As a French person, I'm confused as to why DigiD is not a government-run project like FranceConnect is. I'm even more bewildered that an American company thought that they could take over the national identity management system of an European country, as if this was business as usual.
Aaargh20318 59 minutes ago [-]
DigiD is a government project. It's owned and operated by Logius, which is a government-owned entity.
Logius outsourced the hosting and infrastructure to Solvinity.
loupol 44 minutes ago [-]
That's a bit better but it shifts the question:
Why did they not mandate national (or at least EU-based) hosting and infra ?
It feels a bit insane in retrospect for such a critical digital service ?
Freak_NL 23 minutes ago [-]
It's an unfortunate Dutch way of doing things. The firm believe that the market will solve it if you have a contract that says thing will be solved. Write a tender, pick the cheapest party, trust in contracts, hope it won't break before you (the external contractor pushing for it) move on in a few months time.
The people who pointed out that none of the moving parts of DigiD should have been outsourced were ignored until the tide shifted this year.
I'm honestly surprised the government decided to intervene. The usual method is to keep on believing in the signed piece of paper until the shit hits the fan (like with the Fyra high speed trains) — never mind that the US (where the buyer is from) is not likely to give a toss about those pieces of paper if they need something from our data.
pyrale 35 minutes ago [-]
> Why did they not mandate national (or at least EU-based) hosting and infra ?
They did, and they moved to block the acquisition of the local company handling it. What's unclear in the article?
foresterre 13 minutes ago [-]
The "local" company is already UK owned though, so at most "European", not national or EU.
What I find strange is that the Dutch government does have its own datacenters, e.g. ODC-Noord (1), but they're still looking to outsource the hosting even after the current contract ends in 2027.
> Currently, DigiD is partially managed by Solvinity, a company owned by a British investor
Britain is neither local nor in the EU
navane 1 hours ago [-]
I'm mostly bewildered that the Dutch government was ok with that, and it took way too much effort from the opposition to get them to pivot on this.
irdc 60 minutes ago [-]
As a Dutch person, I'm not. Dutch administrators are traditionally wary of doing anything themselves that they could conceivably outsource to a commercial party. That also results in endless swarms of locus^H^H^H^H^Hconsultants feeding on our taxes.
I hate it, but what can you do, this is sadly what people here keep voting for.
spockz 48 minutes ago [-]
I’m unaware of this kind of topic ever being one of the points in election time. This as opposed to topics like animal welfare. Sovereignty is only now becoming more visible as a votable topic.
Sadly, I don’t know of a way to influence how our government practices IT. Except maybe to work for Logius. And even then there will be the topic of funding.
yxhuvud 59 minutes ago [-]
Governments are not the only players needing working digital id, and sometimes banks are faster to build it.
spockz 52 minutes ago [-]
Banks have nothing to do with DigiD. There is eidas which allows you to attest your identity using a bank.
carlosjobim 47 minutes ago [-]
The entire customs system of all of China used to be run by European foreigners. Not because of Western imperialism, but on invitation from the Chinese rulers, as a measure to combat corruption.
Some European countries right now have their currency printing and their passport printing outsourced to foreign nations.
These things aren't too unusual.
boricj 1 minutes ago [-]
For France it certainly is, probably because of our stubborn focus on strategic autonomy. For example, offshoring passport printing to me sounds like a great opportunity for identity theft and document forgery by people outside of your jurisdiction.
I do kinda get the China customs system example though, only because if corruption is bad enough that it's a greater concern than opsec, then you're kinda hosed anyways.
expedition32 21 minutes ago [-]
The Netherlands is a small but very tasty fish in a pond infested with sharks.
None of the sharks ultimately ever managed to agree who gets to eat it- because whoever did would upset the balance between the sharks.
But China and America are mega sharks who don't care about balance and want to eat everything or die trying.
outside1234 37 minutes ago [-]
Probably because it is wildly expensive to have a government directly run any tech project.
41 minutes ago [-]
37 minutes ago [-]
juliusceasar 2 hours ago [-]
Finally taking the digital threath from USA, Israel and China serious.
fidotron 48 minutes ago [-]
When EU ID is needed for Eurovision voting we can all act surprised by the change in rankings.
Freak_NL 17 minutes ago [-]
“This year's Eurovision winner: Tommy, Käärijä, and Joost, the Euroboys!”
“Huh. Israel hardly got any votes this year.”
28304283409234 50 minutes ago [-]
Yes.. their days of not taking the threat seriously certainly have come to a middle.
markus_zhang 1 hours ago [-]
What if this European company decides to contract out its job to other continents?
masfuerte 1 hours ago [-]
Then they'll be in breach of contract. Lots of government contracts have a "no outsourcing" clause.
ChrisArchitect 1 hours ago [-]
Related:
Netherlands blocks US takeover of vital digital supplier
IDK what it's like now, but DigiD used to be 2 racks in a separate cage. Even if you can access the floor, you're not getting physically near the servers.
deafpolygon 2 hours ago [-]
What's wrong with the government taking over admin of DigiD? I just don't understand why the government won't consider funding it. It's a public infrastructure service at this point.
AndrewDucker 2 hours ago [-]
For some reason the government isn't willing to pay software developer salaries. It would rather pay a company to pay them instead.
arjie 9 minutes ago [-]
That's a logical thing for governments to do. Governments are under pressure on different axes than the companies they contract to do things. Governments switching contracts won't ever make the news, but it's much harder for them to fire people in order to take advantage of increasing efficiencies. Likewise, they cannot short-term employ people easily without this structure.
tokai 1 hours ago [-]
In most cases its illegal to set up something inside the public org. It needs to be put out as a public offer. It's part of New public management pushed by neoliberal interests.
1 hours ago [-]
victorbjorklund 44 minutes ago [-]
Bullshit. Its not illegal.
moi2388 34 minutes ago [-]
It often is. Above a certain value you need EU wide bidding.
Post and trains already had to be privatised since them being government owned was deemed anti competitive by EU standards
tokai 32 minutes ago [-]
Please do a minimum of research before you call some one out on bullshit.
ur-whale 1 hours ago [-]
> What's wrong with the government taking over admin of DigiD?
Because they're a government and they are therefore going to fuck it up.
lyu07282 45 minutes ago [-]
Unfortunately you will never realize how this ideology is fucking up every facet of society and which interests that are never your own put a momentous effort into drilling that propaganda into your head.
ur-whale 3 minutes ago [-]
> that propaganda
Not big on evidence-based thinking, are you?
hesus_ruiz 58 minutes ago [-]
[dead]
jasonvorhe 25 minutes ago [-]
Good luck with digital id. Not gonna play along. No matter what.
jfyi 7 minutes ago [-]
[delayed]
hhh 24 minutes ago [-]
Why? It’s been around in the netherlands for a while and it’s extremely convenient, basically just functions as SSO for government apps.
avocadoking 1 hours ago [-]
This will be a nice money grab for some of the big european tech corps who always are late and dont care about maintenance afterwards.
I hope I'm wrong.
flexagoon 2 hours ago [-]
Why is DigiD even a product that needs constant maintenance? From my experience using it it's just a pretty simple authentication/data sharing system. Every oauth provider has something similar. Why is it a whole separate product that is owned by some company?
ivan_gammel 2 hours ago [-]
Any network service with 24x7 availability and millions of users requires constant maintenance. Hardware has some lifetime and needs to be maintained and replaced. OS needs patching. Dependencies need security updates and, time to time, migrations to next major LTS update. Sometimes new requirements come from regulatory, that need development of new features. The skill set needs to be maintained. Support requests need to be served. Law enforcement may ask for some data.
Add to this hard digital sovereignty requirements: continuity of service must be guaranteed for decades. All this requires quite a special setup in which commercial entities are rather tolerated than welcomed, but they may still make more sense than a government agency so constrained by budget process that they cannot hire any decent engineer.
Rendered at 17:24:23 GMT+0000 (Coordinated Universal Time) with Vercel.
Logius outsourced the hosting and infrastructure to Solvinity.
Why did they not mandate national (or at least EU-based) hosting and infra ?
It feels a bit insane in retrospect for such a critical digital service ?
The people who pointed out that none of the moving parts of DigiD should have been outsourced were ignored until the tide shifted this year.
I'm honestly surprised the government decided to intervene. The usual method is to keep on believing in the signed piece of paper until the shit hits the fan (like with the Fyra high speed trains) — never mind that the US (where the buyer is from) is not likely to give a toss about those pieces of paper if they need something from our data.
They did, and they moved to block the acquisition of the local company handling it. What's unclear in the article?
What I find strange is that the Dutch government does have its own datacenters, e.g. ODC-Noord (1), but they're still looking to outsource the hosting even after the current contract ends in 2027.
(1) https://www.odc-noord.nl/
> Currently, DigiD is partially managed by Solvinity, a company owned by a British investor
Britain is neither local nor in the EU
I hate it, but what can you do, this is sadly what people here keep voting for.
Sadly, I don’t know of a way to influence how our government practices IT. Except maybe to work for Logius. And even then there will be the topic of funding.
Some European countries right now have their currency printing and their passport printing outsourced to foreign nations.
These things aren't too unusual.
I do kinda get the China customs system example though, only because if corruption is bad enough that it's a greater concern than opsec, then you're kinda hosed anyways.
None of the sharks ultimately ever managed to agree who gets to eat it- because whoever did would upset the balance between the sharks.
But China and America are mega sharks who don't care about balance and want to eat everything or die trying.
“Huh. Israel hardly got any votes this year.”
Netherlands blocks US takeover of vital digital supplier
https://news.ycombinator.com/item?id=48278406
Post and trains already had to be privatised since them being government owned was deemed anti competitive by EU standards
Because they're a government and they are therefore going to fuck it up.
Not big on evidence-based thinking, are you?
Add to this hard digital sovereignty requirements: continuity of service must be guaranteed for decades. All this requires quite a special setup in which commercial entities are rather tolerated than welcomed, but they may still make more sense than a government agency so constrained by budget process that they cannot hire any decent engineer.