Most active commenters
  • crazygringo(3)

←back to thread

Britain to introduce compulsory digital ID for workers

(www.reuters.com)
525 points alex77456 | 15 comments | 26 Sep 25 02:09 UTC | HN request time: 0.522s | source | bottom
Show context
a022311 ◴[26 Sep 25 18:21 UTC] No.45389492[source]
The same thing is happening in Greece. The new mandatory digital ID replaces and unifies everything about citizens in one place, "to make it easier for government services to share information between each other". It can indeed be useful, but the privacy implications are enormous. Just imagine that a policeman, employer or anybody else with access to the information linked to the ID can instantly view our medical records, tax status and even simpler things like if we've ever been caught driving while drunk. Nobody knows what other information could be attached to it, but it's certain that it can be used to discriminate against us.

The worst part is that we no longer have any power to do something about it. Eventually, after it goes through the testing phase in the UK and Greece (and a few other countries where it's being implemented), this will probably roll out on a global scale, making privacy impossibly. I'm starting to get this feeling that in the next decade, we'll be living in 1984...

replies(5): >>45389607 #>>45389666 #>>45389955 #>>45390207 #>>45391051 #
1. NicuCalcea ◴[26 Sep 25 19:11 UTC] No.45389955[source]
> Just imagine that a policeman, employer or anybody else with access to the information linked to the ID can instantly view our medical records, tax status and even simpler things like if we've ever been caught driving while drunk

Why would I imagine that? There are privacy implications, but a unique ID doesn't mean everyone has access to all your data at any time for any reason.

replies(2): >>45390017 #>>45390946 #
2. array_key_first ◴[26 Sep 25 19:17 UTC] No.45390017[source]
All it takes is one breach or vulnerability and then yes, they DO have access to all your data.

Imagine someone steals your driver's license. No biggie.

Now imagine they steal your identity which is linked to everything you ever do.

replies(2): >>45390349 #>>45390796 #
3. jama211 ◴[26 Sep 25 19:49 UTC] No.45390349[source]
But that’s already the case without a digital id. It’s not like those accounts aren’t already linked together.
replies(2): >>45390921 #>>45391124 #
4. crazygringo ◴[26 Sep 25 20:39 UTC] No.45390796[source]
> All it takes is one breach or vulnerability and then yes, they DO have access to all your data.

No they don't. If they breach the health system, they don't have access to tax returns.

Just because people are identified by a single ID number doesn't mean all their data is being stored on the same server. And for purely organizational reasons, that's incredibly unlikely to happen.

And I don't know what you mean by "steal your identity". People's names are date of birth are generally a pretty unique identifier already. It doesn't really matter if systems use that or a single ID number to identify you, or if hackers look you up by your name.

replies(1): >>45391289 #
5. hereme888 ◴[26 Sep 25 20:53 UTC] No.45390921{3}[source]
Breach = data for all citizens.

Card = one person, limited use.

But most importantly: a Hitler rises to power = opposition is screwed.

replies(1): >>45393238 #
6. EasyMark ◴[26 Sep 25 20:56 UTC] No.45390946[source]
But that's -likely- what it means in the near future, along with 24/7 tracking via observation posts along streets and highways. I wonder when people will start realizing a smaller government is a better government and vote accordingly. When things make a task "easier for the government" your ears should prick up and you should start paying attention. Today's "more efficient democracy" makes for tomorrow's "more efficient autocracy" when everything is already in place
7. grues-dinner ◴[26 Sep 25 21:19 UTC] No.45391124{3}[source]
The accounts generally aren't linked together. Everything about the UK government IT is a huge group of independent systems all pretty much isolated from each other. You can argue over whether that's down to incompetence, organisational turf wars, or good security design.

Which is why you have completely separate account to pay the same government for crossing one specific brige in East London than you do for vehicle tax.

Most government websites do use the same frontend toolkit (a rare win for UK governmental IT) but front completely separate systems.

replies(1): >>45395669 #
8. 9x39 ◴[26 Sep 25 21:39 UTC] No.45391289{3}[source]
When a credential is stolen, its validity across multiple unrelated services is often checked by credential stuffing. That's just one type of simple attack.

Has cybercrime been rendered obsolete with a government credential? Why is this master account immune to theft? On the contrary, it appears to be a credential that once stolen, could be more impactful than having your primary email account and phone compromised.

It's reasonable to be concerned even just from an infosec perspective.

replies(2): >>45391686 #>>45392478 #
9. kelseyfrog ◴[26 Sep 25 22:32 UTC] No.45391686{4}[source]
Is this a _could_ happen or _has_ happened type problem?

I'm trying to understand if it is speculative or if we have a base-rate for occurrence.

10. crazygringo ◴[27 Sep 25 00:46 UTC] No.45392478{4}[source]
What master account are you even talking about? That's not what this is.

The subject was a system being breached.

And the account you set up for a driver's license is generally different from the one for your health care. If you're reusing the same password for both it doesn't matter if they're linked by the same digital ID number or the same email address or just the same name and birthday.

A digital ID number isn't changing anything here.

replies(1): >>45392596 #
11. 9x39 ◴[27 Sep 25 01:22 UTC] No.45392596{5}[source]
In the UK's own post linked below (also in the OP), they describe what's more than a digital ID number. It's credentials. Which humans are bad at handling. And there are always implementation flaws, because we're humans.

https://www.gov.uk/government/news/new-digital-id-scheme-to-...

replies(1): >>45395315 #
12. pezezin ◴[27 Sep 25 04:38 UTC] No.45393238{4}[source]
Ah, good old Godwin's law...

If a Hitler rises to power you will be screwed with or without an ID card, so please don't use such a silly argument.

replies(2): >>45394002 #>>45408660 #
13. protocolture ◴[27 Sep 25 08:10 UTC] No.45394002{5}[source]
Doesnt have to be a Hitler, imagining the worst case scenario for laws is absolutely apt.

Consider the Australian Access and Assistance bill. Among other things, it permits ministers to issue TCN's verbally. As far as we know (theres no oversight) this hasnt been done. But its concerning that the government can verbally require a corporation to (open endedly) change app functionality.

It would be better if Jim Hitler, had to fight the existing democracy to erode our freedoms, rather than just having to ask a minister to make it so.

Its absolutely better to assume the worst case than the best.

14. crazygringo ◴[27 Sep 25 12:54 UTC] No.45395315{6}[source]
I think you're misunderstanding the article. When it says:

> Digital credentials will be stored directly on people’s own device

This is a credential you show. It's visual. It's not a login password.

15. jama211 ◴[27 Sep 25 13:45 UTC] No.45395669{4}[source]
I mean they could be more tightly integrated but any agency could match one account with another any time they felt like it