WEBVTT 00:00.000 --> 00:11.760 I have a subject about digital identities and whoop thank you and we have the 00:11.760 --> 00:19.120 pleasure of welcoming Amalyan Das Data and Gregor Little Franksky, you know Gregor 00:19.120 --> 00:23.280 Bronsky, sorry I tried to say you're pseudonym at the same time as well, I invite 00:23.280 --> 00:29.160 you both to come stay here and to have this little microphone for the recording. 00:29.160 --> 00:31.160 Do we need to hold it? 00:31.160 --> 00:32.160 Okay. 00:32.160 --> 00:34.160 Also attach it to ourselves. 00:34.160 --> 00:35.160 Yeah. 00:35.160 --> 00:36.160 But we're going to be on. 00:36.160 --> 00:38.160 Yeah, it will be fine. 00:38.160 --> 00:41.160 So the mic is just for the screen so you still have to speak. 00:41.160 --> 00:43.160 Very, yeah. 00:43.160 --> 00:47.160 We'll try to organize everything like logistically. 00:47.160 --> 00:53.160 Everyone is sitting down at once to be sitting down in the room and if not, we'll sort 00:53.160 --> 00:55.160 of a problem out later. 00:55.160 --> 00:57.160 My name is Amalyan Das Data. 00:57.160 --> 00:59.160 I'm from Sweden. 00:59.160 --> 01:02.160 Where we have a very high level of the idea adoption. 01:02.160 --> 01:03.160 It's very used. 01:03.160 --> 01:06.160 We have the most authentications. 01:06.160 --> 01:08.160 Paranum, per citizen. 01:08.160 --> 01:13.160 You can do your taxes with your electronic identification in Sweden. 01:13.160 --> 01:18.160 I also used to work in the European Parliament on the first EIDAS regulations. 01:18.160 --> 01:21.160 So not the first trust services legislation in the EU ever. 01:21.160 --> 01:31.160 But in 2013, 14 when they were creating the first directly applicable law for EID in the European Union. 01:31.160 --> 01:32.160 Hello. 01:32.160 --> 01:33.160 My name is Gregor Bransky. 01:33.160 --> 01:34.160 I'm from Germany. 01:34.160 --> 01:37.160 Our EID adoption is currently at 6%. 01:37.160 --> 01:40.160 But higher at the younger generation. 01:40.160 --> 01:42.160 Our EID usage is rare. 01:42.160 --> 01:46.160 We can pay our taxes digitally without using EID. 01:46.160 --> 01:51.160 We're very worried about over-identification because in Germany we believe people are not numbers. 01:51.160 --> 01:52.160 We tried that. 01:52.160 --> 01:54.160 It didn't work 80 years ago. 01:54.160 --> 02:00.160 And I'm very, very unhappy with the current approach where the EID is heading because it's going that way. 02:00.160 --> 02:07.160 Our funds today will relate to the second EIDAS regulation from the European Union, which was passed in 2024. 02:07.160 --> 02:15.160 And which seeks to establish a generalized European identity wallet for the benefit of citizens when interacting with private or public parties. 02:15.160 --> 02:24.160 Hopefully, we will have convinced you at the end of our 10 minutes that the word identity makes people in particular politicians, 02:24.160 --> 02:29.160 discussed the lives of private citizens in a way that isn't helpful. 02:29.160 --> 02:33.160 And that maybe the beneficial use cases for a European identity. 02:33.160 --> 02:39.160 In fact, we can find more in the authentication and authorization of business-to-business transactions. 02:39.160 --> 02:45.160 And when persons are acting on behalf of their organizations in commercial settings. 02:45.160 --> 02:48.160 Developing this presentation has been very interesting. 02:48.160 --> 02:55.160 We come from different countries in the EU with different approaches to identity and different levels of introduction of identity and authentication and online environments. 02:55.160 --> 02:58.160 Even offline environments for that matter. 02:58.160 --> 03:04.160 Trying to wrap our heads around the state of our own Germany and Sweden business models visions of authorization, etc. 03:04.160 --> 03:07.160 It has been an adventure and continues to be so. 03:07.160 --> 03:13.160 But that said, we have some real problems, we agreed also. 03:13.160 --> 03:16.160 That's my. Okay, so why EID? 03:16.160 --> 03:31.160 I'm not sure if you actually were online sometime, but you get this button's jumping in your face, which is signing with Google, signing with Facebook, signing with Apple, and signing with Twitter. 03:32.160 --> 03:41.160 And every time an app or website asked us to create a new digital identity to easily lock on via big platform, we have no ideas what happens to a reality. 03:41.160 --> 03:49.160 ACID that the European Union took on that and they decided that they want to protect the digital sovereignty of their citizens. 03:49.160 --> 03:55.160 And basically this seems to be part of the vision that is argued publicly. 03:55.160 --> 04:00.160 Well. 04:00.160 --> 04:06.160 But so we identified a different problem, which we think makes more sense to solve at the European level. 04:06.160 --> 04:10.160 And it was kind of a mind blowing experience for me to figure out. 04:10.160 --> 04:18.160 This that apparently it is in the European Union a problem that when you're handing over a concrete truck on a construction site. 04:18.160 --> 04:26.160 There is no easy way for the driver of the concrete truck to hand over the keys to the truck to the right recipient and knowing where the concrete goes. 04:26.160 --> 04:33.160 And so there's this concrete theft problem where people are handing over concrete trucks to the wrong person, causing massive delays. 04:33.160 --> 04:41.160 For construction companies when trying to lay the groundwork for buildings, I mean we could only intuitively see how this is an international logistics chain. 04:41.160 --> 04:52.160 Where you have people generally of lower educational backgrounds having to perform complex tasks that require proper authorization and they have no easy mechanism of doing so. 04:52.160 --> 05:04.160 So this would not be such a big problem for the construction sector if there was a reliable cross-border interoperable way of authenticating those persons who should hand over a concrete truck and receive a concrete truck. 05:04.160 --> 05:10.160 For instance with the mobile phone application using NFC. 05:10.160 --> 05:15.160 And so in these business to business transactions there's really a lot of benefits to begin. 05:15.160 --> 05:20.160 There's a lot of money that goes into these ideas of a generalized European identity. 05:21.160 --> 05:27.160 But it's also kind of obvious that a generalized identity scheme would have a lot of stakeholders. 05:27.160 --> 05:36.160 So to often the political parlance is kind of dominated by this vision of the EU as a shield between the citizen and Google. 05:36.160 --> 05:48.160 But the real problems, the real benefits for European citizens and businesses are insolving other problems entirely than how we're faced with this login screen. 05:48.160 --> 05:57.160 So let's not underestimate the challenge of developing the systems for multiple sectors of coordinate across multiple borders requires a lot of common capacity. 05:57.160 --> 06:04.160 This is why companies turn to the government to help set up the right cooperation mechanism to get a good technical outcome. 06:04.160 --> 06:10.160 You can see the problem harmonizing infrastructure when it comes to getting trains runs through all of Europe. 06:10.160 --> 06:20.160 If you look at train train tracks with different gauges, you can either build train tracks that work for all gauges, or you can build trains that run on multiple gauges. 06:20.160 --> 06:24.160 Those are painful and expensive. 06:24.160 --> 06:38.160 There is hope on the horizon. There is 22040870 CNS which is the security of identity cards of the European citizens and a president's document issued to the Union citizens and their family members. 06:38.160 --> 06:43.160 Which we will have available by 2031 according to current planning. 06:43.160 --> 06:52.160 So AEDS 2 is pointing the question that it doesn't have a harmonizing infrastructure to run on and still doesn't want to achieve stuff. 06:52.160 --> 06:54.160 So back to real problems. 06:55.160 --> 07:05.160 So one of the very real problems facing the European Union in this field is that harmonizing infrastructure across member states causes the member states to be territorial. 07:05.160 --> 07:12.160 And so the current theory of change is that you will have a bunch of lawyers at the European Commission discussing with a bunch of lawyers in the member states, 07:12.160 --> 07:20.160 whether you can make delegated acts to kind of force everyone to use different wids of train tracks to follow on that analogy. 07:21.160 --> 07:35.160 And so that's starting out to be more challenging than originally for a scene. They have been added for like 20 years in their defense. So this is like just the latest iteration of attempting to solve infrastructure problems. 07:35.160 --> 07:42.160 But there is several other challenges with building identity schemes. Like, how do you make the proper economic model? 07:42.160 --> 07:56.160 So one challenge and authentication is that if I'm trying to buy something from Gregor, and he wants to authenticate that it's me, but we're using an identity provider that's a third party to authenticate my who I am. 07:56.160 --> 08:06.160 Yeah, how does that third party get paid? Who's going to pay them? I have no relationship with them. My relationship with Gregor is from him. I want to service. His relationship is with me. He wants my money. 08:06.160 --> 08:12.160 The identity provider is kind of left hanging, like there's not really clear how how they would get paid. 08:12.160 --> 08:21.160 Is it per authentication? This is the method currently adopted in Sweden. Is it some kind of subscription service where you can make a number of authentications per month? 08:21.160 --> 08:26.160 Is it some other scheme that you know, it's just provided us a common infrastructure? We don't really know. 08:27.160 --> 08:39.160 And it's creating problems when we're trying to work out. What is the value chain that we need to do to make these, you know, concrete handovers work? 08:39.160 --> 08:50.160 So there has been a study by Fraun who for who shows that actually there is no private business model working for identity providers and the current German setup, which seems to apply to other European states. 08:50.160 --> 09:01.160 There is an initiative called Glyph who's trying to solve that for basically corporations that are trying to do business, but not for private citizens. 09:01.160 --> 09:05.160 And it's about the successful with the OCD20. 09:05.160 --> 09:14.160 And when we want to talk about helpful solutions, we found that there are two caveats out there, which is legislatures need to be empowered to understand what is possible. 09:14.160 --> 09:26.160 For example, that you do need to identify as to match identities. SSI is a privacy and security nightmare for everyone who actually thought about it for more than five minutes. 09:26.160 --> 09:35.160 And we should really empower non-digital communities because writing digital text standards is really hard. People present here might be familiar with it. 09:35.160 --> 09:43.160 And those people in the construction industry know their stuff, but they don't know how to build digital standards and we should try to empower them to do so. 09:43.160 --> 09:46.160 Like the initiative, finally, for sure. 09:46.160 --> 09:51.160 Now, so we found this interesting initiative from the construction sector, finally for sure. 09:51.160 --> 09:54.160 Where there is still much about it like XML. 09:54.160 --> 10:05.160 And we thought wouldn't it be better if all of these lawyers at the European Commission and in the member states, but dedicate some time to locate these industry initiatives to solve real problems for like real people and companies. 10:05.160 --> 10:14.160 And then try to help them with the digital expertise necessary instead of hammering their way through 29 delegated acts that nobody anyway wants. 10:14.160 --> 10:19.160 Presumably, though, come to realize this after some years of trying to do these delegated acts. 10:19.160 --> 10:24.160 But why not make a shortcut? Do it immediately. 10:24.160 --> 10:38.160 So the question is what's left to do? And what the e can do, they can provide infrastructure and regulation, like harmonizing incoming using the infrastructure with the harmonization of the EID cards by 231. 10:38.160 --> 10:48.160 And until then make a regular, make a regulation to allow log in by pass key, for example, so that you don't have to log in with the UD wallet, but can choose what you want to do. 10:48.160 --> 10:58.160 And they could also provide an initial infrastructure which would be basically one to propose here, which would be called the EOLI, the European Union Organizational Identifier. 10:58.160 --> 11:03.160 Because organizations don't need privacy, they can be actually rubber stemmed. 11:03.160 --> 11:15.160 And what you can basically take is the organizational registers of every European member state and add them to CPEI, and because transforming those organizations might be painful. 11:15.160 --> 11:27.160 It's easier to just pop up a Pan-European PKI to allow organizations to identify themselves and people whom they delegate authority to. 11:27.160 --> 11:32.160 And so that's our humble proposal for the European Legislature and for people in the room. 11:32.160 --> 11:36.160 We thank you so much for your attention. Think our ten minutes are already up. 11:36.160 --> 11:40.160 We'll be available outside if you want to have further conversations about this. 11:40.160 --> 11:48.160 Identity schemes are by no means an easy political topic, and we hope that this has given you a brief overview of the current state and what is possible. 11:48.160 --> 11:53.160 Thank you. 11:53.160 --> 11:58.160 Thank you. 11:58.160 --> 12:03.160 So, since we have...