Tell you what, if you claw back the £100m+ blown on Michelle Mone's shitty PPE and other countless millions in corrupt COVID-era contracts then you can spend it on a digital ID scheme. But don't you dare tell us there's no money, threaten to raise our taxes, then flush half a billion on a scheme nobody wants.
The whole thing is completely mad, you need to show your passport to an employer or otherwise prove your identity before starting any job already… so what is this weird desire to completely track people really about? I honestly don’t understand what the perceived advantages for the government are? The UK is probably one of the most surveilled countries in the world already.
Let's quote the godfather of British ID cards, Tony Blair:-
> Why is TikTok so successful? Because its algorithms establish your personal preferences so quickly and satisfy them with their content. How do they do that? By accumulating your data and using the services of a huge number of computer engineers to make those algorithms so effective.
[...]
> Imagine that all your health information was in one place: easy, with your permission, for anyone anywhere in the health service to see. That your passport, driving licence, anything you need to prove your identity, were in one simple digital wallet, unique to you. That you could purchase and pay for any goods or services using your digital ID.
So the proposal isn't just a mandatory ID card - it's also the unification of all government databases.
Combining tax records, driving licenses, passports, NHS records, benefits, vehicle registration, the ability to get a job, the ability to rent a house and the ability to get a bank account into one unified super-database (with an app)
The ID being fully digital will also be a boon for the financial services industry. Today banks extending large loans can afford to check people's documents properly even if it takes a few days and a visit to a bank branch. But what payday loan companies that want to loan someone £15 for a takeaway curry on sunday evening? They don't have the margin, the time or the physical presence to check IDs properly, and often lose money to fraud because of it.
As a Finnish citizen living in the UK, I also come from a culture where a national ID system exists. I would not trust the UK to do theirs sensibly.
Even the invoked name "Digital ID" makes it very clear that this system would rely on central databases. Only. In a country where the upcoming political parties are actively proposing stripping foreigners from their immigration status, it's pretty clear that all the parties learned at least one common message from the Windrush scandal: destroying documentation of immigrants was not the problem - leaving behind evidence of such action having happened was.
EDIT: the Finnish system at least sets up _some_ guard rails around how the data is used, and mandates a physical document that one can use as a proof when (not if) the central DB is down or going through Windrush 2.0 purge.
I am indifferent to having/not having a government ID. But I just find it incredibly stupid for the government to introduce it now given the current political atmosphere.
but now is exactly the time to do it because so many people are mad about immigration and you can blame it on immgrants instead of a thirsty desire to surveil.
What would you say Sweden is doing differently than other places in terms of garnering trust with the population? You must have insights if you trust one government and not another
I think it's a bit more democratic, though many in Sweden would prefer it to be more-so. (the major parties used to just sort of agree on 95%+ of issues, leading to some disenfranchisement across the population).
I think though it's a lot about the fact that the UK is sort-of an "adversarial" kind of democracy, and Sweden is more like a "consensus" driven democracy..
The UK is also pretty often plagued by sleaze scandals for officials in public office, by contrast Swedish politicians can be incompetent or fuck-up, but there's much more public access to what they're doing.
I think it's also true that people feel that public services are pretty good, even if the healthcare system is overburdened, and that there could be more police officers: taxes are high but most people definitely think that it's worth it.
The way COVID was handled and the ongoing freedom of speech issues in the UK are also something that make me not trust the government, they'll violate my rights on a whim. Compared to Sweden where even during COVID they didn't lock down (even if it was arguably the right thing to do and would have saved a lot of lives) because it would have violated peoples rights.
I'm not going to sit here and claim that Sweden is a paragon of virtue, they get a lot wrong and there are plenty of inefficiencies, but compared to the UK it's pretty stark.
It's like comparing trust in government between the UK and Russia. (I think that's actually a pretty fair comparison, USA and UK have comparatively similar trust in government compared to Sweden vs UK).
Of all the issues in my life, paperwork has never been one of them. Yes, at certain times – couple hours a year (0.02% of a year) – it's a bit of a faff dealing with paperwork.
House prices, cost of living, lack of healthcare, my family, my health, the economy, transport, the job market etc consume 99.9% of my day-to-day general concerns.
Did people prior to the 2000s have mental breakdowns over paperwork??
How many times do you open a bank account a year??
1) Your argument is: "improving anything that doesn't effect me very much is not worth it."
I mean, there are larger things to fix, but this one is probably larger than you think, even if it's not helping you very much, it'll help crack down on illegal workers (hey, we don't like that, right?) and it'll make the social systems have much less friction.
2) Notice that outside of Stockholm, Swedish house prices are not pegged to infinite like the UK is? I'm not saying that it's because of a central ID system, but you seem to imply that it precludes reasonable house prices... which is weird.
3) The economy is better when it's more efficient. Plenty of people argue inefficiency for the sake of jobs (people pushing paperwork have jobs! cushy government jobs! without them having jobs there'll be more unemployed people! -- I see this a lot more with Americans, and I find it to be an uncompelling argument usually).
--
That is to say, I'm actually on your side, I don't trust the UK government, I'm merely offering a contra-point because in other EU countries these things are actually great and simplify a lot of things that you only really notice when you live with it - thus a lot of the hypotheticals fall on deaf ears to me.
It's like watching people argue that having legs won't improve your life because someone can take away your shoes.
Issue is that national ID in the drawer or your pocket, doesn't send your location to government. Digital ID on the phone is just one update away from doing that. Digital ID becomes a fancy name for ankle tag.
The digital authentication system is called BankID, but its effectively tied to the government ID due to the same identifier being used (personnummer).
Again, the issue is mostly trust.
PS: oh dear, oh no, I appear to have offended someone and they’re flagging me, oh dear heavens I must be incorrect then! Woe is me. /s
“Trust” has nothing to do with it. There’s no genuine public need for a government-run digital ID system in the first place. The only people who need it are the corporations who lobbied for it, because it creates new revenue streams by turning identity into a product. Once the whole country is routed through one digital choke-point, everything else follows automatically: behavioural data, movement data, payments data, cross-service profiling. And once that system exists, it only ever moves in one direction.
A paper ID sits in your pocket and minds its own business. A digital ID is one update away from becoming a tracking token. Dress it up however you like, but it’s just an ankle tag with better UX. And the UK track record on data leaks, “accidental” sharing, and mission creep is spectacularly awful. The idea that this won’t be exploited is a fairy tale.
If it goes ahead in the flavour BlackRock and WEF types dream about, expect the usual:
- services quietly tied to compliance thresholds
- financial scoring bleeding into civic rights
- automated sanctions and “risk flags”
- real-time behavioural profiles sold as “fraud prevention”
- and every data breach blamed on a junior contractor who “misconfigured a bucket”.
None of this empowers the public. It just hands more leverage to the same institutions already shaping policy from behind the curtain.
As a person who lives across a society where this exists, and has lived in multiple societies without it.
Frankly, you’re wrong.
There’s a benefit to the public.
Let me frame what I mean with a parable (and, its relevant to my point even if it seems totally unrelated, and I’m typing from my phone, so forgive the briefness).
When I dated my (now) ex-girlfriend; she used to make mention of my teeth as a negative thing, that I’d be more handsome it they weren’t crooked etc.
One christmas she purchased for me, an electric toothbrush. A fancy one, she clearly thought a lot about which one to get: but to her surprise I was unhappy.
An electric toothbrush has (mostly) benefits, this one didn’t even need new heads all the time, dentists almost universally agree that an electric toothbrush is a good option. Yet I was unhappy.
Why? because the gift was mired in the backdrop of previous conversations and self conscious issues.
A few years later, and I received an electric toothbrush as a gift again. However, this time the person giving it had never said anything to make me self concious, even better: they had previously planted an electric toothbrush head at their apartment, so I could use their electric toothbrush body when I visited (this was one of the earliest moments in the relationship and was a not-so-subtle invitation to come back).
Now; it’s the same gift. Same benefits. Why was I happy now when I wasn’t before?
The context made a huge difference.
On the one hand the first gift felt like a way of controlling me and a subtle way of putting me down (or, emotionally it felt that way- regardless of if it was well intentioned or not). The other time it was gifted; it was enhancing what we already had.
Context is important, and thats why I say: this shit is pretty good, but I totally buy why you don’t think so.
I don’t trust the UK Government is doing it for our sake either.
> Combining tax records, driving licenses, passports, NHS records, benefits, vehicle registration, the ability to get a job, the ability to rent a house and the ability to get a bank account into one unified super-database (with an app)
Incorrect. The workflow is that the citizen submits their data during onboarding. The app submits the data to its associated verification service, which polls the government API and if the check passes, returns a cryptographic signature for each specific datum, which are then used to generate digital IDs for whatever use. There's no 'unified database'.
There doesn't seem to be support for long text formats either. So on NHS records, while your status as a diabetic for instance might be there as an attribute/signature pair, yuor medical commentary wouldn't be. Perhaps that will change later, but long text doesn't appear to be in scope yet.
Are you talking about what will be stored on the phone? That's basically a distraction.
The point is to create a single ID for each person to support a unified super-database. All the chat about smartphones is to make people think that they are in control of the data and how it will be used.
If you are right and that is the point, it isn't described anywhere in the proposal which has been developed over several years. Far from from a "Unified super-database", the government's role is only as reference through an API in front of departmental databases. There's no current proposal to merge them, or assume the role of the verification services who are all third party.
Then, there's no single digital identity. The wallet will hold any number of 'digital identities', each tailored to specific purposes. Each of these identities is a bundle of a subset of the attributes/proofs saved in the app. These identities can be generated on the fly in response to a prompt, but seemingly can be manually created too.
A couple of examples. For a financial application, you might need to show the financial service you're applying to a comprehensive set of data. But to get into a nightclub, you will only need a single Zero-Knowledge Proof confirming you are over 18. These will be two separate IDs. Can you see how this might strengthen citizens by giving them control over what data they show?
Beyond that, there are principles of Purpose Limitation and Minimisation which prevent potential abuse, such as companies demanding information they legally don't need.
You appear to be are under a serious misapprehension about the proposal.
> The new digital ID will be the authoritative proof of who someone is
Obviously this will not just be stored on your phone. There will be a backend database of all issued IDs. Which will then serve as an authoritative identity system for unifying government databases.
Restrictions on how companies can use this are nice. I'm more concerned about what the government will do with it.
Cryptographic signature may as well be a foreign key. It's a super database. Just admit it. You aren't fooling anyone with extra layers of indirection. If it can be interrogated in the manner of a super database, has business requirements in parallel to what a super database would be used for, regardless of minutiae of the implementation, it is, a super database. A rose by any other name...
Why do governments think IT projects like this are even possible for them to accomplish? I can guarantee already the requirements of such a system are impossible to capture and then the developers and difficulty to build such a system with probably a thousand or more people working on it for 10 years and billions we can’t currently afford. I predict endless delays, a toxic work environment and the resulting system will not even end up working and will eventually be scrapped probably in favour of smashing everyone’s data into an LLM. Sigh.
You don't need a passport to have a job. A digital ID could be handy in loads of places - like showing you're eligible for hospital care, voting, stuff employment... Even buying a drink! (not everyone drives).
Most countries have them and it's not for no reason.
Whether we can trust our government, though, is a different matter.
Is anyone in the UK really complaining that it's difficult today to show you're eligible for hospital care, voting, employment, or buying a drink? I can't honestly remember a single time in my life where someone told me this was a problem for them. It's certainly never been a problem for me.
This sounds to me like fixing a problem we don't really have. At a time when we have plenty of genuine and serious problems that need fixing and aren't being fixed.
I'd rather see my tax money spent on tackling climate change, or decreasing hospital wait times, or hiring more teachers, or reducing dependence on Russian oil, or any of the other countless things that would make a genuine difference. Instead, we're going to blow a load of money on something that isn't going to improve people's lives (except maybe in a very negligible way) or make the world safer, and is probably going to erode my privacy and security.
> Whether we can trust our government, though, is a different matter.
(FYI Not a UK citizen) But it does matter. If I go to a protest against the government will I be rejected of all those services since someone flagged my ID?
The proposed format cuts out government, except as a dumb reference. The verification services are private companies, whose responsibilities are tightly defined under law in the recent Data (Use and Access) Act 2025. These services poll government departments during onboarding, or when data changes or is added. The ID itself isn't a single ID, rather a wallet organizing bundles of data attributes into any number of IDs. I was skeptical at first, but looking at it, I'm convinced it strengthens citizens, by giving them some control over their data.
It’s not being driven by the UK. Check out all the other countries in the West rolling out Digital ID and it’s clearly coordinated just from the timing
For me, the real question is why all these neolib governments are insisting on - spending all their political capital on - these things that have no constituency demanding them? The only people telling UK citizens that they suddenly need digital ID are ministers in the government. Who exactly are they working for?
Of course, that question is asked by me in bad faith. You'll see exactly who they're working for when they are voted out and go to work for them directly. You can see now when you see who their ex-colleagues work for. So the real question is how long with the populace tolerate these massively unpopular governments, that are in-place due to historical electoral exclusion systems and media collusion, instituting massive authoritarian changes and moving more and more power into the executive and the private sector?
Why have these historically 2-party countries had their 2 parties completely merge on policy matters (other than goofy wedge issues that are intentionally kept unresolved), and even combined are not even carrying majorities anymore? And how much can we hope for different out of the recently-small, disorganized, personality-driven "populist" parties who are vying to defeat them and almost getting majorities? Are they just greenfield corruption projects by the same people, to avoid or recycle the old corruption networks?
Is there any possible way we can get politicians to work on all of the obvious stuff falling apart rather than spending all of their time pandering to authoritarian billionaires for life-changing amounts of cash?
The status quo isn't an application. "Digital ID" is a misnomer, it's a government backed application akin to what you'd see in an authoritarian crony state (China, Vietnam, etc). Unbelievable that a western country is signing off on this.
For all the concerns about surveillance/tracking/etc, the only saving grace is that the UK government is too dysfunctional and incompetent to demand and oversee a proper implementation. The digital ID scheme is the latest reason for politicians to get paid for busywork and funnel money to an incompetent private-sector contractor (obviously this is not going to be built in-house by the excellent GDS - Government Digital Service) who will go over time and budget and deliver something not fit for any purpose (whether beneficial to citizens or hostile such a tracking).
I don't have an issue with ID schemes. I have a driving license, passport, veterans card, veterans train card. My issue with this is:
1. Given all the above forms of id I currently have, what's the point of me having a digital one.
2. The assumption I'd have a smartphone for this crap to be tied to.
I can already prove who I am, and since I don't use my mobile for id, banking, or anything more that an on the go web browser, audio book/music player why would I even use this?
As for stopping illegal workers? This could be done with existing processes if they were correctly enforced, and/or existing firms of id.
This government is a joke. They didn't win the election, they just happened to benefit from reform killing the conservative vote. The conservatives were and are a joke, reform are worse and labour are just a useless. I despair for the UK.
> Given all the above forms of id I currently have, what's the point of me having a digital one.
The issue is that none of those can be really used online, except the passport if used on an NFC-enabled device.
This means services that need identity verification for legitimate reasons like banks, interacting with the government for sensitive matters like tax refunds/benefits/etc and so on can't actually verify your identity; so they either have to spend money on snake oil like "fraud protection", bullshit camera-based document verification combined with credit reference agencies (a whole other privacy nightmare), or they have to make you visit in-person and maintain facilities to do so.
Being able to prove your identity cryptographically would be a significant advantage and remove the need for a lot of parasites like "fraud protection" services, CRAs, etc. You could actually do legally-binding signatures online, removing the need for security theatre such as paper documents (which are trivial to falsify, but enough people don't know how to use Paint that there is belief they are secure enough).
You can use Paint to forge official documents good enough for them to pass? That's some skill!
Like I said I'm not against forms of ID. If this was available and made stuff for me easier and wasn't tied to a device I'd use it, just like passkeys.
Unfortunately this will be tied to smartphones and that's if it actually works. I also have a suspicion it will be overly complicated and massively over budget, and likely fail. The digital equivalent of HS2.
> Paint to forge official documents good enough for them to pass? That's some skill!
I was thinking more about signatures on paper documents. There's been many times I had to pretend to print a PDF I just received, sign it and scan it. Obviously I've just overlaid my signature with a Paint-like tool. This idiocy appears to be widespread enough that open-source projects exist to make more convincing renditions: https://github.com/erstazi/falsisign
> If this was available and made stuff for me easier and wasn't tied to a device I'd use it, just like passkeys.
Ideally it would be NFC/smartcard based, with optional smartphone integration (you can bootstrap a virtual time-limited copy of it from a physical one).
> I also have a suspicion it will be overly complicated and massively over budget, and likely fail. The digital equivalent of HS2.
Oh yeah obviously, this is the UK we're talking about; but in theory the idea is nice and would save a lot of headaches if done well (also remove the need for some parasitic industries like fraud protection or credit reference agencies, so another reason why it probably won't succeed).
> Will it be a UK company that delivers the project?
Does it matter? Anything that relies on smartphones relies on American tech anyway.
The govt think that is fine. They are still making govt services more dependent on Americwn big tech. Check who owns the IPs that the new gov.uk single login runs on.
related -- State of California has spent over $500 million on a Next Generation 911 (NG911) system designed to modernize its emergency response network, which includes features like text, video, and precise caller location capabilities, and has already built a regional, multi-vendor network that is fully functional and tested in areas like Central and Los Angeles.
Despite this, the California Office of Emergency Services (Cal OES) has decided to abandon the existing NG911 system, which was designed with built-in redundancy to prevent statewide outages, in favor of a new single-vendor network.
This reversal will cost an estimated additional $700 million to maintain the outdated legacy system for another five to seven years while the new system is developed, with the total cost potentially exceeding a billion dollars.
Critics argue this decision wastes taxpayer money, undermines public safety, and increases the risk of a statewide 911 outage, as the new single-vendor model lacks the regional backup that protects the current NG911 system.
the stated justification is that it will let the government finally get immigration under control. but ID has never been the bottleneck for immigration enforcement. there have been countless cases where we have someone dead to rights, we know they're in the country illegally (and have committed other crimes besides), yet the judge finds a way to block deportation on ECHR grounds.
mark my words, they'll find a "right" to digital ID somewhere in the human rights framework, regardless of immigration status. and then we're back to square one.
The problem is that the UK government has a terrible track record with IT projects. How long until yet another laptop is stolen whilst on a train, only this time having all our IDs on it?
Also, this is just a Tony Blair thing and by all rights he should be tried and imprisoned as a war criminal for lying and dragging us into the Iraq war on completely false pretences.
I concur on the incompetence (or rather, corruption disguised as incompetence) of the UK gov (and most others for that matter) when it comes to tech, but:
> only this time having all our IDs on it?
But what's the actual risk? The data that would be on a digital ID is just a certificate linking basic personal details and foreign keys to your records in various gov DBs (HMRC, NHS, etc). This is the same data every company already collects and has leaked dozens of times.
The actual ability to cryptographically prove your identity can't leak because it would be linked to possession of your private key (which is stored in your phone's HSM, or a smartcard, etc)... and even if the system did not use actual cryptography and just shared secrets and all of them were to leak, the government is just going to say that this iteration of digital IDs is no longer valid for ID verification and we're back to the current system of non-cryptographic document verification approaches.
> But what's the actual risk? The data that would be on a digital ID is just a certificate linking basic personal details and foreign keys to your records in various gov DBs (HMRC, NHS, etc). This is the same data every company already collects and has leaked dozens of times.
The risk is letting criminals/politicians correlate all the information on individuals and I can imagine that it'll be tied into age verification too ("protect the children"), so your browsing history could then be used to blackmail/compromise you.
> The actual ability to cryptographically prove your identity can't leak because it would be linked to possession of your private key (which is stored in your phone's HSM, or a smartcard, etc)... and even if the system did not use actual cryptography and just shared secrets and all of them were to leak, the government is just going to say that this iteration of digital IDs is no longer valid for ID verification and we're back to the current system of non-cryptographic document verification approaches.
I don't know how exactly that would work, but from my experience of linux admin, I don't share private keys between devices as that would prevent me being able to revoke any keys that may be leaked.
If the system could break in such a way that it was no longer valid for ID verification, then why are we wanting to pay lots of money for a fragile and possibly privacy invading system?
> The risk is letting criminals/politicians correlate all the information on individuals
But this is already happening with the current data leaks. In fact if digital cryptographic ID was widespread it would make a lot of identity theft attacks (where bad guys use leaked data to impersonate someone and steal their money or take out a loan) obsolete as only cryptographic ID verification would be accepted.
> I don't know how exactly that would work, but from my experience of linux admin, I don't share private keys between devices as that would prevent me being able to revoke any keys that may be leaked.
The normal way to do this would be to implement a PKI. You need to bootstrap the system, so you'd use your passport/etc and get a certificate issued against your device's private key, that cert is valid for X days and can be renewed, etc. There are many options and trade-offs for each but the point is that it's absolutely possible to make such a system secure enough.
But regardless of which way they implement it, a complete compromise of the system is of no risk to the average person; the system would become known as compromised and everyone can now disavow any actions made with their digital ID. The danger is if the system is silently compromised and the attackers only exploit a small selection of targets, but even then the average person has little to fear as they will not be interesting/important enough to waste such as exploit on and potentially risking discovery.
> then why are we wanting to pay lots of money for a fragile and possibly privacy invading system?
The bulk of the money would be spent on implementation, not operation; if the system is broken, patching the vulnerability and reissuing every ID is all it takes, so it's not like a vuln immediately means all the money is lost... and even if it was, it may still be worthwhile if during its years of operation the system saved enough money not having to do ID verification the conventional, insecure way.
> Why is TikTok so successful? Because its algorithms establish your personal preferences so quickly and satisfy them with their content. How do they do that? By accumulating your data and using the services of a huge number of computer engineers to make those algorithms so effective.
[...]
> Imagine that all your health information was in one place: easy, with your permission, for anyone anywhere in the health service to see. That your passport, driving licence, anything you need to prove your identity, were in one simple digital wallet, unique to you. That you could purchase and pay for any goods or services using your digital ID.
https://institute.global/insights/tech-and-digitalisation/to...
So the proposal isn't just a mandatory ID card - it's also the unification of all government databases.
Combining tax records, driving licenses, passports, NHS records, benefits, vehicle registration, the ability to get a job, the ability to rent a house and the ability to get a bank account into one unified super-database (with an app)
The ID being fully digital will also be a boon for the financial services industry. Today banks extending large loans can afford to check people's documents properly even if it takes a few days and a visit to a bank branch. But what payday loan companies that want to loan someone £15 for a takeaway curry on sunday evening? They don't have the margin, the time or the physical presence to check IDs properly, and often lose money to fraud because of it.
Sweden has a national database and a national ID card system, and it makes my life in Sweden a lot better.
That said, I don’t trust the UK government, I haven’t trusted any UK government in my adult lifetime and I am coming into middle-age.
Solve that problem first, maybe?
Even the invoked name "Digital ID" makes it very clear that this system would rely on central databases. Only. In a country where the upcoming political parties are actively proposing stripping foreigners from their immigration status, it's pretty clear that all the parties learned at least one common message from the Windrush scandal: destroying documentation of immigrants was not the problem - leaving behind evidence of such action having happened was.
EDIT: the Finnish system at least sets up _some_ guard rails around how the data is used, and mandates a physical document that one can use as a proof when (not if) the central DB is down or going through Windrush 2.0 purge.
(I agree with you)
Can you be a bit more specific about how?
Signing up for a new bank? No problem, the same ID is used for both banks so my authentication of one is good enough to action the transfer.
Benefits (Rot/Rut- for home improvements) are handled without me doing anything.
All my receipts/payslips etc; go to a digital mailbox and I can download them and print them no problem.
Its a lot like how the NHS works w.r.t. prescriptions: except for quite literally everything.
I think though it's a lot about the fact that the UK is sort-of an "adversarial" kind of democracy, and Sweden is more like a "consensus" driven democracy..
The UK is also pretty often plagued by sleaze scandals for officials in public office, by contrast Swedish politicians can be incompetent or fuck-up, but there's much more public access to what they're doing.
I think it's also true that people feel that public services are pretty good, even if the healthcare system is overburdened, and that there could be more police officers: taxes are high but most people definitely think that it's worth it.
The way COVID was handled and the ongoing freedom of speech issues in the UK are also something that make me not trust the government, they'll violate my rights on a whim. Compared to Sweden where even during COVID they didn't lock down (even if it was arguably the right thing to do and would have saved a lot of lives) because it would have violated peoples rights.
I'm not going to sit here and claim that Sweden is a paragon of virtue, they get a lot wrong and there are plenty of inefficiencies, but compared to the UK it's pretty stark.
It's like comparing trust in government between the UK and Russia. (I think that's actually a pretty fair comparison, USA and UK have comparatively similar trust in government compared to Sweden vs UK).
House prices, cost of living, lack of healthcare, my family, my health, the economy, transport, the job market etc consume 99.9% of my day-to-day general concerns.
Did people prior to the 2000s have mental breakdowns over paperwork??
How many times do you open a bank account a year??
I mean, there are larger things to fix, but this one is probably larger than you think, even if it's not helping you very much, it'll help crack down on illegal workers (hey, we don't like that, right?) and it'll make the social systems have much less friction.
2) Notice that outside of Stockholm, Swedish house prices are not pegged to infinite like the UK is? I'm not saying that it's because of a central ID system, but you seem to imply that it precludes reasonable house prices... which is weird.
3) The economy is better when it's more efficient. Plenty of people argue inefficiency for the sake of jobs (people pushing paperwork have jobs! cushy government jobs! without them having jobs there'll be more unemployed people! -- I see this a lot more with Americans, and I find it to be an uncompelling argument usually).
--
That is to say, I'm actually on your side, I don't trust the UK government, I'm merely offering a contra-point because in other EU countries these things are actually great and simplify a lot of things that you only really notice when you live with it - thus a lot of the hypotheticals fall on deaf ears to me.
It's like watching people argue that having legs won't improve your life because someone can take away your shoes.
Again, the issue is mostly trust.
PS: oh dear, oh no, I appear to have offended someone and they’re flagging me, oh dear heavens I must be incorrect then! Woe is me. /s
A paper ID sits in your pocket and minds its own business. A digital ID is one update away from becoming a tracking token. Dress it up however you like, but it’s just an ankle tag with better UX. And the UK track record on data leaks, “accidental” sharing, and mission creep is spectacularly awful. The idea that this won’t be exploited is a fairy tale.
If it goes ahead in the flavour BlackRock and WEF types dream about, expect the usual:
- services quietly tied to compliance thresholds
- financial scoring bleeding into civic rights
- automated sanctions and “risk flags”
- real-time behavioural profiles sold as “fraud prevention”
- and every data breach blamed on a junior contractor who “misconfigured a bucket”.
None of this empowers the public. It just hands more leverage to the same institutions already shaping policy from behind the curtain.
Frankly, you’re wrong.
There’s a benefit to the public.
Let me frame what I mean with a parable (and, its relevant to my point even if it seems totally unrelated, and I’m typing from my phone, so forgive the briefness).
When I dated my (now) ex-girlfriend; she used to make mention of my teeth as a negative thing, that I’d be more handsome it they weren’t crooked etc.
One christmas she purchased for me, an electric toothbrush. A fancy one, she clearly thought a lot about which one to get: but to her surprise I was unhappy.
An electric toothbrush has (mostly) benefits, this one didn’t even need new heads all the time, dentists almost universally agree that an electric toothbrush is a good option. Yet I was unhappy.
Why? because the gift was mired in the backdrop of previous conversations and self conscious issues.
A few years later, and I received an electric toothbrush as a gift again. However, this time the person giving it had never said anything to make me self concious, even better: they had previously planted an electric toothbrush head at their apartment, so I could use their electric toothbrush body when I visited (this was one of the earliest moments in the relationship and was a not-so-subtle invitation to come back).
Now; it’s the same gift. Same benefits. Why was I happy now when I wasn’t before?
The context made a huge difference.
On the one hand the first gift felt like a way of controlling me and a subtle way of putting me down (or, emotionally it felt that way- regardless of if it was well intentioned or not). The other time it was gifted; it was enhancing what we already had.
Context is important, and thats why I say: this shit is pretty good, but I totally buy why you don’t think so.
I don’t trust the UK Government is doing it for our sake either.
Incorrect. The workflow is that the citizen submits their data during onboarding. The app submits the data to its associated verification service, which polls the government API and if the check passes, returns a cryptographic signature for each specific datum, which are then used to generate digital IDs for whatever use. There's no 'unified database'.
There doesn't seem to be support for long text formats either. So on NHS records, while your status as a diabetic for instance might be there as an attribute/signature pair, yuor medical commentary wouldn't be. Perhaps that will change later, but long text doesn't appear to be in scope yet.
The point is to create a single ID for each person to support a unified super-database. All the chat about smartphones is to make people think that they are in control of the data and how it will be used.
Then, there's no single digital identity. The wallet will hold any number of 'digital identities', each tailored to specific purposes. Each of these identities is a bundle of a subset of the attributes/proofs saved in the app. These identities can be generated on the fly in response to a prompt, but seemingly can be manually created too.
A couple of examples. For a financial application, you might need to show the financial service you're applying to a comprehensive set of data. But to get into a nightclub, you will only need a single Zero-Knowledge Proof confirming you are over 18. These will be two separate IDs. Can you see how this might strengthen citizens by giving them control over what data they show?
Beyond that, there are principles of Purpose Limitation and Minimisation which prevent potential abuse, such as companies demanding information they legally don't need.
You appear to be are under a serious misapprehension about the proposal.
> The new digital ID will be the authoritative proof of who someone is
Obviously this will not just be stored on your phone. There will be a backend database of all issued IDs. Which will then serve as an authoritative identity system for unifying government databases.
Restrictions on how companies can use this are nice. I'm more concerned about what the government will do with it.
Most countries have them and it's not for no reason.
Whether we can trust our government, though, is a different matter.
This sounds to me like fixing a problem we don't really have. At a time when we have plenty of genuine and serious problems that need fixing and aren't being fixed.
I'd rather see my tax money spent on tackling climate change, or decreasing hospital wait times, or hiring more teachers, or reducing dependence on Russian oil, or any of the other countless things that would make a genuine difference. Instead, we're going to blow a load of money on something that isn't going to improve people's lives (except maybe in a very negligible way) or make the world safer, and is probably going to erode my privacy and security.
(FYI Not a UK citizen) But it does matter. If I go to a protest against the government will I be rejected of all those services since someone flagged my ID?
Someone will get a lot of money to implement and maintain this system.
*implementation and maintenance optional and may be subject to additional fees
https://thecounterbalance.substack.com/p/digital-ids-big-tec...
Surveillance.
Of course, that question is asked by me in bad faith. You'll see exactly who they're working for when they are voted out and go to work for them directly. You can see now when you see who their ex-colleagues work for. So the real question is how long with the populace tolerate these massively unpopular governments, that are in-place due to historical electoral exclusion systems and media collusion, instituting massive authoritarian changes and moving more and more power into the executive and the private sector?
Why have these historically 2-party countries had their 2 parties completely merge on policy matters (other than goofy wedge issues that are intentionally kept unresolved), and even combined are not even carrying majorities anymore? And how much can we hope for different out of the recently-small, disorganized, personality-driven "populist" parties who are vying to defeat them and almost getting majorities? Are they just greenfield corruption projects by the same people, to avoid or recycle the old corruption networks?
Is there any possible way we can get politicians to work on all of the obvious stuff falling apart rather than spending all of their time pandering to authoritarian billionaires for life-changing amounts of cash?
I suspect if you do identify the ‘glory years’ that it’s still a very small window
GOV.UK Verify, the example I know best, burned through a lot of money trying to do digital identity without actually doing ID cards.
That one was Ian Murray, so the Labour party has felt it needs to give him a serious position regardless of his actual ability.
1. Given all the above forms of id I currently have, what's the point of me having a digital one.
2. The assumption I'd have a smartphone for this crap to be tied to.
I can already prove who I am, and since I don't use my mobile for id, banking, or anything more that an on the go web browser, audio book/music player why would I even use this?
As for stopping illegal workers? This could be done with existing processes if they were correctly enforced, and/or existing firms of id.
This government is a joke. They didn't win the election, they just happened to benefit from reform killing the conservative vote. The conservatives were and are a joke, reform are worse and labour are just a useless. I despair for the UK.
The issue is that none of those can be really used online, except the passport if used on an NFC-enabled device.
This means services that need identity verification for legitimate reasons like banks, interacting with the government for sensitive matters like tax refunds/benefits/etc and so on can't actually verify your identity; so they either have to spend money on snake oil like "fraud protection", bullshit camera-based document verification combined with credit reference agencies (a whole other privacy nightmare), or they have to make you visit in-person and maintain facilities to do so.
Being able to prove your identity cryptographically would be a significant advantage and remove the need for a lot of parasites like "fraud protection" services, CRAs, etc. You could actually do legally-binding signatures online, removing the need for security theatre such as paper documents (which are trivial to falsify, but enough people don't know how to use Paint that there is belief they are secure enough).
Like I said I'm not against forms of ID. If this was available and made stuff for me easier and wasn't tied to a device I'd use it, just like passkeys.
Unfortunately this will be tied to smartphones and that's if it actually works. I also have a suspicion it will be overly complicated and massively over budget, and likely fail. The digital equivalent of HS2.
I was thinking more about signatures on paper documents. There's been many times I had to pretend to print a PDF I just received, sign it and scan it. Obviously I've just overlaid my signature with a Paint-like tool. This idiocy appears to be widespread enough that open-source projects exist to make more convincing renditions: https://github.com/erstazi/falsisign
> If this was available and made stuff for me easier and wasn't tied to a device I'd use it, just like passkeys.
Ideally it would be NFC/smartcard based, with optional smartphone integration (you can bootstrap a virtual time-limited copy of it from a physical one).
> I also have a suspicion it will be overly complicated and massively over budget, and likely fail. The digital equivalent of HS2.
Oh yeah obviously, this is the UK we're talking about; but in theory the idea is nice and would save a lot of headaches if done well (also remove the need for some parasitic industries like fraud protection or credit reference agencies, so another reason why it probably won't succeed).
They now seem determined to introduce this digital ID system regardless of how unpopular it is.
"Who will require Digital ID?" -> evasive answer -> answer is everyone
"How much will it cost" -> evasive answer -> multiple billions
"Will it be a UK company that delivers the project?" -> evasive answer -> no
Does it matter? Anything that relies on smartphones relies on American tech anyway.
The govt think that is fine. They are still making govt services more dependent on Americwn big tech. Check who owns the IPs that the new gov.uk single login runs on.
Despite this, the California Office of Emergency Services (Cal OES) has decided to abandon the existing NG911 system, which was designed with built-in redundancy to prevent statewide outages, in favor of a new single-vendor network.
This reversal will cost an estimated additional $700 million to maintain the outdated legacy system for another five to seven years while the new system is developed, with the total cost potentially exceeding a billion dollars. Critics argue this decision wastes taxpayer money, undermines public safety, and increases the risk of a statewide 911 outage, as the new single-vendor model lacks the regional backup that protects the current NG911 system.
mark my words, they'll find a "right" to digital ID somewhere in the human rights framework, regardless of immigration status. and then we're back to square one.
Also, this is just a Tony Blair thing and by all rights he should be tried and imprisoned as a war criminal for lying and dragging us into the Iraq war on completely false pretences.
> only this time having all our IDs on it?
But what's the actual risk? The data that would be on a digital ID is just a certificate linking basic personal details and foreign keys to your records in various gov DBs (HMRC, NHS, etc). This is the same data every company already collects and has leaked dozens of times.
The actual ability to cryptographically prove your identity can't leak because it would be linked to possession of your private key (which is stored in your phone's HSM, or a smartcard, etc)... and even if the system did not use actual cryptography and just shared secrets and all of them were to leak, the government is just going to say that this iteration of digital IDs is no longer valid for ID verification and we're back to the current system of non-cryptographic document verification approaches.
The risk is letting criminals/politicians correlate all the information on individuals and I can imagine that it'll be tied into age verification too ("protect the children"), so your browsing history could then be used to blackmail/compromise you.
> The actual ability to cryptographically prove your identity can't leak because it would be linked to possession of your private key (which is stored in your phone's HSM, or a smartcard, etc)... and even if the system did not use actual cryptography and just shared secrets and all of them were to leak, the government is just going to say that this iteration of digital IDs is no longer valid for ID verification and we're back to the current system of non-cryptographic document verification approaches.
I don't know how exactly that would work, but from my experience of linux admin, I don't share private keys between devices as that would prevent me being able to revoke any keys that may be leaked.
If the system could break in such a way that it was no longer valid for ID verification, then why are we wanting to pay lots of money for a fragile and possibly privacy invading system?
But this is already happening with the current data leaks. In fact if digital cryptographic ID was widespread it would make a lot of identity theft attacks (where bad guys use leaked data to impersonate someone and steal their money or take out a loan) obsolete as only cryptographic ID verification would be accepted.
> I don't know how exactly that would work, but from my experience of linux admin, I don't share private keys between devices as that would prevent me being able to revoke any keys that may be leaked.
The normal way to do this would be to implement a PKI. You need to bootstrap the system, so you'd use your passport/etc and get a certificate issued against your device's private key, that cert is valid for X days and can be renewed, etc. There are many options and trade-offs for each but the point is that it's absolutely possible to make such a system secure enough.
But regardless of which way they implement it, a complete compromise of the system is of no risk to the average person; the system would become known as compromised and everyone can now disavow any actions made with their digital ID. The danger is if the system is silently compromised and the attackers only exploit a small selection of targets, but even then the average person has little to fear as they will not be interesting/important enough to waste such as exploit on and potentially risking discovery.
> then why are we wanting to pay lots of money for a fragile and possibly privacy invading system?
The bulk of the money would be spent on implementation, not operation; if the system is broken, patching the vulnerability and reissuing every ID is all it takes, so it's not like a vuln immediately means all the money is lost... and even if it was, it may still be worthwhile if during its years of operation the system saved enough money not having to do ID verification the conventional, insecure way.