Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
jonathanstrange 7 hours ago

We're talking about an essential government service, not just another weather app. You have to look at this through the lense of national security, the debate about EU digital sovereignty, and the requirements of the GDPR in light of the US CLOUD Act, as well as prior decisions of EU courts about these issues.

mytailorisrich 7 hours ago | parent [-]

Yes all that you wrote is true. But that does not magically change anything to what I previously stated: in the real world all smartphones are either Apple or Android...

I don't know what the eIDAS 2.0 requires in term of security but it may make the choice the implementers made here unavoidable in practice, as hinted by @webhamster.

If so, it seems that a solution, if technically possible, might be to mandate that OSes provide the required security features without tie-in.

The outrage in the comments feels a bit like people yelling at clouds...

Hackbraten 3 hours ago | parent | next [-]

> in the real world all smartphones are either Apple or Android...

So you're claiming that Mobian doesn't exist? PureOS doesn't exist? PostmarketOS doesn't exist? Ubuntu Touch doesn't exist? SailfishOS doesn't exist?

taotau 6 hours ago | parent | prev | next [-]

correction. in the real world all smartphones are either apple, android or none/other. in terms of legals, you really do have to cater to all three, which is why we don't have one world government.

mytailorisrich 3 hours ago | parent [-]

This is about a digital wallet, so people who don't have a smartphone are out of scope.

Now, "other" than Apple/Android is so small as to be negligible and governments also have a duty not to waste taxpayers' money, which means not spending hundreds of thousands to cater for an ultra small number of people who have an easy access to an alternative.

To have government apps work only on iOS and Android is perfectly reasonable in the current state of the world where this covers 99% of smartphones.

znort_ 2 hours ago | parent | next [-]

> To have government apps work only on iOS and Android is perfectly reasonable in the current state of the world where this covers 99% of smartphones.

the fundamental flaw with that approach is that it is totally unreasonable to have government apps in anything other than open source and fully public systems. nothing else can really be trusted, and any private/closed source option should be disqualified from the get go.

the reason is simple: you can't trust private entities or opaque systems, and you can't trust government either, thus the solution has to be fully transparent or you're doing nothing.

the problem with that is that it is hard, expensive and/or inconvenient.

limagnolia an hour ago | parent | prev [-]

Why should I have to have a smartphone to have a digital wallet? Smart watches, tablets, laptops, portable game consoles, etc, are all perfectly cromulent hardware for running a digital wallet.

jonathanstrange 3 hours ago | parent | prev [-]

Essential EU government services cannot be devised on the hope that US companies will invent something that - contrary to current US legislation - will somehow provide the attestation services needed in a GDPR-compliant way without forcing EU citizens to provide personal data to US companies.

If it's not possible to create such a system for mobile phones because of legal issues (as you seem to acknowledge and judges have found in the past), then the focus would have to be on creating hardware devices in the EU, ideally with open source hardware and software. These can be made reasonably secure, have been used by banks for a long time, and would enhance digital sovereignty.

What I find unacceptable is the attitude "well, it will violate the law but as a matter of practicality it's the only choice we have right now so we'll just do it."