With the Digital Identity, Switzerland Risks Becoming an Authoritarian Surveillance State
This Sunday, Swiss voters will decide at the ballot box on the E-ID law. What the proposal means – and why it is dangerous.
Digital identity is gaining ground worldwide. The EU is working on an age verification app designed to link the E-ID directly to citizens’ online activities. The prototype is already being tested in Italy, Denmark, Spain, and Greece. At the same time, a digital wallet is being developed that will eventually store driving licenses, health data, and bank cards.
Germany is also pushing ahead with electronic identity: the coalition agreement of the CDU-SPD government mandates a compulsory citizen account and an E-ID linked to the EU wallet. In the United Kingdom, electronic identity is already a prerequisite for employment, housing, and healthcare. Australia goes even further: access to internet search engines like Google or Bing will soon only be possible with an E-ID. In Sweden, while officially voluntary, it has become practically indispensable in daily life – whether for banking, tax returns, or doctor visits. Austria, meanwhile, applies pressure: those who refuse the state ID Austria can face sanctions. A teacher recently lost her job because she refused to use the digital identity.
In Switzerland too, politicians are pushing for an E-ID – restrained only by direct democracy. In 2021, voters rejected the previous proposal by a decisive 64.4 percent. Instead of accepting this decision, the Federal Council quickly presented a new draft: under this bill, the digital proof of identity would supposedly be issued by the state rather than private companies. Fortunately, this law will also be put to a popular vote. On September 28, voters will decide whether to reject the E-ID again – or whether this time they will be convinced by the promises of the Federal Council and its supporters.
Anything but state-run
Officially, the Federal Council justifies its new attempt by arguing that the first proposal failed due to resistance against private issuers. A glance at the VOX analysis of that referendum is enough to see that completely different factors played a role. Since 1977, the market research institute gfs.bern has used its VOX analysis to survey voters after referendums and determine why they voted for or against a legislative proposal. The analysis of the 2021 E-ID vote shows that data protection and the role of the state were the decisive concerns of the No camp. The role of private issuers was secondary. The debate was therefore generally about data protection – not primarily about whether private companies or the state should issue the E-ID. It becomes clear that the Federal Council was merely looking for a pretext to relaunch the law.
Even the claim that the new E-ID is purely state-run does not stand up to scrutiny. The Federal Office of Police (fedpol) relies on private partners. It awarded the online verification of applicants to the Lausanne IT company ELCA Informatique SA. In addition, the Federal Wallet app – the digital wallet in which the identity is stored – can only be downloaded via Google Play and the Apple App Store. Swiss citizens are thus once again dependent on Big Tech. When the Federal Council claims that the new E-ID is now «state-run,» it is nothing more than deceptive labeling.
Support me with Bitcoin
Address: bc1qh46yexw0utwq5kcjnrs4tp6frpkr06w4tjmfxx
Insufficient Data Protection
The E-ID is supposedly «secure», and concerns about data protection are unfounded – that’s the mantra of the Yes camp. But even a brief look at the facts raises doubts. The Federal Office of Police is responsible for storing and managing the data. That this particular authority should inspire citizens’ trust seems questionable. Only recently, fedpol made headlines after a hacker attack: sensitive data subsequently appeared on the darknet.
The issuance process, regulated in Art. 17 of the law, is also problematic from a data protection perspective. Anyone applying for an E-ID must submit a facial video – the so-called video identification procedure. The presented ID document is compared with the person in the video and checked for authenticity. But the technology has a weakness: deep-fake videos are now widespread. With photos circulating online, which practically everyone shares on social media, deceptively authentic forgeries can be created. The risk: digital identities could be obtained fraudulently with relative ease.
Germany provides a cautionary example. There, the Chaos Computer Club managed to gain access to thousands of electronic patient records through poorly secured medical practices and manipulated health cards. Why should Switzerland be immune to similar scenarios? That the federal government itself does not rule out the danger is evident from the law. According to Art. 27, data must be stored for twenty years, with biometric data only deleted five years after the E-ID expires. This long retention period allows only one conclusion: the federal government anticipates identity theft and wants to ensure traceability in case of emergency. Indirectly, it thus admits that someone could use an E-ID under a false identity for years.
Deceptive Voluntariness
Supporters constantly emphasize the voluntary nature of the E-ID. But a closer look at the law shows: there is no such thing as true voluntariness. Art. 24 obliges all authorities and bodies with public duties to accept the E-ID. Art. 25 does stipulate that a passport under Art. 14 must also be accepted – but only if the person «appears in person». This may sound like a choice, but in practice it’s a sleight of hand. For online services like Instagram, Netflix, or e-commerce, nobody can «appear in person». That leaves the E-ID as the only option. The result: for almost all digital activities, the E-ID becomes mandatory. Examples from Austria, Sweden, and Estonia show how quickly a digital identity shifts from a supposedly voluntary offer to a de facto requirement. Those who don’t use it can hardly manage even basic everyday tasks.
In Switzerland too, the E-ID will become a prerequisite for essential services. Ordering a criminal record extract by mail will no longer be possible – only with an E-ID or by appearing at the counter. The organ donor registry will in future be accessible exclusively via the E-ID, as will the electronic patient record, which will thus become the standard. All of these are forms of indirect coercion that undermine the claim of voluntariness.
What’s more: Art. 31 allows cantons to charge additional fees if citizens access services in person rather than digitally with the E-ID. In other words: anyone who refuses the E-ID will have to pay extra. What is sold as «voluntary» in reality means dependency – and creeping discrimination against all those unwilling to hand over their identity to electronic access.
Undermined Democratic Rights
The E-ID law threatens a further erosion of democratic rights. Art. 30 grants the Federal Council extensive powers: it may unilaterally expand the trust infrastructure and information system of the E-ID with additional elements – including particularly sensitive personal data such as health information or details about political activities. Only after up to two years must it seek Parliament’s approval. If approval is denied, the regulation lapses – but by then, the Federal Council could already have created facts on the ground. In other words: for two years it could add new, sensitive data fields to the E-ID by decree, without involving either the people or Parliament. Experience shows that the Federal Council often uses such latitude to introduce new regulations. A likely example would be a digital health pass via the E-ID, widely required in times of crisis. This represents a massive delegation of powers that undermines democratic rights.
Art. 32 goes even further: it authorizes the Federal Council to «independently conclude international treaties». This means it could sign agreements on the E-ID without any input from the people or Parliament. Officially, this is intended to facilitate the use and legal recognition of the Swiss E-ID abroad – as well as the recognition of foreign E-IDs in Switzerland. But the proposal also grants the Federal Council the power to unilaterally enact all provisions needed to implement such treaties. Once the EU fully establishes its own E-ID system, the Federal Council could directly adopt Brussels’ requirements into Swiss law – without voters ever having a say.
Lack of Transparency
The Federal Council and its supporters claim that the E-ID is transparent. In reality, it is not. Genuine transparency would require the disclosure of the software’s source code. But this is precisely what the E-ID law rules out: according to Art. 12, the source code may remain secret for reasons of third-party rights protection or security. Open source, therefore, is out of the question.
Art. 12, Para. 1 does oblige the Federal Office for Information Technology and Telecommunications (BIT) to disclose the source code of the trust infrastructure. At first glance, this sounds like transparency. But Para. 2 severely limits this obligation: the source code, or parts of it, will not be published if «third-party rights or security-related reasons would exclude or restrict this». The original draft only mentioned security reasons – Parliament later added the clause about «third-party rights».
This gives private providers supplying software to the federal government a convenient loophole: by invoking license rights, they can deny access. As a result, the public cannot know which programs run in the background or how data is processed. Real oversight thus becomes impossible. Anyone building a system that processes such sensitive data should instead guarantee that the public can fully understand how the technology works.
Instead, the federal government relies on Security by Obscurity – the attempt to achieve security by keeping the inner workings secret. Experts have criticized this approach for years. The US National Institute for Standards and Technology explicitly advises against it.
Total Surveillance
With the E-ID, the state gains an instrument to monitor its citizens at every turn. Physical IDs leave hardly any digital traces: they are rarely required and the data is generally not stored. With the E-ID, it's different. Each presentation of the electronic ID generates personal data that is stored. This provides the state with a surveillance tool that far surpasses the control capabilities of totalitarian systems of the 20th century – and poses a significant threat to fundamental rights in Switzerland.
Supporters promise that no user profiles will be created and everything will remain anonymous. But Art. 10 Para. 3 already shows the weakness: While the FOITT does not have access to the contents of the credentials – except based on the data generated by queries. With each query, with each login, metadata accumulates at the FOITT: IP addresses, timestamps, port numbers, and more. This creates a comprehensive data package that is centrally stored. Articles 2 and 3 of the law regulate the registers at the FOITT. There too, it states that direct attribution to individuals is not intended. But again, there are exceptions: Personal data collected when querying the basic register may indeed be evaluated by name – permitted by Art. 57o Para. 1 lit. a and b of the Government and Administration Organisation Act (GAOA), for instance in cases of «concrete suspicion of misuse» or to «counter concrete threats». A mere suspicion is therefore sufficient to scrutinize login data. Through IP addresses and timestamps, devices, operating systems, and usage habits can be identified. The state could create a detailed profile from this: when, how often, and at what times a person logs in. Additionally, there are possible provider queries that could even reveal visited domains or geodata from mobile phone towers. This leaves only a paper-thin boundary between supposedly anonymous use and actual traceability. Even with the slightest suspicion, identity can be disclosed. The potential for abuse of power is thus built into the law – and all experience shows: whatever powers the state receives, it will use.
There is no such thing as a free lunch
Another myth from the Yes camp is that the state E-ID is free. But state services are always funded by taxpayers – and therefore can never truly be free. Regardless, the Swiss E-ID project is anything but cheap: between 2023 and 2028, around 180 million francs are earmarked for developing and operating the infrastructure. From 2029 onwards, about 25 million francs in ongoing costs will be added each year. These enormous sums will ultimately be borne by all taxpayers – including those who do not want to use the E-ID at all.
A Digital Identity is Not Needed
The question arises: why do we need a digital proof of identity at all? The federal government cites two reasons. First, the E-ID is supposedly required for government transactions. But an official government login already exists for this purpose – making an additional E-ID redundant. Second, it is intended for age verification in everyday life, such as at supermarkets or kiosks. But here too, the physical identity card is entirely sufficient. In fact, it is the better solution, because it leaves no digital traces and protects privacy more effectively. In short: conventional IDs are clearly superior to the E-ID in terms of both security and data protection.
Referendum Campaign in the Final Sprint
The campaign for the upcoming vote is entering its final phase. I have laid out in detail why the Swiss E-ID law is dangerous, unnecessary, and should be rejected. Many more arguments could be made, but this would go beyond the scope. The civil rights movement MASS-VOLL!, of which I am a member, launched the referendum in January. With the signatures it collected, it played a decisive role in ensuring that the Swiss people can vote on this proposal on September 28. If you are a Swiss citizen and want to bury the looming digital identity at the ballot box, please support the referendum campaign of MASS-VOLL! now. More information can be found here.
Switzerland stands at a crossroads: either it rejects the Federal Council’s totalitarian plans – or it takes a massive step toward a surveillance state. Compared to the introduction of the E-ID, even the Secret Files Scandal seems like a children’s birthday party. Back in 1989, a parliamentary investigation revealed that the Federal Police had systematically monitored nearly a million people for decades – a scandal that deeply shook public trust. Today, however, the Swiss are the only people in the world with the privilege of deciding for themselves at the ballot box whether to stop the state’s aggressive surveillance drive.
This article also appeared in German on «StrauMedia» and as a column on the portal of the «Freie Akademie für Medien & Journalismus», published by media scholar Prof. Michael Meyen and journalist Antje Meyen.
Der digitale Fichenstaat
Weltweit gewinnt die digitale Identität an Boden. Die EU arbeitet an einer Altersverifikations-App, die die E-ID direkt mit den Online-Aktivitäten der Bürger verknüpfen soll. Der Prototyp läuft bereits in Italien, Dänemark, Spanien und Griechenland. Parallel dazu wird eine