The thing is, to me, the powers of the government to require more identification for different things is orthogonal to the idea of digital ID. We already have to identify ourselves in a variety of circumstances (e.g. mortgages, bank accounts, voting, using "adult" websites etc), and the gov. can get the information from various third parties on demand already.
Implementing those requirements didn't depend on there being a digital ID system. Instead we have a hodge podge of bad requirements (like "wet" signatures on specific documents, using of non-UK based private providers etc).
Implementing a digital ID system could reduce inequalities (for example, people who don't have passports and driver's licenses have more difficulties in some circumstances) and also reduce dependencies on non-UK orgs who may not do that well with privacy.
That's not to say there aren't risks of course, but other European countries seem to have managed to implement these systems without becoming totalitarian police states :)
I would really agree with you, as a person who was born into the underclass I know full well the barrier to entry of getting a “first person in the family” passport and a drivers license has somehow lower hurdles (but those are well known).
However, as mentioned, I can’t in good faith argue for the government to have an easier time categorising people. Such a system is so ripe for abuse. I have even advocated for it based on the Estonian eID system and the Swedish BankID (though I am aware of Danish and Norwegian BankID- I never used those).
I’m still fully convinced that the British “Online Safety Bill” is actually a ploy to ensure that they have linked accounts to identity on any site where comments can be made; so they can prosecute people for expressing opinions[0]. Why else go for Wikipedia, and why else focus on sites with public commentary. You can’t say it’s to prevent pedophiles when with the right hand you imprison people for saying things online while with the left hand releasing actual pedophiles into society[1]
To be fair, they did say it wasn’t primarily about protecting children[2], but then I guess I should figure out what else the OSA is for.
The online safety act is a terrible piece of legislation, along with a variety of other ones promoted as being for "child safety" but having serious external consequences.
But they implemented that act, without needing a digital ID. I don't think they need a digital ID to push authoritarian policies.
And I think a digital ID has possible benefits for people who can't easily fit in to current setups, thus my point about it being orthogonal.
The conservatives didnt need digital id to make id a requirement for voting, labour didnt need digital id to introduce the online safety act. Im not convinced that lack of digital id will deter authoritarian tendencies in uk govs…
Possibly, although they don't seem very slowed down at the moment...
My feeling is though that digital ID can have benefits which shouldn't be discounted when considering it. Specifically some people have problems with current age verification due to lack of things like passports and driver's licenses which are often used as stand-ins for digital ID.
Also it can make a lot of very nonsensical processes better. Things were companies still insist on physical signatures as though those are good security measures, that could be replaced with digital signatures tied to an identity, which might actually provide some security benefits.
Is there something about digital IDs that make them easier to issue than passports? I understand what you are saying that they could have benefits but is that an inherent problem with passports or just bureaucracy?
UK passports cost almost £100, so a lot of people aren't going to get one unless they need to go abroad. I'd expect a required UK digital ID to be free at point of issue (otherwise there's not much point in it).
> UK passports cost almost £100, so a lot of people aren't going to get one unless they need to go abroad.
Sounds like the UK government doesn’t have a history of making it easy to obtain identification.
> I'd expect a required UK digital ID to be free at point of issue
Where do you expect this point of issue to be and why do you expect it to be free? Is there any precedent to support your assumption?
It sounds like you’re advocating for cheap or readily available government ID. I see no reason why digital ID is uniquely or even well suited for either purpose.
> (otherwise there's not much point in it).
Well the point of the digital ID could be to further marginalize vulnerable communities by not providing easy access to the ID while also making it a requirement for participation in society.
Take a look at the southern United States for inspiration on that approach.
This is exactly the reason Americans (as students of history) are generally resistant to the idea of government identification.
Getting a passport is extremely expensive for the underclass, think of it as being worth half a month of your wages to get an idea.
That’s before you include the mandatory security screening which will cause you to travel half of the UK (on our expensive travel infrastructure!)
If I didn’t have a job lined up I wouldn’t have gotten on, my mum didn’t have one her whole life until after I had gotten mine. It’s an arduous and expensive process for the bottom 20% of society in the UK.
Yep I was disappointed with that, but it does show that both of the main traditional UK parties have the same problems here (haven't looked into the LibDem position on this one)
TBH the mobile duopoly isn't a problem specific to the UK gov, and plenty of the systems already in use which have a mobile component already have that dependency, so I don't think it really gets any worse if you had a digital ID.
Indeed if done with physical smart card + reader, it would reduce the requirement for mobile devices, allowing for people unhappy with their presence to avoid them :)
I currently live in the UK, and I am not significantly restricted from anything (banking, ISAs, investments, healthcare, etc) for refusing to use a Google approved build of Android.
Moreover, I actually on principle refuse to make myself dependant on my phone for these things, which means that (at a small convenience cost) I don't have any banking apps, or investment apps, or healthcare apps, or whatever).
My phone is strictly a general computing device and I on principle only permit a technology into my life if it doesn't impose special restrictions on the hardware/software it works with.
So if the UK government creates a digital ID app which only runs on a phone and which potentially only runs on google/apple approved phone (this is e.g. the requirement imposed by google pay), then that would be unprecedented.
Oh I agree a system, if implemented, should not depend on a tie to Apple or Google, however, I'm not aware that detailed implementation guidance has been produced as yet which would require that tie, although I could have missed that.
I'd hope that a system as implemented is as technologically neutral as possible.
Good on you for avoiding the smartphone tie on banking though, it's getting increasingly hard for decent MFA not to tie to it in some way or another, and travel's a right pain without the smartphone apps.
They haven't specifically said anything, but they have directly compared the ID to phone based payment card systems, which on the google side do rely strictly on a google-blessed android build[0][1][2].
It's also incredibly popular in the security industry (I know, I work in it) to claim that every possible app in existence must:
* Obfuscate
* Do root detection and refuse to work
* Detect attempts to attach a debugger, and refuse to work
* Detect running from a VM, and refuse to work
* Do certificate pinning (although as an industry we've stopped recommending this bullshit practice, although we still insist on it for some things)
* Prevent screenshots from being taken
* Force you to re-authenticate using biometric ID every time you look away from the app
* and... break at the slightest hint of a non-standard build of android
So I don't have high hopes, because the company I work for does work for the UK government, will likely be picked to review this app, and inevitably all that shit is what we'll recommend (although I hope I won't be working here by then because I'm just sick and tired of cargo cult / checkbox security).
[0]: Not because of any specific feature, but solely based on signing keys.
[1]: I believe specifically you have to license GMS integrate them into the build, which e.g. GrapheneOS does not do.
[2]: And no, GOS's sandboxed google services don't fix this problem, Google Pay will still refuse to work.
I agree that reliance on non-UK based companies (Apple/Google) is a problem, but to me that's not specific to digital ID. We already have age verification relying on mobile apps, via the online safety act, just not ones implemented or managed by the UK gov, instead managed by non-UK corps with the data going offshore
For me having ones managed by the UK gov filling those functions would be preferable to the current situation, and that's not to say I want more privacy intrusions but to say I'd rather have more UK control over the data people have to give up for various services and functions.
Whilst more tech/privacy/security focused people will opt-out of that as much as possible, the realistic fact is that probably 95%+ of the UK population don't care about concerns around Apple/Google, they just want the functionality provided, so for that group it would be better if the apps were run from the UK, ideally by an org not motivated by making more money from them every quarter :)
The fact that 95+% of the population is unaware of the problems with this doesn't make it okay. There are lots of things 95% of the population don't know or think about which we don't just throw our arms up and ignore.
Moreover, age verification is trivial to circumvent or opt out of. The only way to opt out if this thing will likely be to leave the country. Which certainly increasingly seems like a good idea to me.
> ...powers of the government to require more identification for different things is orthogonal to the idea of digital ID
> That's not to say there aren't risks of course, but other European countries seem to have managed to implement these systems without becoming totalitarian police states :)
Yet also: a country's requirement for identification is orthogonal to it becoming a totalitarian police state.
In British politics, there is a strong current of opposition to international institutions and treaties such as the European Convention on Human Rights[1][2] and the International Criminal Court[3]. The UK's commitment to human rights is enough in doubt that one encounters situations such as German courts being unable to extradite a suspected criminal because of the poor treatment of prisoners in Britain[4].
Countries like Germany and Belgium are able to have mandatory ID cards without too much issue because of characteristics including their written (and actively litigated) constitutions, judicial independence and proportionally representative election systems. ID cards might be make them lean more or less totalitarian - but it doesn't matter as much, as the rules about identification make up only a small part of a huge and robust framework of law and human rights.
With few constitutional protections for UK citizens, and what independent institutions there are under constant attack from various political parties, I don't think those who object to digital ID can be blamed for being suspicious of the government's motivations.
Yeah i don’t disagree about the UK government tendencies, my point is more that they can be authoritarian without digital id and our current systems are not fit for purpose and a digital ID can help people who have problems fitting in with current system requirements like passports and drivers licenses which are not free or universal.
Implementing those requirements didn't depend on there being a digital ID system. Instead we have a hodge podge of bad requirements (like "wet" signatures on specific documents, using of non-UK based private providers etc).
Implementing a digital ID system could reduce inequalities (for example, people who don't have passports and driver's licenses have more difficulties in some circumstances) and also reduce dependencies on non-UK orgs who may not do that well with privacy.
That's not to say there aren't risks of course, but other European countries seem to have managed to implement these systems without becoming totalitarian police states :)