Most active commenters
  • squidbeak(6)

←back to thread

Britain to introduce compulsory digital ID for workers

(www.reuters.com)
525 points alex77456 | 17 comments | 26 Sep 25 02:09 UTC | HN request time: 0.002s | source | bottom
Show context
aftergibson ◴[26 Sep 25 11:52 UTC] No.45385420[source]
A secure, optional digital ID could be useful. But not in today’s UK. Why? Because the state has already shown it can’t be trusted with our data.

- Snoopers’ Charter (Investigatory Powers Act 2016): ISPs must keep a year’s worth of records of which websites you visit. More than 40 agencies—from MI5 to the Welsh Ambulance Service—can request it. MI5 has already broken the rules and kept data it shouldn’t have.

- Encryption backdoors: Ministers can issue “Technical Capability Notices” to force tech firms to weaken or bypass end-to-end encryption.

- Online Safety Act: Expands content-scanning powers that experts warn could undermine privacy for everyone.

- Palantir deals: The government has given £1.5 billion+ in contracts to a US surveillance firm that builds predictive-policing tools and runs the NHS’s new Federated Data Platform. Many of those deals are secret.

- Wall-to-wall cameras: Millions of CCTV cameras already make the UK one of the most surveilled countries in the world.

A universal digital ID would plug straight into this ecosystem, creating an always-on, uniquely identified record of where you go and what you do. Even if paper or card options exist on paper, smartphone-based systems will dominate in practice, leaving those without phones excluded or coerced.

I’m not against digital identity in principle. But until the UK government proves it can protect basic privacy—by rolling back mass data retention, ending encryption backdoor demands, and enforcing genuine oversight—any national digital ID is a surveillance power-grab waiting to happen.

I'm certain it's worked well in other countries, but I have zero trust in the UK government to handle this responsibility.

replies(21): >>45385507 #>>45387492 #>>45389428 #>>45389950 #>>45390081 #>>45390083 #>>45390337 #>>45390348 #>>45390643 #>>45390732 #>>45391157 #>>45391185 #>>45391616 #>>45391657 #>>45392188 #>>45392686 #>>45394187 #>>45394216 #>>45397954 #>>45402490 #>>45403873 #
1. nostrademons ◴[26 Sep 25 19:23 UTC] No.45390081[source]
I wonder if zkSTARKS could help here. Prove that the validity of a statement (like "I am a citizen that is authorized to receive benefits") without revealing your precise identity.

https://en.wikipedia.org/wiki/Non-interactive_zero-knowledge...

replies(5): >>45390159 #>>45390819 #>>45390833 #>>45390954 #>>45392312 #
2. teddyh ◴[26 Sep 25 19:30 UTC] No.45390159[source]
This would be great and all, but all parties who are in a position to choose to implement this kind of system or to keep the status quo are already motivated to keep (and expand) the existing systems, for any number of reasons. Everybody (except the end users) loves to keep that juicy metadata and incidental logs of everything.

(Repost from 2021: <https://news.ycombinator.com/item?id=26560821>)

replies(1): >>45390515 #
3. nostrademons ◴[26 Sep 25 20:06 UTC] No.45390515[source]
It's worth designing a system of government that works for everybody, if only for the simple reason that we will very shortly (if we don't already) have a system that works for nobody, and likely everybody shooting everybody else will follow soon after that. A utopia at least gives people something to shoot for, and if you get very lucky you might end up with an idealist in power who's willing to give it a shot.
4. grues-dinner ◴[26 Sep 25 20:41 UTC] No.45390819[source]
That's basically how the existing share code system works for non-citizens. You the worker ask the government for a share code. You provide that to the prospective employer and they can check that it is valid. The same or similar system can be used for driving license validity.

The digital ID is presumably (this is my pulling a guess from my rear end, but if I had to implement it, I'd use the existing system) an extension to cover citizens too. In fact, in principle of that's how it works, it will marginally improve privacy because current status quo is basically that citizens provide their passport to the employer to demonstrate right to work via citizenship.

I also assume that the universal use of a single system means that spot-checking any workers status becomes easier. Currently if police, say, to use a common example, stop a food delivery rider and ask for their right to work they can say they're a citizen and just don't have ID on them. The UK has long derided the idea of everyone being expected to have ID with them with phrases like "papieren bitte", but it does mean that the authorities basically cannot check working statuses unless there's a physical workplace they can raid. Which is a weakness app-platforms and many people without the right to work have figured out.

A cynic might think that that kind of problem sounds a lot like a problem the government could already have solved in several other ways, but by letting it fester might finally garner public acceptance for the universal ID system they've always wanted.

5. Muromec ◴[26 Sep 25 20:43 UTC] No.45390833[source]
> Prove that the validity of a statement (like "I am a citizen that is authorized to receive benefits") without revealing your precise identity.

but... why? the agency that gives out benefits has to mint this credential and has to assess your dossier. Or they can assess your dossier, write you a snail mail with a result and wire the money.

What's the use of this fancy crypto other that finding a but in this token-minting service and getting those benefits without actually being entitled?

6. squidbeak ◴[26 Sep 25 20:58 UTC] No.45390954[source]
This is the proposal for the UK system right now. Zero Knowledge Proofs. The technical side hasn't been adequately explained to the public.
replies(2): >>45391349 #>>45393567 #
7. mr_toad ◴[26 Sep 25 21:48 UTC] No.45391349[source]
> This is the proposal for the UK system right now.

Is it? Nobody knows if it’s going to be an app, or a virtual card, or a real card. So speculation and rumours are flying.

Whoever does comms for the government must be asleep.

replies(1): >>45394289 #
8. endgame ◴[27 Sep 25 00:12 UTC] No.45392312[source]
Whizz-bang cryptographic solutions to this class of problem (digital ID, electronic voting, etc) have at least three major problems that I consider fatal:

1. The contract to build the thing will go to the lowest bidder, who is all but guaranteed not to do any of it correctly (cf. the UK Post Office scandal and Fujitsu's role in it).

2. The public has no guarantee that it is implemented in the cryptographically secure way, or that is is ONLY implemented in the cryptographically secure way (e.g., either by accident or through malice the system leaks info it shouldn't).

3. The overwhelming majority of the public are not trained in nearly enough computer science to understand "no actually this system isn't a total privacy nightmare" (assuming that it's actually implemented securely).

9. hardlianotion ◴[27 Sep 25 06:20 UTC] No.45393567[source]
How do you know that?
replies(1): >>45394319 #
10. squidbeak ◴[27 Sep 25 09:10 UTC] No.45394289{3}[source]
You're not correct in saying nobody knows. This has been in discussion for several years, and the standard is outlined in detail on the government website [1], and also discussed in a blog [2].

But I fully agree if you mean it hasn't been adequately explained to the public [3].

[1] https://www.gov.uk/government/publications/uk-digital-identi...

[2] https://enablingdigitalidentity.blog.gov.uk/

[3] https://www.gov.uk/government/publications/digital-id-scheme...

replies(2): >>45394447 #>>45395300 #
11. squidbeak ◴[27 Sep 25 09:16 UTC] No.45394319{3}[source]
There's a full section of the government website dedicated to this subject, and also a recent act of parliament which in part prepared legislation for it, the Data Use and Access Act 2025 [1]. See my other answer in this thread for the links.

The Digital ID scheme isn't new. The only change is from it being optional to mandatory.

[1] https://www.legislation.gov.uk/ukpga/2025/18/enacted

replies(1): >>45398823 #
12. rcxdude ◴[27 Sep 25 09:51 UTC] No.45394447{4}[source]
Can you spell it out further from that document? There's only one mention of zero-knowledge proofs in there, mentioning it as one thing that could be used in verification. The rest of the document is similarly simultaneously dense and vague, so it's really not obvious to me that the actual implementation will be cryptographically privacy-preserving.
replies(1): >>45438404 #
13. mr_toad ◴[27 Sep 25 12:50 UTC] No.45395300{4}[source]
I couldn’t find anything in that document or the blog that answers the most basic question - is it going to be an app?

It literally contradicts itself at one point:

“It will also be stored directly on your own device - just like contactless payment cards or the NHS App today.”

An app has totally different capabilities from a card in a wallet.

replies(1): >>45437959 #
14. hardlianotion ◴[27 Sep 25 19:51 UTC] No.45398823{4}[source]
Thanks for the link - I was aware the government was preparing voluntary ID. I meant the zero proof element specifically as this is the first time I have heard mention of it.
replies(1): >>45438303 #
15. squidbeak ◴[01 Oct 25 14:11 UTC] No.45437959{5}[source]
Mr Toad, the wallet is an app. The naming choices are ripe for confusion.
16. squidbeak ◴[01 Oct 25 14:43 UTC] No.45438303{5}[source]
These are referenced in the framework guidance (which is iterative) intended for DVSs. Here for instance:

https://www.gov.uk/government/publications/uk-digital-identi...

If you want a technical explanation of how they work, you will need to loose elsewhere.

17. squidbeak ◴[01 Oct 25 14:53 UTC] No.45438404{5}[source]
I assume you mean the framework guidance. Bear in mind this is intended for Digital Verification Services. Cryptographic standards are referred to under 16.5. Zero Knowledge Proofs are a broader concept and better explained elsewhere, for instance

https://codethechange.stanford.edu/guides/guide_zk.html