Britain to introduce compulsory digital ID for workers

A secure, optional digital ID could be useful. But not in today’s UK. Why? Because the state has already shown it can’t be trusted with our data.

- Snoopers’ Charter (Investigatory Powers Act 2016): ISPs must keep a year’s worth of records of which websites you visit. More than 40 agencies—from MI5 to the Welsh Ambulance Service—can request it. MI5 has already broken the rules and kept data it shouldn’t have.

- Encryption backdoors: Ministers can issue “Technical Capability Notices” to force tech firms to weaken or bypass end-to-end encryption.

- Online Safety Act: Expands content-scanning powers that experts warn could undermine privacy for everyone.

- Palantir deals: The government has given £1.5 billion+ in contracts to a US surveillance firm that builds predictive-policing tools and runs the NHS’s new Federated Data Platform. Many of those deals are secret.

- Wall-to-wall cameras: Millions of CCTV cameras already make the UK one of the most surveilled countries in the world.

A universal digital ID would plug straight into this ecosystem, creating an always-on, uniquely identified record of where you go and what you do. Even if paper or card options exist on paper, smartphone-based systems will dominate in practice, leaving those without phones excluded or coerced.

I’m not against digital identity in principle. But until the UK government proves it can protect basic privacy—by rolling back mass data retention, ending encryption backdoor demands, and enforcing genuine oversight—any national digital ID is a surveillance power-grab waiting to happen.

I'm certain it's worked well in other countries, but I have zero trust in the UK government to handle this responsibility.

The ID cards as realized in many other countries are comparatively benign, because they are a physical credential in the possession of the person concerned. The government cannot stop this credential from being used except by physically confiscating it or by waiting (years) for it to expire. Distributed storage in action.

The UK's proposal makes the "digital ID" a pointer to an entry in a centralized database. This database is the definitive record of what you are allowed to do or not do (like reside and work). Which can be changed or deleted at the stroke of a key, through human error or malice. Then what?

When (not if) the database becomes an attribute store across a wider scope, the implications are scary. The "digital ID" as set out today can't work for its ostensible purpose. Therefore its actual purpose isn't being declared. Not hard to connect the dots.

>The government cannot stop this credential from being used except by physically confiscating it or by waiting (years) for it to expire. Distributed storage in action.

Not really. It's part of identity management or whatever it's called to have an ability to recall ids, because they get lost, stolen and people to who they are issued die.

>When (not if) the database becomes an attribute store across a wider scope, the implications are scary.

What are the scary implication really? Most of the EU and beyond has some kind of login to the government capability. And?

What's the threat model really? The government will revoke your fancy thing to report taxes digitally for no reason and bankrupt you? They can do so without such roundabout ways.