The electronic identity is a digital identity card issued by the Confederation. If the e‑ID law is accepted this Sunday, this optional and free digital card will be stored on the mobile phone of anyone who wishes to obtain it.

It will allow people to prove their identity online, for example to order a criminal record extract, open a bank account, or obtain an electronic driver’s license. It will also be possible to use it to prove one’s age online, for instance when ordering alcohol.

The electronic identity could also be used in the physical world, just like a conventional ID card. If the result at the polls is “yes”, the e‑ID will be launched in summer 2026 at the earliest.

Loi sur l’e-ID (Le Conseil fédéral suisse)

The Swiss people rejected the introduction of the e‑ID in 2021, mainly because it would have been issued by private companies, which posed risks for personal data protection. This new version of the electronic identity, this time issued by the State, was adopted by the parliament in 2024. The referendum launched by the group Digital Integrity Switzerland, the Young UDC, the Federal Democratic Union, the Friends of the Constitution, the Pirate Party, and Mass‑Voll succeeded in May this year.

Here are the main arguments from the “yes” and “no” camps, followed by my commentary on this electronic identity.

The advantages of the e‑ID

• It would offer a better protection of the private sphere. Until now, people who need to prove their identity online, for example to sign up for a mobile phone contract or to open a bank account, are sometimes asked to send a photocopy or a scan of their physical ID card. That process is not secure from a data protection standpoint because there is generally no guarantee about who can access these documents, how they are processed and where they are stored. With the e‑ID, authorities and businesses would only be able to view and record the data strictly necessary for the specific transaction. For example, an online alcohol shop could verify that its customers are of legal age without knowing their exact birth dates. In such cases, users would disclose less information than when presenting a physical ID.

• It makes it possible to do administrative procedures from home. The e‑ID allows people to obtain official documents or sign contracts without having to visit the office of an administration or go to a bank. This can be especially beneficial for people with disabilities or reduced mobility, provided they have a smartphone and feel comfortable with digital tools. Services would also be available outside normal office hours, offering greater flexibility to the population, according to National Councilor Gerhard Andrey, vice‑president of the parliamentary group responsible for IT issues.

• It improves proof of identity. “​In the era of artificial intelligence and ‘deepfakes’, authenticity will become the currency of trust. Reliable electronic identification therefore becomes increasingly important,” says Gerhard Andrey.

• It strengthens Switzerland’s digital sovereignty. The e‑ID would be managed by the Confederation and hosted in datacenters located in Switzerland, reducing the risks of abuse. If the law is rejected, international tech firms could seize that market and impose private electronic identification solutions, explains Federal Councillor Elisabeth Baume‑Schneider.

The disadvantages of the e‑ID

• It could expose more personal data. Data stored in the e‑ID could be requested not only by public institutions (for example the federal administration when verifying a request for a criminal record extract) but also by private companies “when absolutely necessary for the reliability of the transaction, notably to prevent fraud and identity theft” (Article 23, paragraph 1.b of the e‑ID law), notes the “No to the E-ID Law” committee. If the e‑ID is approved, there is a risk that online platforms, which previously only asked an email address to do a transaction, might start demanding data from the digital ID card. This would be a step back for personal data protection.

• It is not completely secure. “The Confederation’s digital projects, such as the e‑ID, are often presented as State‑run, but that is not entirely accurate: the wallets [a type of application on the phone] which will store the e‑ID will be installed on smartphones over which the State has no control,” warns Adrian Lobsiger, the Federal Data Protection Officer. The Federal Office of Justice told Le Temps that it is aware of this dependence on smartphone manufacturers for hardware, operating systems, and app stores. Because the e‑ID would be stored on users’ phones, those devices will have to be equipped with technology capable of safeguarding cryptographic keys, which is not always the case. At this point, the Confederation has not yet found a technical solution guaranteeing that entities requesting e‑ID data, for example online merchants, cannot link that data to other information about the e-ID holder.
  Furthermore, it is possible that private wallet providers might later be allowed to store and present the e‑ID, “provided they meet strict conditions set by the Federal Council,” according to a proposal from the Commission of legal affairs of the Council of States. The fact that private technology companies would store the e-ID is another risk in terms of surveillance and data leaks, especially if the source codes of those apps remain closed. Moreover, foreign companies could be subject to more permissive data protection laws.

• It could increase mass surveillance. Each e‑ID is linked to a unique identifier stored in a centralized registry. “Unique identifiers across all e‑ID data would enable monitoring of citizens’ behavior, violating privacy and posing risks such as discrimination, control, and manipulation of individuals and democracies,” warns the “No” committee. They add that “the impossibility of linking different data from the e‑ID and/or from other datasets is not guaranteed anywhere in the law.”

• It fuels the surveillance capitalism economy. The commercial exploitation of the e-ID data is not prohibited by the law on data protection and could thus fuel the surveillance economy, argues the “No” committee. It explains that “thanks to the e-ID, companies can freely collect, correlate, and analyze data to build behavioral profiles of the citizens. These profiles can be used for advertising or political influence.” Personal data verified by the State are “extremely valuable” on the data trading market, stresses Monica Amgwerd, secretary general of Digital Integrity Switzerland. If the law passes, this data could thus end up on servers of Swiss or foreign tech companies.

• It amplifies hacking risks. Digitizing identity card and passport data increases the amount of highly sensitive personal information circulating in cyberspace. This data is particularly precious because it is verified by the Confederation and can link internet users to their official identity. The high value of this information represents an additional risk because cybercriminals or other actors will probably want to obtain it.
  In 2023, the federal police FedPol, which manages the e‑ID, handed highly sensitive data to an external IT provider that subsequently was targeted in a cyberattack. Over 900 GB of stolen data were later posted on the dark web. Earlier this year, a cyberattack against the Swissmem compensation fund exposed more than 300 GB of data, including personal details of the employees of companies working with the army, such as Ruag and Crypto.

• It will sometimes involve biometric data collection. If the e‑ID is approved, the persons who want to obtain it will be able to request it either at a passport office or online. In the latter case, FedPol will be allowed to collect biometric data during the identity verification (Article 17, paragraph 4 of the e‑ID law). Biometric data, which is very sensitive, is obtained by a computer analysis of the face. It is this data that fuels facial recognition softwares, a type of surveillance enabled by artificial intelligence which is used increasingly around the world.

• It might cease to be optional. The e‑ID law does not guarantee that the digital ID will remain optional in all circumstances. It is thus possible that it will become mandatory for certain uses over time.

• It is expensive. The implementation costs until 2028 are estimated at CHF 182 million (around $230 million), with operating expenses from 2029 projected at around CHF 25 million per year (around $30 million).

Commentary

This vote takes place in a context which is already fragile in Switzerland regarding privacy protection and State surveillance. A partial revision of two ordinances related to the surveillance of communications, which were recently opened for consultation by the Federal Council, looks like a massive extension of digital communications surveillance, according to a commentary in Le Temps that I mentioned in my article “Switzerland could shift into a surveillance society”.

Alexis Roussel, director of a cybersecurity firm, is an opponent of the e‑ID law. In an opinion published in Le Temps, he writes: “How can we believe the Federal Council wants to protect our digital life when it modifies the ordinance related to the surveillance of communications and drives out of Switzerland the companies that develop tools that protect us, such as Proton and Threema? The paradox reaches its peak!”

Public trust in the Confederation was already shaken in 1989 by “the files’ scandal”. A parliamentary inquiry commission discovered that the government was spying on 900,000 citizens in the country. Four decades later, the volume of written, audio, image and video data that can be collected and analyzed has increased massively. “Furthermore, there is biometric and genetic data, as well as the flow of metadata, such as locations, that are generated by the use of smartphones,” explains Adrian Lobsiger, the Federal Data Protection Officer, in a an article published in 24 heures. All this data can potentially be monitored, especially as computing power for analysis and comparison has also dramatically increased since 1989. Artificial intelligence further amplifies mass surveillance as well.

The new e‑ID law could thus increase online surveillance by making it easier. Today, online transactions occur between a website and a user. In the future, the State could also be involved. The article 3, paragraph 4 of the e‑ID law states that upon request by a private verifier (an online shop for example), the Federal Office of Information Technology and Telecommunications will confirm that the identifier (the e‑ID) supplied by the user belongs to its database. The State will thus receive a signal that this identifier was provided to that verifier, that is, that this person signed up or made a purchase on that website.

Moreover, the electronic identity would end the anonymity that internet users have toward private companies in certain cases, because they would have the right to demand it “to prevent fraud and identity theft.” What will Swiss and foreign private companies do with the data contained in the digital IDs? Will they respect data protection? Will they sell that information to data brokers? It will be difficult to know.

A new cyberspace

We seem to be on the brink of a major transformation of cyberspace. Until now, we have navigated on the internet with a certain degree of anonymity, using different pseudonyms or email addresses depending on the websites. We are now moving toward a digital universe where platforms and social medias will learn, little by little, our official identity.

This is an international issue. While Switzerland is preparing to vote on the e‑ID, other countries have already taken the step (for example China, Estonia, Germany, and Denmark) or are in the process of doing so (for example the United Kingdom, Belgium, Italy, Spain, and Portugal). The European Union wants at least 80 % of its citizens to have a digital wallet by 2030. The launch of the “EU Digital Identity Wallet” is scheduled for next year to allow citizens, residents and businesses in Europe “to prove who they are when accessing digital services.”

Platforms also have another way of linking their users to their official identity. They do so with age verification, which is now mandatory on some social medias in certain countries, with the stated objective to prevent children from accessing them. To ensure users are over 16, for example, these platforms typically ask for a photo of an ID and a selfie. Thus, we move from a usage based on a pseudonym to a usage based on an official identity. This is now the case in the United Kingdom, Australia, Spain, and in several U.S. states, among others. Many other countries are considering similar measures.

Another controversial measure is moving forward in the European Union. A legislative project dubbed “Chat Control” seeks to combat the sharing of child sexual abuse material and the online solicitation of minors by pedophiles. This text should be submitted to the vote of the European Union Council in October. If adopted, platforms and messaging apps, including those who offer end‑to‑end encryption such as Signal or WhatsApp would be obliged to analyze all messages, images and videos and report illegal contents to authorities. This would be a widespread surveillance of our online conversations.

In this video from GBNews, journalist Bev Turner explains the risks with the “BritCard,” the UK’s digital identity. According to her, this British e-ID is “the foundation of a surveillance State.”

Digital ID Trap: Why You Should Be Worried About Government Overreach (GBNews)

Cybersecurity risks

Using an electronic identity carries cybersecurity risks. In her book Information Security Essentials, Susan E. McGregor, an associate research scholar at Columbia University’s Data Science Institute, recommends two fundamental principles to reduce the risks of data theft online. The first one is compartmentalization: don’t use the same password on different websites. This way, if a password is stolen, hackers can only access the one platform where that password is used. The second principle is data minimization: limit the amount of personal data that is accessible to others to reduce the risks of this data being stolen and exposed.

By using an e‑ID across many sites (i.e. the same login), it goes against the principle of compartmentalization. By digitizing the data on our ID card or passport, and then by transmitting this information to websites, it goes against the principle of data minimization.

Privacy is power, ft. Carissa Veliz, Roger McNamee & Carole Cadwalladr (The Citizens)

A slippery slope

Is it advisable to increase the likelihood that our personal data becomes the target of cyberattacks? Is it wise to facilitate State or corporate surveillance of our online activities and purchases? Being cautious would mean answering “no” to both questions.

Nevertheless, as identity verification becomes increasingly commonplace online, using a State‑issued e‑ID may be a lesser evil compared with handing our data over to private companies, but only when it is absolutely necessary.

It is important to recognize that we are moving toward a slippery slope regarding personal data protection on the internet. Collection of the information on our identity cards, biometric analysis of our faces, and maybe soon the surveillance of our private communications… All these practices are done in the name of security or child protection. But online messages that are legal today could be illegal tomorrow, in a completely arbitrary manner.

Let’s take for example the United States, where Donald Trump is attacking freedom of speech and declared the anti‑fascist movement “Antifa” a “domestic terrorist organization.” What if similar anti‑democratic practices also spread across Europe? The States will know our online activities and target those they consider as political opponents.

In a world where many crises accumulate, sometimes reaching extreme cruelty and injustice, we must stay vigilant about the changes happening in cyberspace, a mirror of the real world political movements. With a beautiful objective, always: the preservation and strengthening of democracy.

- Arnaud Mittempergher