Getty Images / WIRED
In May 2010, in its first major policy decision, the Conservative and Liberal Democrat government scrapped the costly and controversial plan for compulsory national identity cards for British citizens. By the end of the year the hard disks, back-up tapes and servers used in trials of the scheme were being physically dismantled. The BBC called it an “orgy of destruction”.
Now, more than a decade later, ID cards are making a comeback. Sort of.
A report in The Times suggested the Conservative government is planning on introducing digital ID cards as part of a “Dominic Cummings data revolution”. People would be given a “unique digital identity” that could be used in their daily lives, the paper reported. The proposals have led to suggestions of government data grabs, increased mass surveillance and abuses of power.
The reality is likely to be a little less dystopian – and much more mundane. The teased plans come from a long-running set of ideas to increase the usage of digital identities across the UK and follow a government response to a call for evidence that was first announced last summer.
To date, the government hasn’t committed to anything other than developing new ways for people to have digital IDs. There’s no discussion of compulsory digital ID cards or even specific systems that would use one digital ID for everything. And if any form of single ID card style system is planned, it hasn’t been publicly documented – yet. A separate government announcement says it plans to “update existing laws” around digital IDs and that a year-long trial of a passport verification system, the Document Checking Service Pilot, will take place.
The idea of digital ID cards isn’t anything new. Since Labour’s plans for a physical national ID card scheme were revealed more than 15 years ago, using digital IDs has become commonplace. Think using your Facebook, Google, or Apple account to access another website or app. “Over the last decade, identity as a service has emerged as a gateway to public and private-sector services, affirmation of basic rights, and humanitarian aid,” says Carsten Maple, principle investigator for The Alan Turing Institute’s research into infrastructure for identity systems. “Increasing levels of personal details and biometric data – fingerprints, photos, facial and iris scans – are collected and used widely, often given freely in exchange for convenient access to a product, service or support from governments and companies alike.”
In fact, an official government identity programme already exists. Despite significant development and usability troubles the Gov.uk Verify system lets people use their ID across 22 government services, including the DVLA, Department for Education and HMRC’s tax services. More than seven million people have signed up to the system, although it only has a 42 per cent success rate at verifying people’s identity.
The proposals for a digital identity system are mostly being put in place as an attempt to increase efficiency and limit bureaucracy. The government says people trying to buy or sell their homes are “required to prove their identity multiple times”. This can be to their bank, estate agents or conveyancer and involve posting sensitive documents to multiple addresses. Opening a new bank account can involve proving your identity with multiple different documents – household bills, bank statements, and passports or driving licences are often needed in various combinations. There are plenty of other problems caused when people can’t prove who they are.
None of these things require an ID card. “There are a lot of ways to solve a particular identity challenge or use case without an ID card,” says Jeremy Grant, coordinator of the Better Identity Coalition, who previously led the US national program for online identities. “A card is arguably the last thing we need these days.”
Instead, digital IDs can be more akin to logging into a service and providing a piece of information – a specific code, for example – that’s then checked against a previous entry to confirm you are who you say. In recent years private companies have emerged in the identity checking space and use various different methods to check who people are. Yoti has developed verified IDs for NHS staff; iProov is using facial biometrics to let people board the Eurostar.
“The private sector wants to do lots of things, but often wants to do it to kind of get market share, get access to consumer data, become the monopoly provider,” says Edgar Whitley of the London School of Economics who has studied digital ID systems since the mid-2000s and influenced the cancellation of the Labour government’s scheme. He adds that the involvement of the private sector would raise concerns about access to data and how much information should be stored. The government’s publication this week said many of the ideas it has heard about digital IDs have come from the private sector and not enough public engagement has happened.
Plenty of other countries already use digital identity systems. More than 120 countries use passports that contain biometric information. Estonia, where 98 per cent of citizens have ID cards and the government’s services are digital first, is touted as one of the best examples. More than 600 government services use Estonia’s ID system and 2,000 private companies can also access it. But Estonia is a small population with relatively new digital infrastructure. At the other end of the scale is India. The country has a database of 1.2 billion people that’s been used as a tool to increase in surveillance.
The Document Checking Service pilot gives an indication of how any future UK system could work – one of its aims is to reduce potential fraud. The test will let 11 private companies check passport details against the passport office’s database and give a “yes” or “no” response to whether they are valid. To show a passport is valid, people will have to provide their passport number, name, date of birth and expiry details.
“Technically nobody needs to keep a record of where your digital ID has been used, you might want a little bit of that for audit trails, fraud checking and stuff like that,” Whitley says. “But equally you can imagine, if this was a private company, it may want to know that your digital ID has been used for you to claim furlough payments, and then claiming Universal Credit and also buying food from this particular store because then we can target particular services and adverts at you.”
Those without access to traditional forms of ID or the latest technology can’t be left out of digital identity systems. “We’ve got to be concerned about the number of people in this country who don’t have passports or driving licenses and the issues accessing the systems, as well as the number of people who can’t use digital identity at all,” says Tom Fisher, a senior researcher at Privacy International and a member of the GoodID project.
There are also concerns around mission creep and who would have access to online identity databases. What digital identities are used for has to be carefully considered, Fisher says, or they may be abused. “Landlords, employers, police, all these people have enormous power over us,” he says. “So we have to be careful basing this purely on consent.”
Previous ID systems give a warning of what could happen. ID cards issued during World War II went from three functions to 39 by the time they were abolished in 1952.
Trust can be key for the development of any new digital ID efforts. During the pandemic the failure of the Test and Trace app and the A-levels algorithm have not imbued government technology projects with much confidence. “These have also made crystal clear the importance of building technology with public legitimacy – not just for ethics but for efficacy,” says Imogen Parker, the head of policy at the Ada Lovelace Institute. “To work, these types of technology need to be trusted and used.”
There’s a lot that needs to be done for people to trust technological systems, Parker adds. The systems need to be shown to work and there needs to be transparency around who is involved in building and operating them. “If this is seen as a Dominic Cummings data revolution then that will affect public trust,” Parker says. “Some groups have legitimate reasons to distrust any technology that might be linked to government surveillance, or fear discriminatory uses. Fear that a digital identity could be used as a tool for prejudice needs to be addressed up front.”
Matt Burgess is WIRED’s deputy digital editor. He tweets from @mattburgess1
More great stories from WIRED
🐾 A liver disease is putting the Skye Terrier’s existence at risk. Doggy DNA banks could help save it
🔞 As AI technology gets cheaper and easier to use, deepfake porn is going mainstream
🏡 Back at work? So are burglars. Here’s the tech you need to keep your home safe
🔊 Listen to The WIRED Podcast, the week in science, technology and culture, delivered every Friday
👉 Follow WIRED on Twitter, Instagram, Facebook and LinkedIn
Get The Email from WIRED, your no-nonsense briefing on all the biggest stories in technology, business and science. In your inbox every weekday at 12pm sharp.
Thank You. You have successfully subscribed to our newsletter. You will hear from us shortly.
Sorry, you have entered an invalid email. Please refresh and try again.