Since Keir Starmer announced the forthcoming introduction of mandatory ‘Digital ID’, the so-called ‘Brit Card’, there has been a lot of discussion and debate – some of it political, some technical or technological, some on civil liberties, some practical – and some quite heated. Some, too, has been either ignorant or dismissive – comments such as ‘the British are mad, everyone else in Europe is fine about ID cards’ are neither helpful nor understand what it is that the Brits worry about. Because the Brits do worry about ID cards, as the more than petition against the scheme gaining more then 2 million signatures in a matter of days has shown.
This is a more complex issue than it first seems. It is neither true that this is a guaranteed route to an authoritarian nightmare – a ‘papers please’ society – nor that it is a storm in a very British teacup, another piece of stupid British exceptionalism that we should forget about. Rather, there are a whole series of issues that really do deserve careful thought. This post attempts to set out some of these – to explain why people are worried, whether those worries are justified, and what possible solutions to those worries might be. This is just a starting point, however: there a many more points that a blog post cannot really hope to cover.
What is ID for?
The first question to ask is what you want ID for. For most people, in most aspects of their lives, there’s very little need for ID. You can go about your daily business without anyone needing to check your ID or who you are. You don’t need to prove your identity work – your employers know who you are – you don’t need to prove it to do things like shopping, eating at restaurants, going to movies or sports matches. You might need to prove some particular attribute – that you’re over 18, that you have a ticket, that you have the means to pay for something – but not your identity. The two are qualitatively different, and can be treated differently. It may be more convenient to have one card/device/other tool that does several of these functions, and that even contains some identifying information about you, but it’s not necessary in most cases. If I use my Apple Watch to pay for something, a connection is made from my watch to something confirming my bank details, but no-one else in the process needs to know. The shop doesn’t need to know, the shop assistant doesn’t need to know and so forth.
The same is true of many of the situations people think as needing ID – it isn’t really ID that’s needed, and it isn’t really the person who’s asking for the ID who needs it. A well designed ID system recognises this, and only asks for the information necessary in a particular situation. A well designed ID law would also recognise this, and only require the disclosure of ID when it is really necessary – not when it might be convenient or it might possibly help later.
How can ID be used?
There are two different ways that ID can be used. One is assertion. You can use a verified ID to assert your rights. ‘This is me’, confirming your right to do something. That is an active process, and one that is in the hands of the person asserting their identity. This is one of the best uses for an ID card, and when people say ‘they have them in Europe, and it’s really useful,’ this is generally what they mean. You can use this to cut through bureaucracy, to simplify processes like opening bank accounts or getting a job. This is also not the kind of use that worries people concerned about civil liberties.
The second use, the one that does concern people who care about civil liberties, is demand. That is, to be required to carry ID in case someone in authority demands it of you. This is the ‘papers please’ society that people fear, the idea that a police officer might stop you without any real reason and demand to see your ID card. The idea that ID cards should be mandatory fits with this concern – if it can’t be demanded of you, why would it be mandatory? And if it is mandatory, at some point it will be demanded of you.
It is easy in the current climate to think of ways this could be used politically and badly. Could Border Force demand it of people when they’re doing a raid? If so, who would they be checking? It is hard to imagine that checking would not be racially or religiously biased – who would be suspected of being an illegal immigrant? Alternatively, given the increasingly heavy handed policing of protest, could it be used to try to deter people from being involved in protests, whether political or environmental?
Immigration enforcement?
The stated use case for the system – at least in speeches – is immigration enforcement. Specifically, to make it harder for immigrants to work illegally. The idea is that people (all people, not just immigrants) have to show the new digital ID when they are hired. This will, according to Starmer, make it harder for immigrants who are not entitled to get hired. There are a number of problems with this.
- There are already checks like this – the right to work check – which scrupulous employers use, and which make it both difficult and unlikely that those who are not entitled to work will be hired. With this, passports and visas which show this entitlement are checked – and the system essentially works.
- The consequence of this is that those who do employ people who are not entitled to work are not, and will not be, scrupulous and law-abiding employers. Those unscrupulous employers are unlikely to change because of digital ID.
- What would really address this would be cracking down on unscrupulous employers – which is, at least to an extent, already happening, but could go further. This, however, would have nothing to do with the digital ID, and would not be made easier by the digital ID.
This makes the case for a massive new project difficult to sustain – if it is really the reason for bringing in digital ID. When all the other concerns are brought into play, it makes even less sense – and there are many other concerns to be considered.
Cards or databases?
The first of these concerns is the way that databases come in. The idea of digital ID is that it can link to various government databases, either existing databases or newly created ones for the digital ID. There will, presumably, be a database of the digital IDs themselves, to check whether a digital ID is authentic to start with. This would have to include sufficient biometric data to allow some kind of checking that the digital ID belongs to the physical individual who is claiming that it is theirs – facial recognition data, fingerprint data, or something along those lines – as well as citizenship or residency information.
The ID would then need to link to databases about immigration status, for example, and not just to the right to work – the information needed for the employment check that is the purported reason for introducing the digital ID, but also potentially to things like the right to use the NHS, or to entitlement to benefits. Then, again presumably, there are the other key government databases that could be linked to, such as those held by the DVLA, by HMRC or by the DWP. It would be logical to link to these, and this could increase the convenience and usefulness of the digital ID for people (in the assertion role of ID) as well as for the government.
From there, links could be made to more data – for example data held by the police or others about membership of various organisations, or information about activities. For example, if a protest is happening in the area, and the police want to stop people congregating, they could ask for ID then check directly whether this is someone known to be a member of a protest group, or to have previously been on protests – as a tool to try to head off protests, this could be effective. On the other hand, it could also be seen as distinctly authoritarian, raising more of the civil liberties concerns.
Of course if this information is already there, it can be reached by other means – and already is, for example through live facial recognition of protestors – so this is another tool rather than a unique one, but the existence of digital ID systems can make things more convenient for the authorities, as well as more convenient for the citizen. That has implications that need to be taken into account. Making things easier for authorities can mean enabling authoritarianism – it does not have to, but when systems are set up sufficient protections need to be built in to prevent it, and the rights of people need to be protected in law as well as in practice. This means oversight of systems, and rights to complain and to obtain redress.
What needs to be understood above all is that all data is vulnerable – and databases like these are particularly vulnerable, honeypots of data that can be exploited in all kinds of ways. Creating new data, and making links between databases, creates new vulnerabilities. There is a good reason that data protection has as one of its principles data minimisation. The BritCard appears to do the opposite of that: creating vulnerabilities and insecurities.
Function creep
Another major concern about systems like this is function creep, sometimes called mission creep. That is, a system may be designed and authorised for one use, but then later gets used for something above and beyond the original idea. This is not just something from conspiracy theories – though conspiracy theorists do generally believe in it – but from experience both of laws and of surveillance systems. The Regulation of Investigatory Powers Act 2000, for example, was brought in ostensibly to deal with terrorism and serious crime, but ended up being used to deal with dog fouling and to allow councils to monitor whether children really did live in catchment areas for particular schools – and these are just some of the examples. Similarly, the ANPR cameras installed to monitor London’s Congestion Charge can now be used for criminal investigations and prosecutions. That might well be appropriate and efficient, but it was not what the cameras were designed or authorised for.
In practice, function creep may well be inevitable – ideas of how to use systems may simply not have been conceived, or even have been possible, when systems were devised and when the laws enabling them were passed. It is a mistake to assume that they are the result of a conspiracy, of dishonesty by those behind the schemes – but it is also incumbent on those considering schemes to think about where function creep might occur, and to either put in place protections against that function creep or be more open about what the possibilities are when the systems are authorised. Here, for example, if the real uses of digital ID are likely to be more than just the checking of people when hiring them for work, the government should be up front about that.
Costs, complications and practicalities
The next set of concerns are in many ways practical. This kind of a project is an immense undertaking – this is digital ID, and that means a massive government IT project. Who will actually do this project? It seems highly unlikely that it would be done ‘in house’ by the UK government, and that means using private companies to do the work. The question of which companies is huge one. Will it be U.S. companies, such as the somewhat notorious Palantir? That would and should raise huge alarm bells, particularly given the current state of politics in the U.S.. Would our data be secure in the hands of a company whose founder and chairman thinks regulation of AI will hasten the arrival of the Antichrist? (this is not a joke, but real). Can we trust these companies to do this work to the benefit of the people of the UK?
This is the kind of thing that can be protected against. In Switzerland, for example, where an optional form of electronic ID was recently voted for in a referendum, it was decided that the work needed to be done in house, for exactly these reasons. The UK could do this – or at the very least, it could place strict rules about who can and cannot bid for the project, and avoid the natural and appropriate worries about some of the potential bidders. Palantir, at the very least, should be excluded. Then there is the possibility of the work being farmed out to people with family or other connections to ministers – this kind of cronyism (well, in reality corruption) is very familiar in the UK, particular during the COVID pandemic. Who is going to get the work, and hence the money, for this project? Will it be done transparently and fairly? There is also the question – one that needs to be considered every time a technological project is proposed – of whether a technological ‘solution’ is being oversold by its proponents. Selling shiny solutions to desperate governments has been very lucrative for many decades, regardless of whether the solutions actually solve anything. It needs to be guarded against from the start.
Then there is the question of cost. This kind of a project will be very expensive, and given the experience of large government IT projects is likely to be far more expensive than any initial estimates. Given that, we need to be very clear about the benefits from the project from the outset, before committing so much to it. Whether it is the various failed NHS IT projects over the last few decades or even HS2, government projects do tend to end up much more costly than expected. It would be very optimistic to expect anything different here, particularly as this is something new, not like any other related project.
The consequences of errors
There are two kinds of concerns about this kind of project: problems that arise intentionally, as part of the design of the system, or inherent in the system, and problems that arise through errors. The Post Office Horizon IT scandal should give everyone food for thought here. What happens when ID information is wrong? People can fail to get jobs, at the very least, or they could end up being imprisoned or deported inappropriately – because (again, presumably) employers will be expected to report people attempting to get jobs illegally. This is not a joke – though ‘Computer Says No’ seems funny, the computer saying no in this kind of case can be significant. Moreover, what a computer says is treated as gospel – it can be taken as unquestionably right, as we saw in the Horizon IT scandal to devastating effect – and proving that it is wrong can be nigh-on impossible. We have also seen the experience across the Atlantic of what over-enthusiastic enforcement of immigration rules can result in, whether or not the information used to enforce is real.
Digital and other exclusion?
One of the other concerns about digital ID is the way it could exclude certain groups. As presented, this would be an app-based system, presumably for Apple and Android phones – so anyone who either doesn’t have or struggles with those phones will either be unable to use this system or be disadvantaged through it. That disadvantage would be particularly important in the assertion role of ID: if we think this digital ID is going to make people’s lives more convenient, that won’t be so for those who can’t use it, increasing already existing digital exclusion or digital disadvantage.
If the system is mandatory, and there are people who can’t use the Smartphone/App system, then an alternative has to be provided – perhaps an actual ID card, in physical form – and an alternative infrastructure has to be provided. Again, this is likely to cause disadvantage and might well be challengeable (the devil will be in the detail) and certainly will make the whole thing more costly and complex, and provide more opportunities for errors, as well as more possibilities for subverting or bypassing controls.
Then there is the question of people who can’t afford Smartphones, or use alternative systems to the mainstream Apple or Android, or whose phones are outdated and can’t use the app. What will the government do for them? Will they provide smartphones for those who can’t afford them, then update them as they become obsolete? There were related issues for the Covid tracking apps – issues that contributed to their failure. Technology is not as simple as politicians often think – as Matt Hancock found to his cost, when he had to humiliatingly climb down over his initial plans for a tracking app.
But it works in Europe
This is one of the most regular claims, but it misses the point. ID cards do work in Europe, but in ways that this government is not talking about. It works as a de-facto travel document between EU states. It can be used as an assertive tool for dealing with bureaucracy. Nowhere other than Estonia is it used as a digital ID, and in Estonia this is not for immigration enforcement or anything similar, but a tool of government efficiency and access: Estonia has the most digital government in Europe. Further, there is no evidence that ID cards lower the rates of ‘illegal’ working – the ‘shadow economies’ in countries with ID cards are just as big (or bigger) than ours.
Moreover, these European countries have strong constitutional protections for privacy – we do not. Our main protection comes through the European Convention on Human Rights, which opposition parties are planning to leave, and even the Labour government is considering either leaving or weakening the rights, particularly the Article 8 right to a private life which is the key here. Our other protection comes from data protection law, and since Brexit we have looked to diverge from the GDPR and weaken privacy protections in terms of data. The European model is not one we can use as a positive comparison to suggest that ID cards are a good idea – if the UK government were putting forward a European-style ID card with European-style protections, it might be. They’re not.
Conclusions
This is not a simple idea, nor a simple issue. There are positive possibilities for digital ID – as an assertive tool it could be great – but it is highly unlikely to have anything more than a peripheral effect on the issue the government is touting it for. That needs to be changed. They need to understand what it could actually work for, and be honest and clear about it. They should know what the concerns of people are, and do what they can to assuage them. Steer clear of the likes of Palantir. Give the idea time to settle down, and be clear of what the pitfalls are likely to be.
As it is, this looks poorly planned, flimsily justified, and impractical. I would like to have a positive case made for digital ID. This is not it.
Paul Bernal's Blog 