The e-identification of our country’s citizens is drawing the virtual borders of ‘digital Switzerland’. The question as to who will control this will be a critical issue for the Swiss Confederation.
Electronic identities for the general population have become an important task for every nation. The waning importance of national borders and the inability to monitor rules in cyberspace are forcing companies and states to redefine borders in the virtual world. A verifiable electronic identity for persons associated with a certain organisation or state aligns with this.
The state must remain in control of these identities. It must never hand over the power to issue and check E-IDs. I am a member of the Cybersecurity Advisory Board at the Swiss Academy of Engineering Sciences (SATW). We are of the opinion that such requirements can be derived from the Federal Constitution (article 2, paragraph 1), which states: “The Swiss Confederation shall protect the liberty and rights of the people and safeguard the independence and security of the country.”
I do not see any reason why this article of the Constitution should not apply to the virtual world as well. The Cybersecurity Commission rightly concludes that Switzerland needs an E-ID that is as secure and trusted as a Swiss passport and identity card.
Moreover, the Commission concludes that the state’s area of responsibility is then defined by this digital border, with the Armed Forces, Federal Police and Intelligence Service actively carrying out their specific duties within this identity perimeter.
If Switzerland does not address the issue promptly and adequately, there will be a substantial risk that the major infrastructure and service providers in the digital world, such as Facebook, Google, Microsoft, Alibaba, and others, will control these digital identity systems, making it impossible or very difficult to establish a national one.
It is therefore imperative that the councils in Bern revisit and revise the E-ID law on a fundamental level. Even the Council of States failed to take advantage of this opportunity, following the procedure for the resolution of differences, and so I see a referendum as the only path remaining.
The discussion urgently calls for objective facts, whereby the interests of the state and the populace are considered to be at least as important as those of business, which is rightly moving forward in this area and has included its own interests within the E-ID law.
This does not mean that the private sector does not play any role in the process of creating a state-issued E-ID, either. What is clear, however, is that the responsibility for issuing and checking electronic identities should be exclusively in the hands of the state.
SWITCH, which is the long-standing operator of the academic identity system in Switzerland (SWITCHaai, SWITCH edu-ID), has plenty of experience to add to the discussion. I believe it is also important for a Swiss E-ID to be linked with pre-existing established identities in an appropriate manner.
To underscore the importance of this task, I would like to conclude by drawing attention to the overall landscape, along with some relevant developments and their effects.
The rapidly advancing digitalisation of society and the business is permanently transforming our lives and our work environments. Digitalisation means that virtual spaces are rapidly gaining in importance compared to physical ones.
We cannot escape this global trend on the social level, where, for example, we have long been a part of international trends in the realms of social networks and gaming. Nor can we escape it on the economic level, where we are pioneers in these developments or are at least having to reproduce them swiftly. Ultimately, our country should be a competitive centre of business so that it can remain appealing and competitive on the international stage.
Policy makers in Switzerland have also recognised this and have started to address the topic of digitalisation as a consequence. For example, Switzerland is supporting the relevant developments and creating frameworks to minimise negative unintended consequences and protect the country against new risks. This includes fighting cybercrime on the basis of the National strategy for the protection of Switzerland against cyber risks 2018-2022.
What does this virtual space look like as it continues to grow in importance? What rules and factors are shaping it? It is clear that national borders in the way we customarily think of them no longer exist in the virtual world. The global space is primarily dominated by large providers located in the United States and in China. Swiss law only applies directly to IT infrastructures in Switzerland and, consequently, its impact is marginalised.
International cooperation in the area of law enforcement does work, but it is highly complex and slow, which is why it focuses on especially big, difficult cases. International efforts at the highest level (UN) to establish even just a common code of conduct have stalled. There are several bilateral agreements, mainly between the cyber superpowers.
Further initiatives have primarily originated in the private sector, such as the proposal for a Digital Geneva Convention (Microsoft) or the establishment of a Global Centre for Cybersecurity (World Economic Forum). The big cyber nations, including the United States, China, Russia, India and others, are either playing coy or blocking such initiatives. There is clearly a drive to exert influence over cyberspace in a 'Wild West' style, without any rules and by any means possible – which includes using trade wars as a pretext. Basically, none of the big nations is any better than the others in this regard. However, there may certainly be differences in terms of how the underlying value systems in these countries are viewed.
Other interesting perspectives on the topic are covered in the SATW discussion paper Überlegungen zu e-Society in der Schweiz (Considerations on e-Society in Switzerland), to which the author was a contributor.
The text was originally published in German on 20 June 2019 at inside-it.ch.