Susanna Sandberg: Mandatory digital authentication turns daily life into suspicion-by-default

Susanna Sandberg, a physician at the dermatology clinic at Centralsjukhuset in Karlstad, describes a modern humiliation ritual: being forced to constantly re-prove who you are to systems that claim to “help” you. In a guest column for Dagens Medicin, she likens the experience of navigating mandatory “IT aids” to dealing with patients with dementia—except the confusion is now manufactured by design, and aimed at competent adults.

Sandberg’s irritation is not with technology as such, but with the institutional logic embedded in it. Authentication becomes a permanent suspicion: every login, every re-verification, every second factor is a reminder that the system’s default assumption is fraud. The user is treated as a hostile actor, while the organization that demands proof—often one that already knows you, employs you, or holds your data—is mysteriously exempt from demonstrating competence.

This is the quiet genius of contemporary bureaucracy: it externalizes its own operational risk onto the individual. If the login flow fails, if the app is down, if the token expires, if the identity provider glitches, the cost is paid in the user’s time, stress, and lost work—not in the organization’s reputation or budget line. Sandberg’s point is that the “aid” is often indistinguishable from an obstacle course, with the user doing unpaid labor to keep the institution’s digital façade standing.

There is a lesson here that Sweden’s digitization evangelists keep missing. When access to work systems, healthcare portals, banking, or public services becomes contingent on ever-more elaborate identity checks, the state and large employers effectively turn civil life into a conditional license. The burden is not just technical; it is moral. You are required to perform compliance repeatedly, on demand, in order to be allowed to act.

Sandberg’s dementia analogy lands because it captures the asymmetry: a close relation who should recognize you nevertheless asks, again and again, “Who are you?” That is not security. That is institutional amnesia—weaponized into policy.

The same organizations that insist on relentless authentication routinely leak data, outsource systems, and botch procurements. Yet the corrective action is rarely to shrink the system, reduce data collection, or simplify access. Instead, the prescription is more identity tech, more friction, more surveillance by default—sold as “safety.”

Sandberg’s column is a small dispatch from the front lines of a larger shift: from citizenship and employment as status, to citizenship and employment as continuously revalidated access. When identity becomes a daily test, the state and its affiliated institutions no longer need to openly coerce. They can simply deny service—politely, automatically, and with a helpdesk ticket number.