Digital IDs could easily turn into a dystopian social credit system

Digital IDs could easily turn into a dystopian social credit system

By: Rachel Marsden

The idea of a digital identity and wallet for citizens residing within the European Union may date back to 2020, but pandemic-era restrictions have shown the extent to which governments can shut off access to everyday life, should they so choose – and with ever-changing criteria that can be difficult to appeal when something goes wrong. That’s a frightening prospect when considering how much of one’s life the supranational European government wants to connect to a new system that it’s set to roll out.

As the Covid-19 pandemic shot around the world, the first public utterances of a Europe-wide digital identity system started emerging from EU think tanks and officials. EU Commission President Ursula von der Leyen said in a speech in September 2020 that “the Commission will soon propose a secure European e-identity. One that we trust and that any citizen can use anywhere in Europe to do anything from paying your taxes to renting a bicycle. A technology where we can control ourselves what data and how data is used.”

At the time, anyone suggesting that one day EU member countries would implement systems of QR codes for access to everyday venues, contingent on a government-dictated number of injections and linked to a larger EU passport system – on which travel around the bloc would be dependent – would have been dismissed as a conspiracy theorist.

So, it’s hardly difficult to see how the QR code system ushered into place due to government health mandates now has the potential to transform into something else more lasting, widespread, and possibly nefarious.

Already, anyone here in France who has logged into the government services website to retrieve their “vaccine mandate” QR code has noticed how that account is already linked with all sorts of data unrelated to health. One can log in using a tax account number that’s normally reserved for accessing your tax returns and assessments, or with a government-approved facial recognition application that associates your face with your pre-existing national ID.

But what if there’s a glitch or a bug? Or someone steals your ID? We’ve already seen during the pandemic what can happen when the government’s system gets overwhelmed by a pre-long-weekend rush to validate and download QR codes, and those with booked flights are forced to cancel or postpone their plans because they lack a scannable form of the pass. Speaking of which, how about the poor folks whose smartphone simply malfunctions or runs out of battery juice at the moment of boarding or venue access?

Now imagine if such a QR code digital ID system is expanded, as the EU plans to do, to include access to university applications, hotel check-ins, car rentals, bank account opening and access, public services, or bank loan applications. While many of these already have digital components, they’re piecemeal, decentralized, and not linked to a single government-run entity. When factoring in that cybersecurity researchers have reported that “89% of EU government websites” employ trackers meant to “associate web activity with the identities of real people,” it’s not a stretch to imagine how your online activity profile could be used – in addition to your financial documents – to approve or deny your bank loan application from your digital ID.

And what happens when things go really wrong in ways that many of us still can’t even imagine? For instance, according to a report published this month by the EU’s own Agency for Cybersecurity, “foolproof” digital IDs, even those that use facial recognition, are rife with susceptibilities that include photo attacks, video of user replay attacks, 3D mask attacks, and deepfake attacks.

Yet another report published by the same agency just two days earlier evokes the need for decentralizing such IDs.

It’s a tacit admission that perhaps governments – which constantly whine about being susceptible to cyberattacks by both state and rogue actors – aren’t really best placed to be encouraging citizens to upload and entrust as much of their life as possible to them under the guise of convenience and so-called ‘security’.

For now, it’s all optional, or so we’re told. Completely voluntary and opt-in. Right – and we’ve already seen exactly how that kind of pledge has panned out amid the pandemic. There is no ‘obligation’ here in France to possess a valid QR code, for example, because restaurants, gyms, your chosen profession, trains, and planes are all ‘optional’.

Is there any doubt that when the EU decides to go full throttle to on-board control over your entire life, you’ll then be fully dependent on their competence or lack thereof? The most incompetent panopticon in human history seems keen to welcome us all aboard a voyage into dystopia.