Digital Identities Directive seeks to curb Crown Immunity

The Commission has just issued a Draft Regulation on “electronic identification and trust services  for electronic services in the internal market”.  

Practical Law summarised the proposal as follows: ” The Regulation will replace the existing Electronic Signatures Directive (1999/93/EC), but will re-enact a number of the Directive’s provisions. The aim is to enhance the previous legislation and to expand it to cover the mutual recognition and acceptance at EU level of notified electronic identification schemes and other related electronic trust services, such as the provision of electronic seals, time stamping, electronic document acceptability, electronic delivery and website authentication.

The Regulation will require mutual recognition between various national electronic identity systems, with the aim of making existing electronic identities functional across EU borders. One key proposal is that a member state participating in an electronic identification scheme will be liable for the correctness of its identification data.

On an initial assessment of the draft Regulation, it is difficult to see how more detailed and extensive framework proposals will promote greater use of digital trust services, given the fact that that interested parties have been free to take advantage of various technical solutions available on the market for some time, but have not done so”

It is not clear who was actually involved in the “extensive consultation” claimed in the preamble to the draft  but the removal of government immunity from liability for error may lie behind current attempts to build UK ID policy round privately issued electronic identities. But , HMG appears unable to force us to pay for electronic identities when we contact it to pay tax or claim benefit. Therefore those bidding to supply ID services for the DWP Universal Credits system will have no guarantee of business because, without controversial primary legislation, there will have to be a bypass routine for those who do not wish to use their services 

This directive also needs to be scrutinised in the context of a whole series of overlapping EU regulatory initiatives (including on Data Protection, Payments and Ubiquitous Computing) as well as the impending global fight between ITU and ICANN over Internet addressing and the transition from IPV4 (dynamic address re-use, supposed  anonymity and crumbling security) and IPV6 (with the potential for locked down device level identities and security fit for the Internet of things when everything is on-line). 

How can we stop the Commission spewing out fragmented initiatives and start joining-up  industry and interest group scrutiny of those they do (and of UK implementation), including in the context of developments in electronic:

addresses – and the international stand-off between the IGF (Government – Industry co-operative agreement approach) and ITU (Inter-government treaty approach)  

signatures– and the conflict between those running existing international trade onthe basis of common law judgements going back to the days of cable authenticationsand those seeking a brave new world for their (usually IPV4 -based) view of the Internet.

identities– and the many conflicts between current vested interests and would-be newentrants, with differing business models and cultural assumptions, fewof which allow for genuinely informed customerchoice


trust– with a fundamental split between those trusted because they accept liabilitywhen things go wrong and those who would like to be trusted but will not acceptliability. The latter includes most governments, regulators, ISPs and technology suppliers.

Iurge those serious about wanting to see the UK to be globally competitive in the on-line 21st Century,(whether within the EU or not), to join the Information Society Alliance (EURIM) andhelp my successor, Dr Edward Phelps, to structure well-informed debate and scrutiny on such issues.On Monday (11th June) I am due to attend a round table organised by EURIM and UKPayments to assemble material on the Payments Directive for use, alongsidematerial from previous meetings on the proposed Data Protection Regulation at aEuropean Internet Foundation meeting on the eve of the Digital Assembly ( June 21stand 22nd).

The bigger objective is, however, to assemble team thatwill subject these to joined up scrutiny and lobby until their concerns are heardand action is taken. On Friday I was looking at possible invitation lists for asimilar round table on the Identities Regulation.

These are not mere “techie issues”.

They are part of the regulatory malaise that has helped destroy UK and EUcompetitiveness and caused the Chinese sovereign wealth funds to be the latestto start taking their money out of the eurozone.

They are the cause oftens, perhaps hundreds of £billions of taxable online transactions to be routedvia the US, Switzerland, Singapore or anywhere else that is outside the EU andpolitically and economically stable.

We will not see economic or employment recoveryuntil we take such issues very much more seriously.

P.S. It has been said to me that there is (as yet) no compulsion to go on-line to access government services but that is not quite correct. If you are VAT registered you can no longer do manual returns or pay by cheque. If you run charity you can no longer get advice sent to you in the post. If you live in a rural area and your Post Office has closed down or you wish to use chip and signature to collect your benefit … etc


Enhanced by Zemanta