The proposed "solution" will indeed protect against identity theft by non-state actors, but it would also give the government the power to lock you out of your job, your bank, your online accounts, medical care, and whatever other services and businesses that trust the government-generated token. AND THEY WOULD BE ABLE TO DO ALL OF THIS INSTANTLY AT THE SAME TIME. The government just has to refuse to issue you tokens.
Hey mom, I just found government mole inside of Financial times!
Guy from the article claims that data such us: my age, criminal past, my home address, my disabilities etc. are totally fine to be collected and JOIN'ed together for just verification purposes. SCARY
It sounds instead like the author wants Digital ID to force a solution - a national id - that has a long history of opposition in the UK. https://en.wikipedia.org/wiki/Opinion_polls_on_the_British_n... , when that solution does not require digital technology.
> Or the token might generate a barcode on my smartphone, which could be scanned by a landlord letting out a flat or an employer giving me a job.
Traditionally what happens is the landlord asks for more and more information, which you "consent" to because you really need housing. (Same for why many "consent" to terms and services they never read.)
Or why bars, which legally only need proof of age, want to scan your entire id, including name and address, to check against a digital ban list, entice guest loyalty, and get more accurate demographics.
So the bar isn't going to only ask for legally required info (or they will demand the law require them to get name and address for ban lists)>
> None of this is very different from what happens when I use a credit card.
> Digital ID is, of course, about more than administrative convenience: it allows the denial of services to people who have no right to them, such as irregular migrants
No, it does not, at least, not as described. If "The simplest form of a digital ID system is that every resident should have a unique number." then simply knowing the number allows anyone to, for example, vote as someone else.
What's missing is the way to establish that the person with the number is the one authorized to use the number.
And if Digital ID is voluntary, then all existing ways to access said services are still available.
> It is foolish to believe that holes in the population register really protect the innocent.
It would also be foolish to ignore the innocent people whose lives were ruined by the British Post Office scandal/Horizon IT scandal.
It fundamentally doesn't understand tokenisation. It claims that you could have an age verification token that doesn't reveal to the government what you were trying to view, but how would that work? The site receiving the token still has to cryptographically validate it as being genuine, and having not being revoked, so it will still need to ask the government database (giving the government an instant kill switch against sexual minorities it decides it doesn't like into the bargain). There's no anonymisation here (and bluntly the government doesn't want that).
It's defence against a government using it for nefarious purposes is literally just the defeatist argument it decries as a fallacy in the paragraph before. Ultimately the best defence against such a government is that the harm it wants to cause can be made slow, expensive and inefficient, and that is a very good way to discourage governments from doing things en masse. But with a single identifier and digital ID it becomes far more efficient.
The UK government has announced very little about the plan and in fact made it clear that the details are yet to be decided
https://www.gov.uk/government/publications/digital-id-scheme...
Yet plenty of people including in this thread have lept to criticising details of a non existent specification.
I find it perplexing. I agree with Tim. This could be done well. The UK Govs Digital Services Department have done fine work in recent years. I have faith in them to pull something like this off well.
Next though, we need an actual tech spec and public technical consultation. Then perhaps we can have a meaningful debate on it.
The proposed "solution" will indeed protect against identity theft by non-state actors, but it would also give the government the power to lock you out of your job, your bank, your online accounts, medical care, and whatever other services and businesses that trust the government-generated token. AND THEY WOULD BE ABLE TO DO ALL OF THIS INSTANTLY AT THE SAME TIME. The government just has to refuse to issue you tokens.
Hey mom, I just found government mole inside of Financial times!
Guy from the article claims that data such us: my age, criminal past, my home address, my disabilities etc. are totally fine to be collected and JOIN'ed together for just verification purposes. SCARY
[dead]
> The simplest form of a digital ID system is that every resident should have a unique number.
Does this mean Sweden has had digital ID since the 1940s? https://en.wikipedia.org/wiki/Personal_identity_number_(Swed... says "When it was introduced in 1947 it was probably the first of its kind covering the total resident population of a country".
It sounds instead like the author wants Digital ID to force a solution - a national id - that has a long history of opposition in the UK. https://en.wikipedia.org/wiki/Opinion_polls_on_the_British_n... , when that solution does not require digital technology.
> Or the token might generate a barcode on my smartphone, which could be scanned by a landlord letting out a flat or an employer giving me a job.
Traditionally what happens is the landlord asks for more and more information, which you "consent" to because you really need housing. (Same for why many "consent" to terms and services they never read.)
Or why bars, which legally only need proof of age, want to scan your entire id, including name and address, to check against a digital ban list, entice guest loyalty, and get more accurate demographics.
So the bar isn't going to only ask for legally required info (or they will demand the law require them to get name and address for ban lists)>
> None of this is very different from what happens when I use a credit card.
Which is how the credit card companies sell aggregate user data. Eg, https://pirg.org/edfund/resources/how-mastercard-sells-data/ and https://www.vice.com/en/article/envestnet-yodlee-credit-card... for US examples.
> Digital ID is, of course, about more than administrative convenience: it allows the denial of services to people who have no right to them, such as irregular migrants
No, it does not, at least, not as described. If "The simplest form of a digital ID system is that every resident should have a unique number." then simply knowing the number allows anyone to, for example, vote as someone else.
What's missing is the way to establish that the person with the number is the one authorized to use the number.
And if Digital ID is voluntary, then all existing ways to access said services are still available.
> It is foolish to believe that holes in the population register really protect the innocent.
It would also be foolish to ignore the innocent people whose lives were ruined by the British Post Office scandal/Horizon IT scandal.
A fairly poor piece.
It fundamentally doesn't understand tokenisation. It claims that you could have an age verification token that doesn't reveal to the government what you were trying to view, but how would that work? The site receiving the token still has to cryptographically validate it as being genuine, and having not being revoked, so it will still need to ask the government database (giving the government an instant kill switch against sexual minorities it decides it doesn't like into the bargain). There's no anonymisation here (and bluntly the government doesn't want that).
It's defence against a government using it for nefarious purposes is literally just the defeatist argument it decries as a fallacy in the paragraph before. Ultimately the best defence against such a government is that the harm it wants to cause can be made slow, expensive and inefficient, and that is a very good way to discourage governments from doing things en masse. But with a single identifier and digital ID it becomes far more efficient.
The UK government has announced very little about the plan and in fact made it clear that the details are yet to be decided https://www.gov.uk/government/publications/digital-id-scheme... Yet plenty of people including in this thread have lept to criticising details of a non existent specification.
I find it perplexing. I agree with Tim. This could be done well. The UK Govs Digital Services Department have done fine work in recent years. I have faith in them to pull something like this off well.
Next though, we need an actual tech spec and public technical consultation. Then perhaps we can have a meaningful debate on it.
[dead]