For one thing, any government-issued document needs to be as safe as it can possibly be. It must also address the concerns of the governed in the face of heightened surveillance and profiling by state agencies. In Germany, as in other countries, law enforcement have been granted increasing leeway in actively or passively monitoring telecommunications and transactions as well as in retaining intercepted data. However, some of these newly-passed laws and regulations have been deemed excessive by the highest courts in the land - not exactly an object lesson in trust building.
An unbiased look at what actually can - and can't - be stored on the new digital ID card might serve to inject an element of calm into the overheated discussion. The nPA has three basic components. One handles various sovereign functions, the second is the electronic ID proper, and the third is a qualified digital signature which at least initially will be offered merely an option. The card will be equipped with the same biometric features in use already for over two years in the digital passport (ePass") issued by most European countries and will contain two digital fingerprints of the bearer along with a digitized photo. The biometric data is stored directly on the card itself and not in any central government databases. Cases have been reported, though, of local authorities copying and storing the biometric data, which is not only illegal but senseless since it can serve no discernable purpose.
What this all boils down to is that the electronic ID card actually carries very little electronic information. Besides, in order to gain access to the data, authorities need to prove their legitimacy by obtaining the appropriate certificates from the Federal Office of Administration in Cologne, which is charged with examining such applications very closely.
The qualified digital signature, for which the ID card can be equipped, is based on technology that is subject to strict national law and is only an option, anyway. Besides, digital signatures haven't proven wildly popular in Germany over the past, to put it mildly.
Most of the threat scenarios being passed around nowadays don't really stand up to scrutiny, either. For one thing, unlike the electronic passport in its present form, the nPA does not allow direct access to the chip through the BAS (Basic Access Control) mechanism. Instead, the reader device is required to present a certificate every time it wants to access the data, and the card owner must confirm the legality of the process by manually entering his or her PIN (Personal Identification Number).
Of course, certain risks remain, but they seem manageable. They also appear to be more than balanced by the system's inherent advantages, mainly in the areas of strong authentication and secure access to identity data in controlled environments, both of which represent a big step forward when compared with today's existing arrangements which generally call for self-registration, or that at most rely on inherently insecure procedures involving usernames and passwords.