> The risk is letting criminals/politicians correlate all the information on individuals
But this is already happening with the current data leaks. In fact if digital cryptographic ID was widespread it would make a lot of identity theft attacks (where bad guys use leaked data to impersonate someone and steal their money or take out a loan) obsolete as only cryptographic ID verification would be accepted.
> I don't know how exactly that would work, but from my experience of linux admin, I don't share private keys between devices as that would prevent me being able to revoke any keys that may be leaked.
The normal way to do this would be to implement a PKI. You need to bootstrap the system, so you'd use your passport/etc and get a certificate issued against your device's private key, that cert is valid for X days and can be renewed, etc. There are many options and trade-offs for each but the point is that it's absolutely possible to make such a system secure enough.
But regardless of which way they implement it, a complete compromise of the system is of no risk to the average person; the system would become known as compromised and everyone can now disavow any actions made with their digital ID. The danger is if the system is silently compromised and the attackers only exploit a small selection of targets, but even then the average person has little to fear as they will not be interesting/important enough to waste such as exploit on and potentially risking discovery.
> then why are we wanting to pay lots of money for a fragile and possibly privacy invading system?
The bulk of the money would be spent on implementation, not operation; if the system is broken, patching the vulnerability and reissuing every ID is all it takes, so it's not like a vuln immediately means all the money is lost... and even if it was, it may still be worthwhile if during its years of operation the system saved enough money not having to do ID verification the conventional, insecure way.
But this is already happening with the current data leaks. In fact if digital cryptographic ID was widespread it would make a lot of identity theft attacks (where bad guys use leaked data to impersonate someone and steal their money or take out a loan) obsolete as only cryptographic ID verification would be accepted.
> I don't know how exactly that would work, but from my experience of linux admin, I don't share private keys between devices as that would prevent me being able to revoke any keys that may be leaked.
The normal way to do this would be to implement a PKI. You need to bootstrap the system, so you'd use your passport/etc and get a certificate issued against your device's private key, that cert is valid for X days and can be renewed, etc. There are many options and trade-offs for each but the point is that it's absolutely possible to make such a system secure enough.
But regardless of which way they implement it, a complete compromise of the system is of no risk to the average person; the system would become known as compromised and everyone can now disavow any actions made with their digital ID. The danger is if the system is silently compromised and the attackers only exploit a small selection of targets, but even then the average person has little to fear as they will not be interesting/important enough to waste such as exploit on and potentially risking discovery.
> then why are we wanting to pay lots of money for a fragile and possibly privacy invading system?
The bulk of the money would be spent on implementation, not operation; if the system is broken, patching the vulnerability and reissuing every ID is all it takes, so it's not like a vuln immediately means all the money is lost... and even if it was, it may still be worthwhile if during its years of operation the system saved enough money not having to do ID verification the conventional, insecure way.