UK digital ID bedeviled by details still unknown or unresolved

Arguments for, against and about the introduction of a mandatory digital ID in the UK are becoming more pointed as details trickle into public view. How the system will work in the Kingdom’s different countries is unclear. Its projected savings look like a tax grab from a certain vantage point, and any impact on illegal employment could come at the cost of creating a new class of law-breakers. Whatever the real-world results, the exercise holds lessons for governments around the world.

‘Two digital identities and confusion’

First Minister of Scotland John Swinney’s opposition to Prime Minister Keir Starmer’s plan may have legitimate liberal and nationalist grounds, an opinion piece in The Times argues, but it is impractical. This is because it risks setting up two parallel digital identities for each Scot, Kenny Farquharson writes, and confusion about which is used for each government service.

“Far better to engage right from the start, and set clear guidelines,” he advises. “Ensure that at all times there is sufficient attention paid to devolved sensibilities. One core app with distinct modules in areas such as health and justice must be within the technical capabilities of our brightest minds.”

The duplication of roles is also a chief worry for DIATF-certified service providers.

‘License to Work’

The Department for Science, Innovation and Technology (DSIT) has a post “Fact-checking the UK Digital ID.”

The ID is not mandatory, except “if you with to work in the UK,” DIST says.  Police will not be able to demand to see it. It will support private-sector interactions like age checks and opening a bank account, as will other forms of identification. It will be secured with “state-of the-art encryption and authentication technology,” and stored on the user’s own device “to help keep data safe.” The digital ID will not exclude people, because millions of people don’t have physical IDs, but 93 percent have a smartphone, and the government is “working on alternatives for those without access to technology.”

The first point makes the credential sound more like a “License to Work” rather than proof of “Right to Work,” CDD and ADVP Chair David Crack writes in response.

This would “turn law-abiding subjects into law breakers,” he says, and refers to the case of the last person prosecuted for refusing to produce the UK’s WWII-era identity card.

‘Tax grab’

GB News pointed on Tuesday to a report published by the Tony Blair Institute two weeks ago that says digital ID could enable UK tax authority HMRC could collect an additional 600 million pounds (approximately US$806 million) per year.

The estimated decrease in currently-uncollected taxes is part of an overall forecast of €2 billion in savings through the introduction of digital ID.

The report characterizes the increased tax revenue as a “grab.”

‘Architecture as Values’

An open letter by Joni Brennan, President of Canada’s DIACC, on the organization’s website seeks lessons from the evolving “BritCard” debacle.

Brennan acknowledges that “The UK faces genuine challenges that digital trust and identity could address,” but takes issue with the implementation.

The post quotes the oft-repeated phrase that the digital ID plan rests on “a central database of people entitled to live and work in the UK.” This phrase shows up in numerous media reports with nearly identical wording beginning on September 25, but its origin is unclear.

The UK government specified in its September 26 explainer that the “digital ID will be stored securely on your phone.”

The DIACC post explores the idea of “Architecture as Values Made Concrete.” Brennan notes that decentralized credentials that are cryptographically signed and held on user’s devices can be privacy-preserving, and thereby protect public trust. In such a system, Brennan notes, verification is performed through cryptographic proofs instead of database lookups.

Why can’t the UK use the data it already holds to issue cryptographically signed credentials? For that matter, why can’t it simply make that information available to DIATF-certified digital identity providers to worry about the proofs and signatures?

Perhaps the upcoming consultation or the next round of fact-checking will yield more answers.

Article Topics

BritCard  |  Department for Science Innovation and Technology (DSIT)  |  DIACC  |  digital ID  |  digital identity  |  Digital Identity and Attributes Trust Framework (DIATF)  |  digital trust  |  UK  |  UK digital ID