Britain to introduce compulsory digital ID for workers

A secure, optional digital ID could be useful. But not in today’s UK. Why? Because the state has already shown it can’t be trusted with our data.

- Snoopers’ Charter (Investigatory Powers Act 2016): ISPs must keep a year’s worth of records of which websites you visit. More than 40 agencies—from MI5 to the Welsh Ambulance Service—can request it. MI5 has already broken the rules and kept data it shouldn’t have.

- Encryption backdoors: Ministers can issue “Technical Capability Notices” to force tech firms to weaken or bypass end-to-end encryption.

- Online Safety Act: Expands content-scanning powers that experts warn could undermine privacy for everyone.

- Palantir deals: The government has given £1.5 billion+ in contracts to a US surveillance firm that builds predictive-policing tools and runs the NHS’s new Federated Data Platform. Many of those deals are secret.

- Wall-to-wall cameras: Millions of CCTV cameras already make the UK one of the most surveilled countries in the world.

A universal digital ID would plug straight into this ecosystem, creating an always-on, uniquely identified record of where you go and what you do. Even if paper or card options exist on paper, smartphone-based systems will dominate in practice, leaving those without phones excluded or coerced.

I’m not against digital identity in principle. But until the UK government proves it can protect basic privacy—by rolling back mass data retention, ending encryption backdoor demands, and enforcing genuine oversight—any national digital ID is a surveillance power-grab waiting to happen.

I'm certain it's worked well in other countries, but I have zero trust in the UK government to handle this responsibility.

Very well said

Was reading through your post, finding it difficult to find fault with anything you were saying, but something wasn't sitting right. And then ...

> I'm certain it's worked well in other countries

It has! In the Netherlands for example, it's just an incredibly convenient system, and if there's anything dodgy going on I'm not aware of it.

So what makes the UK so different to the Netherlands? Genuine question, because I really don't know. My only guess is that the people of the Netherlands hold their politicians to account, whereas nothing ever seems to happen to UK politicians whose corruption is so severe that they're sometimes literally criminal.

It's the difference between proportional voting vs winner takes it all. In the latter case you can't really hold politicians accountable, as you will have to choose between effectively throwing your vote away or voting for the one opposition candidate, that often will be just as bad.

While the UK have some level of representativeness, each circuit has a winner takes it all structure, making change quite hard to achieve on a larger scale.

This might be a "grass is greener" thing. Do elected representatives actually have higher approval rating, or enact policies that better fit with public opinion, under proportional systems? Sure it'd probably make things a little better, but it won't actually solve anything hard, I think. All Western countries are struggling (and mostly failing) to deal with the same problems regardless of details like electoral system.

Yeah, the UK's goverment does seem to be always be run by extremely unserious people. And yeah, I also don't know why this keeps being the case. It's not unique to the UK at all (actually I think it's mostly the norm, worldwide) but perhaps not quite as much the case in the Netherlands?

I assume the main difference is the timeline of events.

It would be ignorant not to fear the ID at this point with all the other mechanisms described by OP.

The ID in itself can be a good thing. There is no evil in itself. The context however is very worrisome as it may become a tool of evil.

Classic human.

It's the opposite of what you say. Proportional representation isn't accountable because you don't know what coalition you're voting for - coalitions are done in backrooms after the election. Winner takes all is more accountable because the coalitions are done before the election (aka political parties). Parties are made up of different factions and they're agreed before the election.

I think he's right, actually. It rings true with what we see here in the Netherlands. People don't feel like they're "throwing their vote away" if they vote for a minor party, so politicians can't have a laid back attitude.

With proportionate representation you get what _should_ happen, in my opinion, which is sometimes nothing. If the coalition can't decide on something, then it doesn't happen, which is the correct outcome because not enough people agree about it. It represents the people (who also can not agree on it).

The alternative is a decision that most people don't agree with.

Italy has got an ID card since forever. Of course it was a piece of paper, it's a piece of plastic with a chip now. There is some experimentation to move that into the state app.

Everything accelerates when it becomes digital, for the better or for the worse. One thing that an ID does not do is preventing crime and allowing only legal jobs. People find a lot of ways to circumvent the rules as long as there are money to earn.

My view is it's always organised elites making the decisions, no matter the system. Nominally left-wing parties often make brazen right-wing moves, and vice-versa. The votes that matter are those of the MPs, Congress members etc. which are always influenced by a range of factors and organised factions. That's the actual decision-making mechanism.

I guess you don't live in the UK, because winner takes all is far worse for backroom deals. The deals just end up being between factions within the same party!

Deals and bargaining all happen AFTER a party takes power and completely hidden until a government can't pass their own bills like the Labour attempt to reform welfare.

With proportional representation the deals are made in order to form a government, BEFORE it has power, and are between separate political parties.

Sure there may be agreements that are not all made public, but these are much harder to keep in the "backroom".

It’s the organized elites, true, but they aren’t a monolithic block either. In a proportional system they also must spread their influence on many parties. This is a good thing. With a single party there is a greater risk of a cordyceps infection taking over, see Republicans.

Yep and the coalitions are famous for exemplifying the concept of "poldering:" https://en.wikipedia.org/wiki/Polder_model

There are efforts to make this happen in the us starting locally and working up. The states are left to decide how they implement elections on their own with a couple of exceptions. There is a tragedy of the commons aspect to it though, as if some states adopt proportional representation but not others the ones that do not adopt it gain advantage. Ranked choice voting is taking hold much faster than pr in the us, and it is pretty slow too. It can happen though. Both are viewed as being left leaning, which doesn't really make sense to me.

You take what happened in the two elections previously (and I know technically we don't vote for PMs, but they drive the agenda of the party).

2015 we voted for Cameron, ended up with May then Johnson 2019 we voted for Johnson, ended up with Truss(!!) then Sunak(!)

>> So what makes the UK so different to the Netherlands?

Id say it’s not a difference in the politicians but the citizens. Pessimism and paranoia are rampant in the UK. We already went through this ID card debate 20 years ago and the fear-mongering won. So the idea just reignites that debate with a lot of baggage.

The UK has various systems in place to ensure people are legally allowed to work, rent, etc but in reality they inconvenience people without actually catching “the bad guys”. This system would make life more convenient and make the chance of catching the bad guys higher.

In truth though the problem is dodgy employers on a large scale. Take Deliveroo or Uber Eats. The accounts are rented out to illegal workers. You could literally catch one for every order you make. But for some reason the government isn’t actually going after the obvious hanging fruit.

But don’t you understand, it will be so convenient. Just imagine the convenience! Are you opposed to convenience?

Frankly, you’re just being paranoid. It’s possible that mandatory digital ID could be abused, but officials haven’t yet announced their intentions to abuse it. So why are you so worried? You’re already tracked everywhere you go, and many countries already have this system. It seems to work well there for keeping people in line. Do you have something to hide? Seems a little suspicious, no?

(Did I miss any talking points?)

Because the government doesn't actually care about illegal workers. Otherwise, like you said, they would spend 1/100th the money and go after low hanging fruit.

Which begs the question - if that's not the purpose of this law, then what is?

> officials haven’t yet announced their intentions to abuse it.

This one is my favorite. I don't know if it's just unthinkable naivety or a misunderstanding of how bad actors work, but it boggles my mind that this type of reasoning is often one of the top arguments I hear.

I wonder if zkSTARKS could help here. Prove that the validity of a statement (like "I am a citizen that is authorized to receive benefits") without revealing your precise identity.

https://en.wikipedia.org/wiki/Non-interactive_zero-knowledge...

The ID cards as realized in many other countries are comparatively benign, because they are a physical credential in the possession of the person concerned. The government cannot stop this credential from being used except by physically confiscating it or by waiting (years) for it to expire. Distributed storage in action.

The UK's proposal makes the "digital ID" a pointer to an entry in a centralized database. This database is the definitive record of what you are allowed to do or not do (like reside and work). Which can be changed or deleted at the stroke of a key, through human error or malice. Then what?

When (not if) the database becomes an attribute store across a wider scope, the implications are scary. The "digital ID" as set out today can't work for its ostensible purpose. Therefore its actual purpose isn't being declared. Not hard to connect the dots.

That sounds like kind of a mirror of some of peoples biggest complaints regarding bureaucracy and committees. Deadlock can not only be worse than an imperfect solution, it can be weaponized by a minority to exert outsized power and extract otherwise unthinkable concessions. We see this sometimes in the US House, where more fringe or radical groups within parties can block the literally functioning of the actual country, safe in their assumptions that the two parties will not form a majority coalition and that the parties as a whole will take more damage from the fallout than the radical groups.

I'm not saying that that makes the system worse, mind you. I'm not even saying you're wrong that it's a better system. I just think anyone who thinks any one system is the easy, obvious fix to fair and just representational government is either shortsighted, or has different priorities than I do.

This would be great and all, but all parties who are in a position to choose to implement this kind of system or to keep the status quo are already motivated to keep (and expand) the existing systems, for any number of reasons. Everybody (except the end users) loves to keep that juicy metadata and incidental logs of everything.

(Repost from 2021: <https://news.ycombinator.com/item?id=26560821>)

IMHO the simple change that would have the biggest effect on the American political system would be to require Congresspeople to live full-time in their districts and conduct all official business over videoconference and e-mail. Lots of behavioral science has shown that the biggest generator of trust and allegiance is physical proximity and face-to-face interactions. Make all reps have their face to face interactions with their constituents and maybe they will actually start representing their constituents. It also makes lobbying a lot less economical (instead of hiring one lobbyist that can have lunch with 435 representatives, you would need 435 lobbyists, or at least 435 plane trips) and gerrymandering a bit less practical (there's a decent chance the rep would no longer live in the district and be forced to give up their seat).

That and ensuring a bidirectional feedback mechanism between the executive and legislative branch, so that laws that aren't enforced by an administration fall off the books, and presidents that don't enforce the laws lose their job. Right now, the legal corpus of the U.S. is a constantly-accreting body, which means that no matter what the President wants to do, they can find some law somewhere to justify it, and then anything they don't want to do, they just say "We don't have the resources to enforce this". This gives the President all the power. They should be a servant to the law, not its arbiter.

I accept all these valid points, but don’t they already know exactly who we are and have a digital file on us already? I mean, I have a drivers licence and a home address and an internet connection I typically don’t use a vpn on. There’s no way they don’t have all this already right?

If a State can't be trusted with data of its citizens it can't be trusted with passports, birth certificates, or any numerous other instances of identity. Being able to identify citizens is basic and essential to the functioning of a State whereby the failure to do means the total failure of the State.

In effect the State is no longer a State and is in fact entirely dysfunctional.

They do but it's all disconnected, migrants don't have it, and it makes delivering government services a massive pain.

Mandatory ID cards are a cultural no-no in the UK. They were required during WW2, then discontinued in peacetime. People burned them in the street. You are not required to show ID to a police officer. Even when driving you don’t need to show a license on the spot, though if stopped for cause you have to present it at a police station within three days. At least those were the rules when I was a young driver there.

The UK has an idiosyncratic relationship with freedom. Technically you have little because (formally limited) monarchy. In practice there’s this aversion to IDs, things like freedom to roam which gives a lot of access to private property, and the ability to get citizenship elsewhere and keep UK, which republics like the US and India won’t allow.

And yet there’s massive camera surveillance from the recent nanny state. And libel laws mean you have to be careful what you print about people. Odd place. Maybe the weather inspires it.

Spying has always gone on, however, in the UK there is a lot of it. WW1, WW2 and the Cold War was all about spying. Considerable infrastructure was built to support this, culminating in 'Five Eyes'.

Furthermore, the former empire was built so that all of the telegraph and telephone lines went to London. If you wanted to make a call from one African colony to the next, London would be in on the man in the middle.

As well as this vast international capability, there is also the domestic front. During the Miners Strike in the 1980s the secret services were tasked with spying, notably on the leader of the miners, Arthur Scargill. Allegedly he used to pick up the phone and just give them a few words, either to misguide them or to tease them.

This spying continued with Northern Ireland being a 'training ground' during 'The Troubles'. There was also considerable opposition to cruise missiles in the UK during the Thatcher years and all of the people active in the Campaign for Nuclear Disarmament were under surveillance. This was not the end of it though. Eco-activism was also of interest along with a few high profile problem people.

As well as the secret services, there is also Scotland Yard. They infiltrate every anti-government single issue pressure group as a matter of course, placing people in deep cover. Two Guardian Journalists brought this to light in 2012 or so.

Then, on top of that, there are the capabilities of the big companies such as British Aerospace. They have their spies too.

Hence, on the domestic front, surveillance is vital to cut anyone down to size if they might challenge the establishment at a later date. Everything just gets nipped in the bud.

The 'Special Relationship' is the spying arrangement at the heart of 'Five Eyes'. In the USA, surveillance of the population is not allowed, so the workaround is to get the Brits to do it for them. This is how it works and has been working for decades.

If the UK secret services want to spy on someone in the UK then they will have the manpower to do it without getting caught. They will be able to get school reports, attendance at political demonstrations and much else regarding a person of interest.

There is nothing new that I have said here, Snowden and The Guardian brought all of this to light, in broad strokes. Both HUMINT and SIGINT is world leading. Compare with the USA where they have the dragnet but are not so capable when it comes to the HUMINT needed for monitoring a small group of individuals such as the leadership of a trade union.

It is for these reasons that spying has to be made easy for them, for instance by banning Huawei 5g routers on the pretence that China is using Huawei backdoors to spy on the UK. The problem was not that, it was different. With the likes of Cisco et al, the secret services can specify their own back doors, however, that is not so easy with Chinese owned companies.

There is much in the way of law that has gone along with this, for example the Criminal Justice Act of 1994 and the Terrorism Act 2000. The latter was definitely to target eco-activists, not anyone else. At the time there were eco-activist groups such as Reclaim The Streets that organised things such as rioting in the City of London with no identifiable leaders. They also did not book their protests with the police or organise security for the day, hence they needed to terminated.

9/11 brought new challenges and that brings us on to where we are today. I personally do not think this digital ID is a big deal. Any British citizen can already be easily identified even if they don't know their National Insurance number, and even if they have no photo ID in the form of a passport or a driving license. Name, date of birth and hospital of birth are the three bits of information needed. As well as the police, the NHS can work with that. As for employers and their needs to hire only people legally permitted to work in the UK, this is just for due diligence reasons from their part. If you speak with an accent that can only be British then you can meet the employer's checkbox requirements easily, with no photo ID. Just a bank statement should do.

So, where is this coming from? What plausible reason could there be for a fresh attempt at identity cards, for the umpteenth time?

Brexit...

As you know, Brexit happened and it was ugly. Due to the way that 'The Troubles' ended with the Good Friday Agreement, the border between Northern Ireland and Ireland (The Irish Republic is just 'Ireland', not any other name) has to be kept open.

What this means is that the EU is not a complete fortress, there is this imaginary border in the Irish Sea that can't be closed.

Immigration post-Brexit

A major selling point of Brexit was an end to immigration. However, due to the open border with Ireland, immigration has become a problem to the authorities, not least because working class people despise losing their jobs or getting paid less because there is a constant stream of people that will undercut them in the employment market.

What happens is that some country ends up being regime changed, as per the goals of The War Against Terror. Syria was particularly notable for the refugee situation. However, there is also Afghanistan, Iraq and everything in between up until Ukraine. What happens is very sad. People walk, hitch or smuggle themselves into Europe to arrive in one country such as Greece. Here they are looked after but they are unable to work or escape the refugee camps to buy a house, start a family and all those good things.

So they escape the cage of the EU country they first entered to try somewhere else. Maybe they get to Germany. However, in Germany, they will be asked where they came from, for example Greece, and get sent back to Greece. Maybe they try another EU country, to get sent back again. And so it goes, until someone advises them to go to Ireland, where they can walk over the border to the UK, as in Northern Ireland.

Since the UK is not in the EU, they get a fresh start at claiming asylum. This gets granted and the local authority is then likely to put them up in temporary accommodation.

Next they get 'dispersed'. What this means is that they get sent to another British town or city. Here they get temporary accommodation and a ridiculously small amount of money to live on. This money does not meet their basic needs. The asylum process leads to refugee status, which is not citizenship, however, they are permitted to work, legally. At a guess it takes two years to get to this second hoop. To get past refugee status takes even longer, if successful.

During this time the asylum seeker is not allowed their passport, the government keeps that. They can get a travel permit, however, if they return to their home country then they get banned and are not allowed back.

So that is the general process. To say immigration is out of control is an understatement to some and 'fascist' to others. It is a topic best not talked about, and the practicalities of it are not well understood. A boat crossing the English Channel full of asylum seekers are going to make the headlines of the gutter press, but this Brexit loophole situation is not something that the journalists appreciate fully, particularly if they voted for Brexit, then they are just not wanting to know.

Plausibly, the compulsory digital ID checks for work can be used to make the UK unattractive to asylum seekers that know the deal in the EU.

Currently the biggest threat to the main political parties is Farage and his Reform party. In recent polls, Reform (or whatever they are called) would sweep the board, taking seats from both the Conservatives and Labour. Due to how it works with no proportional representation, the exact outcome of this does not necessarily mean Reform would have a majority, however, it would be the end of the Conservative Party.

Hence, compulsory digital IDs would provide convenience for everyone, when dealing with the government, whilst giving the spies the primary keys they always wanted. However, for reasons of holding on to power, due to the threat of the Reform Party, there may be extra urgency.

It's worth designing a system of government that works for everybody, if only for the simple reason that we will very shortly (if we don't already) have a system that works for nobody, and likely everybody shooting everybody else will follow soon after that. A utopia at least gives people something to shoot for, and if you get very lucky you might end up with an idealist in power who's willing to give it a shot.

I'm against the ID, but the more good faith reason for a database entry is it should eliminate fake IDs.

Doesn't a physically held digital ID also do that? Assuming the encryption is strong, verifying that the data on the ID has the proper cryptographic signature should provide assurance that the ID is real, shouldn't it?

I guess, depending on how it's implemented, maybe an ID could be cloned and still appear valid, but that seems like a possibility for the UK's approach as well (the clone would just point to the same database entry).

With all the cameras and phone tracking you've brought up, what does the ID give to the government that they don't already have? I get where you're coming from; I think about this myself. However, I usually come to the conclusion that concern around this is being penny wise but pound foolish, considering both the point you've brought up and also that I have a tracking device in my pocket with me at all times that already keeps track of where I am, what I'm doing and what I'm thinking. I don't really trust Google, Apple, etc. any more than the government. I've also seen governments punish people extrajudicially (or just trump up charges) when they want to, without this.

"Just one more bit of regulation will solve the problem" is how Britain became the most centralised country in Western Europe. The sad thing is that the majority of the population still buy it.

The actual reason is everyone has a phone.

We have this is NSW in Australia: the Services NSW app provides a digital drivers license which is guaranteed to be accepted by authorities as legitimate.

> The government cannot stop this credential from being used except by physically confiscating it or by waiting (years) for it to expire

This is not true. Government agencies generally look up your ID as necessary to check if it's still valid.

Stopped for speeding? The cop is going to look up your driver's license.

Leaving the country? They're running your passport number.

Starting a job? They're checking the status of your SSN.

The physical ID is good enough for low-stakes stuff like renting a car with a driver's license, or proving your age to get into a bar. But it's already not trusted on its own for any of the serious stuff you're talking about, like where you can reside and work.

Once its there it will almost certainly never be rolled back.

Freedom is incompatible with the UK.

If their minor party doesn't end up as part of the governing coalition, there's no sense in which people feel like their vote wound up having no effect?

>The government cannot stop this credential from being used except by physically confiscating it or by waiting (years) for it to expire. Distributed storage in action.

Not really. It's part of identity management or whatever it's called to have an ability to recall ids, because they get lost, stolen and people to who they are issued die.

>When (not if) the database becomes an attribute store across a wider scope, the implications are scary.

What are the scary implication really? Most of the EU and beyond has some kind of login to the government capability. And?

What's the threat model really? The government will revoke your fancy thing to report taxes digitally for no reason and bankrupt you? They can do so without such roundabout ways.

That's basically how the existing share code system works for non-citizens. You the worker ask the government for a share code. You provide that to the prospective employer and they can check that it is valid. The same or similar system can be used for driving license validity.

The digital ID is presumably (this is my pulling a guess from my rear end, but if I had to implement it, I'd use the existing system) an extension to cover citizens too. In fact, in principle of that's how it works, it will marginally improve privacy because current status quo is basically that citizens provide their passport to the employer to demonstrate right to work via citizenship.

I also assume that the universal use of a single system means that spot-checking any workers status becomes easier. Currently if police, say, to use a common example, stop a food delivery rider and ask for their right to work they can say they're a citizen and just don't have ID on them. The UK has long derided the idea of everyone being expected to have ID with them with phrases like "papieren bitte", but it does mean that the authorities basically cannot check working statuses unless there's a physical workplace they can raid. Which is a weakness app-platforms and many people without the right to work have figured out.

A cynic might think that that kind of problem sounds a lot like a problem the government could already have solved in several other ways, but by letting it fester might finally garner public acceptance for the universal ID system they've always wanted.

> Prove that the validity of a statement (like "I am a citizen that is authorized to receive benefits") without revealing your precise identity.

but... why? the agency that gives out benefits has to mint this credential and has to assess your dossier. Or they can assess your dossier, write you a snail mail with a result and wire the money.

What's the use of this fancy crypto other that finding a but in this token-minting service and getting those benefits without actually being entitled?

>(Did I miss any talking points?)

Silently pointing out to the whole world that does this already and nothing scary happened that can't happen otherwise.

The only reason we have ids is the borders and codified inequality anyway. I can't go to certain places with one id and can go there with the other. In some specific places I can go in, but would not be able to get out.

Somehow I haven't seen a lot of intersection between people who believe we should not have borders and people who believe we should not have ids.

No the proposal is in line with your first paragraph. 'Attribute level proofs' (cyptographically signed data) stored in the user wallet, with those signatures coming from verification companies polling an API in front of government departments. The other side of it is a trust registry holding verification service public keys for signature checks..

The op is incorrect. The 'database entry' is the one that exists right now at the DVLA for driving licenses or HMPO for passports. Private sector verification services poll that data to verify the data entered by the user in onboarding. That's it.

This is the proposal for the UK system right now. Zero Knowledge Proofs. The technical side hasn't been adequately explained to the public.

do those state apps use Play Integrity on Android? will you be required to lock yourself into Apple or Google's walled garden in order to be a citizen?

I don't understand why Americans hold freedom of speech / the First Amendment in such high regard.

What does it buy you?

Major corruption, abuse and misconduct still happens. Being able to criticise your government doesn't seem to matter in the social media age. Look at the state of politics in the US right now.

Seems like it's slightly redundant these days – a bit anachronistic?

Kind of odd the obsession with it.

(p.s.: All the social media companies being from the US, of course – thanks for all the misinformation, disinformation and hate speech platforms along with all that 'free speech'!).

Uk has a lot of cameras sure but the vast majority of them look like 360p tech frankly

Which means they are already a "pointer" to a record in a centralised database.

Get a grip. Everybody in the UK already has a National Insurance number and NHS number, and most have either a driving license or passport — all the elements of national identity are already in place. This is just FUD.

Yes, I think you're probably right. But it still solves other problems such as "the app is a lookalike". If the app is basically an ID delivery mechanism that allows an operator to call up your photo, it becomes a relatively foolproof way to identify you accurately.

So the Netherlands may not be the best example to use as a positive example here.

Notoriously, the national identity system was used during World War II as a system for discovering and eliminating the Jewish community[1]. The lessons learned from that are a frequent topic of discussion in civil liberties groups, and the Dutch experience is often cited, both global conversations and within the Netherlands -- e.g. On Liberation Day 2015, Bits of Freedom held its annual Godwin Lecture on the risks of prioritising ID efficiency over civil liberties[2].

It may be that special protections were coded into the current system to prevent this from happening again, I don't know the details.

Certainly, the reputation for how obligatory papers have been (mis)used in mainland Europe since Napoleonic times have fed into the anglo world's suspicion around introducing similar regulations[3]. There are several recurring memes around how compulsory documents are a sign of an authoritarian environment.

[1] - https://jck.nl/en/agenda/identity-cards-and-forgeries

[2] - https://www.bitsoffreedom.nl/2015/04/30/during-world-war-ii-...

[3] - https://en.wikipedia.org/wiki/Jean_Valjean

With a Supreme Court like this one, what’s on the books don’t matter. They’ll find the interpretation.

> This is the proposal for the UK system right now.

Is it? Nobody knows if it’s going to be an app, or a virtual card, or a real card. So speculation and rumours are flying.

Whoever does comms for the government must be asleep.

In a good modern implementation, it should be extremely hard to produce a physical card with an authenticated pointer to the database, because that would be also signed.

But considering that they've been retiring things like biometric residence cards in favour of web-based systems, it's possible there will be no physical component.

No idea, I never installed it. I can do everything from my web browser.

Post something the government doesn't like, and you can no longer get a job, but you never find out why.

So why is another form of ID needed?

> Why? Because the state has already shown it can’t be trusted with our data.

No state can ever be trusted with this amount of data. Governments change. Someday, there will be a government in charge that you will disagree with.

The post office scandal wasn't that long ago, even. How can you blame people for doubting the ability to keep integrity of the system and that it won't be abused and that any abuse or incidents won't be covered up?

https://en.wikipedia.org/wiki/British_Post_Office_scandal

This time everyone voted for Starmer and got friend-of-Epstein Mandelson via McSweeney as a cut-out.

PMs don't drive the agenda. The UK is one of the most corrupt developed countries in the world. The people driving the agenda are billionaire and multi-millionaire donors.

PM is a sales job, not a strategy job, and increasingly ridiculous PMs have been selected because the donors have had enough of liberal democracy as a concept. If it stops working - which it pretty much has - there's going to be less resistance to removing it altogether.

Which is why there's resistance to Digital ID. There's widespread distrust - with reason - of the political establishment right across the divide.

I don’t think the current ID structure has any field for religious or racial history. It’s simply a unique number assigned to a person at birth.

My response as to the difference is the 1998 Good Friday agreement. Something that has already been branded as the Brit Card is simply something that wouldn't work in Northern Ireland, and that the name passed any scrutiny say an awful lot.

Ireland is not Britain, and people from Northern Ireland can chose to identify as British, Irish or Both by birthright.

A "Brit Card" is not something a significant portion of people would want.

I personally am more disgusted by the nationalistic naming, but I also don't like the idea of needing a smartphone or my walle when walking.

If these aren't true details then the messaging has been poor, per form, and needs to be addressed, quickly.

>but the more good faith reason for a database entry is it should eliminate fake IDs.

Really? If anything it would make them easier. Hackers routinely break into government databases to exfiltrate information. An ID attribute databases would be no exception, for exfiltration, or simply modification of data. Ie: creating a fake ID.

> I'm certain it's worked well in other countries, but I have zero trust in the UK government to handle this responsibility.

This commenter may sound like a paranoid person (and may very well be, I don't know them) but read about the way the UK government handled an IT error in post office accounting software. Someone living there has good reason to not trust the powers that be.

https://en.wikipedia.org/wiki/British_Post_Office_scandal

Whizz-bang cryptographic solutions to this class of problem (digital ID, electronic voting, etc) have at least three major problems that I consider fatal:

1. The contract to build the thing will go to the lowest bidder, who is all but guaranteed not to do any of it correctly (cf. the UK Post Office scandal and Fujitsu's role in it).

2. The public has no guarantee that it is implemented in the cryptographically secure way, or that is is ONLY implemented in the cryptographically secure way (e.g., either by accident or through malice the system leaks info it shouldn't).

3. The overwhelming majority of the public are not trained in nearly enough computer science to understand "no actually this system isn't a total privacy nightmare" (assuming that it's actually implemented securely).

>When (not if) the database becomes an attribute store across a wider scope, the implications are scary.

Penury and deportation are quite a bit of scope already! Maybe they'll put an "arrest" bit in there. Warrants are already a thing. I don't see the UK going in for murder just yet. What's left?

>What does it buy you?

Well, for one thing, it's not a transactional question of what it "buys". It's a matter of principle and defense against future repression or manipulation by politicians on a power trip.

For example, given Trump's current and blatant attempts to crush free expression against his own policies and bullshit, or even those who constantly insult and criticize him (whining about it like a little kid actually) imagine how much easier he'd have had it if there were no U.S 1st amendment to use against him.

There's an example of its value. It's just one of many.

If you think being able to protect free expression and the ability to speak out freely against power and its abuse is anachronistic, then I don't know what else to say except that you're a naive or dishonest fool, and possibly part of the very problem in places where péople just don't seem to care that under pretext X or Y, they can be stifled at any time.

Yes, the social media companies produce, or facilitate the production of, vast amounts of misinformation, disinformation and even hate speech, but guess what? All that shit gets produced en masse anyhow by repressive authoritarian regimes with narratives to construct and agendas to maintain. Free speech certainly isn't at fault for its existence, given that such things have existed since there's been propaganda or a perceived need for it.

At least, in a place like the U.S, where free speech remains protected (for now at least), any misinformation, disinformation or whatever speech by those in power or outside of it who create it, can be countered by others trying to speak more truthfully.

Try doing the same against misinformation and disinformation by government in Russia, or many other countries where "anachronistic" free speech is curtailed right to hell.

In essence, when governments can legally censor speech they decide is misinformation, disinformation or "hate speech", they can create all sorts of um, interesting, rubrics for deciding what fits under these labels, and then oops, by coincidence it can be anything that goes against their agendas. Going back to the Trump example, just pause for a moment to think about all the uncomfortable facts and opinions he loves to label as "fake news" or "misinformation" or even as hate speech. Now imagine him having the legal authority to sweep them away.

Nothing in any state guarantees against a future leadership with similar authoritarian proclivities from forming to use anti-free speech laws in similar ways.

There, my good faith response to your completely absurd line of rhetorical questioning.

Not just that, but currently, requiring real data to register to eg. social networks (reddit, hn,...) is hard. With everyone having a digital ID on their phones, tying their identity to their real ID will be easy, you'll just "sign" (or whatever) your reddit registration with your ID and your real name will be tied to that account. Combine this with EU chat control (and UK alternatives.. and well, EU digital ID alternatives), and the era of semi-anonymous internet use is over.

Even for renting a car these days you need a verification code that you can request from the DVLA using your national insurance number.

SSL has Certificate Revokation List, this could be implemented for Digital ID as well.

In fact, if British Digital ID is based on PKI, then CRL will come out of the box

https://en.wikipedia.org/wiki/Certificate_revocation_list

The fact is that no government can be trusted because they are not permanent. If a previous government had instituted, the current one would not be rolling it back. The loss of rights is like a ratchet: it only goes one way, click by click.

The census form in the UK requires disclosure of religion and ethnicity. It would be relatively easy to merge census data with ID.

I might trust this government not to do that, but I don't trust a future government (because I don't know who that will be).

You will not need to carry it around with you.

It also seems it'll actually be called Digital ID by the government, this is more a marketing tool, BritCard.

(Just clarifying if it helps, I see some misinformation out there).

That's not really true. It just means there is a gradient of success rather than outright success or loss. Particular portions of what you voted for may be successful. First past the post means you take it all or leave it all, policywise, small things are likely to fall through the cracks.

That's ironically just something the British government used to pride themselves on, Pragmatism.

If it's important enough or dysfunctional enough a quick decision will be taken. There's clearly deadlock in first past post too, look at the US, if neither party advocates for it at all, it gets nowhere.

Multiple citizenships are absolutely allowed in the US.

Good public key cryptography should make it pretty hard. Yes, rotate the IDs every 10 years, with a new photo and using a new private key.

Irish and British citizenship are de facto equivalent throughout the UK: any Irish person can simply decide to turn up in London without getting any kind of visa or asking any permission from anyone and live, work, or basically do anything a British person is allowed to do. So I’m curious how this will affect Irish people more broadly, not just in NI. Will they need to apply for this card?

Don't vote. By voting, you partake in a system unable to give most people effective representation. By voting, you ostensibly accept your own alienation.

I know absolutely tons of people with US + one or more other citizenships. You are misinformed. IDK if there is technically some law against it, but if there is, that law is totally unenforced.

How do you know that?

When I moved to the Netherlands I was shocked to find out you have to maintain a registered address with the government.

The government also decides how many non-family members can register at an address, so in Amsterdam it is common for people to remain registered at there parents while subletting a room in an apartment.

You also get a DigiD which very convenient but also terrifying, especially when I walk around my neighborhood and see plaque’s in the ground for the victims of the holocaust who lived here.

My Dutch girlfriend does not believe me when I tell here that you don’t have to register where you live with the government in the anglophone world. It’s just so engrained in the society that anything else seems absurd.

Because they pinky promise? It'll be required to produce one like producing a driving license is required, but you don't need to have it with you. It'll be required because pubs/bars etc will require it. It'll not be required like giving a traffic stop breath sample is not required or like giving up your password is not required.

Imagine it was called IrishID or similar, help you to have empathy for how half of NI residents might feel about Brit-anything?

Slightly different point really - every leader has someone behind them (which is why we have the term Thatcherism, not Josephism).

The point really was about parties themselves being coalitions in all but name.

Here in New Zealand, you're required to be enrolled to vote, even if you never intend to actually vote. Enrolling requires an address. I imagine it's similar in Australia, where actually voting is required by law.

I believe in New Zealand other government agencies aren't allowed to access your data without your consent though.

> but officials haven’t yet announced their intentions to abuse it

That one is perfect lol. It speaks to the baffling immense amount of trust people still have in institutions.

I mean, people are still outright alarmed that the BBC resort to clickbait or quietly change articles after publication. I mean, it's been a good 10-15 years - stop trusting them.

My point isn't that you should wash it down the toilet because it serves no purpose (of course this is a useful strawman to employ when anyone criticises it); rather, perhaps, that obsessing about it and fully believing it can protect you against eg a Trump presidency isn't very healthy. A bit too much tunnel vision?*

> Well, for one thing, it's not a transactional question of what it "buys"

Let's not play semantics. It's just a phrase

> defense against future repression or manipulation by politicians on a power trip.

Why hasn't it defended against current or past ones? It's not a new amendment, is it?

> For example, given Trump's current and blatant attempts to crush free expression against his own policies and bullshit, or even those who constantly insult and criticize him (whining about it like a little kid actually) imagine how much easier he'd have had it if there were no U.S 1st amendment to use against him.

What has all that criticism gotten you? He's still President right? And there is a worrying number of people talking about a '3rd' term

> when governments can legally censor speech they decide is misinformation, disinformation or "hate speech"

Your government via its plethora of agencies absolutely does this

> At least, in a place like the U.S, where free speech remains protected (for now at least), any misinformation, disinformation or whatever speech by those in power or outside of it who create it, can be countered by others trying to speak more truthfully.

How's that working out?

> There, my good faith response to your completely absurd line of rhetorical questioning.

Wow, Americans really think they are protected from criticism like 'civis Romanus' were protected from harm.

I think your opinions are exactly those I was questioning. Maybe it isn't as useful as you think it is

* another phrase, not to be interpreted literally

There was recently a request by the police for new laws about overpowered electric bicycles being ridden on pavements. Yes, they want a law against riding an already illegal vehicle in a place it is already illegal to ride it.

Now they want to make it illegal for employers to illegally give a job to people it was already illegal to give a job to by making them have a new ID, when it was already illegal to give someone a job without getting proof of their right to work in the UK!

You are 100% right

The Electoral Roll is quite different though

https://en.wikipedia.org/wiki/Electoral_roll

Hard agree.

Also, is the data secure? Who else has access to that data? Will I be protected if I am in this system?

If they were open about the system, it would be one thing, but they never are. It is funny how this has cropped up gain after the recent pow wow with the yanks and the tech companies.

‚ A secure, optional digital ID could be useful.‘ but never in the hands of a state.

You're not correct in saying nobody knows. This has been in discussion for several years, and the standard is outlined in detail on the government website [1], and also discussed in a blog [2].

But I fully agree if you mean it hasn't been adequately explained to the public [3].

[1] https://www.gov.uk/government/publications/uk-digital-identi...

[2] https://enablingdigitalidentity.blog.gov.uk/

[3] https://www.gov.uk/government/publications/digital-id-scheme...

There's a full section of the government website dedicated to this subject, and also a recent act of parliament which in part prepared legislation for it, the Data Use and Access Act 2025 [1]. See my other answer in this thread for the links.

The Digital ID scheme isn't new. The only change is from it being optional to mandatory.

[1] https://www.legislation.gov.uk/ukpga/2025/18/enacted

Horizon is the cherry on top.

Can you spell it out further from that document? There's only one mention of zero-knowledge proofs in there, mentioning it as one thing that could be used in verification. The rest of the document is similarly simultaneously dense and vague, so it's really not obvious to me that the actual implementation will be cryptographically privacy-preserving.

> And so it goes, until someone advises them to go to Ireland, where they can walk over the border to the UK, as in Northern Ireland.

This is absurd. The problem is the exact opposite, nearly all IPAs in Ireland come from the UK via the common travel area. Ireland is not in Schengen and is not reachable from the continent by small boat, so there is negligible migrant flow in the opposite direction.

I guess it depends on its design (does it set up the dystopian infrastructure or not) and then more so on the legislation around it. It's already not uncommon to need your passport for work, making it a law to produce for any work would be the actual thing that changes this.

I get your point about IrishID, but be realistic, none of this is surprising considering the current state of things. I could make some controversial statements in this regard but I'll avoid the flames (I sympathise with you before you place me in the wrong box).

how would the existence of this card make it easier to pursue you if you're let's say, Jewish? Doesn't passport/driving license already have thisv

This is bad advice. By voting, you accept nothing. By not voting, you merely lose the small power that voting grants you. (Why do you think people are working so hard to disenfranchise voters in the US?)

Construct better systems, by all means, but don't just ignore the system that exists.

Maybe it doesn't make it any easier but your question does remind us that cataloguing and categorising people can be dangerous. I accept that there are good reasons that the state could use this information, but we should also be alert to possible abuses.

Without looking, I honestly don't know if the passport and driving licence lists this information. But the census certainly does.

I couldn’t find anything in that document or the blog that answers the most basic question - is it going to be an app?

It literally contradicts itself at one point:

“It will also be stored directly on your own device - just like contactless payment cards or the NHS App today.”

An app has totally different capabilities from a card in a wallet.

Doesn’t seem so bad then

The common travel area + Brit_card might result in an interesting pattern where ID is by association rather than territorial location. For instance, as nationalists reject it and use only IRE/EU equivalents where possible. The passport is somewhat similar already. Would people reject services and jobs in N.I.? Completely possible and it already happens with people working "down south" aka down the road.

The civil liberties concerns, particularly in N.I. (historically speaking), are also important to consider. There is quite a high capacity for discriminatory practices in the region from all angles.

On the other side. The British government are lowering themselves to the position of "just another app on my phone". A system riddled with viruses, cyber attacks, etc. Further, what is to stop groups simply setting up and alternative ID system running on btc or something in the future...if this becomes the norm? At first it would be useless and a farce. Later a complete separate system.

Anyway, horrible idea all round. They clearly have not thought this through. Paper ids and loose associations are things I am a fan of in the anglophone world.

Huh? Everyone carries their phone everywhere and an ID card on an app is carried everywhere. When you stay at a hotel you might have to produce it, go to a doctors appointment,... and so on

First, I'm not an American nor do I live in the USA. My mentioning the 1st amendment is because it's the best known example of free speech protection enshrined in the constitutional law of a country.

Secondly, your logic is well off. I never said the 1st or any similar sort of legal protection for free speech is a guaranteed tool against bad government, repression and censorship. Instead it's ONE tool against these things, and better than its complete absence.

Other efforts still matter and in the U.S, we'll just have to see how they pan out, or not. That still doesn't mean that the 1st or any equivalent to it is irrelevant.

By your apparent reasoning, it's worthless because it doesn't guarantee results and that's sort of like having a fireman throw away their fire axe because it's not a sure fix against a house burning down.

Huh? In countries like Italy it's actually mandatory to have a form of identification on you when in public, this isn't the case.

Yes, and this cultural attitude really goes way back, like since pre-1500s for England. Then throw Scotland and N.I. into the mix and there is absolutely no interest in this type of system...to put it mildly!

The "brit_card" is on your phone and you will carry it everywhere. It is also a walking surveillance beacon and hacking target.

more concerning is they will be contracting the project to a private company, with links to the previous PM

You assert that the US does not allow dual citizenship, but that is wrong:

>U.S. law does not require a U.S. citizen to choose between U.S. citizenship and another (foreign) nationality (or nationalities). A U.S. citizen may naturalize in a foreign state without any risk to their U.S. citizenship.

https://travel.state.gov/content/travel/en/legal/travel-lega...

Thanks for the link - I was aware the government was preparing voluntary ID. I meant the zero proof element specifically as this is the first time I have heard mention of it.

You are right, I was wrong.

It doesn't work in any country, ever.

NO government can be trusted with data and with too much power (which go hand in hand). This has always been the case and will always be the case.

The physical card is sufficient to prove you have permission to drive. This code is for them to check how many points you have on your licence and what for. There used to be a paper counterpart to the card which showed this which they withdrew a few years ago.

In reality I've never been asked for the code when renting cars (outside the UK), the physical card seems to generally be sufficient for the hire companies.

There is another technical reason:

A digital ID requires essentially a digital signature running on a secure device (for example, a smart card).

Thus it implements public key cryptocraphy. Which makes confidentiality and integrity of computing two inseparable sides of the same medal.

You simply cannot break confidentiality of communication without practically breaking integrity of digital signatures at the same time. (Otherwise, a user, for example could generate a fresh random public key, sign it with their digital id, and send it to any communications partner).

Breaking this in turn means that the government can sign on behalf of you, without your knowledge.

Human communication is based on symbols and whatever the means are to transport these symbols, cannot work without trust.

> The UK's proposal makes the "digital ID" a pointer to an entry in a centralized database.

Very similar to the "EU settlement scheme" which would gave EU citizens which had work and settled in the UK pre-Brexit after a very lengthy and non-deterministic application process the right to stay without any paper document to prove that they actually got that right. Just a database entry on a government computer. Too bad if an extreme right-wing goverment came to power and something happened to that database.

They are influenced by money.

I mean the issue is that British people are so uptight about the government id card when a) oyster/credit card allows somebody to track all of their movement b) there's plenty of information collection that combined can be used against you c) driving license is de facto gov id at the moment. The ship had sailed, you are fighting against the wrong thing and that's why this battle will be lost.

You could but you dont necessarily have to, no different to your passport or drivers license. The technical implementation remains to be seen. It may even be more secure than some forms id, such as those with NFC/RFID built in.

Hey we can make a new style of cooperative VPN: everyone shuffles all their traffic and uses each others IDs randomly so the data makes less sense

How are you creating a fake ID by taking data, though?

Mr Toad, the wallet is an app. The naming choices are ripe for confusion.

These are referenced in the framework guidance (which is iterative) intended for DVSs. Here for instance:

https://www.gov.uk/government/publications/uk-digital-identi...

If you want a technical explanation of how they work, you will need to loose elsewhere.

I assume you mean the framework guidance. Bear in mind this is intended for Digital Verification Services. Cryptographic standards are referred to under 16.5. Zero Knowledge Proofs are a broader concept and better explained elsewhere, for instance

https://codethechange.stanford.edu/guides/guide_zk.html