ID Cards should be about data infrastructure, not personal surveillance
Keir Starmer has already started to mission-creep his proposals for a “voluntary digital ID” for all residents in the UK. What was initially described only as a work permit to prevent migrants from working illegally (something that was never going to work as those employing workers illegally weren’t likely to start obeying the law) has already started to expand beyond that flimsy remit. During a trade mission to India, Starmer has speculated that those choosing to not take on the still-voluntary ID could be barred from benefits or paying bills to public services.
This raises the prospect of the whole scheme biting Starmer in the Human Rights. If the consequences of choosing to not take up a “voluntary” ID card is to be prevented from accessing basic services and maintaining a decent standard of living then this may be challenged in courts.
To which the solution would be to make them mandatory and automatically issued to all residents. This is, of course, politically toxic for Starmer which is why he keeps calling them “voluntary”. Lessons should have been learned here from the voter ID systems whereby it was made illegal to vote unless one had access to a “voluntary” ID system such as a driver’s licence, passport or one of the other forms of photo ID that were on a list that did not include many of the forms of photo ID relied upon especially by younger voters. The result of this was well forecasted and ultimately proved - far more voters were barred from voting legally than were ever prevented from voting illegally. The same will be the case for Starmer’s plan too - far more people will be barred from working legally than will be prevented from working illegally.
Lessons should have been learned too from both the EU Settled Status scandals and from the digital-only passes used to monitor people during the Covid pandemic. By relying on “digital only” platforms, you exclude people who wish to opt-out of owning a smartphone (neither a voluntary nor a mandatory ID system should force you to spend potentially hundreds of pounds on electronic equipment) and no “mandatory” checking system should be reliant on access to data networks that can be brought down by accident or by design. Any ID system must come with a physical card or paper backup.
The idea of a single-point ID system for residents is fundamentally a good one but it is a system that should be designed for data management and streamlining data infrastructure, not for surveillance and control. It is genuinely useful to know how many people actually live in a particular community to decide how to allocate public service resources, for example. However, the UK’s system of muddling through on multiple different ID cards that may or may not be valid for this particular use and may or may not have sufficient or even any level of security attached to it (like an easily photoshopped scan of a utility bill…) and may or may not be available to you at all based on your citizenship status is simply not how to run a country in the 21st century.
Common Weal has written about how to design a modern ID system and it cuts to the heart of the data management aspects of it. One of the fears of a single Government ID database is that it gives the Government themselves an easier time accessing your personal data or that hackers might hoover up everything they can about you. These are legitimate concerns even in an era where people happily and without thinking sign over large chunks of their data lives to American social media megacorporations with the click of an “Accept All Cookies” button.
A more secure ID system would look something like our plan in How To Start A New Country which itself looks presciently similar to the system later designed by the EU for their Digital Identity Wallet (Indeed, if the UK’s Digital ID is not at least in theory portable to the EU’s system then this raises problems for incompatible data stores held by EU citizens in th UK or UK citizens in the EU and may be a barrier to the UK - or Scotland - rejoining the EU in the future). The basic idea is that right now, when you sign away your data to an agency or a company then THEY get to store that data on their own computers and manipulate it themselves. Under a secure ID system, that data never leaves your own personal data wallet. You can grant ACCESS for an agency to read the portion - and only the portion - of that wallet that they need to provide you the service you want from them. HMRC gets to read information regarding your tax return. The NHS can read your medically required information. Your employer gets to read the line that says “UK work permit valid”. You can let Facebook read your home address so that they can geolocate adverts at you. The moment that the agency no longer needs to read your wallet, then they lose access. You don’t need to worry about them storing their own copies of everything someone can possibly know about you.
You could even go further and enact a trustless version where your employer doesn’t even get to read that work permit line directly but can only ask the database “Can this person work in the UK?” and get a simple Yes/No in response without ever being able to access the database directly.
The UK remains an outlier in modern democracies in not having a modern ID system for all residents but it must be based on what an ID system is actually best used for - delivering public services where and when they are needed. Not merely pandering to the far-right in their quest to persecute the vulnerable even more than they already do.
