The UK government has pledged to introduce a digital ID system for all UK citizens and legal residents by the end of the current Parliament (so no later than 2029). The integration of digital ID into government services, though already under way, has hitherto been largely voluntary.
However, is is becoming steadily less optional, as the government has said it will now be required as a precondition for work in the U.K, and a version of it (GOV.UK One Login) is already being imposed unilaterally upon company directors throughout the U.K.
Chief Secretary to the Prime Minister Darren Jones has suggested in a recent interview (19/11) that digital ID is completely optional and will simply make government services more accessible and convenient. But this is a rather disingenuous sales pitch. On the one hand, Starmer himself insists that digital ID will be required as a precondition to work legally in the U.K; on the other hand, like any new technology, there will be a transition period, but voluntariness is unlikely to last forever.
Evidently, the government will not immediately require everyone to use a digital ID in their interactions with government agencies. But as digital ID becomes more normalised, it will likely become as compulsory as holding a passport for international travel. Can you really imagine a modern government allowing “hold-outs” to stay in the physical world while digital ID systems become the norm?
Providing citizens with an easy way to seamlessly verify their identity when they access government services may seem like the “efficient” thing to do. However, this apparent efficiency comes at a high price, exposing citizens to significant risks of government over-reach, surveillance, and system failures.
The old “clunky” system, in which there was bureaucratic redundancy and replication and in which physical ID cards had to be shown to access discrete government services made it more difficult for the government to comprehensively monitor and control a citizen’s choices in real time, and meant a single point of failure in the system did not necessarily compromise all of a citizen’s important data, or disable citizens’ ability to access public services.
The problem with universal digital ID overseen by the State is not that a dystopian State will be born overnight, or that all our data will be stolen the day after the scheme is initiated, but that the architecture of authoritarian control will be set in motion, and the potential repercussions of serious data breaches and system failures will be significantly enlarged.
According to a House of Common Research Briefing, government statements suggest that “there will be no centralised digital ID database.” But as the same briefing points out, civil rights group Big Brother Watch stresses that “even decentralised systems can behave like centralised ones if identifiers link data across platforms.”
The creation of a digital ID system for accessing a wide range of public services clearly poses grave risks of abuse, given the evident conflict of interest of governments who both oversee the architecture of a digital ID system, and have incentives to extend their control over citizens’ lives.
Unlike a traditional physical ID system, in which there is a local gatekeeper who opens the gate to a service based on limited information – typically, a service-specific database – a digital ID system could, in some future iteration, permit a remote gatekeeper to use an AI algorithm to analyze a citizen’s data and history (unlocked by their ID) and ration their access to a service to induce compliance with the government’s preferred policies. This scenario becomes even more plausible given the momentum behind centralised digital currencies, which could offer governments direct leverage over citizens’ income and spending choices.
Do such scenarios seem far-fetched? If the digital ID system is controlled, overseen and effectively programmed by centralised governments and their agencies, and is already intended as an obligatory verification procedure for employment rights, there is certainly no technological impediment to governments extending the logic of digital surveillance and control, through “mission creep,” to other sectors of social life.
For example, just as a government uses digital ID to track someone’s employment history and residency status as a way of corroborating their right to work, surely it could also use digital ID to track someone’s health history or vaccination status as a criterion for the right to, say, attend public venues, use public transport or enter the country?
And if the same digital ID is associated with a “digital wallet” tied to CBDC (Central Bank Digital Currency), then what is preventing a government from capping a citizen’s spending on international travel once they reach their “carbon allowance”? What if a government-regulated digital ID is required for citizens to post content on social media? This scenario, which is far from fanciful, would give governments leverage to restrict “non-compliant” citizens’ social media activities.
So much for the technological feasibility of leveraging a digital ID system to exert ever greater control over citizens’ lives. Now, do we think government officials are so profoundly committed to civil liberties that they would balk at the thoughts of leveraging digital ID programmes to engage in far-reaching forms of surveillance and control over citizens’ lives?
We hardly have grounds for optimism, given Western governments’ abysmal track record during the Covid era, when they were prepared to lock down citizens in their homes based on scientifically flimsy theories of disease control, and “make life hell” (to use a loose translation of President Macron’s notorious expression) for citizens who opted out of an experimental vaccine.
Besides the substantial risks of government surveillance and over-reach, there is a very real risk that citizens’ data may be more exposed to cyber-attacks in a more ambitious, integrated and data-rich digital ID system, and that the very ability to access public services may be as fragile as the weakest point in the system.
On the one hand, government-overseen databases, no less than privately managed databases, have notoriously been compromised, time and again, by serious data breaches and leaks over the years. An increasingly complex and wide-ranging system, linking an ever wider pool of citizens’ data, will be sure to attract the interest of international hackers. On the other hand, if and when these systems experience major glitches, such as the recent outage of internet security company Cloudfare that took ChatGPT and X offline, public services may experience major disruptions, if not paralysis. We want resilience, not just efficiency.
There are more and less safe and efficient ways to harness the technology of digital ID. But the development of digital ID systems should be managed by a complex web of service providers who can develop competitive solutions to the technical problems they pose, under a broad legal framework, and reliance on such systems should be maximally voluntary.
We are living through a major crisis of trust in public institutions. Governments have shown themselves to be unworthy stewards of the ship of State, and citizens are right to distrust their intentions and competence.
There could hardly be a worse time – and I’m not saying there ever was a good time – to entrust politicians with an ambitious digital ID programme plagued with risks of government surveillance, technocratic over-reach, system failures, and data breaches.