wallets with “high” level of assurance are based on very sophisticated hardware and software…. but credentials are issued with an (effectively) unauditable process, involving o(100k) clerks, without logging of the issuance act, without realtime background checks, with a non verifiable process, etc.
credentials of level of assurance “substantial” are based on less sophisticated hardware, by o(100) entities, with all of the above. But they are not going to be allowed in the upcoming eIDAS regulation revision (unless a miracle happens in the Trilogue)
the problem is that eidas2 is not designed with a risk based approach, evaluating the risk of all the process but assuming all links of the chain are secure by definition
pretty much like pretending that issueing a speed limit implies speed limits are 100% observed.
so it’s “high” just in the definition, not if you peel inside of the whole process.
many politicians and bureaucrats love to say “it’s high! it’ll protect citizens better!”, while the opposite is true.
eidas1 was made with a risk based approach.
when debating the issue, one member state showed to the others how a clerk could be fooled by a person pretending to be someone else using some easily available theater maquillage, thereby obtaining someone’s else digital identity.
That involved no corruption, just exploiting the mere fact that a clerk has not the legal right to touch someone’s face.
in Italy we recently discovered that mafia boss Matteo Messina Denaro had documents issued on Andrea Bonafede’s name. That has likely involved some corruption with a tip to a clerk.
