For citizens who want efficient, effective access to services that require identity. The need for identity isn’t going away, and a poor implementation doesn’t guard against overreach.
The EU is already doing that through eIDAS. It's basically a federated login system for government services that works (or at least, should already be working) across governments.
The implementation is not that different from the "log in with Google/Facebook/Twitter/MySpace/Apple" buttons on many websites, though the login procedure is a bit more involved because of the sensitivity of the data.
> For citizens who want efficient, effective access to services that require identity.
There are some citizens who want this. Not all.
> a poor implementation doesn’t guard against overreach.
A good implementation enables overreach as in, "Please confiscate everything belonging to John Q. Public." An effective identity enables government overreach.
My identity is just fine, but thanks for your concern :)
I can walk into my local bank branch and ask to either pay in or withdraw money and they don't ask for any kind of ID(!), or my account number, becuase they actually know me :) They even tend to say "Hello $firstname" when I walk in, even if I only called in to use the ATM.
Amazing how good ol'fashioned _offline_ identity can actually be secure.
Try walking into my local branch with faked ID of me and attempting to withdraw funds from my account.
Why would someone try your local branch instead of any one of their 200 convenient nation-wide locations that all have access to your money and don’t know what you look like?
Personal trust as a foundation for identity became an untenable option as soon as the modern age arrived and our world expanded beyond our immediate geographic area.
Eventually every system boils down to personal trust, from the doctor that certifies you were born, to the person looking at the computer screen in a licensing office who is deciding if she is going to issue the license. There is no escaping this.
Identify theft happens because you have weak online identity protections. Strong e-id systems as can be found in many parts of Europe almost completely fixes that. Where I live nobody is afraid of identity theft since you can't do anything just because you know someone's names, addresses or numbers.
Suppose I have my personal QWAC installed in my browser. Does this mean that I won't be able to visit $BIGSITE without authenticating and logging-in?
That wouldn't make things more efficient - it would create friction, because I'd have to switch browsers if I wanted to visit a site that I didn't want to authenticate to; or do some settings fandango to disable QWAC before clicking a link.
In Poland you can do a lot of things digitally by authenticating on governments sites with your Bank (Imagine "Continue with your bank" instead of "Continue with Google" or "Continue with Facebook"). It's nice because bank already verified my identity when I was creating a bank account. I did not have to scan&send anything, go verify in some office etc. and I was able to do multiple things: change how my company is taxed, register for COVID vaccination, government census.
Due by whom, and for what?