Really? Seems self evident to me...The entire point of binding an employee or user to a certificate, PIN and an x509 PKI system has always been for authorization and tracking. No hand waiving required. For instance, Militaries around the world use these cards to grant access to internal systems and to track and monitor the activities of the insiders within these sensitive systems. Seeing this creeping into the general public is creeptastic.
I agree that the capability might be present, but you forget how strong a stance the EU countries have for PII. A government that would abuse an identity mechanism would immediately be public knowledge and receive universal opprobrium inside the union and most likely outside of it too.
