DISQUS

Kari Silvennoinen · 5 months ago

The Finnish government has embraced the internet banking authentication (after a spectacular failure of electronic national id authentication system) to such extent that you need those to report a (small) crime to police (they don't take phone calls anymore, just a web form). Also, you can use them among other things to change address, get some of your mail (invoices, official notices, salary receipt) as e-post, a credit card or an internet domain.

But you're right, in some cases the application comes later in the mail with a dotted-line and return envelope. Even though a signature is easier to forge than a HTTPS connection, the former has longer precedent in law (or a law requires a written contract) and isn't vulnerable to class (or wholesale) attacks.

Anyway, going to your questions. I don't believe that there is such a secure communication, but it doesn't matter, because we have checks and laws that have traditionally taken care of most problems. The benchmark isn't fool-proof system, but what could be reasonably required to assure validity of the transaction. You can forge a ID and signature, but the risk hasn't been so small that it's accepted.

So, I wouldn't say that financial or official matters (I was interviewed by the police using e-mail once, for crying out loud) are in the old world anymore, at least for the citizens. However, health care is. My father, a medical doctor, has as his out of office message a reminder that e-mail isn't a secure medium and how the data protection ombudsman is strictly against handling patient information on it.

And the reason, I believe, is simple. We have insurances against financial losses in case of fraud, but once your sensitive data is out there, you can't take it back.

vincentvw · 5 months ago

I think your last line summarises the reason perfectly.