Pefias web ID plan 'one of the most dangerous schemes of the past decade'

Privacy International says the upcoming EU electronic identification system poses the most significant threat to online freedom of recent times

A leading privacy campaigner has described an upcoming EU electronic identification system as "one of the most dangerous schemes of the past decade", after it emerged the scheme will require website owners to register their identity.

Simon Davies, the director-general of UK-based Privacy International, told ZDNet UK that the pan-European framework for electronic identification, authentication and signature (Pefias) would effectively lead to a "state licence [for] people wanting to exercise their right of free expression online", and give rights-holders a way to identify individuals and site owners who infringe on copyright.

"By establishing an identity framework the Commission is inviting a free-for-all on the privacy rights of all users," Davies said. "This is one of the most dangerous schemes of the past decade. The Commission is proposing an identity architecture that blatantly, dangerously and irresponsibly shifts copyright enforcement and content liability directly from service providers to consumers."

Pefias was first mentioned last November as a way for people to secure electronic transactions. As ZDNet UK reported earlier this month, it will also be used as an age-verification tool for accessing online content.

On Tuesday, the European Commission quietly alluded to yet another purpose for the framework: the registration of websites. The scheme will "set out minimum requirements for information on website localisation and on the legal existence of its owner, to guarantee the authenticity of the website", the Commission said near the bottom of its newly-published 'Consumer Agenda' (PDF).

At the moment, European domain registries such as Nominet require commercially trading operations to provide accurate WHOIS data for their site registrations, and their terms and conditions also ask for individuals and other organisations to say who they are when they register domains. The registries do not generally require hard proof of identity, however.

The Commission is due to make its full Pefias proposals next week, leaving the snippets that have emerged through other pieces of policy the only clues so far to the scheme's precise nature.

However, Davies said the wording of these snippets was alarming.

"In using such words as 'guarantee', the Commission is clearly pushing for a passport-level standard of identification," Davies said. "The identity system that will emerge will become the single greatest threat to online freedom in recent times."

The privacy campaigner added that he suspected the e-ID scheme had initially been well-intentioned, but that "some key policy-makers" were using its mechanism "to the benefit of protecting rights holders".

"There is no doubt that the high-integrity identity registers that emerge from this scheme will be available to all governments and law enforcement agencies," he said. "The proposals target 'website owners' rather than 'domain owners', which will result in granular policing of the internet."

The Pefias proposals will come from the office of digital agenda commissioner Neelie Kroes. Kroes's spokesman, Ryan Heath, told ZDNet UK that the proposals "are not a threat to online freedom".

"Quite the opposite," Heath insisted. "They will give people new freedoms and opportunities. Neelie Kroes cares deeply about online freedom as she has said time and time again. She would not put her name to proposals that reduce fundamental rights."