As a French person, I'm confused as to why DigiD is not a government-run project like FranceConnect is. I'm even more bewildered that an American company thought that they could take over the national identity management system of an European country, as if this was business as usual.
It's an unfortunate Dutch way of doing things. The firm believe that the market will solve it if you have a contract that says thing will be solved. Write a tender, pick the cheapest party, trust in contracts, hope it won't break before you (the external contractor pushing for it) move on in a few months time.
The people who pointed out that none of the moving parts of DigiD should have been outsourced were ignored until the tide shifted this year.
I'm honestly surprised the government decided to intervene. The usual method is to keep on believing in the signed piece of paper until the shit hits the fan (like with the Fyra high speed trains) — never mind that the US (where the buyer is from) is not likely to give a toss about those pieces of paper if they need something from our data.
It's important to add the context that whenever our government tries to do something by themselves it ends up late and severely over budget.
So you have to weigh the risks of outsourcing to the risk of the whole thing becoming very late and very expensive. The risks around outsourcing are something further down the line, the risks of everything becoming expensive and late are something that will give the responsible politician a headache now.
I work (and always has) in the private sector and we can be even better at ending up over budget and be even later at delivery. I don’t believe for a moment that the government has a monopoly on underachieving!
Outsourced stuff is late and expensive too, just not directly the responsibility of the minister or secretary of state because of the magic piece of paper in between.
IT is hardly something we need to do occasionally, so build up a department that can do it (not just write up huge reports about what it should do and outsource, like Logius) and invest in the people that will work there (retaining them as much as possible). Give a big middle finger to consultants, and listen to the tech experts. Build boring stuff that works instead of a new app every month.
It's not impossible in theory, and cheaper in the long run. It's impossible because asshats who would actually benefit from left and centre politics keep voting right-wing parties in to power.
The "local" company is already UK owned though, so at most "European", not national or EU.
What I find strange is that the Dutch government does have its own datacenters, e.g. ODC-Noord (1), but they're still looking to outsource the hosting even after the current contract ends in 2027.
I suspect that most government departments see data centers as a liability and are very happy to outsource to the big providers, apart perhaps from the ones hosting stuff they don't really want you to know about.
It's always better to be able to blame a supplier for something going wrong if you're a senior leader or politician. For some reason, if it does happen no one has to resign.
There is loads of UK Critical National Infrastructure on AWS, probably Azure too. And the Home Office put up £10 million tender to shut down an old data centre not that long ago without a confirmed replacement - https://www.find-tender.service.gov.uk/Notice/018193-2024
Most National governments embraced globalism and free market solutioning. It worked both ways.
American Federal Systems also have European and Indian operators but it gets more restricted depending on what part of the system you're dealing with. Even then, the operators get it wrong.
Many "American" firms are being served by Irish, Bulgarian, and Dutch operators for example. When you get to Fedpod, the restrictions are usually tiered, not all or nothing. It's why US firms got caught with Chinese handling data.
The question isn't should Europe and even America clean it up - it's how much is legitimate national soverignty and how much is going to be straight mercantilism in the Cloud/SaaS sector.
As a Dutch person, I'm not. Dutch administrators are traditionally wary of doing anything themselves that they could conceivably outsource to a commercial party. That also results in endless swarms of locus^H^H^H^H^Hconsultants feeding on our taxes.
I hate it, but what can you do, this is sadly what people here keep voting for.
I’m unaware of this kind of topic ever being one of the points in election time. This as opposed to topics like animal welfare. Sovereignty is only now becoming more visible as a votable topic.
Sadly, I don’t know of a way to influence how our government practices IT. Except maybe to work for Logius. And even then there will be the topic of funding.
The entire customs system of all of China used to be run by European foreigners. Not because of Western imperialism, but on invitation from the Chinese rulers, as a measure to combat corruption.
Some European countries right now have their currency printing and their passport printing outsourced to foreign nations.
For France it certainly is, probably because of our stubborn focus on strategic autonomy. For example, offshoring passport printing to me sounds like a great opportunity for identity theft and document forgery by people outside of your jurisdiction.
I do kinda get the China customs system example though, only because if corruption is bad enough that it's a greater concern than opsec, then you're kinda hosed anyways.
IDK what it's like now, but DigiD used to be 2 racks in a separate cage. Even if you can access the floor, you're not getting physically near the servers.
When you are interacting with the government for official business, what purpose is there to hide one's identity? You can't exactly not fill in your name in your tax return.
For the non-government/private business however, it is indeed a matter of privacy. France rolled out a while ago the requirement to establish the user's age when accessing porn sites. I refuse to do that.
I knew a fellow with the same idea about government id of any form. No driver's license, no social security card, no state id.
To say the least, he made some pretty serious compromises in life. He was a tattoo artist with no shop and effectively homeless when I knew him, if you were curious.
What's wrong with the government taking over admin of DigiD? I just don't understand why the government won't consider funding it. It's a public infrastructure service at this point.
That's a logical thing for governments to do. Governments are under pressure on different axes than the companies they contract to do things. Governments switching contracts won't ever make the news, but it's much harder for them to fire people in order to take advantage of increasing efficiencies. Likewise, they cannot short-term employ people easily without this structure.
In most cases its illegal to set up something inside the public org. It needs to be put out as a public offer. It's part of New public management pushed by neoliberal interests.
One important note: It's not the admin of the system that's in question here, that is government ran.
The company in question only provides cloud services, and has no access to any data.
> I just don't understand why the government won't consider funding it. It's a public infrastructure service at this point.
It has been 9 years since the last centrist ("purple") government in the Netherlands. 24 years since the last left-wing led government. Nothing more to it.
It's just decades of Neoliberal "outsource government tasks to the free market" policy. There really isn't any other reason; The Dutch government has multiple divisions which are quite good at IT. It could choose to do so at any moment, it just doesn't.
Voters just didn't care. The system worked fairly reliably. So they just kept voting for a very charismatic politician, regardless of the long term consequences.
the netherlands is far from perfect but unless you have a specific grievance with their government, you really have no idea how much better it can be. it's night and day when compared with places like the united states. things can be better even though it feels impossible sometimes.
Unfortunately you will never realize how this ideology is fucking up every facet of society and which interests that are never your own put a momentous effort into drilling that propaganda into your head.
Why is DigiD even a product that needs constant maintenance? From my experience using it it's just a pretty simple authentication/data sharing system. Every oauth provider has something similar. Why is it a whole separate product that is owned by some company?
Any network service with 24x7 availability and millions of users requires constant maintenance. Hardware has some lifetime and needs to be maintained and replaced. OS needs patching. Dependencies need security updates and, time to time, migrations to next major LTS update. Sometimes new requirements come from regulatory, that need development of new features. The skill set needs to be maintained. Support requests need to be served. Law enforcement may ask for some data.
Add to this hard digital sovereignty requirements: continuity of service must be guaranteed for decades. All this requires quite a special setup in which commercial entities are rather tolerated than welcomed, but they may still make more sense than a government agency so constrained by budget process that they cannot hire any decent engineer.
Logius outsourced the hosting and infrastructure to Solvinity.
Why did they not mandate national (or at least EU-based) hosting and infra ?
It feels a bit insane in retrospect for such a critical digital service ?
The people who pointed out that none of the moving parts of DigiD should have been outsourced were ignored until the tide shifted this year.
I'm honestly surprised the government decided to intervene. The usual method is to keep on believing in the signed piece of paper until the shit hits the fan (like with the Fyra high speed trains) — never mind that the US (where the buyer is from) is not likely to give a toss about those pieces of paper if they need something from our data.
So you have to weigh the risks of outsourcing to the risk of the whole thing becoming very late and very expensive. The risks around outsourcing are something further down the line, the risks of everything becoming expensive and late are something that will give the responsible politician a headache now.
IT is hardly something we need to do occasionally, so build up a department that can do it (not just write up huge reports about what it should do and outsource, like Logius) and invest in the people that will work there (retaining them as much as possible). Give a big middle finger to consultants, and listen to the tech experts. Build boring stuff that works instead of a new app every month.
It's not impossible in theory, and cheaper in the long run. It's impossible because asshats who would actually benefit from left and centre politics keep voting right-wing parties in to power.
They did, and they moved to block the acquisition of the local company handling it. What's unclear in the article?
What I find strange is that the Dutch government does have its own datacenters, e.g. ODC-Noord (1), but they're still looking to outsource the hosting even after the current contract ends in 2027.
(1) https://www.odc-noord.nl/
It's always better to be able to blame a supplier for something going wrong if you're a senior leader or politician. For some reason, if it does happen no one has to resign.
There is loads of UK Critical National Infrastructure on AWS, probably Azure too. And the Home Office put up £10 million tender to shut down an old data centre not that long ago without a confirmed replacement - https://www.find-tender.service.gov.uk/Notice/018193-2024
> Currently, DigiD is partially managed by Solvinity, a company owned by a British investor
Britain is neither local nor in the EU
American Federal Systems also have European and Indian operators but it gets more restricted depending on what part of the system you're dealing with. Even then, the operators get it wrong.
Many "American" firms are being served by Irish, Bulgarian, and Dutch operators for example. When you get to Fedpod, the restrictions are usually tiered, not all or nothing. It's why US firms got caught with Chinese handling data.
The question isn't should Europe and even America clean it up - it's how much is legitimate national soverignty and how much is going to be straight mercantilism in the Cloud/SaaS sector.
I hate it, but what can you do, this is sadly what people here keep voting for.
Sadly, I don’t know of a way to influence how our government practices IT. Except maybe to work for Logius. And even then there will be the topic of funding.
Some European countries right now have their currency printing and their passport printing outsourced to foreign nations.
These things aren't too unusual.
I do kinda get the China customs system example though, only because if corruption is bad enough that it's a greater concern than opsec, then you're kinda hosed anyways.
None of the sharks ultimately ever managed to agree who gets to eat it- because whoever did would upset the balance between the sharks.
But China and America are mega sharks who don't care about balance and want to eat everything or die trying.
“Huh. Israel hardly got any votes this year.”
But now they want NL Wallet to use Google and Apple accounts for login, so this is happening again.
Netherlands blocks US takeover of vital digital supplier
https://news.ycombinator.com/item?id=48278406
For the non-government/private business however, it is indeed a matter of privacy. France rolled out a while ago the requirement to establish the user's age when accessing porn sites. I refuse to do that.
To say the least, he made some pretty serious compromises in life. He was a tattoo artist with no shop and effectively homeless when I knew him, if you were curious.
Anyway, sometimes the world moves on without you.
The public servant benefits in vacations, work hours, health support, plus an above average salary as highly educated technician.
Post and trains already had to be privatised since them being government owned was deemed anti competitive by EU standards
The company in question only provides cloud services, and has no access to any data.
> I just don't understand why the government won't consider funding it. It's a public infrastructure service at this point.
It has been 9 years since the last centrist ("purple") government in the Netherlands. 24 years since the last left-wing led government. Nothing more to it.
It's just decades of Neoliberal "outsource government tasks to the free market" policy. There really isn't any other reason; The Dutch government has multiple divisions which are quite good at IT. It could choose to do so at any moment, it just doesn't.
Voters just didn't care. The system worked fairly reliably. So they just kept voting for a very charismatic politician, regardless of the long term consequences.
Because they're a government and they are therefore going to fuck it up.
Not big on evidence-based thinking, are you?
Add to this hard digital sovereignty requirements: continuity of service must be guaranteed for decades. All this requires quite a special setup in which commercial entities are rather tolerated than welcomed, but they may still make more sense than a government agency so constrained by budget process that they cannot hire any decent engineer.