[HN Gopher] BundesMessenger, a secure messenger for Germany's pu...
___________________________________________________________________
BundesMessenger, a secure messenger for Germany's public
administration
Author : nickexyz
Score : 452 points
Date : 2022-12-16 14:01 UTC (8 hours ago)
(HTM) web link (element.io)
(TXT) w3m dump (element.io)
| foepys wrote:
| Germany was quite advanced when it came to technology but then
| the drive to make more of it somehow stopped.
|
| It has always been incredibly sad to me that the German ID card
| (Personalausweis) has an RFID chip inside with trust zones,
| certificates, authorization features, and much more and just
| never had been used. Like at all except for getting cigarettes at
| vending machines.
|
| 12 years after the first RFID Personalausweis had been issued it
| is only possible to register your car in _some_ cities. Maybe
| there are other minor uses but it 's negligible.
|
| It's a very cool technology with a certificate authority and
| cryptographically secured claims for various things (proving you
| are over 18 without revealing your DOB, only giving out the name
| and address, authenticating as a German citizen, pseudonymity
| with separate identities for each service you use etc.). All
| functionality is also available for use over the internet.
|
| The German Wikipedia has a good overview:
| https://de.m.wikipedia.org/wiki/Personalausweis_(Deutschland...
| sandos wrote:
| Its fascinating what EU can accomplish, but in my mind drivers
| licenses and "national IDs" (that are usable when travelling in
| EU) should be merged and unified over the union. Imagine how
| much simpler things would be! And this tech used in Germany
| sounds like a very nice base for it.
|
| I mean I would also make them passports but I think that is
| impossible.
| woah wrote:
| Makes a lot of sense with German culture IMO. There's a culture
| of doing your job very well, but not much of a culture of
| thinking outside of the box or shaking things up.
|
| Some Herr Doktor probably followed all the best practices to
| implement "trust zones, certificates, authorization features,
| and much more" in the ID, doing their job really well. But
| actually changing the processes to use those features is not
| anyone's job, and might actually eliminate a lot of jobs, so it
| never happened.
| numpad0 wrote:
| I think modern political criticisms might be too dismissive
| of inefficient bureaucratic developments, or we might be
| taking criticisms too seriously.
|
| They might be slow, complicated, budgeted terribly,
| unbelievably incompetent by standards of typical for-profit
| mega corporation, but a lot of those projects work at first
| try and works for decades, in the end.
|
| SLS capsule came back in one piece on first try. That German
| ID system probably works too. And that's great.
| cscurmudgeon wrote:
| It is good this project is failing.
|
| Such a thing will never fly in the US. Both the left and
| right will rightfully or wrongfully oppose it for different
| reasons.
|
| Edit: E.g. see the left opposing voter ids in the US.
| lzauz wrote:
| znpy wrote:
| I wouldn't call such people mentally invalid.
|
| However, as an Italian, i understand your feelings.
|
| Public administration has always been the land of
| bureaucratic people that want to see sheets of paper, stamps
| and signatures.
|
| They're almost often unfamiliar with technology and they are
| mostly unwilling to change their workload.
|
| The real problem if very often that upper management is often
| also old and unfamiliar with technology too, hence incapable
| of understanding the value that technology could bring hence
| unwilling to push its adoption.
| lzauz wrote:
| You are being too benevolent. You think progress in
| bureaucracy is being resisted because those people are "old
| and unfamiliar", but they actively resist it because their
| paycheck depends on it. They know if they get fired they
| are completely useless in the job market.
| TimPC wrote:
| The tolerance for high salaries in government is basically
| non-existant. People throw fits in my region about teachers
| with 30 years experience and the maximum scale making just
| over $100k/year Canadian (just over $70k/USD). So you can
| imagine what it's like to try and hire senior developers
| (five years experience) at around $90k when top of the
| market is quadruple that and a large number of companies
| pay double that. The end result is they hire from the
| bottom 25% of developers, the bottom 25% of product
| managers and the bottom 25% of managers. Add to that a
| large dysfunctional bureaucracy and they are lucky if they
| get people 10% as productive as in competing companies.
| It's a colossal problem because government routinely fails
| at building technology and then outsources it at extreme
| cost. That outsourcing isn't always successful either in
| part because the requirements hinge on those same Product
| Managers that government can hire on extremely restricted
| budgets.
| kune wrote:
| I actually use my German ID card to communicate with the Elster
| service of the German tax offices. My old USB signing stick
| would need to be replaced next year, but using my ID card was
| the cheaper option.
| Semaphor wrote:
| You can also generate a certificate. Registering it requires
| receiving a letter by snail mail and it expires every X years
| (5 maybe?), but otherwise it's just like your certificate for
| your server you use to SSH in.
| lakomen wrote:
| 2 years
| tpm wrote:
| Many more applications will come in coming years. They are
| being implemented right now, I think this was sped up by some
| law that municipalities have to provide those services online
| by 2026? Not sure. Anyway there is a huge backlog and not
| enough programmers but one way or another this has to be done.
| GTP wrote:
| In The Netherlands, they are implementing a thing which gives
| the same advantages (i.e. disclose some attributes about
| yourself without disclosing unneeded data), but uses different
| technologies. It's called IRMA, you can find an overview here
| [1]. It can be combined with other applications to do cool
| stuff, e.g. with PostGuard [2] you can use identity-based
| encryption to be able to send an encrypted email to someone,
| but without the need to know their public key in advance, nor
| having to authenticate it. The drawback is that you have to
| trust a central server and a third party identity provider.
|
| [1] https://irma.app/ [2] https://postguard.eu/
| catiopatio wrote:
| From the website:
|
| > With IRMA it is easy to log in and make yourself known, by
| disclosing only relevant attributes of yourself. For
| instance, in order to watch a certain movie online, you prove
| that you are older than 16, and nothing else.
|
| That's _not_ "cool stuff".
| leonry wrote:
| A couple of years ago, I would have concurred. But for some
| time already you have the possibility to use the e-ID through
| Postident (https://www.deutschepost.de/de/p/postident/privatkun
| den/iden...) which is kind of well integrated in many
| businesses. Moreover you have private / corporate solutions
| like Verimi (https://verimi.de/) that incorporate
| functionalities of the e-ID. There is even an alternative
| (https://www.openecard.org/startseite/) to the official app.
| (EDIT: The alternative is open-source, but so is the official
| app. Removed adjective.)
|
| I really like the development that has gone into the e-ID. They
| even have thought out a safe way to update your PIN
| (https://www.pin-ruecksetzbrief-bestellen.de/)! The biggest
| drawback of all is the lack of any marketing, IMHO.
| dmacvicar wrote:
| The official app is already open-source:
|
| https://github.com/Governikus/AusweisApp2
| leonry wrote:
| True, that wasn't well formulated.
| Lanz wrote:
| It's almost as if the spirit of the people was broken as
| Germany drifted more and more leftward.
| alexseman wrote:
| dang wrote:
| Oh dear. Please don't take HN threads into ideological
| flamewar. It's predictable, nasty, and not what this site is
| for.
|
| https://news.ycombinator.com/newsguidelines.html
| ln_00 wrote:
| wow. You won the award of the most stupid comment on this
| post.
| dang wrote:
| Please don't respond to a bad comment by breaking the site
| guidelines yourself. That only makes everything worse.
|
| https://news.ycombinator.com/newsguidelines.html
| moooo99 wrote:
| Its hilarious. I recently moved and wanted to update the
| registration info for my car. My city boasts about having an
| "online self service for anything you'd usually need" (sad
| enough that this alone is a rare achievement), so naive me
| decided to give it a try. I successfully registered and wanted
| to update the info on my car, but got stopped by a disclaimer
| saying "if you want to do this online with your eID, you need
| to attach a picture of your ID to the form"?!. I burst out
| laughing, wondering what the point of this eID even is. And I
| still haven't updated my info
| jlelse wrote:
| You can use the "Online-Personalausweis" for quite some things
| actually. For example to authenticate at banks, so you don't
| have to do Video-Ident. Or to do taxes etc. I wrote a post
| about it earlier this year: https://b.jlel.se/s/59c
| derac wrote:
| I don't speak german, but by video identification do you mean
| the system in which you turn in the webcam and it checks your
| face? If so, that is highly vulnerable to real time face
| swapping attacks (and possibly just recorded webcam footage).
| I'm sure you're aware, but these systems need to change.
| junon wrote:
| Nah it's a web call where they check your passport for
| authenticity and identity in real time with a real human in
| order to authorize a new bank account etc.
| moooo99 wrote:
| For banking a fairly well known identification provider is
| "Postident", a service offered by Deutsche Post.
|
| They offer plenty of ways to actually authenticate. The
| classic one is that you receive a voucher, go to a post
| shop, the employee there checks your ID and prints you a
| verification code (iirc). They also added video calls for
| identification and from my experience, it seems as if they
| are aware of the potential security implications. They ask
| you a bunch of questions and require you to do different
| things (for example hold your ID card right in front of
| your face, cover one side of your face, etc) presumably to
| counter this attack vector.
|
| The smoothest way is to use the ID card integration. With
| that, assuming your ID is already set up for the online
| authentication, the whole kyc process for a new bank
| account is done within two minutes. Unfortunately it seems
| like some banks still disable this option, at least I did
| recently open an account and did not have this option for
| use with postident.
| bradhe wrote:
| I heard something yesterday about how you can authenticate
| digitally for tax documents using the NFC chip in your
| Personalausweis! You just have to download some app.
|
| But yes, in general, we're SO CLOSE...then you have to go do
| Anmeldung with a paper form in person
| Dagonfly wrote:
| I do all my tax return stuff online with my Personalausweis.
| Once you got all your PINs and access codes it's quite
| seamless actually. You can even pair your phone with your PC
| and use the phone's NFC reader to read the ID-card.
|
| That stuff honestly improved quite a bit in the recent years.
| Most of these services are just not advertised or integrated
| enough so far.
| TEP_Kim_Il_Sung wrote:
| Comes with free BundesTrojaner so someone is always reading your
| messages.
|
| Never feel alone again!
| [deleted]
| Pr0ject217 wrote:
| "Real time collaboration systems such as Microsoft Teams, Slack,
| Mattermost, Wire, Threema, WhatsApp and _Signal_ are currently
| all closed proprietary systems - meaning they are walled gardens
| whereby all parties have to use the same vendor. "
|
| Signal is in this list. Isn't this false? The server and clients
| are here: https://github.com/signalapp
| msgilligan wrote:
| Signal is (as far as I know) single-vendor, which they are
| confusingly calling "closed proprietary"
| Arathorn wrote:
| I wrote this sentence. "closed proprietary" here means that
| it's not an open standard, and it's not an open network you
| can connect your own clients to, and so it's vendor-locked,
| and in the case of Signal there are gaps of years when they
| don't release opensource code on the server.
| IshKebab wrote:
| I guess it's a bit debatable. It's more or less open source -
| apparently there have been long periods when it was closed
| source (I think when they added cryptocurrency nonsense) and
| also it's centralised so you have to use their servers.
|
| I would say it's a bit disingenuous to put it in the same list
| as Teams, Slack and WhatsApp though.
| olivierduval wrote:
| I find really nice that Europe "as a whole" is starting to share
| the same solutions to the same problems !!!
|
| Remember "Tchap" (https://www.tchap.fr/), the French Gov
| messenger system based on Matrix ? ;-)
| Arathorn wrote:
| Tchap is doing great actually :)
| simongray wrote:
| The article mentions it directly.
| aliqot wrote:
| schipplock wrote:
| It's probably Element with a different logo and different
| colors.
| AstixAndBelix wrote:
| why would you want to see the screenshots of an application
| used by the German military which is basically a fork of
| another app with plenty of screenshots on its own webpage?
|
| this is just a blog announcement of something cool they're
| doing behind the scenes and that you will never use in a
| trillion years, not an Apple product launch
| Arathorn wrote:
| you can see screenies on the app stores: https://play.google.
| com/store/apps/details?id=de.bwi.messeng... etc
| archsurface wrote:
| I know someone who works in the digital id space, and the
| businesses pushing this stuff at the governments are far more
| interested in their business than your rights. And governments
| have a habit of slipping in things they find convenient. With
| some insider insight I'd suggest pushing back very hard against
| this sort of thing.
| martinralbrecht wrote:
| Since Matrix (and thus BundesMessenger?) currently doesn't
| provide standard security guarantees for its end-to-end
| encryption (the mitigation to the "Simple confidentiality break"
| from https://nebuchadnezzar-megolm.github.io/ is still in the
| design phase; same for the IND-CCA break, but that doesn't seem
| exploitable in practice) I wonder how much the German government
| cares about E2EE for its civil servants? The blog post mentions
| E2EE prominently, but any insights to share on whether that
| mattered for this particular adoption?
| Arathorn wrote:
| Gematik co-funded the most recent Matrix audit of vodozemac[1],
| and is poised to fund 3 more (of matrix-rust-sdk-crypto,
| matrix-rust-sdk and the whole stack end-to-end) to ensure the
| E2EE is where it needs to be. So I'd say that the German
| government definitely cares about E2EE for its civil servants,
| and we're very grateful for them funding security research.
|
| Meanwhile, BWI is helping fund the work needed to address
| clientside controlled room membership
| (https://github.com/matrix-org/matrix-spec-
| proposals/pull/391...) as highlighted in your paper, as well as
| TOFU... and they're also funding work to provide MLS as an
| option for E2EE in Matrix too[2].
|
| Unsure why you're talking about the unexploitable IND-CCA break
| :)
|
| [1] https://matrix.org/blog/2022/05/16/independent-public-
| audit-...
|
| [2] https://www.golem.de/news/bwmessenger-vom-messenger-der-
| bund...
| martinralbrecht wrote:
| Cool, thanks! That's interesting to know. Do you know how
| they deal with FOI and auditable communications in this case?
|
| PS: I talked about the seemingly unexploitable IND-CCA
| vulnerability because it means Matrix can't give you some
| security _guarantees_ : It should be fine - we don't have an
| exploit, only a vulnerability - but it is not clear how to
| reason to arrive at "there cannot be an exploit". If you care
| about security guarantees, you care about it.
| Arathorn wrote:
| Good question about FOI and audit; unsure for their
| deployment. In general we use audit bots when needed (which
| are visible in the member list), and even in a client-
| controlled-membership world, they would complain bitterly
| if they saw traffic which they didn't have the keys for.
|
| Fair enough on IND-CCA; as you know, we are fixing it
| anyway.
| walterbell wrote:
| _> BWI.. also funding work to provide MLS as an option for
| E2EE in Matrix, https://www.golem.de/news/bwmessenger-vom-
| messenger-der-bund..._
|
| Good news that BWI is funding a Matrix implementation of the
| multi-vendor IETF standard MLS group messaging E2EE protocol.
|
| The (translated to English) linked reference doesn't mention
| MLS, is it correct?
| Arathorn wrote:
| oops, https://www.golem.de/news/bwmessenger-vom-messenger-
| der-bund... might be the right link
| galaxyLogic wrote:
| This is great "Matrix is the equivalent to SMTP".
|
| Goodbye Microsoft or Slack -specific chat services. Welcome them
| to compete with their Matrix client-apps.
|
| And hey, we're in the Matrix finally.
| Hamuko wrote:
| Now I'm just waiting for the Matrix app that I don't hate.
|
| And for that matter, the SMTP app that I don't hate.
| galaxyLogic wrote:
| I wonder if Matrix could be used for social media
| mxuribe wrote:
| Yes, i remember there have been early experiments
| leveraging the matrix protocol for many scenarios including
| blog platforms and social media...But i don;t think its
| popular to do so. Most people interested in federated
| social media tend to use ActivityPub (protocol), and use
| servers and clients already optimized for such a social
| media use case on the Fediverse (mastodon is a recent
| popular software stack, but there are many, many others).
| mxuribe wrote:
| @Hamuko I have been on matrix several years, and lately I've
| been really liking Schildi Chat [https://schildi.chat]. Also,
| many other users that i know really like Fluffy Chat
| [https://fluffychat.im/]. In any case, there are several more
| options nowadays.
| beardedman wrote:
| Another virtue signal from good 'ol Deutschland. Where 75% of the
| population prefer cash.
|
| "Do what we say, just don't do what we do", as the old adage
| goes. How painful.
| Xylakant wrote:
| I prefer cash and would at the same time use an encrypted
| messenger to communicate with the government.
|
| While cards are certainly convenient, they have failed me at
| very inopportune moments. I've also recently witnessed how
| someone could not book a ticket for a ferry in one of the
| mostly cashless European states - cash wasn't an option and
| they didn't have a card. This was at the official counter at
| the harbor.
|
| A few month ago, card terminals of a widely used type failed
| hard in Germany, only cash payment was possible.
|
| Being able to do some purchases anonymously is also a good
| thing - even if it's only my wife's birthday present.
|
| I prefer a society where cash is an option for all (in-person)
| transactions. And preserving that requires exercising the use
| of cash.
|
| Encrypted secure communication with (and within) the
| government, or my medical provider is entirely orthogonal to
| that.
| beardedman wrote:
| I am not a young person anymore & card payments have almost
| never failed for me (unless it was for a specific/resolvable
| reason).
|
| > A few month ago, card terminals of a widely used type
| failed hard in Germany, only cash payment was possible.
|
| This exactly is part of my point.
|
| > or my medical provider is entirely orthogonal to that.
|
| I prefer a medical provider that does a good job & shares my
| data, rather than incompetent medical staff that adhere to
| privacy policies. I expect my doctor to be a good doctor, not
| a good data policy keeper.
| Xylakant wrote:
| I have had cards expire and the new cards sent to an
| outdated address, and when that was discovered, the bank
| blocked all cards since they could have fallen into the
| wrong hands. I happened to be traveling at that time. I've
| had cards be blocked due to random fluctuations in the
| usage pattern. Calling usually helps a to resolve this,
| though it usually takes time. I've had an ATM eat my card
| and not return it. I have entered the wrong pin once too
| many. I've had my bank replay all transactions from at the
| beginning of the month twice, debiting the rent and all
| payments twice, and overdrawing my account, blocking my
| cards. Shit happens. Cash was always an option to solve
| this.
|
| > > A few month ago, card terminals of a widely used type
| failed hard in Germany, only cash payment was possible.
|
| > This exactly is part of my point.
|
| I don't understand how this is part of your point. It was a
| bug that required exchanging the terminals - either some
| kind of hardware or a borked software update that left the
| terminals unable to function. Shit happens, in hardware,
| too. It's not like other countries are magically exempt
| from failures of their digital infrastructure.
| beardedman wrote:
| You're completely missing the point I'm making.
|
| Other countries aren't exempt, but other countries also
| don't write case studies on how everyone else should
| operate.
|
| It's absolutely baffling to me that Germany touts a more
| secure messenger, but can't get card payments working
| seamlessly / consistently. To your point, I was visiting
| there earlier this year & card payments were completely
| offline for 2 - 3 days.
|
| But sure, roll out a more secure messenger.
| Xylakant wrote:
| Yes, the broken terminals happened earlier this year. You
| were unlucky.
|
| I don't get your point about "writing case studies how
| everyone else should operate." - where does Germany write
| case studies about how payment systems in other countries
| should operate?
| f1shy wrote:
| And for some things you still need to send a Fax... oh my!!! a
| FAX in 2022! Amuse yourself:
| https://www.youtube.com/watch?v=Tz_amU-6EQI
| beardedman wrote:
| ROFL!!
| SSJPython wrote:
| It's really awesome to see the public sector being able to
| experiment with new technologies to see what works. Rather than a
| top-down approach imposed on everyone all at once, the trial-and-
| error approach seems to work better. If it succeeds, then try to
| scale it up. If it doesn't, then it doesn't bring everyone else
| down with them.
| sgt101 wrote:
| I wonder where they get their prime numbers...
| Sporktacular wrote:
| These guys keep pushing the idea that if it's not federated, it's
| closed and proprietary. In at least the cases of Signal and
| Threema that's just not true.
| Arathorn wrote:
| Signal and Threema are proprietary, in that the protocol they
| speak is vendor-specific and not openly standardised. You are
| literally locked to that system, and neither of them allow 3rd
| party clients to connect.
|
| Moreover, Threema's server is closed-source and so completely
| proprietary - and you could argue that Signal's server is often
| closed-source too, given years occasionally go by without
| public code releases.
|
| This is the rationale.
| newaccount74 wrote:
| Signal clients may be open source, but as far as I know the
| network is very much closed and proprietary.
|
| Correct me if I am wrong, but as far as I understand you can't
| make any changes to the Signal client, compile it yourself, and
| connect to the Signal network. You have to use the binaries
| from the app store.
| est31 wrote:
| IIRC you are allowed to get the Signal client from the git
| master branch and install it yourself, but not sure if that
| extends to local modifications of the client. They don't want
| you to distribute binaries however that are connecting to the
| official Signal network, even if those binaries are the
| official ones. You are not supposed to find Signal anywhere
| else than on Google play and the app store.
|
| The server is open source _technically_ , but it's not
| federated. They have also not published updates in the past
| for months while deploying them on the server (probably to
| prevent people from finding out that they were testing some
| feature).
| gsatic wrote:
| So people who need to chat with German govt entities have to do
| what now?
| jonas-w wrote:
| Currently the best way is via fax or post
| wongarsu wrote:
| *most convenient. The best option is obviously coming in
| person, with a ring binder containing all relevant documents
| as well as written records of all previous communication
| LeonidasXIV wrote:
| Be sure to queue up 2h before opening time of the office
| you want to visit because everyone else is also dropping by
| in person too and the office closes for public service at
| 12:00.
| gillesjacobs wrote:
| That's the advantage of choosing Matrix: it is compatible with
| a multitude of clients and servers, so take your pick. No need
| to install the BundesMessenger frontend. No need to trust the
| government, how very un-German.
| theptip wrote:
| Very cool. I've long thought that global government spend should
| be more than sufficient to build robust open source solutions.
|
| But it requires some degree of technical expertise on the ground
| to weave together solutions, instead of just buying the Microsoft
| package with AD and Office.
| MoSattler wrote:
| I really like the idea. But I am skeptic - digitalisation of
| Germany's public services and offices in the past hasn't exactly
| been a success story.
| hobofan wrote:
| The large degree of federation in the German government is
| something that has traditionally shown some of its ugliest
| sides when in comes to digitalization (e.g. every state
| comissioning their own underpowered solutions which are 95%
| identical in spec instead of pooling resources).
|
| I think that's exactly why Matrix might be a good fit, as the
| technical federation aligns well with the pre-existing social
| federation. I'm really optimistic for that project!
| gillesjacobs wrote:
| In this case, the slow digitisation had a good side-effect of
| allowing a open, decentralized encrypted messaging protocol to
| be maturely adopted.
|
| Not much consolance for the German people, who still have to
| deal with a lot of paper administration but a happy accident
| nonetheless.
| ehvatum wrote:
| From my experiences with DMG Mori and Siemens employees
| servicing my equipment and managed by a 100% electronic
| appointment booking and part ordering systems, German society
| is wholly and irrevocably doomed by the move away from
| physical paperwork.
|
| All German productivity will end and even German language
| itself will be replaced by grunts and shrugs.
|
| In the end, I got rid of my DMG Mori machine with its Siemens
| control and replaced it with a Taiwanese machine that
| functions reliably.
| kioleanu wrote:
| It hasn't but it's on the right track. I am working as a
| developer in one of the federal agencies and have direct
| contact with the efforts.
|
| It helps a lot that public agencies can now offer a so called
| IT Zulage of a few hundred euros to 1000 per months that brings
| salaries on par with the private sector. In my team, this
| worked wonders and we managed to get some really good people.
|
| On the other hand, the task is enormous, we were discussing
| last week that if we had double the man power, we would still
| have the same workload, because we push back on a lot of
| things. We have about 70 projects that we wrote and maintain
| and a backlog of another 12 waiting to be started.
|
| BWI has the same problem, I've been approached multiple times
| by them for this project, which from my knowledge is being
| intensely worked since many years.
| victor106 wrote:
| why can't you hire consultants to do take on some of the
| work?
| Jochim wrote:
| If it was in my power, anyone who hires a software
| consultancy would be immediately sacked.
| moooo99 wrote:
| Presumably budgets. Over the last decade or so, German
| politics developed the fetishization of the
| "Schuldenbremse", an attempt to reduce the national debt
| (which is already fairly low) no matter what. Unfortunately
| the way they went about it was not to reduce overheads or
| make processes more efficient (if you want to do anything
| here in Germany, there's a decent chance there is a form
| for it), instead they basically cut down on any investment.
| Fundamentally this means that there is a massive investment
| backlog in the digitalization of the government and
| education, in internet, rail and road infrastructure etc.
|
| And now every project seems to maximum demands, minimum
| budgets and zero flexibility. To make matters even more
| absurd, we have a ridiculous amount of federal levels, each
| with their own responsibilities and "approaches" to
| digitalization (and responsibility to save money).
|
| For example, my mom is an office worker on a city level.
| The neighboring city developed a software for some process
| related to state law and offered it to our city. Our city,
| being the genius it is, does approach this state mandated
| process a little bit different. Instead of using the
| software the neighboring city developed and adjusting to
| their (almost identical) process, they choose to make their
| own software. But because they have basically zero
| development experience and engineering resources, they are
| looking to outsource. But because they don't have the
| budgets, they are looking for government support programs
| (that apparently even exist).
|
| So yeah, even easy things are over complicated here
| neuronic wrote:
| They absolutely do. I have friends working as private
| sector IT consultants with federal agencies as one of their
| clients. These projects lock them into idiotic bureaucratic
| processes and extensive internal politics (more than in
| private sector). You can help improve quite a bit but it's
| like moving a plowing truck through pure molasses instead
| of snow.
|
| The teams are often led by government officials who will do
| everything to keep things as they are to protect their
| position, of course with little to no repercussions.
| kioleanu wrote:
| We do, we have 2-4 people freelancing any given year
| dewey wrote:
| It's likely more sustainable to have people long term and
| not expensive consultants who come in, finish a project and
| leave again with no knowledge being retained in the team.
|
| I'd also guess that these projects are not very isolated
| but very integrated with a lot of other processes and
| internal projects, so it's not just about converting some
| specs into code in a vacuum and then leaving again.
| codethief wrote:
| > we were discussing last week that if we had double the man
| power
|
| Are you looking for more people?
| xcambar wrote:
| This. Please point us to where things happen.
|
| Also, how fluent in German must one be?
| kioleanu wrote:
| Yes, see interamt.de for open positions. You have to be
| fluent, I'm afraid, everything is done in German and you
| need to understand what's needed and relay your own
| thoughts properly. There are many specific terms and
| processes and abbreviations
| biztos wrote:
| I took a quick look at some positions in Munich and the
| pay did not look very competitive with industry. However,
| public service has other advantages, and if you prefer to
| not rent your soul to Capital like so many of us do, I
| think the salaries looked pretty nice _compared to other
| government jobs._ Which is pretty much the deal
| everywhere, right?
|
| (You can find the rate tables by doing a web search for
| the code listed next to "Entgelt/Besoldung.")
|
| I got a kick out of the fact that Street Cleaner came up
| in my search for "IT and Telecommunication:"
|
| https://interamt.de/koop/app/stelle?1&id=894097
| constantcrying wrote:
| As a user of some public sector German IT Services (provided
| by dataport to be specific) I have to say that I wouldn't
| work on them for double my current wage.
|
| The jank was incredible and just using them you could feel
| the spaghetti code, incompetence and age. My advice would be
| to stay away as far as possible. As a user and as a
| developer.
| kioleanu wrote:
| I wouldn't generalize it. In our agency, we keep everything
| very modern, especially the tools and infrastructure, but
| also processes. We go to workshops and conferences and then
| implement what we learned.
|
| Yes, I've seen some creepy stuff like 100kb of information
| on one line and a definition file saying from which column
| to each column one can find information, but we don't do
| that.
|
| Like I said, it's getting better.
| shortstuffsushi wrote:
| With this approach, it's not likely to ever improve. If
| they can't get good talent to come in and "fix" things, it
| will probably only continue to get worse
| constantcrying wrote:
| Indeed. But that only affects me in so far as I can't
| avoid using the services they offer. Besides that it is
| not my problem nor am I in a position to make it my
| problem.
| jjsinai wrote:
| German engineers typically point at politicians to blame for
| projects being late. But they share the blame. Over-
| engineering and lack of push-back against feature creep seem
| to be standard. Often times, the feature creep is homemade,
| by the engineers themselves. Other countries get things done
| simpler and thus faster. Be a bit pragmatic and boom, it's
| live and works. In Germany you first need to create a bunch
| of Arbeitsgruppen in a new Bundesamt fur Warmeluft and
| protocols and certificates and meetings and Pflichtenheft and
| by the time this thing has grown to 1000 pages you realize
| that your team is much too small and you need to hire more
| people and it just keeps growing.
|
| Meanwhile, other countries have offered a web portal for
| years with a digital version of the Patsientenakte and all
| prescriptions in one place. Works. Not in Germany though.
|
| > On the other hand, the task is enormous, we were discussing
| last week that if we had double the man power, we would still
| have the same workload, because we push back on a lot of
| things. We have about 70 projects that we wrote and maintain
| and a backlog of another 12 waiting to be started.
|
| I rest my case.
| kioleanu wrote:
| Oh man, damned if you do, damned if you don't...
| jupp0r wrote:
| Using open protocols and open source solutions: great idea.
|
| Letting some random company operate your army's IT
| infrastructure: what could possibly go wrong?
| comte7092 wrote:
| The infrastructure is managed by Germanys public
| administration.
|
| The French utilize matrix for military operations as well. This
| isn't "some random company".
| Xylakant wrote:
| Random is pretty load bearing here. The BWI GmbH was literally
| created to operate the armies non-military IT infrastructure.
| jupp0r wrote:
| They also operate military infrastructure, ie operation
| planning software and battle management systems [1, from the
| German Wikipedia article].
|
| [1] https://esut.de/2020/05/meldungen/cyber-
| it/20897/digitales-g...
| mhd wrote:
| As mentioned in the article, the German health services already
| adopted Matrix for their "TI-Messenger", which is supposed to
| make secure communication between health care professionals
| easier. Or, well, possible at all. Right now this is a morass of
| "don't mention anything private" emails, letters and faxes. I'm
| surprised that ticker tape isn't involved somehow.
|
| But don't worry, if German health services doing something right
| is triggering your "the end is nigh!" response: As far as I know,
| the rollout for patients is still a long way coming and they
| still don't even have a date set for video chat (right now a
| cottage industry of anyone involved in HC doing their own WebRTC
| thing).
| legulere wrote:
| Usually in the German health sector the use of existing
| standards is only there for marking off a checklist I have the
| feeling. In practice things are so heavily adapted that you
| often cannot use existing libraries.
|
| Just look at the authentication of the E-Rezept (electronic
| prescription) service: https://github.com/gematik/api-
| erp/blob/master/docs/authenti... This is supposed to be
| standard OpenID.
|
| I fully expect the matrix protocol to suffer the same treatment
| under the hand of the Gematik.
|
| If you want to know how things end up such a chaos take a look
| at the definitions of the payload data:
| https://github.com/gematik/api-erp/blob/master/docs/erp_fhir...
|
| 6 different sets of definitions by 5 different regulating
| bodies, with the organizing company Gematik GmbH owned by 9
| different stakeholders: https://www.gematik.de/ueber-
| uns/struktur
| pimeys wrote:
| And we still have to walk to the doctor's office to get that
| prescription for the same Asthma medicine you always get every
| three months. Instead of just getting it electronically to the
| nearest pharmacy. Now we have to queue up in the doctor's
| office with sick people, wait for them to print and sign a red
| piece of paper and then walk to the pharmacy.
|
| Maybe this changes too in the future?
| mhd wrote:
| I wonder how much this is solely technical. Sure, if it's
| something like asthma medication or insulin, its' completely
| superfluous. But if I remember correctly, doctors have a few
| incentives for this. Part of them rather good, like a fear of
| over-medication, part of them related to budgets with the
| insurance companies etc.
|
| The health industry is very weird from top to bottom. True
| for most countries, but Germany certainly adds a few cherries
| on top. Or at least massively diluted cherry essences...
| kapep wrote:
| > Maybe this changes too in the future?
|
| E-Rezept was supposed to launch in 2022 but has been
| postponed until mid 2023. Some regions already tested it. It
| didn't work out well, so some regions dropped out of the
| testing phase. I'm pretty sure it won't work well at launch
| and we will have to rely on printed prescriptions for quite
| some time until all pharmacies and doctors use the new
| system.
| socialdemocrat wrote:
| It is always puzzling to me with how Germany has many
| cultural similarities with us Nordics and is an advanced
| science nation, yet is always so much slower in adopting
| new technologies. In Norway we have used electronic
| receipts since 2013. That is like a decade.
|
| But I suspect it is a difference in attitude. I think in
| Scandinavia we are generally far more enthusiastic about
| new things.
| mr_mitm wrote:
| Germans have diffuse fears of new technology. Many of us
| are skeptical whenever it comes to new gadgets,
| especially if the risk of being tracked or spied on plays
| a role. Eventually most people level out and get it
| anyway, like the cell phone, the smart phone, credit
| cards, Google/Apple pay, etc. Not sure if our history has
| something to do with it so that many feel uneasy about
| giving away too much control about our personal data, but
| maybe it does.
| est31 wrote:
| > Not sure if our history has something to do with it so
| that many feel uneasy about giving away too much control
| about our personal data, but maybe it does.
|
| Germany has seen two dictatorships in the last century.
| The first one was more brutal, but the second one
| maintained a gigantic spying apparatus on its citizens,
| that took a large fraction of the state's budget.
| mhd wrote:
| What's your level of comparison here? Japan? New
| economies?
|
| If you contrast it with the US, you'll find some
| technologies earlier in use in Germany, like texting, and
| some stuff that just went different (credit vs. debit
| cards). And talk to someone from the US or even the UK
| about mandatory ID cards, and you'll hear different
| things about privacy.
|
| I think this specifically is mostly to blame on
| bureaucracy and the federal system, not a reflection of
| general German luddism. Nobody really _wants_ fax
| machines.
| anticristi wrote:
| Me reading the comments... So that's how Sweden must have
| felt a decade ago.
| ysleepy wrote:
| Germany has a different history with surveillance and
| authoritarian state control.
|
| Not only did the nazis use the resident register to find
| undesirables, but also the soviet union used any and all
| avenues to spy and control people.
|
| Privacy and scepticism of making the sate a mandatory
| middleman is deeply entrenched for historic reasons.
|
| Specifically this cryptographically tight identification,
| electronic-only payment etc. are very contentious for
| this reason I believe.
|
| But overall your point is still correct, there is a
| strong bias towards the status quo and the new thing has
| a lot of proving itself to do before being accepted.
| nier wrote:
| <<With the examples of surveillance discussed above, we
| now know why contemporary Germans so highly value privacy
| and limits on state surveillance. They are reluctant to
| go back down that road again.>>
|
| Source: https://www.wondriumdaily.com/germanys-
| surveillance-system-i...
| RicoElectrico wrote:
| Greetings from Poland, e-Recepta here launched in 2019.
| krzyk wrote:
| And was given prime time thanks to covid, same as remote
| call with doctor, which allowed getting electronically
| recipe without coming into doctors office.
|
| Covid accelerated a lot of remote services.
| rmetzler wrote:
| You can't call in advance and pick up the receipt an hour
| later?
| mousetree wrote:
| You can but they'll likely only starting preparing the
| Rezept when you arrive, and you'll still need to wait 30
| minutes. At least that's how my Hausarzt works
| miroljub wrote:
| You should change your Hausarzt. They can be so careless
| only because enough people tolerate such behaviour.
|
| I just send an email what I need, they reply to me the
| same day or tomorrow that it's ready to be picked up. I
| got there, and get it in 2 min.
| cardanome wrote:
| It's not like they are competing for patients.
|
| In most places it is hard enough to even get an Hausarzt
| to being with. You might just be lucky to live in a
| bigger city where you have the ability to choose.
| sokols wrote:
| Yes you can.
| brazzy wrote:
| Already exists: https://www.apotheken-
| umschau.de/e-health/e-rezept/e-rezept-...
|
| Currently was supposed to be in a pilot phase in two regions,
| but both of them cancelled it due to privacy concerns:
| https://www1.wdr.de/nachrichten/erezept-kelber-medizin-
| westf...
| kgoedecke wrote:
| I did have a video call with my doc the other day and he
| mailed me a prescription. Which then got scanned by my
| digital mail box (caya), then it got forwarded in physical
| form to my house and now I can finally in person go to the
| pharmacy with the actual paper and get it... LOL.
| odiroot wrote:
| Last time I lived in Berlin (until early 2020) my Hausarzt
| still used Telegram in her practice. Mostly to communicate
| between the front desk and the examination rooms.
|
| I wonder how kosher it was.
| jansan wrote:
| This is interesting. Being German, when I read the headline I had
| a "not another public IT project destined to fail" moment. But
| this actually makes sense. The government and military need a
| secure communication tool, it is not a pie in the sky, but built
| on existing software, and they start with a well defined user
| base. My guts feeling is that this will be a successful project.
| f1shy wrote:
| It is based in French software... so... maybe?!
| socialdemocrat wrote:
| That is sad to hear. You hear criticism of public IT stuff here
| in Norway too, but it mostly works. Like I got e-receipt since
| 2013. Can order new prescriptions, book appointments , look at
| test results online online. Well the latter doesn't always
| work. But everything with taxes and banking had long been all
| electronic and working fine.
| lakomen wrote:
| "Matrix is the secure real time alternative to SMTP" I stopped
| reading there.
|
| I used Element in the past and Matrix is a clusterfuck.
|
| Python server slow, Go server not feature complete. Channels
| available uninteresting, mostly cryptocurrency. A few porn
| channels, that's it.
|
| I wish it wasn't so. If anything Matrix is a replacement for IRC,
| absolutely not email.
|
| Then, I am absolutely NOT installing a Bundes-anything on any of
| my devices. I can't trust a state that has multiple state
| Trojans.
| Arathorn wrote:
| we'll miss you :'(
| cies wrote:
| I'm happy to see this. I came out embarrassingly that Germany was
| spied on by the "ally" US. They already did not trust MS
| Exchange, probably for good reasons. So they either trust the
| Swiss (Signal), the Russians (Telegram, prolly not), the ..., or
| they roll their own, or they use open source. I'm stoked to see
| they seem (yes: seem) to be doing the latter.
|
| Why do I emphasize "seem". Well there have been several German
| initiatives for using open source, but non of them stuck very
| well. Munich's going Linux comes to mind, but there were others.
| And I'm afraid that this may be another such "attempt", while I
| hope it this time different as their national security is a at
| stake.
|
| Telling everyone to communicate with GPG-encrypted emails has
| shown to be too hard on users, who then simply use one of the
| many less-secure channels. You have to do something, or you know
| they --the US mostly (WhatsApp, Twitter, GMail/Chat) -- will
| listen along with everything.
| PaulHoule wrote:
| I think messaging is an area where Europe could have an impact.
|
| The basic problem with messaging and voice/video comm
| applications is that clients are not interoperable. It is easy to
| think that: we've had CUSeeMe, IRC, ICU, AOL Instant Messenger,
| Tivejo, MSN Messenger, I think more than 10 kinds of Google Chat,
| Facebook Messenger, Skype, Zoom, Paltalk, Yahoo Messenger,
| Signal, Telegram, Go2Meeting, Discord, WhatsApp, WeChat, etc.
|
| The average person would be hard pressed to tell the difference
| between these applications, a cynic would say "Facebook Messenger
| is no different from AOL Instance|MSN|Yahoo messenger except it
| is integrated with Facebook". The average person doesn't question
| that chat programs don't interoperate but because they don't we
| see a pattern of "try out the new shiny, it's just as good as the
| old cruddy was back in the day", the new application rides high
| for a while, then it rots and it is it the new old cruddy before
| long. The one constant is that you may need to install 10 chat
| applications to talk to everybody you talk to.
|
| As it is, two-sided markets let applications coast and generally
| rot without losing market share until things get catastrophically
| bad. If chat applications interoperated there would be a robust
| market for better applications and better servers and you'd see
| developers of old apps to have a reason to keep them working over
| time and more chances for new apps to get established.
| Muehe wrote:
| Curiously many of the messengers you mentioned are or were at
| least initially based on the same protocol, XMPP, some of them
| even were interoperable for a time[0]. There are still attempts
| at realising interoperability, notably libpurple[1], but they
| are fighting a constant uphill battle. Sadly companies usually
| just have more incentives to either keep their services walled
| off or extend only theirs in functionality, rather then keeping
| them interoperable. This would only change through regulation,
| or I suppose if a federated service gains enough traction to
| become the de-facto standard, but given the fate of XMPP that
| seems unlikely.
|
| [0]: https://en.wikipedia.org/wiki/XMPP#Non-native_deployments
|
| [1]: https://en.wikipedia.org/wiki/Pidgin_(software)
| stevehawk wrote:
| The impact is not likely to be positive. Nearly every
| government in Europe will want access to the comms happening,
| particularly if it's within their borders or with their
| citizens. Europe is not likely to introduce an end-user-to-end-
| user encryption. It will be encrypted from end user to the
| government to the next end user.
| EMIRELADERO wrote:
| The EU's DMA regulation, which is the one that will enforce
| interoperability, explicitly requires end-to-end encryption
| to be preserved.
| moooo99 wrote:
| German officials have had a whole lot of groundbreaking visions
| for as long as I can remember. The visions were never the issue
| but the delivery. I remember Peter Altmaier claiming in 2017 that
| in 2021 any government service will be accessible online lmoa. To
| this day I regularly have to print out PDFs and send them via
| registered snail mail or fax (yes, I actually have a fax)
| raybb wrote:
| Congrats to the folks running the Element project!
|
| I hope this means more development/funding/documentation of the
| project :)
| Arathorn wrote:
| It does sponsor some development, although we still have a big
| gap on overall Matrix funding currently (hence trying to drum
| up additional sponsors and support via
| https://matrix.org/blog/2022/12/01/funding-matrix-via-the-
| ma...).
| Pxtl wrote:
| Sad that the "Mark of the Beast" and "Digital ID" conspiracy
| theorists will ensure that this kind of technology is never
| available in North America.
| catiopatio wrote:
| It doesn't take a religious nut or a conspiracy theorist to see
| the catastrophically enormous downsides of universally
| mandated, centrally managed, and cryptographically-backed state
| identification cards, complete with RFID.
|
| Imagine, for example, that upon declaring a protest unlawful,
| the police could simply scan all the RFID-enabled ID cards in
| the area and issue everyone a court summons.
|
| Not carrying an ID card? No access to anything - public
| transportation, payments, and can't even authorize your car to
| start. Also, it's a felony to do so intentionally and with
| intent to evade law enforcement monitoring.
|
| State wants to search your laptop? Your 2FA and disk encryption
| is mandatorily tied to your ID card, and the state holds keys
| in escrow.
|
| Some things _should_ be onerous for the state and
| decentralized. This is absolutely one of those things.
| jszymborski wrote:
| See, I totally agree that you shouldn't require
| identification for most services.
|
| But, for things like banking, car registration, etc... we
| require strong ID'ing, and it behooves society to make it
| secure.
|
| I still think municipalities should own their own data rather
| than have it stored at a central federal level, but we need
| municipalities to rely on something better than a serially-
| issued social insurance/security number which I have stored
| in a million databases that can pop at any second.
|
| It's easy to dream of the future dystopia and ignore the one
| we live in now, where identity theft is trivial.
| logifail wrote:
| > car registration, etc... we require strong ID'ing
|
| Can you elaborate on what you mean by "strong"?
|
| I've been involved in precisely three car purchases over
| the last 20 years, and I don't recall what was involved in
| the way of ID checks. Have the feeling that _at most_ some
| government-issued ID may have been pulled out of a wallet,
| presented ... and glanced at. The dealer handled the
| registration in every case.
|
| Oh, and in all three of those purchases we drove a (brand
| new) vehicle away from the dealer having paid not even a
| deposit and clutching a paper invoice(!) with the verbal
| instruction to pay it "straight away".
|
| Guess we seemed trustworthy :)
| shortstuffsushi wrote:
| Worth calling out imo, in our current world you have
| recourse and an ability to "recover" from identity theft
| (to some extent). If the government controls your identity
| and revokes some piece, what can you do?
| jszymborski wrote:
| What stops them from doing that today? What stops a
| government from not renewing your driver's license or
| passport or not issuing a SIN/SSN or leaking your
| SIN/SSN?
|
| How about just denying you federal services _after_
| providing ID? How about putting you on a watch list?
|
| Governments have been using IDs to deny services to
| oppressed peoples since IDs existed, but I think the
| options that leaves you with is to fight for a free and
| democratic government or not have IDs.
| shortstuffsushi wrote:
| I don't disagree that there are ways the government can
| deny you service now, just mean wrt a non-government
| example like identity theft, you at least have some path
| forward.
| strbean wrote:
| There is quite a lot of slipper slope going on here.
|
| > centrally managed, and cryptographically-backed state
| identification cards, complete with RFID.
|
| Does not necessitate:
|
| > universally mandated
|
| > No access to anything
|
| > felony to do so intentionally
|
| > Your 2FA and disk encryption is mandatorily tied to your ID
| card
|
| All the latter things are awful, but we can have the first
| thing without any of the latter things.
| heywherelogingo wrote:
| Yet. It's not slippery slope, it's looking ahead. Is the
| ice on the lake cracked? No. Therefore there is no chance
| of it cracking? Setup, then execute, not necessarily
| immediately.
| riversflow wrote:
| I'm not a Lawyer, but between the 4th, 5th and 14th
| amendments it seems pretty clear that it's not a slippery
| slope, more like a craggily rocky one. Necessitating
| searchable papers to use the public commons is going to
| be a pretty difficult argument, between the protection
| against unreasonable search, guarantee of due process,
| necessity for search warrants and extention of these
| rights under state law, it seems pretty far fetched.
|
| The opening of the 4th seems just about tailor made for
| this(because it was I believe?)
|
| Emphasis mine, obviously.
|
| > The _right of the people to be secure in their persons_
| , houses, _papers, and effects, against unreasonable
| searches_ and seizures _shall not be violated_ , and no
| Warrants shall issue, but upon probable cause, supported
| by Oath or affirmation, and _particularly_ describing the
| place to be searched, and the persons or things to be
| seized.
| mynameisvlad wrote:
| It's literally the definition of a slippery slope
| argument.
|
| > A slippery slope argument (SSA), in logic, critical
| thinking, political rhetoric, and caselaw, is an argument
| in which a party asserts that a relatively small first
| step leads to a chain of related events culminating in
| some significant (usually negative) effect.
|
| Small first step => significant negative effect
|
| "centrally managed, and cryptographically-backed state
| identification cards, complete with RFID" => everything
| the parent commenter said, basically
| catiopatio wrote:
| A slippery slope argument is not fallacious if the slope
| is, in fact, slippery.
|
| Additionally, "centrally managed, and cryptographically-
| backed state identification cards, complete with RFID" is
| _not_ a "small first step".
|
| That's a huge step that centralizes a great deal of power
| that can be readily leveraged through _small subsequent
| steps_.
| lzauz wrote:
| Believe me if you have the first thing the latter things
| will eventually follow. At least in the EU "universally
| mandated" has been a reality for a very long time.
| Fargren wrote:
| There are many places with mandated ID. Can you mention
| one in which any of the others on the list have
| "eventually followed"? You are presenting speculation as
| unavoidable fact.
| Pxtl wrote:
| Then why haven't they done that already? "Hold your
| encryption key in escrow" is perfectly feasible without a
| national ID system.
| idiotsecant wrote:
| That's the definition of the slippery slope fallacy.
| Those things need not necessarily follow, that's the
| point.
| [deleted]
| 8note wrote:
| I don't think the government considers it much of an
| inconvenience to use violence to handle all of those things
| today.
|
| Automatically issuing court summonses without first using
| chemical weapons and forced restraints is pretty good
| actually. If youre trying to make it so the government can't
| prosecute people for protests, you need to get rid of the
| idea of an illegal protest
|
| The government can already torture, enslave, and kill you. If
| you can trust your government to handle those well, then this
| is no problem because they'll also handle ids responsibly.
|
| If government can't handle those things well, the ids don't
| make for much of a change wrt to the government
|
| The bigger disadvantages of a national id I think are that it
| moves ownership away from you, and to the card, like with
| block chain systems, the card is the owner, and you only have
| access to the card
| catiopatio wrote:
| > I don't think the government considers it much of an
| inconvenience to use violence to handle all of those things
| today.
|
| Of course it does. It's expensive, inefficient, and plays
| badly on TV.
|
| How much easier would it be if every single person could be
| identified automatically from a drone and arrested out of
| public view?
|
| How much more efficient if people suppressed themselves,
| and never attended a protest, out of fear of it being
| declared illegal and automatically receiving a summons (or
| worse, an arrest warrant)?
|
| > The government can already torture, enslave, and kill
| you. If you can trust your government to handle those well
| ...
|
| I don't trust them to handle those well. That's why the
| legal system incorporates strong checks and balances, and
| even then is _still_ ripe with corruption and abuse.
|
| Why would I want to give them more powerful tools with far
| less oversight?
|
| > If government can't handle those things well, the ids
| don't make for much of a change wrt to the government
|
| That's absurd; if you don't trust a government,
| facilitating their abuse of citizens _obviously_ has a
| material impact on the scale and scope of their actions.
|
| Your argument, taken to its conclusion, would justify _any_
| privacy violation by the government.
| Fargren wrote:
| This is a strawman, and plainly untrue. Many countries have
| mandatory id. I have personally lived in Argentina and Spain,
| both of them have it, for close to a century (89 years in
| Spain, 54 years in Argentina, but it replaced a pre-exisitng
| system). The Spanish DNI has RFID.
|
| In neither place, nor any country with mandatory ID as far as
| I know, you get "no access to anything". The worst thing that
| can happen is that if the police choose to stop you, not
| carrying your ID can lead to you being taken to a police
| station temporarily. Which is not great, but not anywhere
| near close to what you are suggesting is inevitable. And
| police can detain you arbitrarily in places without state-
| mandated IDs, this is just a cute excuse that they can add to
| their repertoire.
| twblalock wrote:
| Western Europe is one example where IDs have not been
| abused. But China is another example where they have been.
|
| If you give your governments tools that can be used for
| oppression, even if they aren't abused today, it would make
| it easier for a new authoritarian government to abuse them
| later on.
|
| Spain was a dictatorship for much of the 20th century and
| Argentina had had multiple military dictatorships too -- it
| could happen again. Europeans are far too confident that
| they have overcome the problems of the past by building the
| EU etc. A bit more American-style distrust of government
| would be a good thing.
| Fargren wrote:
| Both of the examples I used had mandatory state IDs
| during their dictatorships. The IDs were not
| significantly instrumental to the government's power. I
| don't think the addition of RFID really would change that
| in the event of a new dictatorship.
|
| But even if mandatory RFID IDs were a critical tool of
| authoritarian governments, what would prevent the
| dictator from issuing mandatory IDs _after_ taking power?
| twblalock wrote:
| First of all, during the Franco government the internet
| was an academic curiosity and nobody carried smartphones.
| That has all changed, and the tools the government has to
| monitor people are way beefier than they were back then.
| Facial recognition cameras, for example.
|
| What prevents a dictator from issuing mandatory IDs? The
| resistance of the people. Yes, the government has police,
| and an army, and fighter jets, etc. But in the past few
| decades we have seen that insurgencies and popular
| resistance can succeed anyway -- the US got kicked out of
| Afghanistan and had a lot of trouble in Iraq, Ukraine is
| outfighting Russia despite massive disadvantages
| numerically and technologically, and even in China the
| government softened the zero-Covid program after mass
| protests. The people have more power than we think and
| can resist such things, if they want to.
| Fargren wrote:
| All I'm saying is I don't see how the pre-existance of
| mandatory ID under a democratic government would be a
| significant boon for an eventual dictatorship. I
| understand that based on principle one might prefer not
| to have them, but to me they are really innocuous and
| extremely practical.
|
| Unlike facial recognition cameras, which there's at least
| some political will to ban
| (https://www.politico.eu/article/europe-edges-closer-to-
| a-ban...).
| 8note wrote:
| What's stopping a dictatorship from adding these things?
| It's very strange to assume a dictatorship would be so
| noble as to not add a tool for abuse, and you include the
| Chinese government as an example already.
|
| Not adding it today does nothing to ensure a dictatorship
| cant use it in the future
| twblalock wrote:
| > Not adding it today does nothing to ensure a
| dictatorship cant use it in the future
|
| Yes it does, if the people have the will to fight.
| Insurgencies have been surprisingly successful against
| the most powerful militaries in the world in the past few
| decades. Even in China, the threat of mass protest forced
| the government to soften Covid restrictions -- and the
| protesters didn't even have guns, or any leverage at all
| except their willingness to put themselves in harm's way.
|
| Every dictatorship that has ever existed started off with
| the consent of the people, at least at first. All of the
| dictators in history were swept into office on a wave of
| popularity, and the people only regretted it later on.
| It's just not possible to impose a dictatorship on a
| population that doesn't want it.
| sofixa wrote:
| > A bit more American-style distrust of government would
| be a good thing.
|
| Nope. The American distrust is resulting in a self-
| fulfilling prophecy of a failing government. Your
| bureacracy is years behind basic things we've had in many
| European countries, and because there's massive distrusts
| there's no investment making it impossible to improve.
|
| E.g. your tax process is a massive joke, but will it ever
| be fixed? Probably not soon because if nothing else, one
| of the only two parties claims government is by default
| incompetent so any money spent on it are by definition a
| waste.
| twblalock wrote:
| You seem to think that Americans want a European-style
| society and have failed to achieve it.
|
| We don't want it. We don't want to "fix" our tax system
| -- we want low taxes and lots of deductions, and that is
| why we have them! We want cars. We want suburbs. We don't
| want the government to be our mommy. This is not a
| failure, it is an intentional feature of the American
| system.
|
| Also just remember that if we built a competent
| bureaucracy that enforced a nationwide ID system, it
| might be handed over to Donald Trump if he wins the next
| election, and he really could win. Every power we give
| the government, assuming that the government will be
| good, will also be given to a bad government. Sometimes
| it's better to refuse to give that power at all.
| sofixa wrote:
| > We don't want it. We don't want to "fix" our tax system
| -- we want low taxes and lots of deductions, and that is
| why we have them
|
| You can have that without having to rely on third parties
| you pay for to get there. How exactly does a middleman
| help if the point is low taxes?
|
| > We want cars. We want suburbs
|
| Funnily that's in direction contradiction to your
| previous want. Suburbs and cars are much more expensive,
| therefore you have to pay more for them, either in taxes
| to pay for the useless infrastructure, or to pay for it
| directly.
|
| > Also just remember that if we built a competent
| bureaucracy that enforced a nationwide ID system, it
| might be handed over to Donald Trump if he wins the next
| election, and he really could win
|
| And how exactly would someone like Trump abuse an ID
| system?
| twblalock wrote:
| > Funnily that's in direction contradiction to your
| previous want. Suburbs and cars are much more expensive,
| therefore you have to pay more for them, either in taxes
| to pay for the useless infrastructure, or to pay for it
| directly.
|
| And yet we have the infrastructure. This is not a thought
| experiment. I am posting this comment from a house in the
| suburbs with high-quality roads and utility services,
| which we have managed to build despite our tax system.
|
| So where is the contradiction? Clearly it's possible to
| live like this, because we do now, and we have done so
| for a very long time.
| input_sh wrote:
| If anything, I'm annoyed by having to have three IDs in my
| pocket (ID, drivers license, health insurance card) and
| still not being able to achieve much with them alone.
| There's usually some other document involved (proof of
| residence, birth certificate, something else).
| heywherelogingo wrote:
| This doesn't sound very forward thinking to me. What might
| not currently be abused is, however, now in place to be
| abused in future.
| Pxtl wrote:
| We have many of those things already, but using flaky
| inconsistent ID forms like drivers' licenses and social
| numbers.
| arrrg wrote:
| In Germany at least there are several measures in place to
| make this slippery slope a fallacy (as it usually is) and not
| realistic.
|
| You can pick whether you want to have an ID card or a
| passport or both. You are not required to carry your ID card
| with you.
|
| In general the actually existing surveillance of mobile
| phones that were in a certain area at a certain time is much
| more worrisome to me.
| catiopatio wrote:
| How does that prevent anything?
|
| An empty promise today is easily broken tomorrow. The best
| defense-in-depth against future abuse is not building the
| abusable system in the first place.
|
| Adoption might start as a voluntary choice, but pervasive
| integration with other technology and services result in it
| becoming effectively mandatory.
|
| > In general the actually existing surveillance of mobile
| phones that were in a certain area at a certain time is
| much more worrisome to me.
|
| Integration of government ID with our smart phones is
| literally the next step:
|
| https://learn.wallet.apple/id#states-list
| arrrg wrote:
| If you want to argue for a slippery slope you actually
| have to argue for causal connecting links. You have to
| demonstrate how you get from A to B. That why slippery
| slopes are usually logical fallacies. They do not
| demonstrate anything. It's just empty handwaving.
| jll29 wrote:
| > You are not required to carry your ID card with you.
|
| "I am not a lawyer" but:
|
| "Deutsche im Sinne des Art. 116 Abs. 1 GG sind nach SS 1
| Personalausweisgesetz (PAuswG) verpflichtet, sobald sie 16
| Jahre alt sind und der allgemeinen Meldepflicht unterliegen
| oder sich uberwiegend in Deutschland aufhalten, einen
| gultigen Ausweis zu besitzen und ihn auf Verlangen einer
| zur Feststellung der Identitat berechtigten Behorde
| vorzulegen sowie einen Abgleich mit dem Lichtbild des
| Ausweises zu ermoglichen."
|
| You must either carry a national ID document or, if you are
| requested to identify yourself by the police, make it
| available to them in reasonable time on request (say, if
| you left it at home, show it to them at a police station
| the next day).
| f1shy wrote:
| In the text says it clearly: you must have an ID, and you
| have to present it if requested. That _does not_ means,
| you have to have it _with you_ at all times.
|
| Exactly this is the kind of fine details that a lawyer
| distinguishes in the law.
|
| So no. Absolutely no. You do not have to carry it with
| you. If it comes to the need, then maybe the police have
| to scort you to your home and you have to show the ID.
| But you are not requested to have it with you at all
| times.
| thuringia wrote:
| The law never states that you are required to carry your
| ID. It states that you are required to own one.
|
| If you do not carry it with you, and have no why for them
| to identify you in a way that you can be looked up, e.g.
| because you have your ID number in your password manager,
| the police can summon you to the station, or escort you
| home or a variety of other protocols. The police like to
| convince you otherwise, because it makes their job
| easier. When children are taught about their ID in
| school, this is often accompanied by a police official.
| As you can see in the law itself, this is not true.
|
| However, this only applies to German citizens, and EU
| citizens, if you are in Germany on a visa or any other
| type of scheme, you are in fact required to carry you ID
| and documents with you at all times. In that case not
| carrying an ID is actually an offense with harsh
| punishments. In reality most of these situations are
| handled like with normal citizens though.
|
| Edit: improve formatting
| catiopatio wrote:
| That seems like a distinction without a difference.
|
| If you're required to have it and present it on demand,
| then almost everyone will carry it, and the tiny minority
| not carrying their card will be automatically suspicious.
|
| It's a very short step from there to simply requiring
| that it be on your persons.
| getcrunk wrote:
| It sucks that this seems to be the only way. Why can't we
| support both. Given how QR codes are forcefully replacing
| menus with no paper fallback options seems to be the only way
| momirlan wrote:
| Think China, surveillance society at its best. Don't need a
| conspiracy vision to see the effects. It's where we're all
| going anyway, so you'll get your dream state soon.
| Traubenfuchs wrote:
| Why not use / invest in Mattermost?
| PurpleRamen wrote:
| [..]Real time collaboration systems such as Microsoft Teams,
| Slack, Mattermost, Wire, Threema, WhatsApp and Signal are
| currently all closed proprietary systems - meaning they are
| walled gardens whereby all parties have to use the same vendor.
| That's impractical, creates vendor lock-in and stifles
| innovation. There's simply no way that a government entity
| using, say, Microsoft Teams would be able to have secure real
| time communication with another government entity using, for
| example, Slack, Mattermost or Wire.[..]
| royjacobs wrote:
| Perhaps you could provide some initial arguments why they
| should?
| Arathorn wrote:
| Mattermost is great, but it's not decentralised, it doesn't
| federate, it's not end-to-end encrypted, it's not based on an
| open standard, it's vendor-locked to Mattermost, only has one
| usable client implementation, and is rather aggressively open
| core (unlike the BundesMessenger distribution which is
| entirely apache-licensed FOSS). I'm also not sure that
| whether deployments easily scale up to million+ users like a
| big Matrix deployment can.
|
| It's worth noting that if Mattermost adopted Matrix, like
| Rocket.Chat has[1][2], the vast majority of these limitations
| would fall away :)
|
| [1] https://www.rocket.chat/press-releases/rocket-chat-
| leverages...
|
| [2] https://matrix.org/blog/2022/05/30/welcoming-rocket-chat-
| to-...
| jansan wrote:
| Ah, that's why they did not invest in mattermost.
| Traubenfuchs wrote:
| Thank you, explains everything!
|
| I thought it was completely open source.
| k__ wrote:
| Hasn't Element/Matrix been problematic in the past?
| jszymborski wrote:
| It certainly hasn't been w/o growing pains or detractors.
|
| I still occasionally get rooms or spaces borked, and that
| frequency increases if E2EE is enabled.
|
| The current server implementation is not svelte in the least,
| but that's a problem that's being solved with new server
| implementations that are already 90% of the way there (look-up
| Dendrite and Conduit if you haven't heard of them).
| k__ wrote:
| getting borked?
| jszymborski wrote:
| The most recent instance I experienced was the GrapheneOS
| rooms which suddenly just stopped working.
|
| https://grapheneos.social/@GrapheneOS/109510405342409074
| hrdwdmrbl wrote:
| Is this more of a teams app (Slack, Teams) or more of a chat app
| (Whatsapp, Signal, Messenger)?
| sharperguy wrote:
| > secure messenger > built on electron
|
| Hmm
| Arathorn wrote:
| Element X is a native app, and will replace Element Desktop for
| many purposes, fwiw (and will be also adopted by
| BundesMessenger)
| ho_schi wrote:
| Makes me happy to read that.
|
| One of the bright lights on horizon is that the Bundeswehr opted
| for a open-source, federated, multi-platform and secure messaging
| framework. Instead of some proprietary, closed-source piece of
| crap from a Big-IT vendor which make same depending in a negative
| way.
| miroljub wrote:
| This was possible only because Ursula vdL is not in charge of
| Bundeswehr any more.
|
| That being said, god save the EU, since these walking tax-money
| black hole is now leading the whole EU.
| hanikesn wrote:
| The bwmessenger pilot started already in December 2019.
| jjsinai wrote:
| Sinking tax-money destined for the military into consulting
| contracts could have been her plan towards the Nobel Peace
| Prize.
___________________________________________________________________
(page generated 2022-12-16 23:00 UTC)