[foepys]

Germany was quite advanced when it came to technology but then the drive to make more of it somehow stopped.

It has always been incredibly sad to me that the German ID card (Personalausweis) has an RFID chip inside with trust zones, certificates, authorization features, and much more and just never had been used. Like at all except for getting cigarettes at vending machines.

12 years after the first RFID Personalausweis had been issued it is only possible to register your car in some cities. Maybe there are other minor uses but it's negligible.

It's a very cool technology with a certificate authority and cryptographically secured claims for various things (proving you are over 18 without revealing your DOB, only giving out the name and address, authenticating as a German citizen, pseudonymity with separate identities for each service you use etc.). All functionality is also available for use over the internet.

The German Wikipedia has a good overview: https://de.m.wikipedia.org/wiki/Personalausweis_(Deutschland...

[woah]

Makes a lot of sense with German culture IMO. There's a culture of doing your job very well, but not much of a culture of thinking outside of the box or shaking things up.

Some Herr Doktor probably followed all the best practices to implement "trust zones, certificates, authorization features, and much more" in the ID, doing their job really well. But actually changing the processes to use those features is not anyone's job, and might actually eliminate a lot of jobs, so it never happened.

[numpad0]

I think modern political criticisms might be too dismissive of inefficient bureaucratic developments, or we might be taking criticisms too seriously.

They might be slow, complicated, budgeted terribly, unbelievably incompetent by standards of typical for-profit mega corporation, but a lot of those projects work at first try and works for decades, in the end.

SLS capsule came back in one piece on first try. That German ID system probably works too. And that’s great.

[Aeolun]

I can believe they work for decades, but mostly because nobody believes they’ll do any better the next time.

[cscurmudgeon]

It is good this project is failing.

Such a thing will never fly in the US. Both the left and right will rightfully or wrongfully oppose it for different reasons.

Edit: E.g. see the left opposing voter ids in the US.

[romwell]

>Edit: E.g. see the left opposing voter ids in the US.

FYI, the left wasn't opposing voter IDs. The left was opposing Voter ID laws, which required a voter to have an ID, while selectively providing these IDs to the population.

That's a uniquely American problem. We wouldn't have an issue with a Voter ID law if everyone was guaranteed to have a state ID, regardless of where they live, whether they have a car or not, and whether they have money to pay for it (it should be free).

[snowpid]

Personal ID arent for free in Germany (though not expensive, ca. 30 EUR), they are mandatory to wear and you have to show if you want to elect.

No IDs in an election are a culture war issue in US and lefties argue irrationally on the topic. Btw, I am not a Trump supporter.

[romwell]

>No IDs in an election are a culture war issue in US and lefties argue irrationally on the topic.

Do you live in the US?

If not, looks like you're missing the important context that the Republican party makes access to facilities that issue IDs limited.

For most Americans, the primary ID is the driver's license.

And for those that don't drive, it's... non-driver license, also issued by department of motor vehicles.

Which is often not accessible by public transportation.

And whose locations strategically avoid black and poor small towns.

So no, it's not a "culture war", and the arguments are rational once you learn the context of the issue at hand.

[Krasnol]

It goes also with a different aspect of German culture.

They rolled that out together with finger printing.

People value their privacy here and this was overstepping too many boundaries.

Those features have also never been explained to the average Michel here. Even IT interested people are not aware or understand the good things about it.

[Aeolun]

I think the fingerprinting happens for all the EU chips right? It allows for those automated gates at the airport where you need to verify your fingerprint.

[pchangr]

Wow, after living in Germany for 5 years.. I think I agree with you completely. That last sentence is the best description of the problem I have read.

[kkkrist]

Absolutely spot on

[leonry]

A couple of years ago, I would have concurred. But for some time already you have the possibility to use the e-ID through Postident (https://www.deutschepost.de/de/p/postident/privatkunden/iden...) which is kind of well integrated in many businesses. Moreover you have private / corporate solutions like Verimi (https://verimi.de/) that incorporate functionalities of the e-ID. There is even an alternative (https://www.openecard.org/startseite/) to the official app. (EDIT: The alternative is open-source, but so is the official app. Removed adjective.)

I really like the development that has gone into the e-ID. They even have thought out a safe way to update your PIN (https://www.pin-ruecksetzbrief-bestellen.de/)! The biggest drawback of all is the lack of any marketing, IMHO.

[dmacvicar]

The official app is already open-source:

https://github.com/Governikus/AusweisApp2

[leonry]

True, that wasn't well formulated.

[moooo99]

Its hilarious. I recently moved and wanted to update the registration info for my car. My city boasts about having an "online self service for anything you'd usually need" (sad enough that this alone is a rare achievement), so naive me decided to give it a try. I successfully registered and wanted to update the info on my car, but got stopped by a disclaimer saying "if you want to do this online with your eID, you need to attach a picture of your ID to the form"?!. I burst out laughing, wondering what the point of this eID even is. And I still haven't updated my info

[jlelse]

You can use the "Online-Personalausweis" for quite some things actually. For example to authenticate at banks, so you don't have to do Video-Ident. Or to do taxes etc. I wrote a post about it earlier this year: https://b.jlel.se/s/59c

[derac]

I don't speak german, but by video identification do you mean the system in which you turn in the webcam and it checks your face? If so, that is highly vulnerable to real time face swapping attacks (and possibly just recorded webcam footage). I'm sure you're aware, but these systems need to change.

[moooo99]

For banking a fairly well known identification provider is "Postident", a service offered by Deutsche Post.

They offer plenty of ways to actually authenticate. The classic one is that you receive a voucher, go to a post shop, the employee there checks your ID and prints you a verification code (iirc). They also added video calls for identification and from my experience, it seems as if they are aware of the potential security implications. They ask you a bunch of questions and require you to do different things (for example hold your ID card right in front of your face, cover one side of your face, etc) presumably to counter this attack vector.

The smoothest way is to use the ID card integration. With that, assuming your ID is already set up for the online authentication, the whole kyc process for a new bank account is done within two minutes. Unfortunately it seems like some banks still disable this option, at least I did recently open an account and did not have this option for use with postident.

[UncleEntity]

> They ask you a bunch of questions and require you to do different things (for example hold your ID card right in front of your face, cover one side of your face, etc) presumably to counter this attack vector.

Give them a little while and the AI will be able to do all that so you can finally prove to the government that you are indeed a panda bear.

[junon]

Nah it's a web call where they check your passport for authenticity and identity in real time with a real human in order to authorize a new bank account etc.

[tchalla]

One of the links seems to be broken

> Das Gesetz hat sogar eine eigene Website mit einem Dashboard,

[GTP]

In The Netherlands, they are implementing a thing which gives the same advantages (i.e. disclose some attributes about yourself without disclosing unneeded data), but uses different technologies. It's called IRMA, you can find an overview here [1]. It can be combined with other applications to do cool stuff, e.g. with PostGuard [2] you can use identity-based encryption to be able to send an encrypted email to someone, but without the need to know their public key in advance, nor having to authenticate it. The drawback is that you have to trust a central server and a third party identity provider.

[1] https://irma.app/ [2] https://postguard.eu/

[GekkePrutser]

I'm from the Netherlands but I don't like IRMA. I respect what they're trying to do but they're lowering the barrier.

Right now most platforms don't do ID validation because users hate sharing their details. By making it more privacy-safe more platforms will do it because the barrier is lower. I really hate that, I think the internet should remain anonymous. So I can pick whatever nick and even have multiple.

[KMag]

I'm a little surprised we haven't seen governments try offering identity-based encryption as a way to head off encryption that's harder for them to wire-tap.

For the unfamiliar, with identity-based encryption, the recipient's public key is a function of the key authority's public key and some "identity", such as a national ID number or email address. Their private key is a one-way function of their identity and the key authority's private key. So, the recipient needs to ask the key authority one time to generate their private key for them, but there's only one public key to distribute. For the whole system, the sender can calculate the recipient's public key. The private key isn't even necessarily calculated before the sender has sent their message! It's very convenient and flexible!

Of course, the downside is that the private key is deterministic and can always be re-generated by the key authority, so it's fundamentally vulnerable to attack by the key authority. Also, some of the underlying math is less well studied than standard ECDHE/DHE/RSA, so we're less confident about vulnerabilities lurking just under the surface.

[catiopatio]

From the website:

> With IRMA it is easy to log in and make yourself known, by disclosing only relevant attributes of yourself. For instance, in order to watch a certain movie online, you prove that you are older than 16, and nothing else.

That’s not “cool stuff”.

[GTP]

PostGuard is, as for many users it's way easier than PGP (no key management issues, plus some special case handled better). As I mentioned, the drawback is trust in a central server and an identity provider.

[bmn__]

You present the conclusion only. Please share the train of thoughts that made you arrive at it, because it is not obvious.

[Aeolun]

It’s not cool that content would be restricted to people that can prove they are older than 16. It requires very little imagination to see how this could be extended to restrict content to people that have a yellow star on their clothes.

[kergonath]

This does not follow, in the same way that the existence of the police does not imply a slide towards a police state. The slippery slope fallacy is a fallacy.

Besides, at least around here they already ask for an ID if you look young enough, for some movies. This is not enabled by new technologies.

[stkdump]

I use my Personalausweis to submit tax stuff, to get the current status of the government pension fund (I can know at any time, not just once per year how many Rentenpunkte I have) and to submit local requests for my city (for example changes for the garbage collection service). My phone serves as the card reader using NFC. It works like a charm.

[bradhe]

I heard something yesterday about how you can authenticate digitally for tax documents using the NFC chip in your Personalausweis! You just have to download some app.

But yes, in general, we’re SO CLOSE…then you have to go do Anmeldung with a paper form in person

[Dagonfly]

I do all my tax return stuff online with my Personalausweis. Once you got all your PINs and access codes it's quite seamless actually. You can even pair your phone with your PC and use the phone's NFC reader to read the ID-card.

That stuff honestly improved quite a bit in the recent years. Most of these services are just not advertised or integrated enough so far.

[kune]

I actually use my German ID card to communicate with the Elster service of the German tax offices. My old USB signing stick would need to be replaced next year, but using my ID card was the cheaper option.

[Semaphor]

You can also generate a certificate. Registering it requires receiving a letter by snail mail and it expires every X years (5 maybe?), but otherwise it's just like your certificate for your server you use to SSH in.

[lakomen]

2 years

[Semaphor]

3 years. I’m back at my computer and checked, my certificates were 2013, 2016, 2019 and 2022

[tpm]

Many more applications will come in coming years. They are being implemented right now, I think this was sped up by some law that municipalities have to provide those services online by 2026? Not sure. Anyway there is a huge backlog and not enough programmers but one way or another this has to be done.

[hatenberg]

25 years of intentionally slowing down digitalization to protect local SMEs (which make 70-80% of the economy) against US tech companies leveraging economies of scale.

Yes there’s plenty corruption and disastrous bets (ISDN…), but let’s not pretend the situation isn’t intentionally created.

[sandos]

Its fascinating what EU can accomplish, but in my mind drivers licenses and "national IDs" (that are usable when travelling in EU) should be merged and unified over the union. Imagine how much simpler things would be! And this tech used in Germany sounds like a very nice base for it.

I mean I would also make them passports but I think that is impossible.

[bobbruno]

This may be difficult for an American to understand, but a driver's license is not a core document, and many people may not have it. In most places it'd not come to mind in a discussion about digital ID.

[joeschmopoe]

Lots of people don't have a license but do move around and across EU borders a lot.

The IDs are actually heavily unified nowadays https://en.m.wikipedia.org/wiki/National_identity_cards_in_t...

[bee_rider]

I would imagine that different countries might had slightly different traffic laws or acceptable risk levels, so might want to have their own licensing schemes. Maybe the could have a unified form-factor that gets stamped by the individual countries though.

[joeschmopoe]

They do, all IDs are in ID-1 form factor, stamped by the countries and the EU [1].

It's the same for driver's licenses [2], they are accepted in all EU member states and basically look exactly the same, just in different languages and show a different flag.

[1] https://en.m.wikipedia.org/wiki/National_identity_cards_in_t...

[2] https://en.m.wikipedia.org/wiki/European_driving_licence

[roenxi]

The scars of WWII have well and truly healed if people are comfortable with this technology. The 1900s accrued a lot of experience with where this will go.

Usually I'll argue for market efficiency over other concerns; but in this case the Europeans are on to something with the GDPR. The role of government is to make this sort of personalised identification hard - not to enable it. The end game is going to be hard times and mass discrimination against minorities.

[PYTHONDJANGO]

Unfortunately still many people working in tec jobs do not understand that putting an ID on an official governmental document that you need to carry is effectively the same like a tattoo with a number on your arm.

Despite Germans have made bad experiences with that, the idea survived the 3rd Reich.

The idea that as a human being you need "governmental documents" to identify is an authoritarian core value that is fundamentally against individual freedom.

Jews were forced to always carry their "Kennkarte" with them.

Please do not tell me about positive use cases that are based on the naive idea that "the government is the good guys".

When electronic IDs are not rolled back everywhere then democracy and individual freedom will be lost for a very long time.

[shapefrog]

We should pay vast quantities to microsoft or google do it, they can be trusted ... right

[Lanz]

It's almost as if the spirit of the people was broken as Germany drifted more and more leftward.

[Zagill]

Yeah, they should try going to the right again. The people were very spirited last time

[dang]

Oh dear. Please don't take HN threads into ideological flamewar. It's predictable, nasty, and not what this site is for.

https://news.ycombinator.com/newsguidelines.html

[ln_00]

wow. You won the award of the most stupid comment on this post.

[dang]

Please don't respond to a bad comment by breaking the site guidelines yourself. That only makes everything worse.

https://news.ycombinator.com/newsguidelines.html