They did not hide their enthusiasm.

A digital test and vaccination certificate ‘will propel the whole digital ID field. This is not just about COVID-19, but about something far bigger,’ Andrew Bud told Forbes business magazine last February. Bud is the founder and managing director of iProov, a London-based company that sells facial recognition technology and developed the British corona app.

The CEO of Simprints, a UK start-up that also develops biometric techniques, called it ‘an opportunity to launch systems of tomorrow’. Thales, the French defence and tech company, wrote in their blog posts that the corona entry pass will serve as a ‘stepping stone for the introduction of a digital ID card’. It asked governments to ‘create a platform for a more ambitious digitisation of identity and health data’.

Almost two years into the pandemic, Europe is now taking the first steps towards much broader use of digital identification systems other than the corona entry pass.

Frenchman Thierry Breton is the European Commissioner (industrial policy and digital internal market) and former director of France Télécom and IT company ATOS, which, among other areas, focuses on payment processing and other areas.

The design of the European Corona app was only a ‘first version of what could develop into an ultimate digital wallet,’ the European Commission told Follow the Money. This development is moving fast, says the spokesperson. ‘We will continue to work on this with the Member States in the coming months.’

The Netherlands plays a leading role in this trend towards a broader digital identity. A European prototype will soon be tested here. It concerns a lucrative market: according to analysts, it will be worth more than $30 billion in 2024 and perhaps as much as $50 billion in 2026 for products and services related to digital identification processes.

Big Tech – think Microsoft, IBM, Mastercard – is therefore prominently represented in the campaign for a global digital ID system. And that same lobby is particularly active with appeals for a corona entry system, tech-scientist Elizabeth Renieris wrote in What’s really at stake with vaccine passports. She is affiliated with the Notre Dame, Harvard and Stanford universities.

From QR to eID

With a digital document or eID, citizens can prove their identity at government offices, banks, and companies through a unique identification code linked to personal data. Name, date of birth and gender, but also biometric data derived from facial recognition systems (information about size and distance between eyes, mouth, nose and ears), iris scans (shape, colour, pattern and texture of the eyes) and fingerprints.

The European Commission sees a method for the ‘unequivocal identification of a person to ensure that the right person is provided with the right service which they are entitled to’.

Supporters of a digital ID often refer to India. The world’s most extensive eID system was launched there in 2009: Aadhaar, a 12-digit identification number needed to buy a house or to access government services, and already used by 1.3 billion people. It is linked to a payment system operated by Mastercard.

System errors are common in Aadhaar

‘This is the most advanced system in the world,’ American Paul Romer, then chief economist of the World Bank, told the media company Bloomberg in 2017. ‘It would be beneficial for the world if this is introduced globally.’

Aadhaar has its shortcomings, critics say. They highlight the case of Mrs Premani Kunwar (64). According to human rights organisations, she died in 2017 after her pension was deposited into the account of her husband’s ex-wife – the ex-wife had been dead for 25 years. She was also denied food due to errors in the food distribution system.

According to human rights activists, system errors are common: due to a bad Internet connection, server or other technical problem, and incorrectly entered data.

There are more harrowing stories.  A reputable lawyer wrote that, according to a mother begging for rice, her 11-year-old daughter died because their family card for the food bank was not linked to Aadhaar. She believes that citizens ‘are being enslaved with a card’.

The controversy dates back years. But the system has not improved, writes Indian anthropologist and bioethicist Sunita Sheel Bandewar in an email to Follow the Money. ‘On the contrary, it has become worse during the pandemic. And marginalised groups suffer the most.’

Nigeria also serves as proof that the introduction of a digital identity document can have major consequences. In August, news agency Reuters wrote that in that country, an eID has become mandatory to ‘open a bank account, apply for a driving licence, vote and submit tax returns’.

‘The end of freedom’

Despite concerns from privacy watchdogs, both governments and companies are steadily working on introducing a digital ID – containing a lot of personal information – for as many people as possible.

And for many purposes. Taking out a loan, checking creditworthiness? Information about education or career? It can all be linked to the digital ID. Information about your behaviour on social media? Ditto.

‘Identity is utterly fundamental,’ says Bart Jacobs, professor of privacy and identity at Radboud University. ‘Passports have been organised quite well, physically speaking, but not yet online. Large corporations have been trying for years to achieve a standardisation that suits them, and now they figured: let’s hitch a ride on the pandemic and come up with a solution that puts us in control. You can see where this is heading.’

‘A surveillance state could emerge, in which everything will be stored in order to steer people in various ways, both politically and commercially’

​According to Jacobs, if major parties have their way, ‘a surveillance state could emerge in which everything will be stored in order to steer people in various ways, both politically and commercially’.

The usually cautious Jacobs says that if politicians make the wrong choices now, he fears ‘the end of freedom as we know it’. Behind the campaign for digital data collection, there is ‘a surveillance agenda which we must oppose,’ he says.

Harvard scientist Elizabeth Renieris compares the current situation to the attack on the Twin Towers, a tragedy that was seized upon to implement far-reaching measures. ‘If 9/11 brought us into an era of mass surveillance, the pandemic has the potential to bring about an ID scramble, the introduction of the era of ubiquitous identification and the end of anonymity.’

Director Vincent Böhre of the Privacy First Foundation notes that ‘the end of anonymity would be a disaster’ for journalists or activists. ‘This could lead to life-threatening situations, especially in certain regions.’

Böhre: ‘Every citizen should be able to walk around in public, go shopping and express their opinion anonymously. Otherwise, you get a chilling effect, a subconscious psychological feeling that occurs when people feel they are being watched and when they can no longer freely and anonymously conduct transactions, go to bars and restaurants, or travel.’

The European Commission is well underway with constructing a ‘framework’ for housing identity data according to the principle that everyone is ‘master of their own data’: the European Self-Sovereign Identity Framework (ESSIF). This framework is intended to become the ‘golden standard’ and is part of the European Blockchain Service Infrastructure (EBSI).

Dutch senior officials are involved in building the framework. A prototype is being tested in the Netherlands with the identity data of an exchange student. The prototype also contains information from the Social Insurance Bank (SVB), the Education Executive Agency (DUO) and the Immigration and Naturalisation Service (IND).

​‘If it all works out, the Netherlands will soon be one of the first countries to have SSI with a high degree of reliability,’ is what is proudly stated in the Ministry’s online magazine. A spokesperson for Home Affairs emphasises that the use of self-sovereign Identity in blockchain is still in the research phase. ‘The social purpose is paramount, not the technology.’

However, Professor Jacobs is not very amused by the choices made by the Dutch state. ‘When the European Commission indicated that it wanted an eID, it seemed to be largely based on the technology behind our authentication platform IRMA. We had already built it. Open source, privacy-friendly. So we figured: come and have a look.’

‘But instead, the Netherlands started working on a blockchain project. Moreover, millions are being spent on it. Personally, I think it is completely absurd.’

​The lobby

In recent years, governments worldwide have been put under considerable pressure by the digital ID lobbies of multinationals, think tanks and other organisations that see the COVID-19 vaccination campaign as an instrument for achieving their goals.

This notion is hardly new. In 2018, think tank ID2020 described how a vaccination campaign in Bangladesh could serve as an ‘entry’ to further digitalisation. ‘Vaccination offers a great opportunity to give children a sustainable, portable and secure digital identity early in life,’ the organisation wrote on Medium.

ID2020 is the most influential digital ID advocacy group. This think tank was founded long before the pandemic by, among others, Gavi the Vaccine Alliance, which aims to increase global access to vaccinations. Other founding fathers include the philanthropic Rockefeller Foundation, the consultancy company Accenture, and tech giant Microsoft.

Meanwhile, more companies have joined ID2020, including Mastercard, Facebook and the aforementioned biometric start-up Simprints. The think tank ‘houses some of the biggest players,’ says Alexandrine Pirlot de Corbion of Privacy International. ‘In terms of scale, they have a huge market share in different aspects of digital ID.’

In April 2020, ID2020 director Dakota Gruener published a report on ‘immunity certificates’. It appeared under the Harvard University umbrella; however, Gruener expressed sincere gratitude towards ‘the management, technical advisory committee and staff’ of ID2020 and some scientists and staff from Apple and Microsoft.

‘I can no longer be part of an organisation that is heavily influenced by corporate interests and only pays lip service to human rights’

Shortly after publication, professor Elizabeth Renieris, at that time technical advisor to ID2020, resigned. In her farewell letter, she wrote: ‘I can no longer be part of an organisation that is heavily influenced by corporate interests and only pays lip service to human rights.’

​​Renieris foresaw major consequences on human rights and civil liberties due to ‘vaccination passports based on blockchain’. The technology, in particular, made her suspicious. Shortly before resigning, she and two fellow scientists wrote a blog post on ‘the dangers of blockchain in corona passports’. She described it as ‘more than dystopian’.

Blockchain

Blockchain is a decentralised network that records transactions and actions permanently. The technology is characterised by the fact that hacking and modifying or erasure of data is not possible. This makes it extremely secure.

That is precisely why Renieris objects to it. ‘Blockchain is intended to be a permanent and unalterable digital record, which inherently contradicts the principle of storage restriction.’

According to the European data law, the AVG, data must be deleted as soon as it is no longer required or when people withdraw their consent. But with blockchain, it is not possible to delete anything, Renieris wrote. Thus, more and more information is added to the system, information that cannot be deleted. Data is recorded for eternity.

According to law, data must be deleted as soon as it is no longer required. But with blockchain, it is not possible to delete anything

According to Renieris, ID2020 initially wanted to reference blockchain as a desirable solution in Gruener’s report on immunity certificates. She claims that in the end, that part was deliberately left out to avoid having to enter into a debate with her. But that did not eliminate the aspirations.

​Eighteen months later, more than 125 companies, institutions and government organisations have joined forces to form the Good Health Pass Collaborative, which aims to create a global standard for the corona pass. Many companies with biometric products such as face recognition techniques are affiliated, and ID2020 is the coordinator. The most recent press release from the Good Health Pass Collaborative clearly indicates which technology is considered a done deal: everybody wants blockchain.

Big Tech

One can almost always find links to the business world among advocates of a corona passport.

Key players include Microsoft, with identity ‘at the top of the agenda’ and a vast lobby network; Mastercard, which entered into a ‘strategic partnership’ with Microsoft in 2018 and is already experimenting in Africa with the linking of vaccination status, biometric data and payment options; and IBM, which participated in the blockchain QR in Germany.

The role of non-profit organisations is also interesting, such as the Bill & Melinda Gates Foundation, the Omidyar Network and the Rockefeller Foundation, who often act as financiers, and who tend to fuel conspiracy theorists.

​Multinationals hardly ever publicly appeal for a ‘corona entry pass’ under their own name. These appeals often come from foundations, think tanks and coalitions such as the Trust Over IP Foundation, the Commons Project, the Tony Blair Institute for Global Change, the Centre for Global Development and the Vaccination Credential Initiative, which almost always have partners in ‘Big Tech’ or ‘Big NGO’ circles.

‘They are pushing this agenda because they have products to sell’

​‘They are pushing this agenda because they have products to sell,’ says Pirlot de Corbion of Privacy International. ‘They are either involved in services, in infrastructure, or in access to infrastructure.’ The Tony Blair Institute for Global Change, for example, repeatedly praised the Good Health Pass Collaborative.

According to Privacy International, these organisations are not concerned with public health but with a commercial agenda. Thus ‘the deaths of hundreds of thousands of people worldwide are being misused for self-interest’.

The corona entry pass will irrevocably lead to mission creep: in other words, the wider introduction of a digital ID, Pirlot de Corbion warns. ‘Often, a single purpose is mentioned during the introduction, but then people turn around and say: why don’t we also use it for X, Y or Z?’

In Switzerland, a digital ID system was rejected by referendum. However, the Swiss will also come round, or so Ian Richards, a United Nations economist, predicts. In March, Richards wrote: ‘When it comes down to choosing between another summer in expensive mountain resorts compared to freshly grilled fish in a beachside taverna, many will probably vote already dressed in their bathing suits, download their digital vaccination passports and travel abroad. In six months, the biggest criticism of eID will no longer be that it crosses the line, but rather that it does not reach far enough.’

The model citizen

Experts have been approaching the idea of a digital ID with caution for years. Tommy Cooke, a surveillance expert at Queen’s University in Canada, and his colleague Benjamin J. Muller of the University of Western Ontario in London told Follow the Money that ‘although these systems are supposed to be very safe and reliable, they also present great risks’.

‘In six months, the biggest criticism of eID will no longer be that it crosses the line, but rather that it does not reach far enough’

‘We encourage everyone to ask themselves the following question: what does it mean to digitise identity, and what is a model citizen within a digital ID system? How will his citizen profile be used? Information in a digital ID system includes citizenship, gender, legal status, physical characteristics, personal preferences,’ the scientists say. ‘There will be many people who, on paper, will not precisely match up to the model citizen. They may be subject to travel bans, extensive checks or other restrictions on civil rights and freedoms because, for example, they have an extra passport, have travelled to certain areas, because of their work or because of their marital status.’

Brussels and The Hague seem to have come to an agreement. André de Kok of the Dutch National Identity Data Service is involved in both the Dutch and the European projects. Back in 2018, he described for the United Nations how he envisions the future of a digital identity system based on blockchain:

‘Information about the traceability of events and decisions made is of particular importance for the balance between control and facilitation; knowing why, when, who and what needs to be checked. This information is used to monitor people’s movements and their access to services and benefits,’ De Kok wrote in the report The Legal Aspects of Blockchain, for which Sigrid Kaag wrote a foreword.​

House of cards

Another and more critical author in that UN report, Paul Oude Luttighuis, already posted a  in 2017 with a completely different tone. According to him, the large-scale use of blockchain in political circles is ’a dream scenario for those who wish to accumulate power without having to account for it’.

‘A dream scenario for those who wish to accumulate power without having to account for it’

According to Oude Luttighuis, once a blockchain system has been up and running long enough and enough people have joined, it is virtually impossible to modify it. ‘In a democracy, people write the contract together. That happens within a political process,’ he says in an interview with Follow the Money. ‘But because blockchain is built on formal logic, it offers no possibility to make adjustments. It is a house of cards without the realistic possibility to intervene. This way, we will trap ourselves in an immutable social contract.’

Therefore, although the technology works in a decentralised way, the power is entirely centralised, ironically enough: ‘The central power of blockchain is precisely that contract, or whoever drafted it,’ Oude Luttighuis wrote. ‘They have one chance – and in the process, they immediately determine the rules of the game.’

Devastating effects

‘For the one setting and controlling such contracts, these may seem quite smart contracts indeed, but once scaled sufficiently, they turn into killer contracts for the participants. Can’t they leave the block­chain then? Well, only at the cost of exile, and of having to build another one themselves,’ writes Oude Luttighuis in his LinkedIn article. To illustrate that contract, he chose a picture of handshake between a human and the devil.

Although experts like Renieris and Jacobs have a different view on a digital ID, they share a somewhat sceptical view of blockchain.

Other experts enthuse about the personal freedom of blockchain, but it is the opposite of freedom, says Oude Luttighuis. ‘Blockchain is a Trojan horse. It pretends to be a convenient tool for our needs, often based on fear and distrust, but from the inside, it eats the life out of a democracy and the constitutional state. Those are big words, and a single blockchain implementation is unlikely to have such devastating effects. But the architecture of blockchain brings with it these effects, especially when deployed on a large scale in the execution of public affairs.’