The European Union Commission’s suggestions are contradictory to consumers’ interests to implement an ordinance for a European Electronic Identification (EUID) based on the digital wall pocket (e-wallet). It emerges from the opinion of an expert that the Federal Association of Consumer Center (VZBV) has now been published. For example, they make it difficult to observe how public administration, companies and other actors use their data and their digital identity. The back door can be fully followed by the wallet users, in which, among other things, ID documents are to be stored digitally.
Advertisement
A miracle point at which EUID is also known as European Digital Identific Analysis Data security with November. The analysis created a security company Defendo It from VZBV. A major problem with the current position of the specification is therefore: the service provider who allow the employed European Union wallets to recognize, they can work with the releasers of secret solutions to wide users.
To reduce these risks, “significant changes in the underlying protocols and algorithms” will be necessary, it is said in the examination. Therefore, it has already been warned that this specification can no longer be compatible with the amendment of the Eidas ordinance, on which it is based. Fearful abuse will currently be competed with only potentially imposed fines and liabilities.
Politics must fix user safety
Researchers explain: Based on the implementation of Eudi Wallet, especially user authentication-inducers will be contacted with access data every time these credentials are presented. You also find out which characteristics are presented. By default, the issuer does not experience any information about the third parties using the solution. Wallet software is also capable of fake inquiries to hide the actual use pattern. Using the safe element of the user’s smartphone, the need to contact the doctor also develops.
However, if the issuers worked with the service providers who use EUID, they can identify when and when the cancellation information is presented, and thus create behavioral profiles, “studies can be found. Then users will have no way to identify these agreements. There is also no technical mechanism to prevent wider tracking: “The only protective measures against this behavior are legal in nature.”
Unnamed credentials will be important
The eudi service provider can be re -identified the subsequent certifications of the same user without the intention of the user. If, for example, a user certifies with a qualified trust service provider to create an electronic signature, then an identity test is necessary. As a result, the service provider experiences the user’s personal identity data and thus capable of recognizing access to his service later. In theory, however, it is also comprehensible to carry out the only examination of qualified electronic signature without providing personal data by users.
In this case, a provider could not track users. There is already a suggestion to use anonymous login information without tracking options. Only one permanent pass can be an exception for individuals. According to critics, the Commission wants to introduce such an identifier through the back door. Hence the researchers urge the specification to completely modify the German proposal for specifications, architecture and reference structures as well as the Eadi implementation to integrate the use of anonymous credentials.
Do not feed digital monopoly
“A digital wallet in which all important documents are stored, can simplify many processes,” the results of experts call the VZBV to Michela Shrode. “At the same time, there is a risk of data abuse due to tracking and profile formation.” So that consumers can use a digital wallet without hesitation, data will have to be “financially collected and automatically select the safest setting”. This is the only way to guarantee the required high level of safety and trust.
Vzbv demands in one position paperCompulsory data for service should only be queried by providers. Private sector service masters should be forbidden to use information from digital wallets for your comfort. In particular, data should be prevented to connect data with official documents.
Users are divided
Digital wallets should not expand their monopoly positions to Google, Amazon or Apple, Posted by Schroder. Users should not be pushed to buy or use products or services from the respective items pocket editor. It is a threat that consumers will be wooed or actually forced, it should also be considered to share more data with digital corporations. This will be the case, for example, if the wallet is “embedded in a mobile operating system that adds many services”.
By autumn 2026, all European Union member states are obliged to provide EUID purse to their citizens. According to a representative online survey The Square Market Research Institute, which came from VZBV, will store 44 percent of the participants in such a digital wallet. However, a good third (34 percent) will not do this. 22 percent are still unspecified.
(Dahe)
