The higher the goal is set, the more carefully you need to prepare for the path
By Dr. Christian Schläger, CEO of Build38
Dr. Christian Schläger, CEO of Build38
At the beginning of Cybersecurity Month, a column by Sascha Lobo appeared on SPIEGEL Online, which can be understood as a reckoning with the digital project culture in Germany. The author takes up three of the most prominent app projects (Nora, e-Prescription & ID wallet) of federal politics and describes, full of biting humor, the course of their failure.
Much wanted, poorly thought out
One of the most accurate analyses in the article is provided by the hacker Lilith Wittmann, quoted in it, on the subject of ID wallets. It paints a picture of non-specialist decision-makers in politics who set themselves big goals without giving sufficient thought to how to get there. Thus, the ID wallet was designed from the outset with serious security gaps: the DNS servers used allowed a zone transfer, which would have allowed unlawful access to the sensitive data, which in turn would have been recorded using blockchain and thus legitimized.
Shortly after the conceptual errors and security flaws of the ID wallet became known, the service was removed from the network. The outcome is uncertain.
Now it is true that it is right to withdraw a dysfunctional and security-riddled app from circulation. However, our need for a digital identification solution is just as true and real in order to take account of the progress of digitization and to make the German administration fit for the future. The example of Estonia proves that this does not have to remain a dream of the future. Its more than 1.3 million inhabitants are already benefiting from the almost complete digitization of public administration.
Don’t rely on sand – security must be the foundation of app development
The current record of digitization projects at the federal level is more than sobering. Although the need for solutions in the field of digital administration and the closely interwoven key area of digital identity has been recognized, the implementation testifies to a lack of expertise or even a lack of passion on the part of political decision-makers to bring in the necessary care in the planning.
In any case, it is to be hoped that the next federal government will also implement its ambitious promises on the subject of digitization in a timely manner. Even more important than the timely implementation, however, is the careful planning of the next attempts at the topic of digital identity and all subsequent projects based on it. Because app security must no longer be understood as a freestyle, but must rather become an absolute mandatory requirement – both in the development of consumer apps, but especially in the pioneering digitization at the federal level.