The Act on the introduction of electronic identification with a mobile device (Smart-eID Act) came into force on 1 September 2021. It allows citizens to identify themselves in (almost) every situation using their smartphone. This article explains how the digital identity card works and how secure the data is on your smartphone.
Smart eID for beginners: how do I get my identity card onto my smartphone?
They’re part of normal life: we pull out our smartphones to perform all kinds of tasks every day. If you want to buy clothes, listen to music or simply organise the weekly food shopping, you reach for your phone. This lifestyle has become second nature to us in recent years. So the idea of installing our most personal data – our identity card – on a smartphone as well and being able to present it on request as an officially recognised document is not a stretch. The act regulating the digital identity (or ID) card has now been in force for almost six months.
But how do you go about installing the smart identification solution on your device? There is a simple way to do this – and if you follow it, you can confidently leave your little plastic card in your wallet the next time you visit a restaurant.
The ID Wallet app being issued by the federal government will become the digital wallet for citizens in the future. Our reference to the future is very deliberate in this case: although the necessary legislation is in place and technically compatible identity cards are already in use in other EU countries, the German government remains hesitant to release the app. And despite official statements that more work is required on the design, beefed-up security measures and user guidance, and that a relaunch is planned, no definite date has yet been announced.
This means that there is no way to try out the ID Wallet yet, but we can of course provide a theoretical explanation of the functions of the digital wallet here.
- The ID Wallet app must be downloaded either from the App Store or the Google Play Store and installed as soon as it becomes available.
- If you want to upload your ID card to the app, you need an online PIN for your ID card. In future, it should also be possible to request this PIN online and have it delivered by post. At present, however, a trip to the local office is still required.
- All you need to do then is hold your ID card up to your smartphone once to transmit the data from the chip in the identification document. After that, the digital ID card is accessed with a PIN.
- The PIN also functions as the password for functions like sharing data on the card with third parties – for example, for age verification.
SSI for the basic ID
In addition to the feature of being able to identify yourself online and in person using the Smart eID, the use of self-sovereign identity technology, or SSI, enables you to process non-official transactions. The ‘basic ID’ issued by the Bundesdruckerei (the printing agency of the German federal government) is the cornerstone for these types of transactions. It includes important information from the identity card and will initially be used mainly to identify yourself to companies. The system is currently being tested. For example, since May 2021, employees of participating companies have been able to check in and out of hotels without the usual paperwork while on business trips, even providing the hotel with the employer’s billing address electronically.
SSI is the technology that underpins the basic ID, which will enable the flexible, trustworthy exchange of personal data with third-party entities. What makes SSI technology unique is that users can decide for themselves whether to share their identity and how much they want to reveal about themselves. The German federal government supports this SSI approach with its initiative to establish a digital identity ecosystem. The technology for this is based on proven security mechanisms such as 2FA (two-factor authentication). This model is widely used in areas such as ID proofing, which is frequently used for setting up online bank accounts.
Another important document is also set to be added to our ID Wallet: our driver’s license. Note, however, that you must first apply to have your documents approved by the German Federal Motor Transport Authority. Also, remember that you cannot simply leave your plastic driver’s license at home. Even though verification of a driver’s license in digital form has been recognised as such, official agencies such as the police can still request drivers to produce the ‘analogue’ version of the license.
My data belongs to me
SSI technology not only allows us to choose which data we share with third parties but stands primarily for self-determined identity. This is also why the storage location for personal data is as private as the photographs we have on our smartphones. Put simply, all personal data is stored only there – on the mobile phone itself. Users process sensitive data in their internal systems themselves, thereby taking responsibility for complying with the General Data Protection Regulation (GDPR). Since citizens can also independently manage who receives which information from them, this makes everyone responsible for protecting their own data.
There’s always room for improvement: the future of the ID Wallet
Naturally, the Smart eID is not perfect. As with every new technology, it needs time to evolve, which is why the federal government has currently only made it available to selected user groups for testing purposes. This also explains why the ID Wallet app has not yet been released to the general public. One of the biggest challenges in the adoption of the Smart eID will probably be the technical implementation on citizens’ smartphones. That’s because, as things stand, only the Samsung Galaxy S series of smartphones meet the security standards required by the German Federal Ministry of the Interior and Community for the Smart eID. Smartphone vendors are currently working to install the necessary security chips in as many devices as possible by mid-2022.
In addition to the digital driver’s license verification and hotel check-ins for business travellers, there are plans for the ID Wallet to support more features in future. One example is company access management. This is based on the idea of simplifying access to major buildings and companies using digital employee identity cards and digital visitor accreditation. This will make it easy for visitors to verify their identity and their appointment.
There are also plans to use ID Wallet and Smart eID to activate prepaid contracts. In future, it should be possible to activate prepaid cards for mobile phone contracts – either online or in the shop – directly from the ID Wallet, thereby replacing the usually time-consuming video verification process as a method of confirming identity. This application is scheduled to be introduced in 2022.
One feature that aims to simplify everyday life, especially for fans of shopping, is the implementation of personal data via QR code from the ID Wallet directly into a selected customer account on an online shopping platform. All you need to do then is fill out additional data fields as required. That saves time and is good news for any erratic typists out there whose packages sometimes fail to arrive.
Last but not least, the ability to use data stored in the ID Wallet for identification purposes when opening a bank account is also planned for 2022.