Door veni: Because the problem seems to be that, we are kind of forced, or let's say pushed, to use DigiD. So it's like we give up our data to vulnerable systems that cannot guarantee at 100% our privacy and security.
Here's how I see it.
Back in the old days, if you wanted a long-lasting parking permit for say Amsterdam, you'd go to the city hall and identify yourself by telling your name and date of birth, and authenticate using your passport.
To do that nowadays, you'd navigate to
https://www.amsterdam.nl/parkeren-verkeer/parkeervergunning/aanvragen/ and log on using DigiD. As both an
absolute identification- and
authentication-service provider, DigiD is comparable to showing your passport to someone who authenticates you - albeit online. A difference with your passport is that the DigiD organization can (and probably does) keep track of each website you use DigiD to log on to.
However, such tracking is, IMO most likely, only used for auditing purposes and/or to detect abuse of the system. Considering the frequency that I use DigiD and the types of websites I use DigiD to log on to (such as de Belastingdienst),
even if this information (which site did I visit when) would be leaked and published online, this wouldn't worry me much. Furthermore, how organizations (such as the municipality of Amsterdam) treat your personally identifyable information, is out of scope for Logius. Also, paper communication with an organization typically also results in them storing your PII so your risks are not limited to DigiD (example:
https://www.security.nl/posting/699474/Harde+schijf+met+data+30_000+mensen+gestolen+bij+gemeente+Amsterdam).
In addition, one should keep in mind
why you'd want to identify and authenticate yourself, for example using DigiD. Often reliable authentication is
in your own interest - primarily to prevent someone else from "proving" they are you.
An advantage of a federated identification and authentication system such as DigiD is that
one centralized system takes care of this, instead of thousands of organizations. This means that I don't have to have "an account" I can log on to at multiple of those organizations I want to (or must) communicate with; one DigiD account suffices. Furthermore, if I'd have to log on directly to each individual organization, each of them would have to store my credentials - with an increased risk of getting stolen. Also this raises the question of how to authenticate yourself while creating your account, and re-authenticating after you've forgotten your password. Using multiple log on systems probably leads to a lot more "privacy" risks - not of the type "being tracked by the government", but by criminals stealing your identity.
Which brings us to a related topic: the definition of (online/digital) privacy. Here's an attemp I made last year:
https://www.security.nl/posting/676448/privacy+%3D+1_%28misbruik+risico%29. In any case I suggest you clearly define "privacy" in your thesis, because readers may have quite different associations with that word.
Door veni: Although In understand that there is no such thing as a 100% safe and secure identification system, why does it mean that we have to accept it and even worst, not even question it...?
There is an alternative, and we (anyone willing to consider their own risks and those of others) should definitely question it. For example, DigiD has proven to be vulnerable to phishing attacks and to stealing letters (the paper type) with credentials out of recipient's mailboxes. It also worries me that some people are using insecure or even compromised devices to authenticate themselves with.
Door veni: Almost all of my interviewees never thought about their privacy when dealing with digid... so what can we do as citizens to ensure our privacy?
That depends on your definition of privacy. Whether they like it or not, citizens will have to interact with governmental- and some other organizations that require absolute identification and authentication. It is in your interest that it is hard
for someone else to request a grant (subsidy e.g. for solar panels) in your name and collect the money; your risk is that
you will have to pay back if someone finds out that there are no solar panels on
your roof.
IMO identity theft is one of the biggest privacy risks, but not everyone may agree that identity theft
is a privacy risk.
Door veni: What do you do? Should we just accept it and cross our fingers? Should we refuse to do everything digitally and prefer to fill up paperwork?
Filling up paperwork is not the same as to authenticate yourself. Neither is adding a copy of your passport (because anyone who gets their hands on that copy, can resend it and claim to be you).
Door veni: I've interviewed a representative of Logius and he told me an analogy that still bothers me... He said "DigiD is like the front door of your house. It is very secure. You have CCTV and locks, it's safe. But then, when we give DigiD to other organizations, it's like the back door of your house is opened."
I don't think that they "give DigiD to other organizations". I have a name and a BSN assigned to me, but I do not "have a DigiD". I have an account on the DigiD server though. After I log on to DigiD in the Amsterdam example above, Logius tells Amsterdam's server: "the person logging in to your site is Erik van Straten, born dd-mm-yyyy in someplace with BSN nnnnn. And we're pretty sure it's him".
Although one could argue that they "give DigiD to other organizations" should be interpreted in the sense that only specific organizations are entitled to use DigiD (that is, redirect users to the DigiD server for authentication) - and only after being audited and found to have reasonable security in place (which apparently is not without exceptions, for example see
https://www.security.nl/posting/689686/De+Jonge%3A+GGD+voldoet+niet+aan+beveiligingseisen+DigiD).