Analysis and commentary
Catherine Riva, Serena Tinari – | Jannes van Roermund
Illustrations: Aleksandra Roth-Belkova
November 26, 2021

Lire l’article en français (en ligne) / Den Artikel auf Deutsch lesen (online)

The use of the Covid-19 certificate today is limited to coronavirus-related statuses. But, as our research and in-depth interviews with specialized researchers show, powerful commercial and governmental players are eager to transform this device into a digital identity wallet (e-ID). Our investigation shows that this shift is underway and induces a profound paradigm change which calls for an urgent societal debate. Unfortunately, this debate is stifled by the regime established in the name of the crisis. Finally, this exclusive by Re-Check shows that the Swiss authorities do not exactly manage the sensitive data of COVID certificates the way they claim.

Many countries have introduced a Covid-19 certificate system which can allow to travel, and in many instances participate to social life, up to being able to work. This three-parts series by Re-Check in collaboration with Dutch investigative journalist Jannes van Roermund digs deeper in the functioning of an unprecedented tool that links medical data to freedom of movement. In this third episode, you’ll learn about the advent of cryptocurrencies issued by central banks, also known as “central bank digital currency2 (CBDC), and get to know what this has to do with e-ID and Covid-19 certificates.

As often is the case, an international crisis is accelerating historical and ground-breaking developments. The advent of digital currency is currently being pushed by different public and commercial players. Linked to e-ID and proof of vaccination, such developments might end up changing our society for good. A large public debate is sorely missing.

Analyse et commentaire

In the previous two episodes (1) (2), we were showing that the deployment of Covid-19 certificates represented a window of opportunity that powerful interest groups sought to exploit in order to accelerate the implementation of an e-ID wallet. Having described the lobbying apparatus they deployed to advance their agenda, it is time to focus on a category of actors that is also looking to jump on the bandwagon: central banks.

Analyse et commentaire

Third episode: The e-ID and Central Bank Cryptocurrencies

The e-ID is at the heart of a transformation that for the moment largely escapes the attention of citizens, even though it is underway all over the world: the advent of crypto-currencies issued by central banks, also known as “central bank digital currency” (CBDC). According to many observers, it is above all the acceleration of the financial projects of GAFAM – the acronym of the web giants Google (Alphabet), Apple, Facebook (Meta), Amazon and Microsoft -, including the Diem project (ex Libra) initiated in 2019 by Facebook to create a stable cryptocurrency backed by currencies, which has pushed central banks to move in this direction.

Ultimately, the idea is to evolve current currencies into digital central bank currencies, to counter cryptocurrencies like bitcoin, launched in a libertarian spirit to prove that users could break free from banks and establish a new community monetary order. The arrival of a digital euro by 2025 has thus been announced in September 2021.

The benefits of CBDCs are presented as important, practical and desirable: reducing costs, facilitating payments, fighting money laundering and corruption, moving to a cashless economy and increasing financial inclusion. As we saw in Episode 2, the term “inclusion” is again put forward as a key concept that would justify this shift. But there is also a dark side to the CBDC system that, once again, combines control, mass surveillance and infantilization of the population. Noted whistleblower Edward Snowden summed it up this way: “CBDC is something closer to being a perversion of cryptocurrency, or at least of the founding principles and protocols of cryptocurrency—a cryptofascist currency, an evil twin (…), expressly designed to deny its users the basic ownership of their money and to install the State at the mediating center of every transaction.”

Indeed, once they are linked to accounts, themselves linked to an e-ID, CBDCs would make all transactions completely transparent, permanently removing the anonymity that cash guarantees. This aspect was highlighted by many observers in 2020, when citizens in many countries were asked to pay for their purchases by debit and credit card, if possible without contact, in order to “avoid having to handle banknotes”, even though no study has ever shown that for the population it was preferable to use this method of payment rather than cash.

The fact that CBDCs are programmable gives enormous power to the government, reminds journalist and author Laura Dodsworth: “With CBDCs, the government could know all about how you spend money through real time collection of data.”

This scenario is already a reality in China, where the digital yuan is currently being tested in several cities and can monitor all transactions. Like Western advocates of a cashless society, Chinese authorities argue that “cash is easy to counterfeit and because of its anonymity, it can be used for illicit purposes”. But “there are still gray areas on the possession and use of this yuan, noted the Journal du Net. The Chinese central bank, the PBOC, has indicated that commercial banks already have the infrastructure to distribute this currency, which implies that they will probably do it, and not the central bank. No indication either on the form even if we imagine that the QR code has great chances to be retained given its popularity in China”.

Technological limitations

The risk of function creep of the Covid-19 certificate is not only linked to the power and appetite of the players seeking to impose e-ID and CBDCs in industrialized countries. Indeed, even if public authorities develop their own non-proprietary (open source) solutions, they are considering the use of the same technological solutions, in particular public key infrastructure (PKI) and self-sovereign identity (SSI) (1) (2), which involves the use of blockchain. This is the case in Switzerland, as indicated in the working document that was presented during the 2021 consultation on the new e-ID project .

However, many misunderstandings exist and are maintained, both about what these technologies are capable of and about their degree of maturity. When voices are raised to warn against the risks that Covid-19 certificates represent as an instrument of surveillance, as well as the threat they pose to the private sphere and individual freedoms, one answer is invariably put forward: by their very nature and architecture, the technologies used would intrinsically guarantee respect for privacy, security and the assurance that each person can keep control of his or her personal data.

This is what is promised by the very fashionable concept of “self-sovereign identity” or SSI. “The advantage of SSI is that, like the Covid application, users remain in control of their own data,” summarized the Aargauer Zeitung in July 2021. The explanation given was that: “This is because SSI is decentralized; users are not dependent on a central identity service provider. They manage their digital identities themselves. Personal identity features such as name, surname or date of birth are stored in an electronic wallet on the cell phone. The state, as a trusted authority, confirms them. These are ‘Verified Credentials’.”

In reality, such assurances are at best premature, at worst misleading, because they fail to take into account a whole series of essential aspects. For now, in fact, the technology has not realized any of these promises. “This approach is relatively new, some fundamental issues have not yet been conclusively resolved and the standards are still incomplete,” admits the “Discussion Paper on the Electronic Identity (e-ID) Project” (downloadable here), in the chapter on ISS. Or: “The responsibility for the management of the verified data is fully entrusted to the user, which makes any assistance from the issuer almost impossible.” And: ”In the event of misuse of the e-ID or other evidence, it may therefore be difficult to prove that one ’was not’ the person in question.”

Does this really fit the image one would have of a secure e-ID where one is “in control of one’s own data?”

Furthermore, none of us can predict the future: as the ID2020 Alliance investigation on Swiss public television SRF noted, even if these technologies seem unbreakable today, no one can say what techniques will be available to hackers in the future. Moreover, all computer systems have backdoors which the intelligence services of industrialized countries make sure they have access to.

It doesn’t forget anything and is decentralized. Is blockchain really a good thing?

The blockchain is also in everyone’s mouth when it comes to e-ID: it would guarantee decentralization and would be intrinsically secure. But these claims obliterate the fact that blockchain is an “accounting technology”. And as such, it creates permanent logs, as explained on the portal “The blockchain is essentially an open and distributed ledger that can record transactions in a permanent way that can be verified. The blockchain is resistant to the modification of data, which makes it a great candidate for protecting and securing logs.” But it is really what we want in case of a digital identity? Do we want to create a permanent and traceable log of who does what, where or when?

Elizabeth Renieris, technology and human rights scholar at the Carr Center for Human Rights Policy at the Harvard Kennedy School of Government, a practitioner at Stanford University’s Digital Civil Society Lab and founding director of the Notre Dame-IBM Technology Ethics Lab at the University of Notre Dame (Indiana), since, as she noted in a recent article, “blockchain is meant to be a permanent and immutable digital record, it is inherently at odds with the storage limitation principle”. Elizabeth Renieris left ID2020 in May 2020, when the alliance began advocating the use of the blockchain for Covid-19 certificates.

Indeed, this overall traceability conflicts with data protection law in the EU, for example. According to the European Data Protection Regulation (GDPR), personal data must be deleted as soon as the purpose of its collection disappears or data subjects revoke their consent. However, deletion is impossible on blockchain.

Another misunderstanding is that blockchain is presented as decentralized by definition, which is supposed to be a decisive advantage for data protection compared to a centralized system. For Paul Oude Luttighuis, information architecture consultant in the Netherlands, this description falls too short.

Because the content of a blockchain is very difficult to change: “In a democracy,” he reminds us, “it is the people who write the human contract, in a political process. This one can therefore be modified”. But in the case of blockchain, ”it’s a formal logic, a software code, where there is no one to debate, adjust or make changes. Once everyone is involved in this blockchain, once its scale increases, change is almost impossible. It’s like a house of cards. There is little room for technical adjustments. We lock each other into an unchangeable social contract”. In other words, once the technology has been established, any form of human coordination is eliminated.

In fact, says Paul Oude Luttighuis, “in its ultimate concept, blockchain is a Trojan horse. It pretends to be a practical tool for our needs – often referring to our fear and distrust – but from the inside it eats away at the life of a democracy and the rule of law. These are big words, and an isolated implementation of blockchain will certainly not have such devastating effects. But the concept of blockchain with its architecture induces these effects, especially when deployed on a large scale in the conduct of public affairs”.

Technological solutionism

“The justification for these systems began in the context of public safety – a context that traditionally refrains from soliciting public feedback,” say Tommy Cooke of the Surveillance Studies Centre at Queen’s University and Benjamin J. Muller of King’s University College at the University of Western Ontario. Some of the governmental impulse to bypass public consultation is due to technological solutionism,” they say. This systemic belief, the researchers explain, postulates that “most problems – whether political, social, cultural, economic, or otherwise – can be ‘fixed’ by technology, algorithms, data mining, and so on”.

However, this ideology, which is so attractive to e-ID proponents, imposes a reductionist and simplistic reasoning that seems to ignore the reality of interactions and power relationships. Indeed, even with a system that would theoretically guarantee that the citizen remains in control of what he agrees to disclose about his identity, as promised by the hype around sovereign identity or SSI, the reality too often places us in asymmetrical situations where we have no choice but to produce the documents and information we are asked to provide: at border crossings, in our dealings with the authorities, banks, insurance companies, our landlord, our employer, etc.

For Elizabeth Renieris, a business lawyer and specialist in these technologies, it is the very idea of data ownership that is wrong, because it transforms what should be a universal human right into a property right (1) (2). Yet this model, which posits that one “owns” one’s own data, turns this data into something that, in the long run, can be sold or traded for something else. SSI and decentralized identification put all the responsibility on the individual: “The idea here is, in part, that you could decide for yourself to put your data out there for others to utilize, relinquishing control of it in the process, she explained. It may sound like a way to empower consumers, particularly in a moment when we all feel even more helpless than usual. But tech companies would love nothing more than to have you own your data and treat it like property that you can sell.”

Are we really going to vote with our bathing suits?

In March 2021, just after the Swiss people’s No to the first version of the e-ID law, the Swissinfo portal published (in five languages) an article by Ian Richards, an economist at the United Nations, who had already distinguished himself with publications publications in which he emphasized the advantages of the Covid QR code “in spite of the controversies”. His paper, entitled “How vaccine passports could make the rejection of e-ID obsolete”, was in the same vein and presented a utopia where, thanks to this device, everything could be simple, convenient and frictionless. For him, there was no doubt that the Swiss would experience the benefits of the Covid-19 certificates in the summer of 2021 and would not want to go back: ”Yes, vaccine passports remain controversial. The World Health Organization says ‘there are still critical unknowns regarding the efficacy of vaccination in reducing transmission and there has been little discussion about how these will be regulated. But if it comes down to a choice between another summer of pricey mountain resorts or freshly grilled fish at a beach-side taverna, many will likely vote with their swimming trunks, download their digital vaccine passport and travel abroad. Holiday-makers in other countries will be doing the same, and on returning home there will likely be a rush by governments to do for passports and other documents what IATA did for vaccine certificates and what Iraq, Benin and British Columbia are doing themselves. In six months the main criticism of e-ID might not be that it goes too far, but that it doesn’t go far enough.”

While the consultation on the new e-ID law in Switzerland has just been completed and the Federal Council hopes to follow the EU timetable for the adoption of this device by the end of 2022, it would be desirable for citizens to have the opportunity to think carefully about its implications and its link to the Covid-19 certificate. For, as Elizabeth Renieris noted in April 2021, these certificates must be considered in this “broader context of accelerating digital identity adoption”, with the risk that the digital identity infrastructure built and deployed in response to the Covid crisis will become permanent. “To assuage these concerns, some governments promise the solutions as temporary,” she notes. For example, the European Commission has said: “The digital green certificate system is a temporary measure [that] will be suspended as soon as the World Health Organization (WHO) declares the international health emergency over.” But the Covid-19 certificate has already proven to be a “extensible” solution (link to episode 2). In fact, she says, we need to look at how the introduction of this system is likely to shift power and normalize the ubiquitous identification across  many aspects of our lives.

For Tommy Cooke and Benjamin J. Muller, too, there is “a strong correlation” between the emergence of vaccine certificates and vaccine passports on the one hand, and digital identity systems on the other: “The way in which governments around the world are discussing and planning digital identity systems suggests that vaccine certificates and passports may be prototypes for future iterations of digital identity.”

But while the public should be able to debate these issues without censorship and with the benefit of honest and accurate explanations, it must be said that this is quite impossible in the current toxic climate.

Especially since there are many questions: “Who you are, your health status and your ability to participate in global economies” are all aspects that are now increasingly dependent on your smartphone, Tommy Cooke and Benjamin J. Muller point out: “The backend processes behind these Apps – those responsible for creating, verifying, and distributing digital vaccine certificates and/or passports – introduce unprecedented privacy and access uncertainties for citizens. Who builds, maintains, and governs these networks? What cybersecurity standards do they utilize? What kinds of data, metrics, and other secondary-use analytics take place on them, and for what reasons? Is their code open-source, and if so – who is responsible for auditing it to ensure that they are not only legally compliant but ethically responsible? More importantly are questions about the future: what does it mean to have this on always-connected, always-on mobile technologies? How will these developments transform the nature of relations between public and private sector entities? How long will these systems be allowed to run, and how large will they be allowed to become? For example, will citizens be able to keep other forms of identity on their smartphones?”

Only if citizens have the opportunity to examine these aspects and get good-faith answers will they have the elements to make an informed decision about whether they adhere to the “swimming trunks” and “frictionless” roadmap described by Ian Richards. Or, on the contrary, if they see this device as a worrying development, as the use of the Covid-19 QR code so far has given them a glimpse of what awaits them on an even larger scale. And they agree with Australian journalist Caitlin Johnstone in her conclusion: “No normal people want digital identity laws passed. Normal people aren’t sitting around going ‘Man it sure sucks we can’t prove our identity online with a digital ID that contains all our information.’ Only the powerful want this, and for good reason.”

Read Episode 1
Read Episode 2

Did you like this series? To support our work, consider donating to Re-Check.