zlacker

You're basically correct. But it's also a weird thing to refute in the first place? How do you hack a "passport" or your "social security card"? Artisanal elliptic curves from Russia and extremely deep corruption in most branches of the government?

Most human-related problems around bootstrapping one's identity still remain the same and have to be solved. Electronic identity or not. (Also see the XKCD about the "wrench attack")

But a proper ID system gives a nation the opportunity to rely on elliptic curve cryptography and an EAL4+ SmartCard or SIM. Not on a pinky promise about identity based on knowing some number, some face pics or having a gas bill.

Verizon could still leak your hypothetical future e-SSN. But then it wouldn't be sufficient for identity theft or impersonating you in some places. That's not what would be an "identity" any more.

>>Avaman+(OP)
Estonia's digital ID system is used for everything you could do with an ID and a signature in person. You can vote in elections, log in to your bank and send money, sign binding agreements, and so on. Hacking the system would mean you could, as a simple example, win elections, empty out retirement funds, and many other grim outcomes. This isn't about any one person, if you hacked the system, you could do that to the country as a whole, every single person.

>>Ethery+nc
How is it truly different to any other ID system(s) though. What unique usable possibility is provided to this hypothetical attacker and how many are taken away?

The only thing it actually differs in is scale, like you described. But scale does not mean an inherent vulnerability that can be practically exploited.

If you're however able to make everyone ignore the noise of some massive attack then you already don't need to bother with any of it anyways.

If you can attack the foundation of the system, like elliptic cryptography then every bank and retirement fund on earth is in danger. Much bigger fish to fry.