
The UK's online ID plans: expensive, intrusive, unnecessary - severine
https://www.theguardian.com/commentisfree/2020/sep/06/uk-online-id-pandemic-digital-identity-system
======
Barrin92
>. Introducing one in the UK would fundamentally reshape our relationship with
the state

Good grief I have no idea why these debates always descend into alarmism and
philosophizing. Virtually every democratic country on this planet has national
id cards. Switzerland, a bastion of democracy does, Israel does, South Korea
does, Germany, does, if you emigrate from the UK to Switzerland, does anyone
feel they've now entered a fundamentally new relationship with the state
because of an ID card?

National identity needs to be tracked in any country, regardless whether you
have an ID card, and all the systems the UK has in place prove that point, the
card doesn't change anything other than actually guaranteeing some standards
and safety and consistency and providing some utility.

If you buy booze online in Germany on Amazon you can type in your ID and your
age is verified within a minute, and the standard actually demands that those
requests are ephemeral. Can anyone tell me why that's worse than some
patchwork of private verification industries who leak your data every two
months or sell them to god knows who?

In the US government agencies buy license plate data from private firms
because they can't collect it legally, I assume UK agencies (would) do similar
things if they want identity data.

Does anyone seriously think not having an ID card stops the government from
unifying data? What are all those UK government contracts with Palantir for?
Great now you're under surveillance _AND_ you get the privilege of paying a
private American firm with taxpayer money for it

~~~
ciarannolan
> Good grief I have no idea why these debates always descend into alarmism and
> philosophizing. Virtually every democratic country on this planet has
> national id cards. Switzerland, a bastion of democracy does, Israel does,
> South Korea does, Germany, does, if you emigrate from the UK to Switzerland,
> does anyone feel they've now entered a fundamentally new relationship with
> the state because of an ID card?

What is your argument here? A lot of countries do it, therefore it's okay?

> If you buy booze online in Germany on Amazon you can type in your ID and
> your age is verified within a minute, and the standard actually demands that
> those requests are ephemeral. Can anyone tell me why that's worse than some
> patchwork of private verification industries who leak your data every two
> months or sell them to god knows who?

Can you tell me why this is preferable to having someone look at an ID and
verify it with their eyeballs?

> Does anyone seriously think not having an ID card stops the government from
> unifying data?

Absolutely.

~~~
Barrin92
>What is your argument here? A lot of countries do it, therefore it's okay?

no, therefore it doesn't meaningfully change the relationship to the state,
unless one agrees that those countries are somehow qualitatively different
than the UK or before they had IDs. The author tries to appeal to fear and is
being dramatic. Arguments along the lines of "this will fundamentally change
X" are just rhetoric to use people's scepticism of change. It's the same kind
of thing you see in US politics when some politician goes "and they'll take
your freedoms, and your meat, and your guns" regardless of what the actual
legislation says

>Can you tell me why this is preferable to having someone look at an ID and
verify it with their eyeballs?

because when I order something online there's not necessarily anyone there to
look at it with their eyeballs, and to be honest I trust an (ideally open)
algorithm more than a random person. Just a year ago[1] a cop was caught
sniffing around in a database and stalking women under the guise of police
business. So if you ask me, eliminating people from data processing is a
feature.

[1][https://gizmodo.com/cop-uses-police-database-to-creep-on-
ove...](https://gizmodo.com/cop-uses-police-database-to-creep-on-
over-100-women-in-1833156806)

~~~
gruez
>because when I order something online there's not necessarily anyone there to
look at it with their eyeballs

Isn't that problematic because all Timmy has to do get his hands on booze is
to lay his eyes on someone's ID? I don't see how the scheme is any more secure
than validating the order wasn't placed with a prepaid credit card (presumably
only adults have access to non-prepaid credit cards). It makes much more sense
to do the verification on delivery, rather than when you're placing the order.

~~~
cinntaile
It's not that easy. To use someone's electronic ID as verification you either
need their ID card and their ID pin code and probably access to their computer
as well or mobile phone (+ access to it) and their ID pin code.

------
wtmt
> This isn’t about a philosophical position on privacy. It’s about who the
> government shares our information with, and how it treats us based on what
> it thinks it knows about us.

The article mentions just one incident in India in passing, but whole books
could be written on the resident (not citizen) ID scheme and the problems it
has created in India. Now there’s a push in India for a new national health ID
to help private companies gather more data in a country with no data privacy
laws.

Unlike the UK where the national ID project was junked a decade ago (as
mentioned in the article), in India the story of rights being trampled while
an uncaring judiciary spends time on more trivial matters should be a lesson
to people in other countries.

Keep the fight against mass surveillance on. Times of crisis, like the current
pandemic, are great opportunities for governments to push policies that will
have long term negative effects.

“Eternal vigilance is the price of liberty!”

~~~
heavenlyblue
> Times of crisis, like the current pandemic, are great opportunities for
> governments to push policies that will have long term negative effects.

Those times are great for pushing change by anyone. Don’t shoot the messenger.

------
sys_64738
More opportunity for the British government to spy on its citizens and repress
them. You have to understand that the UK is probably the most surveilled
country that claims to be a democracy. Countries like Germany do ID cards for
the benefit of citizens. The UK would do it to subjugate the population.

------
miki123211
A digital ID, if done properly, can actually increase privacy and anonymity,
not decrease it.

Without digital ID, everyone who needs to verify your identity for legal
reasons needs to get a lot of data about you and verify that manually. This
increases costs, friction and the chances of a leak, after all, most of your
data lives in dozens of private databases, some of them possibly insecure.
Over here (in Poland), phone carriers need to verify your identity before
selling you a SIM (for anti-terrorism reasons). The carrier me and my family
have used in the past has recently had a leak, and we had to scramble to
change our ID numbers and report the leak everywhere we could. Just because
they had lots of data and pictures of our ID.

With a digital ID, a company can just ask the government to perform the needed
checks, without ever storing any information about you. You want to do
something that's only allowed for people over 18? The government can respond
with a true/false response, without revealing any of your data to a company
that has no business processing it in the first place.

Same for all kinds of verification. Instead of storing lots of personal data
about you on company servers, store a unique, government-issued token that is
tied to your identity. No one but the government knows who this token is tied
to, or even what company requested it. You're effectively anonymous. Only when
you commit a crime, a company passes the token to the court, which is able to
retrieve the actual identity from government servers.

Those systems are far more secure than the mess we have now.

~~~
kennydude
You can only hope they would do build something like that. With their recent
IT projects, I have severe doubts.

It's like we've gone backwards from the start of the digital transformation
the UK was leading...

------
TLightful
Ignoring my main concern that any digital project led by the current
government will no doubt fail and be used as another excuse to funnel billions
to "friends" (not alarmist, but fact), as someone else comments:

"It’s not just about government. Introduce a digital ID and instantly it’ll
become a requirement to give your digital ID to do anything at all - register
a mobile phone, a bank account, an online shop, a library, a pub ... anything.
Thus, as the article says, your whole life can be linked together and
surveilled, not only by government but by dozens of unaccountable
corporations."

~~~
dijksterhuis
> Introduce a digital ID and instantly it’ll become a requirement to give your
> digital ID to do anything at all - register a mobile phone, a bank account,
> an online shop, a library, a pub ... anything

 _Sighs_.

4/5 of these examples already require proof of identity in various
circumstances.

The required identification often comes in the form of either one or a
combination of a recent utility bill + driver's license and/or passport.

This can make moving house (as an example) a massive PITA -- now I need 3
documents instead of one.

\--

On data storage / privacy.

Pubs/bars/clubs have already trialled schemes where the provided Photo ID is
stored for a certain amount of time. (I believe fabric had to do this under
the terms of their new license). I've not heard of any breaches yet...?

I doubt a digital ID would be very useful in pubs as it can't be linked back
to a biometric feature (your pretty face).

Online shops... Meh. Does it _really matter_ if Tesco's knows that I prefer
low fat mince to high fat?

Banks, well.... There's not much hope there. They'll use it and the game will
change. C'est la vie. I'll either adapt so I can get a mortgage or I'll
continue renting.

Edit: on a even deeper level, the reality is that nothing changes. Everyone
has some form of UID for me (usually emails). Now it just becomes a
standardised identifier across the board.

__

I too have low confidence in the current government's ability to do something
useful with it.

------
davidhbolton
There is a precedent in the UK. ID cards were introduced during WWII and
originally were used for four tasks. By the end of the war and afterwards the
scope creep had increased to something like 37. Police were demanding to see
Id when driving and it was one motorist (Harry Willcock) who refused and when
it came to court the Judge agreed and ID cards were scrapped.

[https://en.wikipedia.org/wiki/National_Registration_Act_1939](https://en.wikipedia.org/wiki/National_Registration_Act_1939)

------
phillipseamore
A good ID scheme can preserve privacy when it includes functions to do
anonymous attestation. For instance if you are required to prove age or
residence, but the other party does not need any other information about you.

A scheme which supports hashed identity (e.g. hashing your ID number along
with the ID number of the party requesting, resulting in a unique identifier)
can be used for services that require one account pr. person.

When this is available out-of-band (e.g. a smart card or app [not requiring
going through government servers each time]) no leaks can occur.

