As a French person, I'm confused as to why DigiD is not a government-run project like FranceConnect is. I'm even more bewildered that an American company thought that they could take over the national identity management system of an European country, as if this was business as usual.
As a Dutch person, I'm not. Dutch administrators are traditionally wary of doing anything themselves that they could conceivably outsource to a commercial party. That also results in endless swarms of locus^H^H^H^H^Hconsultants feeding on our taxes.
I hate it, but what can you do, this is sadly what people here keep voting for.
I’m unaware of this kind of topic ever being one of the points in election time. This as opposed to topics like animal welfare. Sovereignty is only now becoming more visible as a votable topic.
Sadly, I don’t know of a way to influence how our government practices IT. Except maybe to work for Logius. And even then there will be the topic of funding.
The "local" company is already UK owned though, so at most "European", not national or EU.
What I find strange is that the Dutch government does have its own datacenters, e.g. ODC-Noord (1), but they're still looking to outsource the hosting even after the current contract ends in 2027.
It's an unfortunate Dutch way of doing things. The firm believe that the market will solve it if you have a contract that says thing will be solved. Write a tender, pick the cheapest party, trust in contracts, hope it won't break before you (the external contractor pushing for it) move on in a few months time.
The people who pointed out that none of the moving parts of DigiD should have been outsourced were ignored until the tide shifted this year.
I'm honestly surprised the government decided to intervene. The usual method is to keep on believing in the signed piece of paper until the shit hits the fan (like with the Fyra high speed trains) — never mind that the US (where the buyer is from) is not likely to give a toss about those pieces of paper if they need something from our data.
It's important to add the context that whenever our government tries to do something by themselves it ends up late and severely over budget.
So you have to weigh the risks of outsourcing to the risk of the whole thing becoming very late and very expensive. The risks around outsourcing are something further down the line, the risks of everything becoming expensive and late are something that will give the responsible politician a headache now.
The entire customs system of all of China used to be run by European foreigners. Not because of Western imperialism, but on invitation from the Chinese rulers, as a measure to combat corruption.
Some European countries right now have their currency printing and their passport printing outsourced to foreign nations.
For France it certainly is, probably because of our stubborn focus on strategic autonomy. For example, offshoring passport printing to me sounds like a great opportunity for identity theft and document forgery by people outside of your jurisdiction.
I do kinda get the China customs system example though, only because if corruption is bad enough that it's a greater concern than opsec, then you're kinda hosed anyways.
Most National governments embraced globalism and free market solutioning. It worked both ways.
American Federal Systems also have European and Indian operators but it gets more restricted depending on what part of the system you're dealing with. Even then, the operators get it wrong.
Many "American" firms are being served by Irish, Bulgarian, and Dutch operators for example. When you get to Fedpod, the restrictions are usually tiered, not all or nothing. It's why US firms got caught with Chinese handling data.
The question isn't should Europe and even America clean it up - it's how much is legitimate national soverignty and how much is going to be straight mercantilism in the Cloud/SaaS sector.
IDK what it's like now, but DigiD used to be 2 racks in a separate cage. Even if you can access the floor, you're not getting physically near the servers.
I knew a fellow with the same idea about government id of any form. No driver's license, no social security card, no state id.
To say the least, he made some pretty serious compromises in life. He was a tattoo artist with no shop and effectively homeless when I knew him, if you were curious.
When you are interacting with the government for official business, what purpose is there to hide one's identity? You can't exactly not fill in your name in your tax return.
For the non-government/private business however, it is indeed a matter of privacy. France rolled out a while ago the requirement to establish the user's age when accessing porn sites. I refuse to do that.
What's wrong with the government taking over admin of DigiD? I just don't understand why the government won't consider funding it. It's a public infrastructure service at this point.
In most cases its illegal to set up something inside the public org. It needs to be put out as a public offer. It's part of New public management pushed by neoliberal interests.
That's a logical thing for governments to do. Governments are under pressure on different axes than the companies they contract to do things. Governments switching contracts won't ever make the news, but it's much harder for them to fire people in order to take advantage of increasing efficiencies. Likewise, they cannot short-term employ people easily without this structure.
Unfortunately you will never realize how this ideology is fucking up every facet of society and which interests that are never your own put a momentous effort into drilling that propaganda into your head.
the netherlands is far from perfect but unless you have a specific grievance with their government, you really have no idea how much better it can be. it's night and day when compared with places like the united states. things can be better even though it feels impossible sometimes.
One important note: It's not the admin of the system that's in question here, that is government ran.
The company in question only provides cloud services, and has no access to any data.
> I just don't understand why the government won't consider funding it. It's a public infrastructure service at this point.
It has been 9 years since the last centrist ("purple") government in the Netherlands. 24 years since the last left-wing led government. Nothing more to it.
It's just decades of Neoliberal "outsource government tasks to the free market" policy. There really isn't any other reason; The Dutch government has multiple divisions which are quite good at IT. It could choose to do so at any moment, it just doesn't.
Voters just didn't care. The system worked fairly reliably. So they just kept voting for a very charismatic politician, regardless of the long term consequences.
Why is DigiD even a product that needs constant maintenance? From my experience using it it's just a pretty simple authentication/data sharing system. Every oauth provider has something similar. Why is it a whole separate product that is owned by some company?
Any network service with 24x7 availability and millions of users requires constant maintenance. Hardware has some lifetime and needs to be maintained and replaced. OS needs patching. Dependencies need security updates and, time to time, migrations to next major LTS update. Sometimes new requirements come from regulatory, that need development of new features. The skill set needs to be maintained. Support requests need to be served. Law enforcement may ask for some data.
Add to this hard digital sovereignty requirements: continuity of service must be guaranteed for decades. All this requires quite a special setup in which commercial entities are rather tolerated than welcomed, but they may still make more sense than a government agency so constrained by budget process that they cannot hire any decent engineer.
As a French person, I'm confused as to why DigiD is not a government-run project like FranceConnect is. I'm even more bewildered that an American company thought that they could take over the national identity management system of an European country, as if this was business as usual.
I'm mostly bewildered that the Dutch government was ok with that, and it took way too much effort from the opposition to get them to pivot on this.
As a Dutch person, I'm not. Dutch administrators are traditionally wary of doing anything themselves that they could conceivably outsource to a commercial party. That also results in endless swarms of locus^H^H^H^H^Hconsultants feeding on our taxes.
I hate it, but what can you do, this is sadly what people here keep voting for.
I’m unaware of this kind of topic ever being one of the points in election time. This as opposed to topics like animal welfare. Sovereignty is only now becoming more visible as a votable topic.
Sadly, I don’t know of a way to influence how our government practices IT. Except maybe to work for Logius. And even then there will be the topic of funding.
Governments are not the only players needing working digital id, and sometimes banks are faster to build it.
Banks have nothing to do with DigiD. There is eidas which allows you to attest your identity using a bank.
DigiD is a government project. It's owned and operated by Logius, which is a government-owned entity.
Logius outsourced the hosting and infrastructure to Solvinity.
That's a bit better but it shifts the question:
Why did they not mandate national (or at least EU-based) hosting and infra ?
It feels a bit insane in retrospect for such a critical digital service ?
> Why did they not mandate national (or at least EU-based) hosting and infra ?
They did, and they moved to block the acquisition of the local company handling it. What's unclear in the article?
They didn’t
> Currently, DigiD is partially managed by Solvinity, a company owned by a British investor
Britain is neither local nor in the EU
The "local" company is already UK owned though, so at most "European", not national or EU.
What I find strange is that the Dutch government does have its own datacenters, e.g. ODC-Noord (1), but they're still looking to outsource the hosting even after the current contract ends in 2027.
(1) https://www.odc-noord.nl/
It's an unfortunate Dutch way of doing things. The firm believe that the market will solve it if you have a contract that says thing will be solved. Write a tender, pick the cheapest party, trust in contracts, hope it won't break before you (the external contractor pushing for it) move on in a few months time.
The people who pointed out that none of the moving parts of DigiD should have been outsourced were ignored until the tide shifted this year.
I'm honestly surprised the government decided to intervene. The usual method is to keep on believing in the signed piece of paper until the shit hits the fan (like with the Fyra high speed trains) — never mind that the US (where the buyer is from) is not likely to give a toss about those pieces of paper if they need something from our data.
It's important to add the context that whenever our government tries to do something by themselves it ends up late and severely over budget.
So you have to weigh the risks of outsourcing to the risk of the whole thing becoming very late and very expensive. The risks around outsourcing are something further down the line, the risks of everything becoming expensive and late are something that will give the responsible politician a headache now.
The entire customs system of all of China used to be run by European foreigners. Not because of Western imperialism, but on invitation from the Chinese rulers, as a measure to combat corruption.
Some European countries right now have their currency printing and their passport printing outsourced to foreign nations.
These things aren't too unusual.
The Netherlands is a small but very tasty fish in a pond infested with sharks.
None of the sharks ultimately ever managed to agree who gets to eat it- because whoever did would upset the balance between the sharks.
But China and America are mega sharks who don't care about balance and want to eat everything or die trying.
For France it certainly is, probably because of our stubborn focus on strategic autonomy. For example, offshoring passport printing to me sounds like a great opportunity for identity theft and document forgery by people outside of your jurisdiction.
I do kinda get the China customs system example though, only because if corruption is bad enough that it's a greater concern than opsec, then you're kinda hosed anyways.
Probably because it is wildly expensive to have a government directly run any tech project.
Most National governments embraced globalism and free market solutioning. It worked both ways.
American Federal Systems also have European and Indian operators but it gets more restricted depending on what part of the system you're dealing with. Even then, the operators get it wrong.
Many "American" firms are being served by Irish, Bulgarian, and Dutch operators for example. When you get to Fedpod, the restrictions are usually tiered, not all or nothing. It's why US firms got caught with Chinese handling data.
The question isn't should Europe and even America clean it up - it's how much is legitimate national soverignty and how much is going to be straight mercantilism in the Cloud/SaaS sector.
Finally.
But now they want NL Wallet to use Google and Apple accounts for login, so this is happening again.
Finally taking the digital threath from USA, Israel and China serious.
Yes.. their days of not taking the threat seriously certainly have come to a middle.
When EU ID is needed for Eurovision voting we can all act surprised by the change in rankings.
“This year's Eurovision winner: Tommy, Käärijä, and Joost, the Euroboys!”
“Huh. Israel hardly got any votes this year.”
Plot twist: the data will still be stored outside of the EU - the magic of cloud computing. :D
What if this European company decides to contract out its job to other continents?
Then they'll be in breach of contract. Lots of government contracts have a "no outsourcing" clause.
IDK what it's like now, but DigiD used to be 2 racks in a separate cage. Even if you can access the floor, you're not getting physically near the servers.
Good luck with digital id. Not gonna play along. No matter what.
Why? It’s been around in the netherlands for a while and it’s extremely convenient, basically just functions as SSO for government apps.
I knew a fellow with the same idea about government id of any form. No driver's license, no social security card, no state id.
To say the least, he made some pretty serious compromises in life. He was a tattoo artist with no shop and effectively homeless when I knew him, if you were curious.
Anyway, sometimes the world moves on without you.
Yes, we need even more antisocial individualism!
When you are interacting with the government for official business, what purpose is there to hide one's identity? You can't exactly not fill in your name in your tax return.
For the non-government/private business however, it is indeed a matter of privacy. France rolled out a while ago the requirement to establish the user's age when accessing porn sites. I refuse to do that.
Related:
Netherlands blocks US takeover of vital digital supplier
https://news.ycombinator.com/item?id=48278406
What's wrong with the government taking over admin of DigiD? I just don't understand why the government won't consider funding it. It's a public infrastructure service at this point.
For some reason the government isn't willing to pay software developer salaries. It would rather pay a company to pay them instead.
In most cases its illegal to set up something inside the public org. It needs to be put out as a public offer. It's part of New public management pushed by neoliberal interests.
Bullshit. Its not illegal.
It often is. Above a certain value you need EU wide bidding.
Post and trains already had to be privatised since them being government owned was deemed anti competitive by EU standards
Please do a minimum of research before you call some one out on bullshit.
That's a logical thing for governments to do. Governments are under pressure on different axes than the companies they contract to do things. Governments switching contracts won't ever make the news, but it's much harder for them to fire people in order to take advantage of increasing efficiencies. Likewise, they cannot short-term employ people easily without this structure.
In some countries that is a dream job.
The public servant benefits in vacations, work hours, health support, plus an above average salary as highly educated technician.
> What's wrong with the government taking over admin of DigiD?
Because they're a government and they are therefore going to fuck it up.
Unfortunately you will never realize how this ideology is fucking up every facet of society and which interests that are never your own put a momentous effort into drilling that propaganda into your head.
> that propaganda
Not big on evidence-based thinking, are you?
the netherlands is far from perfect but unless you have a specific grievance with their government, you really have no idea how much better it can be. it's night and day when compared with places like the united states. things can be better even though it feels impossible sometimes.
One important note: It's not the admin of the system that's in question here, that is government ran.
The company in question only provides cloud services, and has no access to any data.
> I just don't understand why the government won't consider funding it. It's a public infrastructure service at this point.
It has been 9 years since the last centrist ("purple") government in the Netherlands. 24 years since the last left-wing led government. Nothing more to it.
It's just decades of Neoliberal "outsource government tasks to the free market" policy. There really isn't any other reason; The Dutch government has multiple divisions which are quite good at IT. It could choose to do so at any moment, it just doesn't.
Voters just didn't care. The system worked fairly reliably. So they just kept voting for a very charismatic politician, regardless of the long term consequences.
Why is DigiD even a product that needs constant maintenance? From my experience using it it's just a pretty simple authentication/data sharing system. Every oauth provider has something similar. Why is it a whole separate product that is owned by some company?
Any network service with 24x7 availability and millions of users requires constant maintenance. Hardware has some lifetime and needs to be maintained and replaced. OS needs patching. Dependencies need security updates and, time to time, migrations to next major LTS update. Sometimes new requirements come from regulatory, that need development of new features. The skill set needs to be maintained. Support requests need to be served. Law enforcement may ask for some data.
Add to this hard digital sovereignty requirements: continuity of service must be guaranteed for decades. All this requires quite a special setup in which commercial entities are rather tolerated than welcomed, but they may still make more sense than a government agency so constrained by budget process that they cannot hire any decent engineer.