Well, this isn’t what I was talking about but to your size point: there have been security bugs in the infrastructure which Estonia has been been aggressive in addressing, unlike DE, but that also matters in EE because they actually use the infrastructure.
When the chip IDs were rolled out in DE the Bundestag didn’t put in place any rules requiring that that banks or others be required to use the PKI (even only when offered and available) to protect and authenticate personal information. So of course the banks didn’t bother. Without any major use case, nobody else did either.
This was claimed at the time to be a way to let business lead, but really it was because business were happy not to have to provide extra privacy protection so lobbied against it.
Compare that to chips in credit cards in the 1990s: they really cared about protecting money so put in all sorts of rules to make the use mandatory.
When the chip IDs were rolled out in DE the Bundestag didn’t put in place any rules requiring that that banks or others be required to use the PKI (even only when offered and available) to protect and authenticate personal information. So of course the banks didn’t bother. Without any major use case, nobody else did either.
This was claimed at the time to be a way to let business lead, but really it was because business were happy not to have to provide extra privacy protection so lobbied against it.
Compare that to chips in credit cards in the 1990s: they really cared about protecting money so put in all sorts of rules to make the use mandatory.