It Wallet, the glitter and the many dark sides…

Security Awareness
12 November 2024
IT-wallet-header

When our identity travels on the Web, are we sure we choose the direction?

Forgetting your driver’s license at home, not having your health card with you when you need it, standing in a long line at an administrative counter and finding that we are missing that very document that we can no longer find. Situations in which we have all come across and which, especially in our country where bureaucracy carries a lot of specific weight, can have a very disturbing impact on everyday life.
In the increasingly near future, these obstacles will no longer exist. Or at least that is the goal behind IT Wallet, the digital wallet that is being talked about a lot these days and that aims to collect in a single application on our smartphones the essential documents and information about our lives: biographical, health, economic, banking, educational, professional, etc.

Currently there are about 50 thousand Italians who are experimenting with it before the official launch scheduled for December 4. At that point the real impact of IT Wallet will be measured by the number of people who download the application and start using it. The Italian tool is considered the forerunner of the European Digital Identity Wall et (EUDI Wallet) project that will be launched in 2026. All European businesses and citizens will thus be able to authenticate their digital identity using for interactions with the public and private sectors a single ID that will dialogue with the digital wallets of the member states.

Coordinated by the Department for Digital Transformation and theAgID, the project will involve up to 44.5 million Italian citizens of age, making digitization accessible even to those who do not yet have a digital identity card or SPID.

All digital documents will be saved in the “Wallet” section of the “IO” App ready to be used initially in physical settings, such as roadside checks or access to health services. Starting in 2025, the IT-Wallet will also allow online use, as with digital payments, making everything even more convenient and integrated.

It all sounds beautiful and convenient. No more bureaucracy, endless lines at counters, dangerous forgetfulness.   

All collected in our phones, which are now real computers and without which living could be complicated. In addition, integration with the European EUDI Wallet system will enable the use of digital documents in other countries as well, facilitating travel and paperwork throughout the EU.

However, not everyone is enchanted by this prospect and awaits the novelty with open arms. On the contrary, the debate has become very heated: for lovers of digitization, this is an important milestone achieved, which will also help speed up the ecological transition given the huge amount of paper saved; for others, it is a dangerous attack on our privacy and a further attempt to control our lives.

The latter include not only the usual catastrophists ready to criminalize every new step toward technological and digital progress but also some cybersecurity experts and digital rights associations who have sounded the alarm about the potential risks.

The main concerns include:

  • The inadequacy of current authentication systems that rely on SPID or CIE and the consequent need to introduce other types of recognition, such as biometric (e.g., facial or through fingerprints), to increase the level of security. However, a solution that raises doubts and privacy issues;
  • The risk of sharing data extranationally, a service that, despite its undoubted convenience, creates questions about how and where this information will be stored and who will be able to access it;
  • The risk of exclusion. Indeed, not everyone has access to a smartphone or a stable Internet connection. This makes it difficult, especially for the elderly or those living in underserved areas, to use the application efficiently resulting in inevitable inequalities among citizens.

A further concern relates to possible forms of state storage and monitoring of this personal digital data and its use for “social credit” or “points-based citizenship” systems that reward citizens based on their behavior, granting them services or excluding them from them, as is already done in various forms in China, the United Kingdom and Israel.

Not to mention the risk of lost, broken, or stolen smartphones. Losing your phone could become a very serious problem from now on.

Last, but certainly not least, there is another point of particular concern and one that is of close interest to us: the risk of cyber breaches and attacks: such a high concentration of sensitive data in a single app is a tasty morsel for cybercriminals who are certainly abuzz these days waiting for the arrival and wide distribution of this latest digital innovation.

This is a risk that insiders are well aware of, so much so that Eurosmart (an association that brings together privacy experts) has highlighted the need for strict cybersecurity for physical wallet components.

As a result, the European Commission tasked ENISA, the EU cybersecurity agency, to provide certification support for the national and European portfolios.

As for Italy, according to available information, IT Wallet applications and features have been developed following the principles of security by design, an approach that implies that security is not a later addition, but is integrated into the development process from the beginning. This means that every step, from design to implementation, is careful to ensure that user data is protected, minimizing risks and improving system resilience.

In addition, security processes will be reviewed periodically by relevant government agencies, which will ensure that in this way the security and privacy standards of citizens will be met.

Regarding possible breaches of the “private key” of each digital wallet, IT-Wallet has introduced the use of a code or fingerprint, with the possibility of locking the wallet if the phone is stolen or lost. In addition, digital data will be encrypted and shared only temporarily with the State Mint and Printing Institute. To access services that require a higher level of security, the use of the CIE (Electronic Identity Card) will be required.

In short, it seems that along with the growth of digitization there is also an increased awareness of risks resulting in regulatory actions, at the European and individual state level, for greater protection from cyber risk.

However, this can never ensure total protection because in the field of cybersecurity, relying on protections dropped from above can be very dangerous. In fact, we know that cybercriminals, who are becoming more and more skilled and cunning, will surely be able to bypass the main protections and, as always, will look for new ways to “work their flanks” on their victims. The human factor will continue to be the weak link in the chain in an increasingly connected and digitized world in which the sensitive data of all of us will be increasingly within the reach of dark web pirates.

The only way to protect our digital identity is to strengthen our cyber knowledge and awareness of the actions we take online. To do this, it is necessary to follow customized and quality training paths, built specifically on our level of digital literacy and increasingly indispensable in the reality ahead.


Related Articles

Clusit 2024 report: data of concern

Clusit 2024 report: data of concern

Manufacturing targeted in Italy but attacks on health care grow 83% over first half of 2023.The centrality of the human factor. From the cyber front comes no good news. On the contrary, the war (because this is what it is all about) is more heated than ever and the...

read more