Does anyone have more knowledge about how they use the digital identities in Estonia? It sounds like everybody has a personal key that they use for signing stuff. Is that correct? How is it distributed? If so, that's the most fascinating part of the article to me.
We all have either a credit-card sized chip card with our keys or a similar mobile SIM card which uses SIM applications. Using those we can do basically everything online, be it authentication to private or public services (using PIN1), or digital signatures (using PIN2).
Is there much concern in Estonia about the potential privacy leaks? We also now have digital ID cards here in Portugal, but its use is for now fairly limited - you can use them to log in to some governmental sites (like the IRS), but no banks or other sites have adopted them.
I read on Wikipedia that some of your newspapers have started requiring it to comment on their articles, and I'd be wary of such developments, since they're so easy to justify (even to oneself) and to accept (since it makes authentication even easier than remembering password).
How do you deal with the fact that most sites would like to have your unique, cross-site identifiable key fingerprint?
Web commentary columns of some Estonian newspapers, most notably Eesti Päevaleht, used to support ID-card based authentication for comments. This approach caused some controversy in the internet community.[3]
People are too lazy to use ID cards for something like commenting. More importantly though, most Estonian comments are anonymous with people attacking each other or politicians or whoever they like. Nobody wants to comment using their real identity.
Instead of government-in-exile, we can now have roaming governments, with no physical land, but with laws and services operating within a framework. It is government without a country and it puts everyone on equal footing when trading and building a reputation. Do we even need nation states any more?
Perhaps we will see the first virtual governments soon, existing solely as an interface to facilitate identification, arbitration and trust. It could be done over the internet and be a real example of virtual democracy. Looking forward to it.
I have always thought that we'll have some internet courts of arbitration that would cut through the red tape of dealing with many jurisdictions. But can we have sovereign states that exist only in the internet? I doubt - maybe there will be some ingenious crypto systems that would make the systems more and more independent form the physical servers (in a way like the bitcoin system) - but eventually still the physical states will always be able to switch off the virtual states if they wanted to and if they cooperated.
The crucial question here is if the virtual state can do anything that would be in conflict with the state that has jurisdiction over its servers.
I think that with some advanced cryptography this can work to some extent (with servers behind tor and distributed in a manner that there is no one god-admin) - but in the end http://aeon.co/magazine/technology/on-the-high-seas-of-the-h...
This sort of happens with shipping, corporate and domain registries. One day Tuvalu will sink, but its domain is too valuable to abandon and will continue. Hardly anyone can point to Liberia on a map, but over 10% of the worlds shipping is registered there^. The CEO of HSBC is paid through a Swiss bank account belonging to a Panamanian nominee company.
Facilitating non-identification, unaccountability, lopsided arbitration schemes, and evasive business is big money.
^"There" is of course an office in London, not actual Liberia.
