state of 16k citizens decide to expand who gets to vote in their local elections.
What I say is that I’m impressed by the federal government of Switzerland for allowing even such a tiny group such self determination to select who can vote in local elections - until the UN forced them to conform in 1991 that is. I think this is why they don’t have civil wars when they disagree - they instead let others do their thing and the cantons run their competing systems simultaneously.
Regarding your question whether I would think it was ok to have a Swiss canton where local government was ran by one person, it’d be ridiculous but I would not think it’s right to use force to stop it, unless that local government hindered anyone from leaving. This is at least, as you have identified, the logical conclusion of the argument I am making, and the Swiss did until 1991. In reality no single person would likely run it well, and it would end up an economic disaster, and sooner or later change. Instead of coercion letting a hundred seeds grow, before separating the wheat from the chaff
You think people would really move away? It's just one guy, you just gotta knock him off a bridge.
And if the simplest solutions to problems of governance become violence, rather than the system itself, then you have failed at the main purpose of government.
It’s worth noting that we are talking about a state of 16000 people, who live in a federation, and this federation allowed until 1991 this small state to keep their own laws regarding voting in their local elections. The other cantons were certainly let living their neighbour, and in response the people of AI (again, a state of 16k people) didn’t tell the neighbours what they should do. Again, this until UN influence forced them to be like their neighbours in 1991.
> The 7 member Executive Council is composed of the top 7 candidates from each election.
The executive council is elected by the parliament and also contains candidates that haven't been member of that parliament. This election takes part "seat by seat", so every member has to be explicitly re-elected.
What happens when a council member leaves office unexpectedly, i.e. dies or resigns? Does it kick an election for everyone or just that one seat?
The members of the council are elected by the united parliament. They will also elect the successor...
Since it's not done by popular vote, political games in that process are rare or just not excessive. The people trust the parliament with the process of electing their leaders, you better shouldn't fail them. So they mostly elect according to the current concordance.
Good question. I'm not sure exactly how the successor is chosen, but this section from Wikipedia indicates just the one member is replaced:
> Until 1999, the Constitution mandated that no canton could have more than one representative on the Federal Council. Until 1987, the place of origin was used to determine which canton a Federal Councilor was from. After 1987, the place of residence (or, for councilors who were previously members of the Federal Assembly or of a Canton's legislative or executive body, the canton from which they were elected) became the determinant factor. Nothing prevented candidates from moving to politically expedient cantons, though, and the rule was abandoned in 1999. Since then, the Constitution has mandated an equitable distribution of seats among the cantons and language regions of the country, without setting concrete quotas. Whenever a member resigns, he/she is generally replaced by someone who is not only from the same party, but also the same language region. In 2006, however, Joseph Deiss, a French Swiss, resigned and was succeeded by Doris Leuthard, a German-speaking Swiss, and in 2016, Eveline Widmer-Schlumpf, German-speaking, was succeeded by Guy Parmelin, a French Swiss.
Well, that same system also voted on banning Muslim face coverings ("Experts estimate that at most a few dozen Muslim women wear full-face coverings in the country of 8.5 million people."), while a pandemic is going on and face coverings for protection are recommended.
https://apnews.com/article/health-legislation-coronavirus-pa...
You seem to be expressing an opinion about banning Muslim face coverings.
I am not responding to your expression of opinion - just clarifying how the Swiss electoral system is structured.
That vote was a referendum, which is another component of the Swiss system, separate and complimentary to the Executive Council.
My bad, I thought the anti electronic ID vote was also a referendum.
Populist ideas, can easily thrive in a direct democracy.
It was. And the face covering ban was spinned to be against the customs of a minority. It is still allowed indoors.
Every country has some clothing requirements. Some mandate headscarfs (for women only), some mandate the face remains visible. No laws were needed for this in Swiss because no people were covering up. But now this has changed, so laws come. I dont find any problem with it, and hope that the "custom" of genital mutilation done to children is next to be forbidden. You can still do it, at 18, but yr parents should not be able to decide for you. Not against jews/muslims, just in favor of childrens rights. Scandinavia is front running on this one.
"But now this has changed, so laws come."
A few dozen women in a country of 8.5 million do not need a law, especially one that doesn't really do anything for the victims, see https://news.ycombinator.com/item?id=26380029
Also, look at that image https://storage.googleapis.com/afs-prod/media/1aad669348cc4c...
Burqua isn't islamic to begin with anyway.
Yep it's definitely a cultural thing. I think it really is mostly to suppress women and not as a way one shows their religion which one does by living and not by clothing.
Historically, the veil was considered a huge step forward for women's rights/freedoms as it allowed them to leave the house more than three times in their life. Before that, they left the house to marry and move from their father's home to their husband's and when they died....and maybe I am misremembering that number of "three times" or maybe I just can't remember the third instance.
(I'm a woman. I've had a college class in Women's History. FWIW.)
Point is, islam was a progressive religion. But many countries took it in as a regressive one since they were also taking in customs from the culture which islam was supposed to progress.
Which totally misses the point. You shouldn't have been importing burqua if women were already were allowed to go outside without it.
The reality is that progress tends to be a case of two steps forward and one step back. It's also reality that this is true in part because people come up with these theoretical ideals of equality or something and they sometimes don't work in practical reality.
Additionally, one way to spread religion is to be tolerant of the existing culture of the people you are hoping to spread the religion to. This is Christianity is associated with a lot of holidays that have seemingly inane and random traditions, such as Easter and Easter Bunnies and hiding Easter eggs.
What on earth do bunnies and hiding eggs have to do with each other, much less the risen Christ? Not much, but it's some pagan set of traditions that got tolerated by the Christian church and that's how you have bunnies and hidden eggs all wrapped up with the risen Christ.
Yes, I'm mainly complaining about the reverse happening with islam's spread (due to it being spread by wars). Instead of islam progressively adapting to each country's culture, it brought regressive practices with it.
Well, now they'll have to stay at home again...which is what the fascists who brought that in actually wanted. They just don't want to see them on the streets.
It's kinda sad that so many supported this and I'm happy that this wide ban would (probably...) be unconstitutional in Germany.
Someone not letting their wife out because burqua is banned is outright abuse, and should be dealt with that way. It isn't even a common piece of clothing in the majority of muslim countries. (+1 point to horseshoe theory: apparently islam forbids women to go out without burquas according to both extreme leftists and rightists, bu noone else)
How should you deal with it when you're not even seeing it and can't even prove that the woman is being held in her home against her will if her will is already so weak that she'd wear a burka? This is what I meant: you just make the problem disappear from the public with that measure. You don't solve anything and make it actually worse for the women.
I don't even know how you get the leftists in there but at this point I'm too afraid to ask...
What's wrong with banning a backwards custom that limits women's rights?
Because the presumption is that the women in question are being forced to do this and don't want to.
But your solution is to implement a law which punishes the victim, rather then doing anything about their presumed victimizer.
If the women who didn't want to wear the covering didn't want to wear it, what is stopping them from simply not doing it to start with? The answer of course is husband's, brothers, family etc. and probably that they'd be recognized in their community.
But this is someone's religion - a fair bit more important to them then the laws of the state in a lot of cases. So you haven't answered how you're going to protect those women from being targeted and forced to simply never leave the house, if they are being targeted by people who are forcing them to do something they don't want to.
Your law offers no solution to this - and again - implements itself by targeting the apparent victims it proposes to protect with punishment.
Setting aside that the government can stay the hell out of what I choose to wear, this is just a monumentally stupid approach to anything.
The laws of religion should not override those of the state. To do so would lead to a theocracy and that has been shown to be almost universally bad on any large scale.
The laws of the state shouldn't go out of their way to get in the way of the laws of religion, doing so for no real reason other than spite.
To do so creates conflict where there should be none, which is against the very purpose of a state.
I imagine the women are not physically forced (or maybe only some are) but instead are “educated” from childhood that this is the way. How would you solve it then?
Massive public education campaign, as is routinely done for many other topics found objectionable by various religions but acceptable in secular society? From birth control to blood transfusions to interest on loans?
At minimum, show the non-religious benefits of doing (or not doing) a thing and why it is relevant for the individual. Don’t punish the victim for doing the thing; if someone must be punished, make it the person imposing the action.
> Massive public education campaign
That's only slightly better than getting a fine. If gov would run a ad campaign / school program with "making women wear burka is bad" then the victims would still be the ones to suffer because it's still directed at the way of life as they know it.
Let's stop a backwards custom that is practiced by 30 people with a backwards law that limit's clothing choices for seven Million people.
I'm friends with a few Muslim women and can assure you that it has nothing to do with choice.
I knew hundreds of muslim woman and many do it by choice. So what now?
Because it is a complex cultural issue and banning it probably harms woman further from an already oppressed state. In some cases basically imprisoning them into their homes or forcing them to relocate. No one bothered asking those woman about their thoughts or circumstances.
I don't know, countering an authoritative practice that affects women's choice with another authoritative practice that affects women's choice kinda just seems dumb.
So much for "a woman's right to choose"
i think your point is valid but still shouldn't enter the fray.
This is about swiss nationality and customs. Not about women's rights.
Just like you don't go to your greek neighbor's dinner party wearing a turkish flag, there are things you don't do when you are the guest at someone else's party.
The burka represents a lot of very nasty things, in countries that the overwhelming majority (60%) believe 911 was totally OK and beheading or stoning minorities is OK.
The fact is, you don't frown on people because they are spitting on some ideal of freedom. You frown of them because they don't get the basic rules of decency.
My house. My rules.
> The burka represents a lot of very nasty things, in countries that the overwhelming majority (60%) believe 911 was totally OK and beheading or stoning minorities is OK.
There are countries in Europe that are majority Muslim (Bosnia, Kosovo, Albania) where nobody thinks that, and where any kind of face cover is totally up to the choice. Turkey isn't that extreme either. Neither is Indonesia, Bangladesh, Nigeria, etc etc.
Why don't people ever think of those and jump straight to the Middle East? There are just as many Muslims living in India as there are in the Middle East.
In what way does it limit women's rights?
Have you ever been to the beach? Have you noticed that in many western countries, all the men have bare chests and all the women are covering their breasts? Does this custom limit women's rights? Providing that women have the same legal right as men to go bare chested, as far as I can tell no rights are being infringed.
But maybe you disagree, do you think a law banning the wearing of bikinis by women would be a victory for women's rights?
Is it not more of an expression of how the general public of (native) Europeans want to keep their country for their people and culture
Quite a few people who voted against this did so purely because they didn’t want private companies controlling the system.
If the proposal had been for the government to issue and control the identities, it may well have passed.
Definitely why I voted against it. When I first heard about it I was all for it - until I realized that the plan was to let private companies handle it. Complete no go, glad it got rejected.
I also voted against it. It's a pity that I couldn't approve the e-ID issued by the government.
Which is now very clearly the only way to move forward, so the vote was useful.
Which makes a lot of sense in Switzerland, since "the government is the people" is more true than in the overwhelming majority of countries on Earth. Pragmatic take from the Swiss as usual :)
(said by a jealous French citizen)
AFAIK, Switzerland is the only country with direct democracy or ‘Govt is the people’.
As you said overwhelming majority, are there any countries that have direct democracy or come close?
California (not a country, obviously) is otherwise virtually comparable with Switzerland in this respect. Full constitutional amendments and legislative vetoes can occur via referendum.
EDIT: In practice, larger cities in California seem to have a comparable number of referendums as well. Unfortunately, they're all bundled into an election every 1-2 years rather than the Swiss system of elections every 3-4 months. This has its upsides, mainly in turnout which is still low in much of Switzerland, but also means many "less-notable" issues often aren't discussed in CA to the same degree that they seem to be here.
Not familiar with the Swiss system, but CA system has some interesting nuances - laws enacted as approved propositions cannot be modified at all, except by another approved proposition. In theory, that protects them from legislative overwriting/meddling, but also does not allow to fix unintended consequences. Here’s an example where a proposition was needed to authorize state legislature to make modifications to an older proposition: https://en.wikipedia.org/wiki/2018_California_Proposition_7
And of course, CA still has daylight savings time because this proposition required two thirds vote.
Have a look at Taiwan.
Taiwan (the Republic of China) is another jurisdiction with direct democracy elements. Direct democratic rights have been in their constitution since 1940s, but they weren't seriously implemented until 2000s. The exercise of these rights is still relatively new in Taiwan.
Mon ami ne crois pas tout ce que tu entends.
C'est pas ce que j'entends, c'est simplement les faits. Les décisions par referendum c'est grosso modo unique au monde, contrairement aux multiples couches de gouvernance qu'on peut voir dans plein d'autres pays (que ce soit le modèle Britannique/Commonwealth, les modèles des pays Latino-Américains, le modèle Français..)
No worries, we'll have a proportional Assembly and citizen's initiatives any day now...
They are doing the correct thing then. Prisons, ID, policing NONE of that stuff should ever be in corporate hands. It just stinks of fascism to anyone who really thinks about it for more than a moment. Governments are bad enough, corporations should never take on such roles because then they have a second incentive of profit to be bad actors and not just petty power trips.
I don't want to be that guy but it really has nothing to with facism.
I suggest you google the definition.
It's definitely a bad idea, but just because something is a bad idea does not magically make it facism.
If you think stuff like this being okay in the hands of a government then you might want to reexamine that line of reasoning, given that most governments are barely any better than corporations at the end of the day...
Yes, and that's a good thing. Balkanizing ID info between a gazillion government databases as we do in the US just creates inefficiency, and raises the thirst for more intensive surveillance to counter the inefficiency with which the data is used. (Consider the talk after 9/11 on the FBI and CIA not sharing info, and then we get the Patriot Act.)
Maybe the opposite though - having a 'single, semi-competent authority and source of control/failure/security' is probably not a good reality for security and resiliency.
Ironically, there's a >50% chance that the solution will entail 1) privately hosted platforms like AWS and 2) privately hosted support services and 3) privately written core modules (McKinsey business strategy, Accenture implemented etc.) and 4) at least some privately contracted IT people to manage the solution.
There's no reason to believe the gov. will make a more robust, scalable and secure solution that other entities.
A better approach might even be to mandate very specific identity protocols, and then allow citizens to chose their own identity provider among those that fit the regulatory requirements and oversight.
For example: https://en.wikipedia.org/wiki/Swiss_Post
It's owned by gov. and effectively independent. They could be an identity provider. They are already close to being able to do whatever need be done.
Having to create new government bureaucracies to do things is hard.
> Ironically, there's a >50% chance that the solution will entail 1) privately hosted platforms like AWS and 2) privately hosted support services and 3) privately written core modules (McKinsey business strategy, Accenture implemented etc.) and 4) at least some privately contracted IT people to manage the solution.
That would be in the US, with it's shit managment and governance culture of no expertise being required. The Wwiss are explicitly rejecting such willy-nilly privatization; did you read the article?
> There's no reason to believe the gov. will make a more robust, scalable and secure solution that other entities.
Again this is US ideology about US government. In another places they have something closer to actual democracy, a robust civil service, and an awareness that some things are too important to risk the profit motive sliding to rent-seeking.
> A better approach might even be...
I actually agree with you here. The next step after centrally planning how electronic identity should work is to realize many things don't need to require an "official one true personhood" surrogate key, and can make due with something weaker and more friendly to anonymity. The same functioning society that can figure out devolved cantons and federated cooperatives would be excellently prepared to figure that out.
> Balkanizing ID info between a gazillion government databases as we do in the US just creates inefficiency
It improves security through the reduction in the scope of harm and eliminating single points of failure. If someone compromises your Candy Crush login they can't drain your bank account.
> and raises the thirst for more intensive surveillance to counter the inefficiency with which the data is used. (Consider the talk after 9/11 on the FBI and CIA not sharing info, and then we get the Patriot Act.)
Your argument in favor of centralized ID is that otherwise nefarious spies will lobby in favor of something equivalent to centralized ID so they can correlate everything? That's the argument against it.
> It improves security through the reduction in the scope of harm and eliminating single points of failure. If someone compromises your Candy Crush login they can't drain your bank account.
"Security through ad-hoc redundancy" is going to replace one possible-good auth systems with a gazillion shity ones that no one has the budget or interest to secure. It's a greater attack service.
> It improves security through the reduction in the scope of harm and eliminating single points of failure. If someone compromises your Candy Crush login they can't drain your bank account.
No, by all accounts FBI and CIA still hate each other and keep secrets. What we got is more surveillance (NSA dragnets), not more efficient use of the data they already have.
> What we got is more surveillance (NSA dragnets), not more efficient use of the data they already have.
Or we could just not do that anymore and still not have centralized authentication.
> "Security through ad-hoc redundancy" is going to replace one possible-good auth systems with a gazillion shity ones that no one has the budget or interest to secure. It's a greater attack service.
You mean attack surface. But that's the trade off.
Because none of them are actually secure. Even when you have a full time security team, there are still vulnerabilities. Before the attacker had to find a vulnerability at the DMV, then start over at the bank, then start over at every company's file server. Now instead the attacker only has to find one in the central authentication system and they get everything at once. Even if there aren't as many vulnerabilities, if there is even one, you're screwed beyond comprehension across all systems everywhere.
On top of that, widespread use cuts the other way. Suppose the system was originally deployed using sha1. That starts looking pretty weak so you begin the decade-long process of transitioning literally everyone to a system using something else. Then suddenly sha1 gets completely broken beyond all hope, but you can't stop using it because 15% of people haven't migrated away yet and that's too much of the world to abruptly cut off.
Whereas in the decentralized system only 15% of things would be vulnerable because the other 85% had already migrated and disabled sha1, and the important stuff like banks who have their own security teams would be in the 85%.
More to the point, there are other ways to reduce vulnerabilities without centralization. Use simpler, more stable software from vendors who spend more time on security and less time on feature bloat. Restrict local services to local users so they're not exposed to the internet. Use defense in depth so that a single vulnerability is not enough but the expense of finding five stackable vulnerabilities is uneconomically large relative to the value of compromising an individual system.
Whereas the only way to avoid the ominously large scope of compromise of centralized authentication is to decentralize it.
That article about effective government policy being a database access policy a month or so ago was particularly illuminating (and made a lot of sense to me). That any given policies effectiveness really depends on whether you can actually construct - functionally - an appropriate database view to implement it's stages.
It does not seem like such a terrible idea if it is government run to me. But it depends on having trust in the checks and balances implemented in your system of governance.
It's fine if a majority of the people can overrule a political policy by a referendum. It's not fine if the government was like the US or China.
In Sweden we have a company running the ID system and that works fine. The company is coowned by all the large banks afaik. I was really surprised at how far behind Switzerland is compared to Scandinavia when it comes to digitalisation. Being able to handle my life hassle free online instead of going to physical places (like post office, banks, gov office) is liberating. I also get all my bills digitally and all my receipts (even physical stores)
I think pride and patriotism means you’re overstating your case here.
Indeed as you say, a subgroup of the largest Swedish private banks own the ID system in Sweden - for profit, and without any serious democratic oversight.
Edit: I forgot to add that the system allows these private banks to see into almost every aspect of a person’s life: where they shop, where they are, who shares their household and so on. Almost every aspect of a Swede’s life can and is tracked by this system.
Every time someone identifies themselves with this system, it costs the retail merchant or service a non-trivial amount of money. Because it’s effectively a private monopoly, that price is set by the banks, and often involves a lot of secret horse-trading behind closed doors (I’ve been involved with some aspects of this in the past).
The secret negotiations also include terms that are not open to public scrutiny. One example, is that the merchant or service isn’t allowed to blame BankID for any problems such as downtime or any other technical problems.
btw I’m curious how you get all your receipts digitally. There are some services such as Kivra in Sweden, but they definitely don’t cover all stores.
I definitely agree. The system could certainly be improved.
My gripe with BankID is that it's a monopoly and it's tied to having a bank account. It's easy to fall into the cracks. For example, I know first hand more than one foreigner that moved to Sweden and couldn't do basically anything online because they didn't have BankID and couldn't get one because they needed to visit a bank branch and have an appointment, and they couldn't get one without having to wait for 2 months or more (partly due to COVID-19).
The system could be much better if there were many accredited providers of digital ID (this is somewhat already the case, there's Freja now) and there was a mandated standard protocol that the accredited providers implement, so you could have the ID from any provider and that ID would work on any site. The latter is not the case to the best of my knowledge: although many government websites are supporting Freja, most private ones like Kivra or Klarna and of course the banks only support BankID. This is not great.
It also forces you to have an Android or iPhone, and basically have a relationship with these foreign tech giants and accept their policies in order to be a "digital citizen" in your own country. If they ban your account for any reason, and you lose access to the store without any recourse, and you can't install the app, you are basically SOL. This is a trickier problem to solve, and it's not exclusive to BankID by any means, but if there was competition it would be more likely (at least on paper) that somebody might provide an alternative.
My take is that indeed: the system mostly works, it is convenient, but it's not perfect by any means. There's plenty of room for improvement. Just having real competition instead of a de facto monopoly would fix most issues.
> It also forces you to have an Android or iPhone, and basically have a relationship with these foreign tech giants and accept their policies in order to be a "digital citizen" in your own country. If they ban your account for any reason, and you lose access to the store without any recourse, and you can't install the app, you are basically SOL.
For me this is mind-boggling. Could you please elaborate or link to a resource on that? Do the respective apps work on rooted phones? Regarding the Bank ID: I worked as an intern in Sweden in the 2002 and this sucked already then. As a foreigner you got an ID that somehow "almost" matched the normal way the number was generated (an offset on the YOB if I remember correctly). It was always an interesting experience to find out if an office/application supported such foreigner ID or not. Hopefully this got fixed in the meantime. After all my yearly letter from pensionsmyndigheten is at least partially translated in multiple languages. Good for me as I lost almost all my Swedish.
Maybe you got a "coordination number" instead of a "person number"? You only get the latter if you are expected to live in the country for longer than a year. The former "confuses" a lot of people and websites, which are not fully prepared to deal with it.
> Could you please elaborate or link to a resource on that?
Not sure what exactly you're looking for. There are 3 types of BankID: "on file", "on card" and "mobile". The first two are seldomly used and not all banks offer it (mine doesn't). I believe that most sites only support the mobile version. The mobile app cannot be sideloaded on iOS, and requires Google Play Services on Android. (For now it works on rooted phones. For now.)
Although technically minded people can still find a way to sideload the Android app without having to have a Google account, this is far from being mainstream. For most people you have to agree with Apple or Google's terms and have an account with them. If you're banned and lose access to the store, you can't install BankID any longer. It's not fun to live in Sweden and not have access to BankID.
I don't like the idea that you have to establish an asymmetrical relationship with a foreign conglomerate to be able to identify yourself in your own country and use digital services.
I think that having competition at least opens up the possibility that one of the players will introduce a mechanism that does not rely (solely) on Apple/Google technology. For example, a simple hardware token could work.
Regarding IDs for foreigners, I believe that the EU cracked down on Sweden and at least the government websites allow other European digital IDs nowadays. At least the option shows up in the list of authentication choices, but since I can't use that flow I cannot state how well it works in practice.
Tack så mycket! Your detailed explanation cleared things up.
>I don't like the idea that you have to establish an asymmetrical relationship with a foreign conglomerate to be able to identify yourself in your own country and use digital services.
The general acceptance of this in Swedish society boggles my mind. But hey, I am not a Swedish citizen, so it's not my job to tell people what to do.
Neither of the points you made I think are existentially problematic, especially in light of the fact that Sweden is 1) ahead and 2) it works for them.
'Cost' is going to be a part of the equation, there is no avoiding that, but access can be regulated, as can oversight (i.e. transparency) with respect to transactions.
And: "merchant or service isn’t allowed to blame BankID for any problems such as downtime or any other technical problems"
Will Swiss private individuals or businesses be able to 'sue' the Swiss government for downtime? Like late trains? Invariably not. They'll just get the service they get and that's it.
Sweden provides a pragmatic demonstrable example of what can work, it shouldn't be dismissed.
Democratic oversight?
Once these systems are in place they will be under the control of the great unelected, the civil servants, it will not be the subject of any political party policy again and so how exactly will you assert the voting based democratic control upon it?
I guess I only shop with stores that use Kivra.
BankID doesn't store any information, and I have no problem that the stores I'm a member in store my shipping history.
I think you are overstating the scale of the surveillance. I don't think the different entities share data with each other.
Edit: try live in a country like Switzerland once you have gotten use to all interaction being online. It's horrible.
Edit2: actually other stores provide digital receipts without Kivra. You just have to be a member.
Edit3: This has nothing to do with patriotism, there are many things that I don't like about Sweden. But the fact that we have taken digitalisation seriously since the 90s is something I think is great.
> BankID doesn't store any information
I work with systems that use BankID identification, and know for a fact that you are wrong, because many (though not all) of the data-points collected by the banks can be retrieved for payment.
For instance, if you just logged-in with the service I work with, I can retrieve your full-name, birthdate, your marital status, name of your spouse, their birthdate, any children and their IDs and names, where you live, your home and cellphone number, and many many other data points.
From a service owned by a small group of private banks.
That is all public data. You can get that through open channels like birthday.se as well. I've been at BankID and I know for a fact exactly what information they store. They store only what is necessary from a regulatory standpoint.
Are personal mobile phone numbers considered public information in Sweden?
You can get a phone number without registering it to your name, but otherwise yes. Most people's phone numbers can be found online, as well as reverse (find someone's name by phone number) .
A paradise for identity theft
Requiring strong ID verification (from government ID or the digital ID we're discussing) helps protect against identity theft. Other countries I've lived in that use very weak forms of ID ("a utility bill in your name") seem like much bigger paradises for identity theft.
I'm talking about cross border identity theft. The public data of swedish citizens is sufficent for weaker identity systems in other countries.
Practically identity theft the way you think about are very rare in Sweden, more common are social engineering attempts like calling people and asking them to use their MobilBank ID while the caller logs in in their name.
Remember that personal ID numbers are not a big secret in Sweden as well, and still we don't see any big problem with that.
> your full-name, birthdate, your marital status, name of your spouse, their birthdate, any children and their IDs and names, where you live, your home and cellphone number, and many many other data points
Those things have nothing to do with BankID and everything to do with the government person-number database. They were available as open data before BankID existed
But surely if someone has your person number then they can retrieve all that information from companies like Ratsit and the like. Is there specific information you can get via BankID that isn't generally available from other 'open' databases?
What information do you think about? you can get a person's yearly tax statement without BankID but you can't see their bank account details
i live in switzerland. the only cases i had to be physically present at an official place was when i "adopted" my own son (due to not being married) and when i funded companies. 4x 15min in the last 4 years.
i think the state of things is just already quite efficient without such an id. thus people are not willing to give that data away to a private monopoly. imo for good reason.
> In Sweden we have a company running the ID system and that works fine. The company is coowned by all the large banks
Try to have anything to do with the government without a bank account. The processes and system are today so integrated that many aspect of being a citizen are today impossible beyond giving the power of attorney to someone who do have a bank account and then let them do it. (Not hypothetical as this was the recommendation given by försäkringskassan).
I would be much more happy with the system if the government operated a customer facing bank as a fallback, one which laws dictate so that all citizen critical functions are guarantied without a customer contract between a profit seeking company and a customer. It does not need to deal with loans, or give people interests, or handle stocks or any other aspects usually associated with banks. It just need to do basic banking for which everything else depend on in a cashless and internet based society.
Until then, what we have is the merge of private banks, beholden to non-elected owners, and government. It is very hassle free as long one don't mind the soft version corporatocracy.
Since it's closed-source, privately owned and not based on any open standards, it doesn't work on Linux or any mobile device that isn't using Google Play Services or iOS.
It's convenient, but it's an absolute travesty that we've left such an essential part of digital infrastructure to big banks.
> Being able to handle my life hassle free online instead of going to physical places (like post office, banks, gov office) is liberating.
The US has an incoherent assemblage of spare parts for an ID system and it's been years since I've seen the inside of a physical bank.
You have bank credentials and use them with with the bank. You have post office credentials and use them with the post office. This is far better from a security and privacy standpoint that any kind of centralized ID. If someone steals your post office credentials they can't drain your brokerage account, ransomware your employer's cloud services in your name and take out a home equity loan against your house and convert it into Bitcoin.
Centralized identity is a bug, not a feature.
But aren't they all based on one central ID? how can the post office or bank know that you are who you claim to be without an official ID?
The post office doesn't need to know "who you are" except insofar as you have a payment method that works which they can charge postage to.
The payment processor, in turn, just needs to know that you're authorized to draw on that account, which they know because you have the credentials established when it was opened.
Functionally none of this actually uses your name for anything useful. Even giving it to them at all is, at best, a password reset method, and there are a million other ways to do that which don't require a centralized ID.
I live in Sweden. My bank (Swedbank) recently closed my BankID and told me that I either have to buy more services from them or look for another bank if I want to have an BankID (which is required for vaccination).
Yeah, it really works fine. Fortunately, it wasn't too difficult to find another bank that didn't want to blackmail me, but the system has such obvious flaws that it shouldn't exist.
To make matters worse, the current chairman of Swedbank is Göran Persson, a previous prime minister. I fear that there is some ugly corruption involved here.
As a US citizen, being able to go to various physical places without being forced to patronize an opaque, unaccountable corporate behemoth owned by a conglomeration of banks that centrally tracks everything I do, every penny I spend, and what and where I spend it on is liberating.
Are you willing to give up your privacy to corporates to be liberated online?
most importantly, what about those that are not ? Is that decision made without their consent ?
It's not mandatory, there are, less convenient, ways to work without it
> I also get all my bills digitally
So do I. In Switzerland.
All my bills are digital and paid digitally out of an account that I put money in every month digitally. In Texas.
Same here in New Zealand.
The fact that is technically possible was never argued. Swiss voted against banks controlling their entire lives' data, not believing it was a condition to get their bills digitally (which by the way work fine in Switzerland as well).
What about the danish NemId, how is it governed and owned, does anyone know?
Developed by Nets together with the banks similar to the Swedes. If you're looking for public ownership of the various organs and products that Danes interact with on a daily basis: it basically doesn't exist. Just about every software product at the municipal and state level is contracted out to an enormous private megalith that gets paid vast sums of money to execute. And they're nearly all Microsoft affiliate shops, if you were also hoping for some silver lining.
I love my country but the continuing parceling out of everything to private companies has been greatly negative to many public services. See, as an example, the DOT syndicate, which has made it prohibitively expensive to commute via public transit (why in God's name is it cheaper to travel to Germany than take a train from Copenhagen to Odense?) or the bridge to Sweden we're still paying truly insane toll fees for despite having paid for its construction years ago.
There's an important distinction between the systems in Sweden and Denmark. In Denmark, you don't need to have a relationship with a private bank to get NemID. The government also provides it.
In Sweden, you are absolutely reliant on private banks. This gives those select few banks a position of power which they can - and do - abuse.
If you think that's bad, look at the UK. They had a government-ID system with an ID card, and then they scrapped it. Now people run around using driver's licenses and municipal bills (I guess) to open bank accounts and other things. Utterly backwards.
https://en.wikipedia.org/wiki/Identity_Documents_Act_2010
I've been formulating my thinking around it and I'm starting to think that this is some sort of new-age "luddism" at play, coupled with some odd distrust of government for this particular problem, as if government is trustable elsewhere.
What did the Goverment ID offer over a drivers license? Here in bc Canada drivers license is sufficient ID most places, and if you don’t drive you get bc Id which is just a drivers license without the driving part.
There is an online identity verification service run by the UK government: https://www.gov.uk/government/publications/introducing-govuk...
Verification is done by third-parties in conjunction with government data. At the moment it’s only used for government services, but there has been talk for half a decade about expanding it to the private sector.
Actually, we have several. BankID is the most well known, but there is also Freja eID.
Right, the government just legislated standards for what can legally be considered e-ID, and its up to the market to implement it as they wish. Nothing is stopping anyone from developing and launching an open ID platform.
I did vote against it, but mostly for other reasons.
The companies (mostly banks and insurances) lobbying for the e-ID have already implemented a similar project called "Swiss-ID" which was supposed to be used across a majority of service providers. From the point of view of the user, it looked and behaved a lot like OAuth.
What I am afraid of is that the e-ID will be implemented in a similar way, and data will be stored centrally. That's a big difference to the classic physical ID we have, because while the government controlled some data centrally (name, year of birth etc), no information about banking or illnesses was ever stored in a central place.
If there was an indication about how the e-ID was going to be implemented, and if there was a reasonable effort to make sure data is being kept isolated (e.g. by issuing a physical tokens and encrypting the data with them) I might have voted yes. But there was no such information, and I expected the worst.
That was my rationale for voting "no". The task of deciding who is swiss and who isn't shouldn't be entrusted to some AI running on a facebook server.
Which is why the opponents, backed by a non-partisan alliance of representatives, will bring forward not one but two proposals to the houses. If they get a majority vote, the federal council will have to try to make it into a law.
And once everyone forgets about it, a right-wing government will privatise to the same orgs that would have gotten the contracts... it’s just putting off the inevitable :(
Switzerland has this in its constitution:
Article 13: Right to Privacy
1. All persons have the right to receive respect for their private and family life, home, and secrecy of the mails and telecommunications.
2. All persons have the right to be protected against the abuse of personal data.
Also the constitution can be only changed by voting.
Plenty of countries (if not most) have this or something similar, anchored in either their constitution or at least in regular law.
This should not come as a surprise either, since it's essentially the implementation of Article 12 of the Universal Declaration of Human Rights.
Where it usually goes wrong, is with the interpretation of the words "privacy" and "communication". Also, governments have a habit of defining exceptional situations in which these laws can be violated in the name of some supposedly higher purpose (e.g. national security).
Strictly speaking, the UDHR is rather clear about one thing: the declared human rights are inalienable (meaning, they can neither be taken away nor be given away freely), so all the exceptions are essentially bullshit excuses. Those should not exist in the first place, at least not according to the "inalienably" part of "inalienable human rights".
Additionally, there is no law/treaty that explains why modern technologies should not be subject to Article 12. While plenty of governments/businesses would like to convince people otherwise, almost everything we do online is strictly speaking telecommunication of some sort or another.
The sad truth is that pretty much all of today's online privacy issues are strictly speaking in violation of the UDHR. There is just way too much at stake for businesses and governments alike for them to ever acknowledge it. It doesn't change that they are blatantly violating a treaty they signed, ratified and should be upholding though.
The universal declaration of human rights 12 [1] contains the very important word "arbitrary" as a qualifier of privacy violations.
> No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
One reason for this has broad applicability: Even inalienable human rights can be in conflict with each other. So solutions must weight them against each other, but will ultimately violate one or more of the clashing rights.
The UDHR also recognizes the that even the article 3 "Everyone has the right to life, liberty and security of person" is limited as in so far people may be arrested (and therefore deprived of their freedom) by giving the explicit article 9 "No one shall be subjected to arbitrary arrest, detention or exile." Again, with the arbitrary qualifier.
I believe, recognizing that even these funamental rights clash with each other is important. Often I feel that online discussion have each side pick the one in favor of their position and ignoring that other rights are in conflict with that position.
But as you said, it is also important to recognize that there are bullshit excuses.
[1] https://www.un.org/en/universal-declaration-human-rights/ind...
I agree with you.
My main reason for not bringing up the internal complications of the UDHR was to not add confusion, but you are completely right about how some of these rights can conflict.
You are equally right about the "arbitrary" part. However, when it comes to today's trade in personal profiles and governments scooping up everything they can get their hands on (legalized or not), I very strongly believe that all of it rather clearly fits the classification of "arbitrary".
I will even agree with that I picked an (extreme) side. But maybe not because I can't see nuance or because I ignore (at least not in private) what conflicts with my position.
It's more about being sick and tired of listening for decades to blatant privacy abusers arrogantly (and incorrectly) claiming that what they do is legal .. and how we just all should accept this new reality. It sure didn't help to see governments either buying that bullshit or simply not deal with it because of how it could harm their own (surveillance) interests.
Considering the now obvious rampant abuse and how far I believe we have veered off from how all this probably should have developed (in an ideal world), I'm convinced that the time for being nice and nuanced about all this has long passed.
“Fascism should more appropriately be called Corporatism because it is a merger of state and corporate power” ― Benito Mussolini
Note: such a merger does not have to be overtly voluntary. It can also be a government seemingly dictating corporations or corporations covertly running a government. It's all about the two somehow joining forces (even if only because of shared interests and possibly still for different reasons), especially when against the interests of most citizens.
If you do it to everyone, is it still arbitrary?
Yes, it can be (depending on what you do).
Arbitrary doesn't just mean treating individuals differently (discrimination) without a proper legal justification. It also applies to any government or business that overextends their legal mandate, by subjecting people (even if equally) to limitations that have no legal basis.
I'm well aware that this rather quickly conflicts with some almost religious belief that anything can be limited through contracts, EULAs and TOSes (as long as its done voluntarily).
When people have alternatives, without such limitations, one can argue that people still have a freedom to do things differently. When a product or service becomes some kind of necessity, or not using it somehow becomes a personal limitation of its own, then such contractual limitation essentially have just created a new "law" outside of the only official process that is supposed to govern the creation of laws.
Businesses who create rules that essentially function like "private law", and governments who create laws without proper legal mandate/justification, are guilty of arbitrary behavior. Not because they treat individual people differently, but because their treatment all people is itself an arbitrary choice. As in, it lacks legal justification and goes beyond the legal authority that such a government or business has.
Notably the US has no right to privacy, except a very vague implied right which as far as I know has only been invoked in the context of abortion.
It certainly doesn’t help that the Constitution has more or less ossified over the past couple decades, with amendments becoming rarer and rarer. Heck, the last one has its origins as an academic exercise.
4th amendment to the constitution?
> The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Actually Roe vs Wade implied the right to privacy from the 14th amendment:
No State shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any State deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws.
The alternative "right to privacy" has been found by other cases in the generic 9th amendment:
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
The 14th amendment is usually the basis of any case where a constitutional right binds a state government. Prior to its adoption, they were usually considered to only bind the federal government.
The (generally accepted) argument is that it's implicit in a number of the amendments that make up the Bill of Rights. It's not explicit however as Robert Bork argued during his SCOTUS confirmation hearings to his detriment. I think Griswold v. Connecticut is still considered the primary ruling on the matter.
> All persons have the right to receive respect for their private and family life, home, and secrecy of the mails and telecommunications.
I really wish the US had this. Here, even simple acts like registering to vote or getting a driver license, bank account, credit card means your personal residence gets leaked to spammers, scammers, data brokers, and eventually, stalkers.
There really should be laws saying that personal addresses cannot be given to third parties without explicit, optional, opt-in consent.
The information in voter registration isn't "leaked." It's public as a matter of record. (The details probably vary by state.) So are real estate purchases. (Although the latter can be gotten around in various ways.) There are tradeoffs between transparency and privacy.
That's a problem. If I knew it was going to be given out, I would probably have not registered to vote, and I wasn't told about that by the people who helped me register. I don't think I agreed to any ToS that said that my address would be available to the public.
As much as I think voter turnout is important, making personal addresses accessible to the public crosses the line for me.
I get plenty of spam calls (EDIT: and mail) here in Switzerland as well. It seems only marginally lower than the number I got in the US, and that's in a much shorter time here. Anecdotally, they seem comparable in practice in my experience, but I'd be happy to be proven wrong if there's any sort of data here.
I'm thinking of buying a condemned, uninhabitable house in a tax foreclosure auction simply so I can list it as my residential address. Most places that demand a utility bill will accept a property tax bill, so it doesn't even have to have working water/power (the cheapest doomshacks have both shut off). You'd be surprised how cheap some of these places are. But it does have to show up as "residential" in the USPS databases.
My best solution right now is a UPS box, which gives you a proper street address.
Most places that ask for utility bills will accept a phone bill or insurance bill or some such which you can have arranged to be sent to that address.
I'd be interested to know if there are similar services that are cheaper and ideally less well-known than UPS but equally reliable. Delivery to my real address with the ability to trust them with my real address would also be cool to have.
BTW -- if you have cash to burn, I'd think that renting a cheap studio somewhere that you don't actually live in (and as a bonus, can use as a storage unit, or sublease to someone if the lease allows) would be cheaper and more peace-of-mind than dealing with property taxes, crime, pests, and other issues around an uninhabitable house in your name.
> My best solution right now is a UPS box, which gives you a proper street address.
USPS maintains a very immaculately curated list of CMRAs (Commercial Mail Receiving Agents). It's not hard because they need to register with USPS in order to receive mail on behalf of customers who pay them for mail-receiving service. USPS is allowed to deny them mail delivery if they refuse to register, and does.
Every place that wants to know your residential address, and insists that it is actually residential, checks the address you provide against this list.
Side note: I knew a woman who bought a storefront that had previously been a mailboxes-etc type place. It was a complete nightmare for her, none of the banks or insurers or credit card companies would believe that was her business' physical address because it was on that list. Apparently it takes 1-2 years to fall off the list. Eventually she had to switch to a small local bank and have the bank manager come to physically inspect the location so they could override the databroker software.
> renting a cheap studio somewhere
That's an ongoing recurring cost. Also nobody will rent a place unless it's (somewhat) inhabitable; buying an uninhabitable toxic dump is actually cheaper than renting anything that can be advertised as inhabitable.
Last of all, I am completely fed up with landlords insisting on credit checks. The data brokers exploit this like you wouldn't believe. That's why they have such perfectly accurate residential addresses for all renters.
> peace-of-mind than dealing with property taxes, crime, pests,
Property taxes are beyond easy. You don't even need to receieve the bill! The amount you owe is a matter of public record, and on the web in almost every jurisdiction. Once a year: look it up, buy a postal money order with cash, write the parcel number on it, mail it, done. Property taxes are also based on the value of the property, so for a toxic dump the taxes are tiny.
Crime and pests don't matter if you don't visit the location. Take the mailbox off the front of the house after closing so no mail can be delivered there by accident.
Definitely buy it through an LLC so that long-tail events (it burns down taking the neighbor's house with it, kids break in and injure themselves, etc) don't come back to you.
> buying an uninhabitable toxic dump is actually cheaper
Considering I'm in the bay area, land alone is actually expensive here so that doesn't really work. Is there any way to buy this unhabitable dump in a remote area and have the mail picked up and delivered to me? Are there any businesses doing this?
Is there any scenario in which you would need to receive mail to that address?
The comment that started this subthread proposed using it to register for various services so needing to occasionally receive physical mail there is quite likely. For example, banks mail credit cards in my experience.
I'm not sure how you'd deal with vehicle licensing. In WA, all the paperwork I've received has been marked "Do Not Forward".
Yes, the whole point is to be able to receive mail but not disclose where I sleep to the people who need to send me mail.
I need to receive everything from packages to ballots to credit cards to legal documents.
Would there be any reason not just to buy undeveloped land instead? (Not sure when a property parcel gets assigned an address.)
Unfortunately address assignment is derived from county building permits except in very special situations.
Technically counties issue "situses" and the USPS adopts those as delivery addresses. Most/all counties won't hand out a situs without a building permit and completed inspection. USPS can create addresses without county situses (for example, military installations or federal hydroelectric projects) but I don't think they will do it in any situation that's applicable here.
You could probably check out RV and van life forums. One question would be the degree to which you can get away with giving the state (for drivers license/ID/tax purposes), company, etc. a "fake" address that is not a residential address.
A lot depends on what you think you're guarding against and how many compromises you're willing to make. For example, you can't actually buy a house and remain anonymous unless you set up some shell company which I assume is expensive and probably has tax consequences.
I agree that buying a foreclosed property sounds like a massive headache and doesn't even really solve the problem of having to give your address to someone if you want anything delivered.
> you can't actually buy a house and remain anonymous unless you set up some shell company which I assume is expensive
It is not. Under $100/year in most states.
> and probably has tax consequences.
It doesn't. The LLC has no income (assuming you're not renting that "decoy house"), so there's nothing to report to the IRS.
> doesn't even really solve the problem of having to give your address to someone if you want anything delivered.
That's what a PO Box or rental mailbox is for.
Just keep in mind that you won't be able to hide the fact that it isn't your residence from the data brokers or anyone else who demands a "residential" address and is willing to spend a few dollars verifying that.
Is there anyone solving this problem for a fee?
Also, what do people usually do if they don't have a residential address? (specifically for example people who live in RVs or off-grid but maintain a modern lifestyle with driver licenses and credit cards and all)
> people who live in RVs or off-grid but maintain a modern lifestyle with driver licenses and credit cards and all
There aren't as many of those as you might think, and they've all had this problem in a big way since the PATRIOT act nonsense happened.
Most of them give a relative's address as their residential address.
Jameson Lopp had spent tens of thousands of dollars or more on lawyers to make his life untracable after the CIA got into his house, and he shared a lot of what he did.
Um, CIA? Sounds tinfoily.
I'm aware that he's been the target of at least one mugging attempt, and I think he even maintains a list of people who were robbed as a result of being high-profile early adopters of bitcoin.
But the CIA? Are you sure aliens weren't involved?
So taking a screenshot of a Instagram convesation and sharing on Twitter or Facebook or whenever is ilegal and against the constitution?
Yes, and in fact avoiding abuses like this are part of the digital education offered in school. People are also pretty careful about asking for permission before publishing a person's photo.
Swiss discretion is not only a marketing tactic, it is also a good habit many people keep.
>...avoiding abuses like this are part of the digital education offered in school.
I would hope that schools teach "don't publish anything you don't want shared" that would be smarter.
If I post an add in a newspaper, many copies are sold, and then someone copies my add that should be expected. The Internet is one big newspaper it's a public forum and privacy shouldn't be expected or assumed.
So, for example, let's say I am a married guy hitting another woman. If this woman screenshots these chats and want to publish them on Instagram or even share them with my wife, that would be ilegal and they could be in trouble?
As far as I'm aware, none of the platforms you mention allow this, even. Regardless of laws, their T&C clearly forbid sharing private data of others.
The European Union has the GDPR which offers protection of privacy and personal data. Mail and telecoms are covered by other legislation
https://en.wikipedia.org/wiki/General_Data_Protection_Regula...
Really proud of this result; the failsafe once again has done its job against heavy lobbying.
There was so much misinformation around mostly due to lack of technical understanding (e.g. "it's a digital passport!") and the (yellow) press heavily pushed for a yes.
It was painfully obvious that heavy lobbying was involved... I was amazed how that problem somehow was never addressed by the opponents.
In my very own experience in a very different country I found if a mouthpiece tries to tell you what to do or think, as a first approximation it is better to do the exact opposite. People usually don't need to be told to look out for their own interests and thus no one pays for it.
This sounds like the Italian digital ID: required by the government, managed by multiple companies. It’s called SPID.
It’s usually free, but there’s also certified email (PEC) that costs from 5€ to 30€ per year. Also required by the government in some cases and also offered by a small number of companies.
Does Estonia offer their digital IDs directly?
Estonia does, their identity card stuff is pretty amazing and I remember reading about it a few years ago thinking it was truly ahead of it's time [0].
Looks like anyone can become an e-resident and apply [1], I'm unsure if this extends to the e-identify cards also or if they're for Estonian nationals only. I remember previously that anyone could apply for one however you had to go to an Embassy to submit information and biometrics.
[0] https://e-estonia.com/solutions/e-identity/smart-id [1] https://e-resident.gov.ee/become-an-e-resident/
Digital ID in Estonia is government-managed and comes for free for everyone with your physical ID. When you get your physical ID you also get the corresponding passwords to use the same ID online with a card reader etc. You can use all online services etc with the above without any extra fees. In addition to that, all telecom companies offer a cheap (usually free if you're on a recurring plan) tie in authentication with your phone where you can use your mobile to authenticate instead of a card reader.
As an alternative to SPID you can also use your national electronic ID card, which is issued by the state without the involvement of private companies.
If a service uses SPID, you need SPID. The SPID login screen doesn’t offer “National ID card” as an option.
Some services may offer alternative logins, but my guess is that they’ll be phased out like INPS is phasing out PIN-based logins.
Meanwhile in Germany: "Hey, wouldn't it be so swell if people needed to provide their ID when signing up for email accounts and instant messengers?"
It's currently only a request by the ministry of interior, not actually in the discussed law, isn't it? It's not like switzerland politics didn't propose the thing that's been voted out, either.
Yes, it's just a request but it's quite a worrying trend that it's okay to even have a politician propose this - especially with the Stasi not long ago...
“It is key for Switzerland to catch up with other countries when it comes digitalisation“
Why?
Because person hours are expensive (because food is expensive because person hours are expensive because socialized health care is expensive).
Every process that currently involves reams of paperwork (like the ~20 page tax declaration that is due this month - yikes) that can be done digitally instead saves the taxpayer or customer money.
And the Swiss do like their money.
> socialized health care is expensive
Socialized health care? There's no such thing in Switzerland.
Sure, health insurance is mandatory. No question that it's heavily regulated (i.e. basic insurance can't rule you out or discriminate against you for pre-existing conditions).
But socialized health care? Give me a break.
> like the ~20 page tax declaration that is due this month
The actual declaration is covered by 4 basic pages. In addition there's a declaration of assets and a couple of helper pages for deductions.
You can download tax declaration software for free (at least in the canton of Zürich) and using it for your declaration takes all of 20 minutes.
It may be a bit more complex if you own real estate, or if some other complexities are involved.
You either don't have a clue or you're massively over-exaggerating for reasons, which elude me.
Taxes? You fill in the form in on your computer and can file it digitally. And if you print it it‘s encoded in a format similar to QR codes.
Tax offices are fully digital since at least 10 years. If you file with paper it‘s scanned and destroyed. Your local tax office receives all the documents digitally. Of course this could vary by canton.
> Of course this could vary by canton.
It does. Zurich still sends me a thick envelope with the 20 pages and tells me to throw away 90% of it if I do my taxes digitally.
I actually double checked.
What they send out (and yes, in the canton of Zürich) is two A3 pages (printed on both sides) a form informing you how to extend sending it in and, most ironically, an A4 page informing, why they send out less paperwork
It's right in front of me. So feel free to prove me wrong.
You should check your envelope again. If you did your taxes online in the past you don’t even have to snail mail the receipts anymore, they accept digital copies/photographs now.
I only got this the first time after moving here, after that they switched to just sending me the access code.
In backward Wallis, I've been receiving a single folded A3 page for at least 5 years. And since last year, I could even snapshot the substantiating documents with my mobile and attach them to my digital tax form if I wanted to.
Also, person-based systems break down when asked to scale suddenly, because it takes a while to hire and train more people. We already saw this with how quickly even contact tracing systems break down when infections go above a certain point. Depending on economic conditions, there also may not be people to hire; pre-COVID, there were public transport funds in Seattle being unused, because there was not enough drivers to spend the funds on.
Another example, comparing how digital COVID payments in South Korea were a lot simpler and faster than in paperwork-heavy Japan: https://www.bloomberg.com/news/articles/2020-05-20/in-virus-...
There seems to be plenty of economic incentive for automation in the US without socialized health care.
It has occured to me though that one thing that makes automation and digitalization of society "affordable" by comparison to human labor is -- skimping on security, building this giant house of insecure fragile IT. If we were to actually pay for reliable secure systems we probably couldn't afford the computers-replace-person-hours version either, not sure where that would leave us.
The USA-ians definitely like their money as much as the Swiss.
Tax declaration are the cantons (state) responsibility . Some are further than others. I filled out my first declaration some 14 years ago via a web platform.
Most everything being decentralized maybe makes nationwide digitalization slower, but that is crucial aspect of the political system.
Imagine if you had to print a paper form and mail or deliver it to the local Government for even the simplest of administrative tasks.
Because that is life in Switzerland.
Well yes, but lots of Switzerland is rural, and dropping off paperwork is no more bother than picking up a loaf of bread. Lots of us like seeing our neighbor, who happens to also be our greffe communal.
No one is saying you can't see your neighbor if you don't have errands to run.
Exactly, no one is saying you can't see your neighbor if you don't have errands to run.
But the fact is you won't be doing that anywhere near as much if the way of doing the errands works against seeing people as if it works for. Defaults matter, a lot.
I agree that spontaneous interactions are important, but we get spontaneous interactions via density, whether it's tiny but compact towns (walled villages, even) or large cities.
Busywork and drugery should not be the foundation of social interaction. Period.
I extended the deadline for my 2020 tax declaration today (Zurich). I did so by scanning a QR code, entering my email address for the confirmation, and clicking send.
Anecdotal, but in SG I recently had to submit ~20 pages of documentation for a permit. Obviously I don't have a printer so this was annoying in itself. Once I took those printed pages to the Rathaus they just scanned all the documents anyway.
Maybe ZH does things better, but I still feel like it's a shame there is not more standardisation. I understand why politically this is difficult though with the independence of the cantons.
Germany is hardly, if at all, better. For anything related to banking, insurances, taxes, rent, healthcare.. I have tons of papers
The latest European standard for IDs is a credit-card sized of plastic with a chip in it.
It should allow more security, because digital signature is harder to forge than previous physical securities. But also you could use them more easily in other countries, as it can be read by a computer, and not a human that speaks a finite set of languages.
Lastly, you could use them for authentication for various online and daily services, such as banking, taxes, creation of companies, digital signature,... that are said to save time on logistics.
> digital signature is harder to forge than previous physical securities
Yet there are countries running 3072-bit RSA on Infineon chips, because their 3K keys are least broken. Discovery also entailed country-wide certificate revocation, which IIRC happened days if not weeks after the flaws were public, while the law states a digital signature has the same bearing as a physical one.
I would still argue that the losses caused by this breach were less than what other countries using a paper-based system see on a regular basis, both due to malicious action as well as the mere overhead of said paper-based system.
I'm super happy about this result. I hope the government will learn from this case.
Hopefully the next time Swiss people will have a chance to vote for an electronic ID (legislative process takes time, so thinking in timeframe of 3-5y), the solution will contain some parts of a self-sovereign identity / DID [1] with the state as original issuer and trusted multiparty keyholder in case the self-sovereign is to hard for folks. It would fit quite well with their other decentralized systems.
[1] https://en.m.wikipedia.org/wiki/Decentralized_identifiers
I’m a bit sad the referendum passed as the law was creating a regulated environment were anyone could start an ID provider and other providers would be forced to interoperate. Basically it mandated a distributed protocol. The alternative to my dream of having a cooperative of my choice handling my metadata seems will be to have the state know everything about me. Let’s see how it will play out. Maybe we will put some privacy by design concepts in the implementation.
On the plus side all the lobbyist that were involved in this story have been recalled to order.
The irony of privacy is that encrypting all data at rest (true privacy) requires ubiquitous identifiers. Meaning a central authority issuing those identifiers.
Good for Switzerland! The only reason US (or maybe other countries) out source their gov contract to private companies is because it makes kickbacks for their friends. Public sector ought to be separated from private. And electronic ID may be counter productive for a democratic government.
I haven't read the details of the proposal, but I'll compare it to my ideal situation. I'm in the US so my view is influenced that way. I loathe that my Social Security number and/or signature is the key to my identity. I think every individual should be able to choose how they are "identified". If you choose to be identified by the government system, fine. If you choose to be identified by Equifax, fine. If I choose to be identified by a gpg private/public key pair, I should also have that right.
This is unsurprising, especially given what happened with recent elections in third-world countries (like the United States).
If these private companies are anything like Serafe I can see why this referendum ended in a no.
Did the title change because from the article I see it as “ Digital identity scheme shot down by voters over data privacy concerns” ... which is much different than HN “Switzerland bites against electronic ID systems provided by private companies”
The caption under the photograph at the top of the article reads "The government has called for joint efforts to push ahead with digitalisation despite voters' rejection of the eID on Sunday."
So much for the will of the people.
Great, as they should. The basic civics should not be private, open and performed under the public eye.
"... almost no government has the IT capacity and resources to single-handedly develop an eID quickly and to the appropriate standards." Bullshit. We're talking identity management here. Any government that can't handle that internally doesn't deserve to exist. What that's really about is feathering the nests of tech industry donors (and/or the non-tech middlemen or middlewomen who seem to grow like weeds around the tech sector). A handful of IdM SMEs with serious field experience could set it up in six months: assuming they had sufficient backing from their government employer to overcome static at Layer 8 of the OSI Model, you know,"politics".
I don't think you could do it in six months, but the good news is you wouldn't need to. Passports already have an x509 certificate in them saying, "we are the government, and this is Jeff". So the government already know how to do this, they just were trying to give a gift to their buddies in private industry and they got caught and got their hand slapped by the citizens.
There's actually nothing new here: digital IDs were already a thing, corruption has always been a thing, and the referendum process worked correctly to remind the politicians who is in charge.
> Passports already have an x509 certificate in them saying, "we are the government, and this is Jeff"
No they don't but I can see why you might think that.
ePassports (the ones with the stylised "chip" image on the cover) do have X.509 certificates baked into them. And ePassports do say "We are the government, and this is Jeff" (if you are Jeff) but that's not what the X.509 certificate says.
Each X.509 certificate is one of a relatively small number minted by your government which says "We are the government of country X and this is a public document signing key".
Then the passports all contain raw data (such as a photograph and summary information about their subject) with this certificate and a signature over the raw passport data that can be authenticated with the public signing key.
So there's an X.509 certificate but it isn't for Jeff, and there's data about Jeff, but it isn't in an X.509 certificate.
Nifty, where are the specs that explain that? I got as far as the ldif files from ICAO with all the signing keys in then, but couldn't find examples of the part you are talking about.
Belgium has been doing digital identities for years now, we had our first identity cards with chip and digital signature I think 15 years ago? I frequently use it to sign documents and login to some government stuff. So if Belgium, which didn't have a government 3 out of the last 10 years, can do it, surely Switzerland can do it too.
Except Belgium didn't build it. They contracted it out to Zetes. https://peopleid.zetes.com/en/reference/eid-belgium
And Estonia too!
and Sweden. But these are largely outsourced to private companies iirc. There was a scandal in Estonia where they had to recall all the ID's because the main private key which signed them all got leaked (and that key was held by a private company)
To be more specific than the existing "No" reply, what famously happened is that Estonia's IDs used Infineon-based chips for a period of time with 2048-bit RSA keys and Infineon's RSA implementation mints RSA keys with a peculiar property that, once you know about it, makes breaking them much cheaper than it should be. CVE-2017-15361 - for HN readers it's more likely you were impacted by this defect in a Yubikey.
"Much cheaper" here means we might expect criminals to break the RSA key for an individual Estonian ID card for less than a million bucks, whereas by design this ought to be impractical at any plausible price. It doesn't mean your bored teenager can make a fake ID on his laptop on a Friday evening. As a practical matter it seems likely key officials & police could be bribed for less than a million bucks, but forging RSA signatures might still be desirable in some circumstances, and anyway of course the mere possibility of this happening ruins public trust in the scheme.
Estonia switched to P-384 keys on the same platform. Unlike choosing random RSA keys (which involve finding large primes) choosing a good P-384 key is trivial so there's no temptation to come up with clever but insecure algorithms to mint keys.
What's interesting about this flaw is that it only happens because the keys are minted on the Infineon device you own. But we know Estonia has historically had some weird incidents which are best explained by keys not being minted on device but instead burned into the ID card after being made (and potentially recorded) elsewhere. Estonia's laws establishing these cards are clear that mustn't happen (if it did the government can seamlessly impersonate any ID, including ID issued to citizens, non-citizen residents and diplomatic staff) but evidence suggests it did, at least a few times and at least on some older platforms.
Estonia's IDs are all public using a very different scheme to Certificate Transparency, since it assumes you trust the Estonian government to decide which IDs exist - but with similar effect, if anybody is minting bogus IDs there would be a smoking gun in the official public records of Estonia.
On the other hand if the government (or a government agency perhaps without wider knowledge) has copies of some or all keys, they would be able to decrypt messages sent to citizens/ residents using the embedded PKI. We would not necessarily have any public evidence that this was happening if indeed it was happening.
You should probably be confident in Estonian IDs as proof of someone's identity in the usual course of things, but it may be prudent not to rely on this to keep secrets from the Estonian government or its allies.
> There was a scandal in Estonia where they had to recall all the ID's because the main private key which signed them all got leaked (and that key was held by a private company)
No.
Helpful comment.
https://www.reuters.com/article/estonia-gemalto-idUSL8N1WD5J...
> Estonia's Police and Border Guard Board (PPA) said in a statement Gemalto had created private key codes for individual cards, leaving the government IDs vulnerable to external cyber attack, rather than embedding it on the card's chip as promised.
It was helpful, you saw that what you wrote was technically VERY incorrect and without any proof.
It's not an issue of whether it's technically feasible do it, but whether it's feasible to do it with appropriate safeguards that protect privacy and anonymity online while authenticating in a targetted way to those end points that need it.
This. In Europe you'll find the likes of Capgemini, Accenture, Cognizant, etc. hovering like flies around government IT projects.
And they keep getting awarded contracts despite their continued poor delivery. I really don't understand how their terrible track record never seems to impact their ability to win more business. I can only assume corruption, but I have no evidence of this.
Their ability to win business is based on their expertise at writing responses to RFPs in a successful way, not in their ability to deliver. Also, they do have a few successful projects, to some standard of success, which they point to in the RFP responses as a "successful" track record. Often the ability to point to an almost perfectly analogous project and writing the responses in the "correct" way is all it takes.
This reminds me of how much universities value the ability of staff and students that can write grant applications that get awarded.
"writing responses to RFPs in a successful way" really means "successfully identifying decision-makers at top levels and brib-- 'charm' them into compliance", often even "dictating how RFPs should be written so that they will be the only ones who know exactly how to reply to them in the only acceptable way".
Prior delivery is not generally a major consideration in a govt RFP award.
This is in part because no score is ever released related to prior delivery (ie, no central assessment record), and attempts to include it get tied up in process issues (ie, rights to respond, litigation) or claims it is subjective. It also overlaps with govt agency disfunction around scope and requirements and no govt manager wants a failed project, so everyone just sweeps them under the rug and keeps moving. It is crazy though, you are literally hiring the same HORRIBLE firms over and over.
What is PARAMOUNT is that you be willing spend absolute metric tons of UNPAID time responding to RFP's, have enough money in bank to lose 4 out of 5, be willing to go through 2 year RFP processes, be willing to agree to every item on the requirements lists filled with further buzzwords and "standards". This does NOT attract high performing companies, no competent engineer would even put up with this / sit through this. So you get body shop type consulting firms, using giant java framework and other solutions, and everything is insanely siloed.
The crazy pricing is often justified because the hassle in dealing with these contracts from a contract admin overhead can absolutely DWARF actual deliverables, and nothing has to be logical (and sometimes is not).
My recommendations here would be either:
a) just pay to bring stuff in house so you get cooperation, develop open source apps and prohibit any scope creep outside of absolute minimum needed until project is in operation. EVERY freaking agency hangs 100's of new requirements they never even used before onto these projects - solutions can be undeliverable and unusable as a result, for example 40 questions PER VACINNE SHOT here in California is the height of stupidity to make these idiots feel important.
b) pay for actual use / adoption, and let there be a somewhat free market. A lot of time the users of any govt system have ZERO input. Oddly, if they let agencies find their own solutions on a smaller scale, whatever you lose in "efficiency" by not having the megaproject (hint nothing - mega projects = disaster in govt land) you would see some natural winning solutions start to bubble up. I worked with an agency with a totally fantastic contract management / invoicing system, and I kept on wondering, holy hell, they actually got it right. I started to see other agencies use it in neighboring govts - it was great - people really liked it (super easy use, allowed users to do the google, Microsoft etc login even which is unheard of) and it was fast which is also rare.
But then someone convinced the head tech folks they should stomp on everything with the new and improved people. They actually had to roll back the mega project for another year (after years of dev) because it didn't even cover a fraction of what old systems easily did.
RFPs frequently reference past activity. That’s just not accurate.
The reality is that you only hear about failed projects. When was the last time that you heard about taxes not being collected or welfare payments not being paid or SNAP cards not being refilled?
It’s all background activity, and those awful contractor companies are often responsible for material aspects of delivery.
But there is rarely a determination that past activity resulted in a failure or success. You usually just have to show that you have had contracts for past activity (and yes, have not been disbarred etc- which happens very very rarely). In many cases big is good here, lots of contracts so looks "safe".
IT services companies that work on government contracts in Switzerland are much smaller.
And they're usually pretty competent, especially the few ones that work for the federal government.
oh man i just tried to use our site: https://usajobs.gov
for every single job you have to answer 30+ questions. no getting around it. my friend who is a vet just thinks this is normal. lol
> six months
I think you may underestimate the system needed. Identity management is the tip of the iceberg: this needs to tie into any future digital currency, income taxes, property ownership, government benefits, and who knows what else. Any off-the-shelf product will need customization. I’m not saying it can’t be done.... it SHOULD be done. But not in 6 months.
>> six months
> Identity management is the tip of the iceberg: this needs to tie into any future digital currency, income taxes, property ownership, government benefits, and who knows what else.
I'll put my shoe on my head if you can find me a private company that can do this in six months. Previously on HN: CDC website built by Deloitte at a cost of $44M is abandoned due to bugs (technologyreview.com)
https://news.ycombinator.com/item?id=25975110
1167 points by donsupreme 35 days ago
664 comments
Vendors with years of time to build can't even track Cannabis properly. Human are much harder than trees to keep track of.
Indeed. Someone’s making excuses to support a privatized deployment.
Our country rolled out two certification based systems (Carta Nazionale Servizi which then got rolled into the Carta di Identità Elettronica), plus a federation based system built around SAML (Sistema Pubblico di Identità Digitale) where you can access to most italian bureoucracy.
And we're talking about Italy, not some first rated technological paradise.
Yes and now your picture, a picture of your id card, your email and telephone are in the hands of the same people who store banking passwords in plaintext..
The goal of SPID (the authentication system) is to let more citizens access to government services without going physically going to a place, and this goal is kinda working right now. During Covid, many italians asked for social welfare from their mobile phones, among other bonuses.
For how it is designed, there are a dozen companies that offer this service. The citizen can choose the one they trust more (there are some small differences between them; some require to pay a small fee; others require you to physically go to an office to be recognized; others offer you an app to login through a QR code...) BUT they are all required to implement industry-standard security. At one of my past jobs, many years ago, I had to implement this login system in a public portal. It was a mess (the technical specification was on a PDF written in bureocratic language) but shortly after a new team overtook the project and created a proper website with SDKs etc. To this day, the only known attacks to SPID were Phishing attacks, that require the user to do some dumb action on their side.
because of the certificate inside, the id card without the pin is worthless; having the identity split from authorization is an absolute win. compare and contrast with the SSN number.
also, the government already owns all my data, from birth onward. the authentication system makes it so forgery is much harder from the officials themselves, so this protects me from that as well.
Your picture, e-mail and telephone is mostly public (social media, etc), and the government would have your ID card information anyway - I don't see how this is worse?
> We're talking identity management here. Any government that can't handle that internally doesn't deserve to exist.
... I mean, as a French citizen who kind of wants my government to keep existing, I also agree with the statement you quote?
Our government's public-facing IT systems have gotten better over the last few years, but my default expectations for any new projects would still be for them to mess it up.
Of course, the problem is I'd also expect the average contractor to mess it up in very similar ways, for similar reasons.
Building a system which works for 99% of the population, 99% of the times they want to use it, sure.
That 1% though, is going to have all the weird edge cases.
> set it up in six months
There is no way it could be done in 6 months given any reasonable parameters you care to throw at it.
Seriously. I suppose Santa’s elves issue drivers licenses.
"Any government that can't handle that internally doesn't deserve to exist."
So, like the US?
it's surprising to me there was a vote on this.
Common sense
Almost every politician wants more power over citizens. That is why a binding popular referendum is necessary in cases like these. Congrats to the Swiss people, I am a little bit jealous.
I really admire the swiss political system & culture.
It's has all the modern postulates of liberty & governance that most countries are striving for without the "scam orchestration"
As a Swiss, the political system is to me the best aspect about the country. It makes it so, that it is almost impossible for anyone to obtain enough power to really abuse it.
It also make any change, for the good or the bad, very very slow, which can be frustrating at times. So if stability is not high up on your list of life’s values it might not be the best place to be.
So basically Switzerland is the Debian Buster of the world?
I'm an American and Switzerland is one of the few countries I really admire for those reasons. I'd love to live there some day if they'd have me.
The banning of minarets is a data point against this liberty.
Only for people who moved there, knowing full well that they were moving into a different culture, and that as a minority they would have to adapt to local norms. I've lived in a number of countries on various continents, and I have never expected the locals to adopt my way of doing things - I think that would be utterly bizarre. If you go there without a degree of humility and willingness to adapt you're a colonist.
While I agree with the premise, I don't see how this specific event ties to your argument.
A simple Google search shows that the referendum passed with 57% of the voters support, so that leaves us with a 43% who thinks it's a bad idea for one reason or another. Since around 5% of Switzerland is muslim, one could argue building minarets is not such a scandalous idea for Swiss voters.
This is quite a simplistic view I think. Neither a 'yes' nor a 'no' to this initiative says that a voter thinks of it as scandalous either way. Maybe there should be more options to answer such votes though, like "don't care", "don't understand", "yes/no, and I feel so strongly about this to use my yearly joker" - but at the end you don't wanna overcomplicate the political process.
I believe that misses my point.
OP seems to be suggesting that people should "do as the romans do", and I said while I agree with the general idea, his suggestion doesn't fit the case in hand.
In this case half of romans are verifiably not bothered [1] by the act of building minarets, then this simple act doesn't signal that people "go there without a degree of humility and willingness to adapt", in his words.
Or you could turn it around and say, if (having ability to) building minarets was such an unacceptable expectation to a point of painting one as a colonist, it wouldn't gather the support it gathered from the local community in the first place.
[1] to the extent of participating in a political process to explicitly disagree with the ban.
I’m not for that ban, but I think that bit of direct democratic building code gets overly dramatized. Things like this serve to moderate the political landscape. If people feel like they stay in control throughout rising immigration from cultures they deem problematic, there is less of a tendency towards extremism. And so far I haven’t seen any extreme counter reaction in Muslim communities either. The soup is cooked hotter than it’s eaten.
The direct consequences for Muslims are hardly the problem here – only about 30 women in Switzerland (we know about) even wear a burka/niqab and quite a few of them are Swiss converts. Back when we banned minarets, we had like three (!) of them in the whole country. But we had ads like these [0] all over the country for months again and if that doesn't give you the most profound chills, I don't know. It's textbook right wing scapegoatism and I'm pretty sure Muslims can feel the very real consequences of that kind of propaganda.
They're also about to ban niqab / burka.
They voted for the ban today. France showed that it had little positive effect for women.
The University of Lucerne ran a study and came to the conclusion that there are around 20-30 women in all of Switzerland who wear a niqap or a burqa.
So it's ok to outlaw clothing if only 30 people wear it, or...?
That banning is only a point against liberty if your definition of liberty is very American (religion above welfare of people) for most people maintaining the culture that gives that liberty is as important as liberty so changing that culture would obviously destroy the possibility of that liberty I really do not understand why people simply close this eyes when this bans go against Catholics and christians but freak out as soon as separation of church and state touches any non Christian
That had nothing to do with "separation of church and state". It was banning private individuals to use a specific form of architecture. Pretty much any country in the world allows building mosques with minarets... did they threaten anyone's liberty / change their culture?
Going back to GP's point, the deeper issue is that people thought this was worth writing in the constitution. Other countries apply such laws in different ways, so I don't think the Swiss direct democracy is to blame here.
Asked out of genuine inquiry and curiosity not to bait (I know it can be difficult to tell online): The referendum was simply to add the words "The building of minarets is prohibited" to the constitution. This only affects someone who would wish to build one (so Muslims) and in my mind says that your type are less welcome here. Why would Christians be negatively affected by this?
I would take the view that banning the form of your religious buildings (and implicitly, to your comment, being hostile to Muslims who in your response you seem to equate with a culture that destroys the possibility of liberty) seems more of a betrayal of the principle of liberty and freedom for all than allowing different people to pray and associate as they wish, providing they follow basic tenants of human law (not harming people etc).
Just keep in mind, Switzerland has the population the size of SF Bay area for context.
> I really admire the swiss political system & culture.
Do you admire denying women the vote until the end of the 20th century?
Local self determination is admirable, and no one stopped anyone from Apenzell from voting with their feet.
It’s worth noting that there are 16000 inhabitants in AI. The fact that a nation for so long allowed such a small group to decided their own voting rules is impressive, even if you don’t agree with their tradition.
This seems to be the largely the case with scandinavian countries in general.
I've been seriously considering leaving the USA permanently because I'm having a difficult time reconciling my morals and ideals with the taxes I pay. Ballots and debates aren't enough. I'd rather vote with my taxes and my feet, and start helping a county I believe in.
I think you're possibly confusing Switzerland with Sweden there...
Though, as a Swede, I would love to have Swiss-style democracy...
Switzerland is not part of Scandinavia
Norway would be the best bet IMO.
(I'm not Norwegian btw.)
I don’t think the eID gives the government control over its people... if anything I feel it’s the opposite - one gains the freedom to manage their identity service directly and save some time because it just works across all government/bank/insurance services.
Indeed. The current American system based on bits of paper you have to remember about, or insecure ID numbers used as identification (SSN) just causes a lot of pain, imo. Having a central ID for each citizen at birth, and then a way to prove that you match that ID would make so many services much more secure and convenient. (Obtaining DL, getting loans, bank accounts, name changes, tax, etc)
I agree there should be safeguards against a rogue or even non-rogue person modifying these records to hurt someone.
This only gives more power to government to harass people whom they don't like and who are poor minorities.
> having a central ID for each citizen at birth, and then a way to prove that you match that ID
This seems a trivial and no-brainer and yet you will be surprised how many Americans will be simply denied this sort of service after birth. Racist law makers would put severe restrictions on people they dont like. If they don't get this ID soon after birth they don't get anything. They will be illegals in their own country.
Entire song and dance around illegal immigration, e-verify and all that crap was needless if there was no concept of SSN.
> This seems a trivial and no-brainer and yet you will be surprised how many Americans will be simply denied this sort of service after birth
The whole "centralized ID means your government will oppress minorities" narrative seems like a mostly american concept.
I imagine part of it is due with the US's particularly bad history with minorities, and part of it is a general defiance against any kind of centralization that also seems kind of unique to american culture.
Speaking as someone living in a country (France) that has had centralized ID for decades, it feels really weird to see people describing what a dystopian future American would become if it did that thing we do right now.
(and yes, ID card checks are used as an excuse for racial profiling; and the lack of an ID card is used to track down undocumented immigrants, and that's bad; but it's a symptom of other problems, and it's nowhere as bad as "centralized = black people are denied access to social services")
It's odd how we talk about something like centralized identification without the other areas of privacy limiting changes we are experiencing. Online we are tracked, logged and categorized like no other time in history. Even the basic means of conducting a business transaction leaves a digital trail whether it's a wire transfer, credit card transaction or bitcoin payment.
Authoritarian countries have combined a cashless society with 24/7 surveillance of all kinds to create a black mirror style social credit system.
None of this would be possible without first having a form of centralized identity. This will likely be coming soon to a democracy near you due to the level of state control it invites. Someone needs to get working on an ad blocker we can use in real life. I suspect it will be built around aluminum foil.
We can very well have laws that restrict what ID can be required for - so it would be illegal to ask for ID for certain things (you shouldn't be required to present your ID to buy groceries for example).
But for things where requiring an ID is already accepted (banking, etc) or inherently necessary (interacting with the government, like filing taxes), a robust, digital ID system would be much better than a paper-based system vulnerable to fraud and human error.
The only difference is that your identity could be disambiguated with one data point instead of three or four. I don’t see how that has any bearing on the functional aspect of any such hypothetical dystopia.
> mostly american concept
True. It is an American experience.
Different admins have harassed different Americans at different points in time. Jews, Blacks, Chinese, Indians (India) and so on. Donald Trump showed us just how much evil US admin can get on matters of paperwork. Since he could not legally stop legal immigrants from working, he changed rules and created such a long backlog that it takes now 24 months to renew some work permits which use to take 15 days 4 years ago. Immigrants were deeply hurt. He also adopted several tactics which can be called "voter suppression". He used ridiculous logic such as "extreme vetting" to deny visa approvals for 4 year old children of an already approved immigrant.
Trump admin harassed a lot of Hispanics born in border towns of USA, refusing to use their birth certificates as evidence of citizenship.
>it feels really weird to see people describing what a dystopian future American would become if it did that thing we do right now.
USA is much much larger and far diverse than France. It also does not have the groups who hate each other as Americans have. I highly doubt if there are any French politicians who bear certain hatred for specific groups.
I am not at all denying that centralized IDs are bad for everyone, but for Americans it is going to be pretty bad.
Is there any issue with minorities receiving birth certificates now?
I do not know about 2021.
But few years ago this was definitely a problem and especially in border towns of Texas and Arizona.
But not just about brith certificates. You can look at legal immigrants. A lot of them are forced out of job because USCIS is taking their own sweet time of 24 months to approve their work permits. This means these legal immigrants have to quit their jobs, they can't drive as their driving license is expired and so on.
This is sheer caprice enabled by a hostile administration.
I am not against Americans having tighter immigration. Pass whatever tough laws you want and enforce them to hearts content. But when you have an admin that can be hostile to specific groups you have to be really suspicious of all government powers.
Unfortunately such referendum don’t scale well though.
>Unfortunately such referendum don’t scale well though.
It would if the federal government was shrunk back to what it was designed to be in the first place and states where given actual governing power.
Why wouldn't it scale well?
[flagged]
Please don't post generic comments and/or ideological flamebait to HN. It leads to generic threads and/or ideological flamewars, which we're trying to avoid because they're tedious and turn nasty.
https://news.ycombinator.com/newsguidelines.html
https://hn.algolia.com/?dateRange=all&page=0&prefix=true&sor...
https://hn.algolia.com/?dateRange=all&page=0&prefix=true&sor...
oh ok, professionals have standards
my bad !
I will elaborate and be "more thoughtful and substantive" as written in the guidelines, next time
I didn't know where to place the cursor, since the issue was inherently politic and not about technology, as the article states
But this article deserved political comments, nonetheless
Political comments are ok if they're thoughtful and substantive (https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...). When they turn shallow and low-information, they become flamebait. We're trying to avoid that, and we're especially trying to avoid the repetitive battles they usually escalate into.
Not sure if it is helpful to reduce every issue to a one-dimensional scale of capitalism/socialism. Particularly this specific issue is about privacy culture, corruptability of big tech, government and use of technologies, surveillance, etc... There are so many more societal and just plain epistemological axis than just socialism/capitalism.
And the results are pretty similar to the 2018 vote on cancelling their public broadcaster, which also highlighted questions of corruptibility of big companies, but was not around privacy, technology, or surveillance.
https://www.swissinfo.ch/eng/politics/vote-march-4--2018_att...
That can also be read on the scale of "privatize anything because the state should just make 'laws'"/"have a public sector to offer basic services to citizens", that is a debate in Europe
In what way is this a vote for socialism?
They don't trust private companies, and they'd rather have their government to manage their IDs. As explained in the article.
uhm, what?
This is bad populism.
It's understandable people fear Google/FB etc., but an entity contracted by the state to do digital ID services is not going to be selling your phone number if doing so would put them out of business and land them in jail.
Sadly, the notion of basic digital ID would be very useful for so many things and maybe even help with privacy if content providers switched to this kind id vs. social logins.
Ironically, these 'government IDs' may be a vanguard in the fight for privacy because they establish a privacy-based alternative that doesn't currently exist.
(Edit) There are already private institutions that manage ID data (Finance, Health) no our behalf and generally we are not concerned. (Although VISA is owned by banks and that's a concern). In Canada, they have temporarily allocated ID literally to the banking system - you can login to the gov. tax portal using your banking login. So, de-facto, the banks provide ID services to gov. already.
It's irrational populism. ID services are sensitive obviously, but governments already deal in such types of sensitive information and there's no reason 3rd parties can't manage those services with the right kind of oversight.
The entity in question does not have the best reputation.
"The risk of data abuse by commercial providers would undermine the effort to make digitalisation more democratic, they say."
It's as though citizens have no understanding of how contracts, oversight and regulations work.
If the government requires certain parameters to be kept, they will be.
The notion that these ID providers are going to 'abuse the data' is conspiratorially absurd to the extent that basic information control is written into the process.
If the financial incentives for 'abuse' don't exist, then really it's a matter of operational capability and pragmatism, in which case, private sector is an ok choice, just as it is for so many other things.
The government could feasibly do it, but there's no reason it can't be outsourced.
It's a bit short-sighted.