There's two things that jump out at me as worth mentioning:
1) Estonians can imagine losing a war over their territory. It's happened within recent memory. They have contingency plans. Contrast with the United States, where such a thing is the stuff of fantasy, mostly to do with China's military, and our contingency plans seem to involve cutting our leaders off from the world and waiting it out.
2) Americans wouldn't stand for a unified identification system. The moment you propose it, you'd have the Moral Majority breathing down your neck about giving in to the UN and taking a step towards a One World Government. This kind of religiosity permeates our entire civic culture. The very idea of modifying the Constitution horrifies even intelligent commentators, because it was written 200 years ago so it must obviously work well. This is the exact same logic you see from Bible-thumpers.
I really appreciate both the notion of the "boring European state" and the "start-up mindset" that Tamkivi brings up, though they're somewhat at odds. A boring government is a good objective; you don't want the government to be interesting: you want it to work. It makes little sense to me to think of growth as an end rather than a means, but I admit I'm not good at economics; I can see its need when you need a buffer zone for experimentation, but I don't see why it's any kind of measure of success.
What I find strange is that the same people who are against the federal government issued ID cards are also often completely ok, and in fact, very much in favor of what the NSA is doing. This is an observations for personal conversations, not some statistical fact, but I think many would agree with it. I find it very hard to wrap my head around that contradiction.
Well, more on topic, I find the opposite strange: that the same people who are outraged about NSA imply that people who are against mandatory government ID cards are stupid - such as the GP.
In Denmark, you can barely sneeze without giving up your CPR (Central Person Registry) number. Taxes, health, public transport travel record, phone records, bank records and more are all indexed on the CPR number. They live in separate databases and the shutters between those databases are mostly solid, but there is much less opposition to attempts to lower the barriers to access of this data that I'm comfortable with.
At the end of the day, why would you trust one end of the government (the above) and not another (NSA) with your data?
The NSA/SIS/Security Service (who have a very tightly controlled remit) vs some petty bureaucrat in the social security ministry whose targeted on how many people benefit the they can fuck over.
To add to your anecdotal tally, I'm against federal ID cards AND what the NSA has done.
I know who you're talking about though, the vast majority of the Republican party is high on talk of limited government, but short on implementation, especially in the name of security.
To be clear, I really like what they've done in Estonia. But let's not kid ourselves, our government has only themselves in mind to benefit from the use of federal IDs.
China's military?!? China doesn't exactly have a distinguished history of conquest. What do they have to show for literally centuries of trying to take Vietnam?
It would surely make more sense to fantasize about a more militaristic culture waging the war, no?
Everyone neighbouring country has fought wars in indochina over the years. No country has been to successfully control them for long periods of time. In a land war the chinese have a lot going for them, just look at the korean war to see the strengths of chinese military. The fact the china was once many small countries that were all conquered by the qin kingdom should show that china has a long history of conquest. Just in the 20th century they conquered tibet and xinjiang and held back the US invasion of north korea. On the sea they have next to nothing and their navy is a job. China has never been a big sea power but it looks like they are trying to change that only time will tell how that turns out
Not actually true; in the 1500s China was a huge sea power. They had ships big enough to grow crops on deck and Admiral Cheng Ho got as far as Middle East and Africa. Then the bureaucrats, losing power to the merchants and the Navy manipulated the Emperor into declaring owning a ship with more than one mast a capital offence (!) and that was the end of that.
Fast forward a few years and the Portuguese show up on the other side of Africa, Vasco Da Gama at the helm. He should have encountered a Navy that embarrassed anything the Europeans had at the time. Instead, nothing, and then European colonial history happened.
Fun fact: jingoistic Chinese claim (without documentation of any kind, as far as I know) that Zheng He (= the guy you mention) actually visited the Americas.
Also, wikipedia indicates his expeditions occurred 1405 to 1433, not 1500s.
China has always had extreme difficulty expanding beyond its river basins. You might consider it quibbling, but China didn't conquer Tibet and central Asia; foreign armies conquered China as well as Tibet and central Asia. They then, being the same people as themselves, ruled those territories more or less together.
And even beyond all that, a war between China and the US would necessarily be naval. They don't share much in the way of a land border.
I wonder how the Tibetans and Uighurs feel knowing that despite being part of different ethnic and linguistic groups, they're "being the same people" as the Han.
Probably warms their hearts these days to know they're being exterminated by "their own kind," as the Han are busy eradicating the native Tibetans and Uighurs and their cultures at this very moment.
The Han are doing well against the Uighurs; the Tibetans are doing a great job of holding their own. Han who move into Tibet suffer a variety of health problems.
And, obviously, I was referring to the Manchus, who overran China, Tibet, central Asia, etc., and administered it all together. The Manchus who conquered Tibet were the same Manchus as the Manchus who conquered China. Note that they are just as separate, ethnically and linguistically, from the Han as the Han are from the Tibetans (the Qing imperial family's surname was four syllables long!).
Imagine a horde of barbarians sweeping out of Mexico and taking over all of the US and Canada, administering all of North America as one big empire. After 2-300 years, the Mexicans fall from power, and ethnic Americans assume control of the empire. Would it make sense to talk about how the US took over Canada?
See my reply to your sibling -- they didn't. China was itself conquered along with a big swathe of the rest of Asia; its current extent does not come from Chinese expeditions.
Hell, there was a recent movie about a bunch of scrappy Americans playing guerilla against a successful Chinese beachhead. (I don't remember the name; I just saw the trailer in theaters a bunch.)
If you talk about invasion on home soil, virtually any American will bring up how it would be opposed by armed citizens at every step.
> It would surely make more sense to fantasize about a more militaristic culture waging the war, no?
Like who? Canada? Mexico? Our special relationship with the UK? France? Russia? There's no country where an invasion makes sense. At best, there's a reasonable fear of someone carpet-bombing all of our major cities with nukes.
Nothing about "stuff of fantasy" was unclear, but I'm surprised to see such a flagrantly inappropriate choice of villain to fill the role. Just like I'd be surprised to see Quakers filling the role of "oppressive religion" in a theocratic dystopia novel.
Of the countries you mention, Russia has a long and recent history of aggressive expansion, and is physically quite close to the US (that is, Alaska). It's easily a more suitable candidate for invading. Mexico is probably the next most plausible. As you say, it's not particularly plausible in any event, but I'd expect that to mean that nobody bothered thinking about it at all.
> Time does not stand still, and to assume that China will is foolish. With wealth comes power, and China's military will likely be unrecognizable in 30 years. To underestimate one's enemy is simply stupid.
I wonder if there would be any way to implement some alternative identification system that would enable the benefits the article mentions, but still allow for privacy that does not require a trustworthy government. I think, if the government can be trusted (always questionable, but sometimes true), a national ID is clearly an efficient solution. But if government can't be trusted, then maybe some kind of decentralized pseudonymity-based system could work. The state could tax the pseudonyms, they might hold the access rights to medical records etc. Of course this would be cumbersome and allow a certain level of fraud, but might still be an interesting alternative in hostile environments (the state either opposes what one does, or at least does not support it). Maybe one should look into how guerrillas and organized crime identify people that belong to their networks.
As an Estonian this makes my heart warm but we (Estonians) have to keep in mind that a lot of what we've accomplished isn't because we're so truly special (although that makes for great marketing) but because our country size and the need (and timing) for a rebuild enabled us to do so.
Lets continue to pursue other great things being small and nimble enables.
On another note, the national PKI infrastructure truly is great and enables location independence on a new level. One can (and I have) start companies, handle legal issues or anything else which requires either lawful signatures or end to end crypto (PKI between citizens) while abroad.
Its ok to be humble, but I am not sure the argument about size holds merit. Surely, the costs are at most linear per person: the bigger state might have a higher cost, but the cost per person is unlikely to be higher. I would rather expect the opposite: some of the cost would be amortized effectively, and even more so by the fact that a preexisting system means less reinvention is needed.
The problems are thus not scale, but things specific to the nation itself. The USA, for example, is unlikely to follow a similar path any time soon due to a distrust of public works and preference for private enterprise, a (currently very well motivated) suspicion on grounds of privacy, endless political impasse, problems with procurement, bureaucratic momentum, and so on.
But inefficiencies scale up super-linearly. The USA, for instance, has less cultural cohesion and sense of national identity than Estonia (the Russian minority in Estonia being the exception that perhaps proves the rule). Additionally, larger countries necessarily have more layers of bureaucracy, which make national programs more difficult to implement (the USA still does not have a national identification card, though I think RealID is still going forward, largely because of resistance on the part of states).
In theory federalism can make up for some of the inefficiencies of larger organisations. In practice, there's a strong centralizing tendency. (As seen in eg the US and German political systems.)
Getting larger groups of people to agree on things is where scaling becomes a problem. Especially if some of the group is ideologically opposed to others in the group.
What Estonia has done is quite amazing. I remember visiting in the early 2000s, internet in many places and incredibly reasonable. Estonia is small, became independent while I was in college, and entered the EU about ten years ago. I don't know how much of a clean slate the govt had in building things out, but they did something right.
Building a website or an app for US healthcare is just lipstick on top of the messy pig known as legacy, non-connected legacy systems. This is complicated and will take a great deal of knowledge to understand and get right. Layering the existing bloated approach to govt contracts just exacerbated the issue. Unfortunately, we don't have as clean of a slate.
This sounds awesome, but it also sounds scary. If I understand it well, the government issued the certificates for all its citizens it can both know what everyone does and impersonate them. I wouldn't mind that much if they were mundane operations, but things such as voting is of extreme importance.
Oh, and the fact that the id is built in a manner that makes sure the person has to be born in Estonia is kinda odd. No strangers allowed ?
Anyway, has anyone details about technical implementation ? That would be terrific if it could be more widespread.
Not exactly. The government does not have your private keys which are only on your PIN-protected smartcards, so they can't impersonate you. And giving public-private certificate pairs does not mean the government knows anything about using them. I sign a bank transaction, the bank knows it. I sign an electronic agreement with my card with me friend, only us know about it. Government just handles revocation lists and expiry. More about it at http://id.ee/?lang=en&id=
The id card being issued to citizens is quite common in Europe. The thing is that the id card allows you for visa-free travel across Europe and that has pan-European regulations attached. But foreigners can get a similar electronic authentication and signature id card in Estonia still as well.
The problem is there is no way to know for sure the government isn't keeping all the data needed to generate keys. To make the process secure, you'd need a protocol where people get to generate their own keys (open source implementations) based on some entropy under their own control.
Forgotten who the chip manufacturer is, but basically what you'd describe would be an attach against the chip manufacturer and their key generation algorithms and randomness.
Estonian ID cards are made by Trüb AG, which does id cards also for Switzerland, Germany, Dubai and countless other countries. And the Estonian card personalization if I remember correctly is also outsourced to a private party.
No, the government does not know what everyone does and cannot impersonate them, especially in voting. Could you elaborate, why do you believe that and which technical details about implementation interest you? You can learn a lot by starting to browse through http://id.ee/?lang=en&id=
By the way, there was a mistake in the article about the personal ID code. The "123" do not denote the 123rd baby of that day. Rather it denotes an ordinary number that is added to the persons' ID code who happen to have been born on the same day (the country where they have been born does not matter at all). So strangers are very welcome to apply for a personal ID code in Estonia :-)
Since you get a PIN card with a private key, someone else generated it. Whoever did it could impersonate me. I guess it would be done by a private company, so at least that company can do it. But I'm pretty certain that something of this importance would be accessible to a government (no real arguments here, merely armchair discussion)
It's true that only concerned parties know about the transaction... until the transaction is made public (or shared with other interests). Again, I'm pretty sure this will be one way or another visible to the government.
You could say I'm paranoid and anti-government. I just think that being paranoid is a necessary thing when doing anything related to security, and this falls exactly in this topic. The very least, as iwwr points out, is that anyone could create their own private key in this system (ie associate the generated public key with the id given by the government). The secrecy of the transactions is yet another problem which basically boils down to "how much do you trust other parties", and has little to do with technology.
The idea of being able to do everything, including voting, with your computer is an amazing thing, but to date very little has been done to make sure that citizens can expect the same as today in terms of secrecy, privacy and ease of use. Again, a matter of how much you are paranoid and how much you are wanting to give up security in order to make things simpler.
Thanks for the link, I will have a look.
> So strangers are very welcome to apply for a personal ID code in Estonia
If all this works for Estonian people, congratulations to Estonia for achieving this. As a Greek I suffered bureaucracy and still do. I would like for my country to unite all this data.
I have second thoughts about a couple of things though:
* The digitally signed mobile SIM-Card: How does this work exactly? Does the mobile company have access to my data?
* e-Elections are considerably easy to tamper for one and have well documented problems[1] to which I saw no solution in the article. For example, if there's a tampering accusation, how can we recount the votes or verify that X person voted for Y representative?
As far as I understand SIM cards, there are just like small crypto chips. You cannon really access the private key on the sim card. The phone just uses the sim card API to sign whatever it needs to sign. So no, the company should not have a reason or way to access your keys, assuming the cards are assigned randomly.
I'm an Estonian and have been enjoying all these benefits for many years already. Can't really imagine a life without them :)
Here are my replies to your questions:
* The mobile company does not have access to your data. They just issue a special SIM card that stores your private keys. Unlike the article states, there is actually also a small piece of software installed on your phone that is later used for authentication and signing.
The way it works is that you go to a site where you want to log in (I'll use Estonian government portal https://www.eesti.ee/eng/ as an example here), you press Enter (or "Log in" or whatever the button is called on the site) and choose "Login with mobile-ID". In Estonian government portal both your phone number and personal code are asked as "usernames" but some sites might ask either one of them (depends on the site's owner). Then after a few seconds your phone will display a screen showing that a connection is being made.
At the same time you will be shown a "control code" on the browser screen that you will have to confirm on your phone. This is done in order to prevent some forms of man-in-the-middle attacks. Then you're prompted to enter a mobile ID PIN1 code (used for authentication) into the phone. If PIN1 is correct, the screen on the phone disappears and the website is automatically reloaded with a logged in screen. You can cancel the authentication procedure at any moment. PIN2 is used for signing and works the same.
* Obviously it would take a lot of time to answer all the problems posed in the Wikipedia. I would disagree, however, that Estonian e-elections are easy to tamper. As Estonia is on the forefront of e-voting in the world, all these problems are addressed and analysed in great detail by our Electronic Voting Committee (http://vvk.ee/general-info/electronic-voting-committee/) that is involving leading e-voting experts in their work. There have been many debates about e-voting and rulings by our Supreme Court. The process of e-voting is very transparent (you can start reading about it here: http://vvk.ee/voting-methods-in-estonia/engindex/), it's heavily audited before, during and after the voting, the software is open-sourced (https://github.com/vvk-ehk/evalimine) and very well documented.
But to give a very high-level answer to your question about recounting the votes - there are many different applications and servers used in the e-voting process that keep traceable logs. If recounting is needed then these log files are used in order to determine if votes were tampered in some constituency.
That said it's never gonna be unbreakable, it is though in the general case far safer than the alternatives (scanned bitmaps are actually being used as "digital signatures") not to mention the ease of use.
Identity management is a very big and very problematic piece of any large government-to-citizens programme; solving this once, up front, is an excellent idea that does not seem to have occurred to many other nations.
1) Estonians can imagine losing a war over their territory. It's happened within recent memory. They have contingency plans. Contrast with the United States, where such a thing is the stuff of fantasy, mostly to do with China's military, and our contingency plans seem to involve cutting our leaders off from the world and waiting it out.
2) Americans wouldn't stand for a unified identification system. The moment you propose it, you'd have the Moral Majority breathing down your neck about giving in to the UN and taking a step towards a One World Government. This kind of religiosity permeates our entire civic culture. The very idea of modifying the Constitution horrifies even intelligent commentators, because it was written 200 years ago so it must obviously work well. This is the exact same logic you see from Bible-thumpers.
I really appreciate both the notion of the "boring European state" and the "start-up mindset" that Tamkivi brings up, though they're somewhat at odds. A boring government is a good objective; you don't want the government to be interesting: you want it to work. It makes little sense to me to think of growth as an end rather than a means, but I admit I'm not good at economics; I can see its need when you need a buffer zone for experimentation, but I don't see why it's any kind of measure of success.