Governance, not tech, needs interrogating in UK digital ID consultation: Tony Allen

Few people in the world, if any, know as much about age assurance as Tony Allen, the chief executive of the Age Check Certification Scheme and head organizer of the Global Age Assurance Standards Summit. In a recent LinkedIn post, Allen shares his response to the UK Government’s consultation on the plan for a national digital ID system, which has caused consternation in the private biometrics and identity sector.

While Allen supports the consultation in principle, he says that, in its current form, it “risks focusing too heavily on technology and not enough on the foundations that actually determine whether such a system will succeed.” His response focuses on one central point: “trust in digital identity is not a technical problem – it is a governance problem.”

In other words, the consultation “conflates technical security with systemic trust.” The technology works, as long as there are rules around it, and people follow those rules; this entails greater accountability, which entails more rigidity on consequences.

Allen’s recommended course would establish rule of law, not “administrative discretion,” as the foundation for a digital identity ecosystem, making it accountable to Parliament. It would clearly separate policymakers, certification service providers and those providing oversight. Certification should be independent, as “trust cannot be achieved where certification is controlled by those designing or operating the system.”

Allen calls to expunge OfDIA

To that end, Allen recommends binning the UK’s Office for Digital Identities and Attributes (OfDIA), arguing that it “concentrates too much power and undermines confidence in the ecosystem.”

“It’s a solution in search of a problem,” he writes.

Another issue of ongoing concern is the confusion of age assurance with identity assurance. Conflating the two risks risks “creating a system that is unnecessarily intrusive.” By logical extension, a digital identity system cannot become the default or exclusive option for age assurance, which also includes privacy-preserving options in facial age estimation and age inference models.

Ultimately, Allen calls for “a competitive, multi-vendor market – not a single government-controlled solution, but a diverse ecosystem that supports innovation, investment and choice.”

Allen’s response to the consultation is detailed and thorough, and many comments on the post express gratitude for his transparency in sharing his extensive input with the broader community. But what comes across most clearly is the argument that “digital ID will only work if people trust it and that trust must be earned through law, transparency, independence and accountability.”

“There is a critical distinction between what is technically possible and what is socially credible. Outside specialist circles, there is limited awareness or understanding of these mechanisms and widespread skepticism about whether personal data can in practice be protected from state access or misuse.”

Government razing the lawn it planted with DVS

In a comment on the piece, noted tech lawyer Richard Oliphant emphasizes the importance of keeping policymaking, certification service provision and oversight “institutionally distinct.” He notes that OfDIA and GDS (Government Digital Service) both sit inside DSIT (Department of Science, Innovation and Technology.)

“If GDS is regulated by OfDIA alongside other DVS-certified identity providers, there is more than just a whiff of a structural conflict of interest,” he writes. “The conflict arises because One Login and the GOV.UK wallet are now expanding into the private sector. This was not envisaged when the DVS Trust Framework (or DIATF) was originally drawn up. One Login was intended purely as a tool for IDV and authentication to the public sector. I also believe there should be a proper debate over whether the GOV.UK wallet should be confined to the public sector – and yet, its usage in the private sector alongside DVS-certified wallets now seems to be a fait accompli.”

Article Topics

Age Check Certification Scheme (ACCS)  |  age verification  |  digital identity  |  OfDIA  |  Richard Oliphant  |  UK digital ID