Overview of the German identity card project and lessons learned (2020 update)

The impact of experience 

​​Public acceptance, measured by the use of the electronic identity, had, however, not met expectations. 

Now.

The time needed for this type of project has to be taken into account. 

One must not under-estimate the scale of political, cultural, and legal changes involved.

The real value of this program only becomes apparent when one considers the contribution made to society, the strengthening of the values of trust and cohesion within communities, and its overriding purpose of social cohesion. 

The modernization of society will lead to a multitude of digital platforms and uses requiring the deployment of electronic identities secured by this new equipment.

Our web dossier, on the digital dividends, details all the positive effects of ID technology.

The benefits of a transformation of this kind are more political than solely economic. Without this holistic vision, it is nearly impossible to justify the considerable efforts required to undertake such a change.

There's more.

Germany has first-hand experience of these issues. 

By taking the initiative, Germany has learned that although this project stemmed from the fields of technology and law, it is far from being a purely technological endeavour.

June 2017: New German ID cards are "switched on."  

The German electronic Identity (eID) card provides a secure and privacy-friendly means for authentication and identification.

To boost the online use of the German ID card, the federal law of 2 June 2017 states that each new German ID card is issued with a ready-to-use (activated) electronic identity verification function. 

Citizens who do not want this feature activated will have to say so.

• ​The electronic online identification function is to be used more strongly in the public administration for e-Government.
• Citizens can also use their identity cards to prove their identity with private companies, such as banks or insurance companies.

As of June 2017, less than one-third of the 51 million German ID cards issued were activated according to on-line magazine epochtimes.de ​​​

The rate is close to 50% by 2019.

​​An audacious ​program and a willingness to innovate

Out of all the major European countries, Germany has been particularly audacious, with strong political will at the highest levels of Government to modernize the country and provide its population with the tools to improve society in terms of competitiveness, well-being, and living conditions.

Germany defined and started to launch its ambitious governmental digital modernization program in 2006.

Let's start with some facts and figures.

Facts and figures of the German identity card program​

• Close to 53 million* new contactless identity cards and 8 million electronic residency permits had been issued by the end of 2017. By 2020, all Germans will have the card.
• Authorization certificates for over 220 services from 100+ suppliers have been granted: 40% are for e-Government services, and 60% for e-Business services.
• The rate of implementation, in other words, the activation of the online identification function, stands at around 50% after eight years in operation.
• This program is considered to be one of the largest IT projects of the German public authorities. A new IT infrastructure has been created for more than 60 million federal citizens. In total, 23,000 employees of more than 5,300 public bodies have been trained in the new working processes.
• Card readers were distributed free of charge during the start-up phase to speed up the use of online identification.
• Online services were offered from the launch of the new identity card thanks to a program to support service suppliers from the private and public markets.
• The State chose a policy of making the e-ID an official identity card with an online identification function rather than an electronic identity solution issued to citizens and which could be integrated into other cards (bank, healthcare, town cards, etc.), like in Austria.
• The data protection framework is very comprehensive, and the identity cardholder can control and check which data is transmitted.
• The card does not contain official X.509 authentication certificates (certified electronic signature can, however, be added via software providers) for data protection reasons, and to ensure data on the identity of an individual may not be sent to third parties as "authenticated."
• The decision was made not create a centralized database (decentralized architecture).
• The digital use of the eID is voluntary: citizens may activate or deactivate the online identification function at any time. 
• The card was granted the highest assurance level (HIGH according to the EIDAS regulation) in September 2017 by the European Commission experts.
• The card is charged 28,80 euros and 22,80 euros if you are under 24 years of age.

*In Germany, it is compulsory for citizens​ of 16 and over to have a valid ID card or a passport. This obligation is stated in Article 1 of the Identity Card Law. Those who do not stick to it must expect fines of up to 600 euros in North Rhine-Westphalia, for example.

A techno-centric vision, obsessed with legal and security concerns

How is that? 

This vision of the future was derailed by the belief that technology alone is the source of progress. 

The disproportionate focus on technological innovation in Germany and the fear of being unable to control the multitude of effects in all administrative, social and economic fields led to the project being led by legal and security experts.

With a focus positively obsessed with the idea of zero-fault and zero-risk, the German e-ID was therefore created within a framework of extreme security for exchanges and personal data, subject to complex legal constraints.

In 2012, many legal issues were ironed out: various legal adaptations were required to enable the use of the online identification function. 

Apart from the law on documents, the framework law on the right to online declarations, the order on signatures, and the law on money laundering were adapted to enable the new identity card to be used. 

In particular, the online identification function of the new identity card and the electronic residency permit as an electronic equivalent of the physical form only came into effect in 2013, with the law on e-Government.

All these setbacks have fostered, in the beginning, a feeling that the program was not yet mature, and the time for widespread acceptance of this innovation had not arrived.

Failure is not an option.

The legal and security fears surrounding the project should be considered in light of the initial technical issues related to the project, and, on a deeper level, in light of the traumas of German history and sensitive topics related to the program: 

• A central administration, 
• The uncontrollable digital world, 
• The files and potential traceability that would go with it.

Some security failures immediately following its launch*, dependency on specific operating systems, browsers and certain browser versions, and several delays before the AusweisApp was also made available for Linux (after seven months) and macOS (after more than a year) also undermined trust in the software and its use.

These teething problems, widely reported in the press, hardened citizens' fears, mistrust and scepticism with regards to this Federal government system.

The German government, therefore, had a cultural duty to respect these feelings amongst its citizens. 

The data protection and privacy framework were thus strengthened, making the e-ID even more complex to use.

(*) Source: same document from the Fraunhofer Institut FOKUS, October 2013

The search for a flagship application

This initiative is a real program of social transformation. 

It enables a seamless connection between the physical and digital worlds for citizens, companies, and authorities within a secure legal framework which can be traced and audited if necessary. 

It is, therefore, a tool designed to bring the country into the modern digital age.

Reality is that there is no flagship online application that is itself deserving such an investment. 

Similarly, there is no service on a motorway connecting an entire region, which would alone be sufficient to justify its creation and profitability right from the start. 

Think about it.

Efficiency, time gains, security, and proximity are the initial drivers. 

Services come next, slowly but surely.

The search for motivated partners

Germany strove to convince major publishers and suppliers of e-Commerce services around the world to accept German e-ID as a means of identification for their services, arguing that this would open up a potential market for them. 

But these suppliers showed little interest in integrating a German solution into their portfolio since the target market seemed too small to them.

Besides, banks also declined the government's invitations to use the e-ID in their online services, since they had already implemented various secure identification solutions for their online banking services.

As a result, the energy expended to find initial partners undoubtedly stalled the opportunity to stimulate the market through the intense marketing of products related to the e-ID, and the packaging of services which the private sector could have used within a co-branding system, enabling operators and publishers to benefit from the State's image of trust. 

This choice was successfully made in Belgium, Estonia, and Austria, however.

The difficult choice between movement and security

The German experience may shed light on the reasons for the relatively disappointing take-up at the start of this project in several countries.

The vision of this ambitious governmental modernization program rests on extending all the traditional uses of identity cards to the digital world, for increased competitiveness and improvements for all a country's stakeholders.

This potential will be fulfilled if the main weakness of the digital world is duly made secure.

Remotely, one cannot be sure of the identity of the counterpart in a transaction. We can deduce that at its heart, the digital modernization program rests on the security of identification and the framework of trust, which provides a guarantee for this highly promising digital world. 

There is no one better than the State to guarantee this trust permanently and universally, at the highest levels of a country.

But:

• Is the aim to guarantee sovereign trust and protect identities in the digital world, or, in other words, the inviolability of social cohesion, which links citizens with public authorities?
   
• Or is the aim only to modernize the means of identification, the National Identity Card, and make it electronic?

The key to success lies in fully understanding this question. 

Estonia and Austria placed their faith in the first option, with successful results, which we have noted. 

The Government creates an identity token that the citizen can use through various means, including mobile phones, thereby multiplying the use of the sovereign secure identity link for all forms of exchanges with public authorities (including e-ticketing in Estonia).

Belgium, by seamlessly unifying the framework of trust into a single platform, with an audacious policy of transparency and intense marketing efforts among service suppliers and the general public, has to some extent made up for the media restrictions caused by the rigidity of an approach too constrained to an "Identity Card" vision.

Risk is permanent

However, it is not easy for public authorities to admit that risk is a permanent feature, not only of innovation but of life itself. 

• Should the adaptability of citizens be fostered by placing trust in them?
•  Should they be overprotected, which would seem to lend force to any mistrust they may have?

​Since 2012, Germany has conducted an in-depth review of its legal provisions and made its security framework more flexible. The project has gained momentum once again, and the usage for German e-ID increased in the past three years.

Nobody can climb into the unknown four steps at a time. 

The art of change lies in combining forward momentum with intelligence gained over time.

More resources on ID card programs