The NO2ID response to the government digital ID consultation should be compulsory reading for all MPs. And government ministers should be locked in a room, made to study it in depth, absorb and pass a comprehension test on it, before they are allowed to pontificate on the subject of ID cards or digital identity ever again.
Right up front it:
"recommends that the Government drops its current ambitions – certainly its intention to
create a new universal unique identifier and mandatory / coerced digital ID system with lifelong tracking – and instead focuses on making the primary credentials government already holds more secure, re-usable and useful for citizens, rather than itself."
Something they suggested to James Crosby back in 2008 which he summarised as:
"The expression “ID management” suggests data sharing and database consolidation, concepts which principally serve the interests of the owner of the database, for example the Government or the banks. Whereas we think of “ID assurance” as a consumer-led concept, a process that meets an important consumer need without necessarily providing any spin-off benefits to the owner of any database. This distinction is fundamental. An ID system built primarily to deliver high levels of assurance for consumers and to command their trust has little in common with one inspired mainly by the ambitions of its owner. "
The response also reminds us that the government asks the wrong questions, assumes the answers are useful and that core issues missing from the consultation would take too many pages to list.
The introduction of a national ID is a fundamental shift in the relationship between citizen and state. That is long understood but the current Labour government are obfuscating and the Blair government, in particular, went to extreme lengths to propagandise this shift out of existence, extolling the wonders of a fantasy of efficient, joined up government, delivering frictionless, easy access government services. The mask slips regularly, as when the current Home Secrertary, ironically in an interview with Blair, declared she dreams “that the eyes of the state can be on you at all times”. Sylvanus Vivian's concept of parasitic vitality is alive and well and sometimes they are not even hiding the desire for that parasitic vitality is about government not citizens' and residents' needs.
The ID scheme proposed is, as NO2ID state,
"coercive, insecure, exclusionary, privacy and rights-destroying, and the foundation of a “papers please”, lifelong surveillance society... the scheme’s structural features – a universal unique identifier, mandatory digital employment checks, facial biometrics, state-wide access and usage, revocation powers, cradle-to-grave ‘eligibility’ – are precisely the architecture that NO2ID was founded to oppose, which the British public has rejected (repeatedly) since WII."
"In a free society, it is not for a person to have to “prove who they are” [my emphasis] – though it is often necessary in modern life to prove certain facts about oneself. That the entire digital ID system is predicated upon the former shows it is a backwards system of ‘official truth’ and centralised ID control, rather than a forward-looking system of Identity Assurance based on non-surveillant, portable, reusable,granular, verified and verifiable credentials."
Like the Blair government (and the Bliar Institute is feeding the government most of their lines on the scheme) the current government are hoping their ID scheme will be a universal panacea for "more modern, efficient and personalised public services". They are so desparate to sell the scheme they repeatedly ask, in their consultation, for suggestions on what it can be used for. As NO2ID say repeatedly,
"We do not want the government to use this system for anything, because it is fundamentally misconceived...
Government should instead radically reform the civil service and ensure it dedicates the resources intended to be spent (wasted) on digital ID to fixing the many flaws, errors, deliberate systemic
choices and bad policy decisions that have caused and contributed to devastating “personalised” disasters such as the Windrush scandal, the infamous Horizon case, and the ‘Monster Factory’ of the systems of Universal Credit, as well as more recent scandals around Carer’s Allowance and Child Benefit.
If the Government genuinely wishes to improve the public services, it should do the hard and
necessary work – not keep trying to present “digital ID” as a panacea for a whole host of issues
that it isn’t."
The scheme is so full of basic security holes it is difficult to know where to start. One Login, "the umbrella [ID} service", the system company directors have to register through, lost its certification against the government's own digital identity trust network over a year ago. Yet it is still mandatory. The government cannot meet its own standards on digital ID on a scheme that only applies to a fraction of the population.
There will be no analogue alternatives and it seems it will only be available as a mobile app, not even usable with a PC or laptop.
The ethcial and legal issues with the scheme are legion.
"Deleting their digital ID is everyone’s legal right under UK GDPR’s right to erasure, but if digital ID or any part of the architecture (e.g. One Login) becomes the primary way people access services and entitlements, or are the only way to perform specific legal duties – as in the case of company directors making certain filings to Companies House – then deletion will have far more signifiant consequences.
Any system described as “voluntary”... must ensure that leaving the system is both meaningful...and does not lead to negative discrimination...or...official coercion.
There are serious issues around transparency: will people know what persists on the system and how it will be used if they delete their ID?
...There are also serious risks around coercion in terms of vulnerable individuals and domestic
abuse: an abuser could force someone to delete their digital ID, thereby cutting them off from
essential benefits or services. That the consultation document makes at best only passing
reference to this, and does not describe any of the necessary protections and mitigations should such a system be imposed, is deeply concerning."
It is pretty clear that the scheme, in its current half-baked form, will not respect the Identity Assurance Principle of Multiplicity, one of nine principles specified by the Privacy and Consumer Advisory Group (PCAG) in 2013. It looks likely, in fact, to fail spectacularly on all nine:
1 User Control
2 Transparency
3 Multiplicity
4 Data Minimisation
5 Data Quality
6 Service User Access and Portability
7 Certification
8 Dispute Resolution
9 Exceptional Circumstances
I'm unsure whether to be relieved or concerned that the consultation asks the question "Are there any ethical factors government should consider that relate to revoking (i.e. cancelling) an individual’s digital ID?" As NO2ID say,
"Revocation is all about state power.
While presented largely as an ‘anti-fraud’ measure, revocation raises extremely serious issues around due process, human rights and proportionality...
revocation would effectively ‘lock a person out’ of (aspects of) their daily life – potentially creating a new form of ‘virtual prison’, more chilling even than the highly surveillant, panopticon-like aspects of the proposed scheme...
the proposed ID system could over time be deployed as a form of enforcement – and even to exert political pressure... the government clearly considers itself to be benign – an assumption many do not share, and which world events are starkly illustrating cannot always be depended upon.
Even assuming no malign actor (elected or otherwise) ever gains control of the system, the UK’s government has provided many examples of administrative error, incorrect and/or out-of-date data, poorly designed algorithms and wrong data matching stripping large numbers of peope of their rights and entitlements. The Windrush scandal is probably the most high-profile instance of this... and yet government continues to conflate fraud with its own errors, and senior officials continue to blame victims without facing meaningful consequences.
Revocation must only ever be part of a judicial process; never automated, and with human review at every step; it must have a rapid accessible independent appeals process; there must be full transparency to the individual and a non-digital ‘safety net’ while revocation and disputes are being resolved; any Bill must expressly forbid ‘class revocations’ and on its face22 tightly define and limit the circumstances in which a person’s digital ID can be revoked; and – if individuals are subject to fines and/or criminal sanctions for fraud or abuse – so must officials and anyone involved in any revocation event,23 arguably to a greater degree given the power imbalances."
The consultation specifies the "The national digital ID will include a person’s full name, date of birth, nationality, and a biometric facial image (photo)." NO2ID name the elephant in the room:
"We note the consultation does not ask about the inclusion of these details. Rather it presents them as a fixed decision, while omitting to mention that the digital ID will of necessity contain a unique number – which the government somewhat disingenuously suggests it is “considering developing”.
To say “If we develop a universal unique identifier” (UUID) – which is in practice the only way centralised ID systems such as this are used to ‘join up’ public services – in a consultation that is all about “making public services work” is at best evasive, if not outright deceptive. Does the Government intend to do what it says or not? And why does it never mention the ID number in the list of information included?
The universal unique identifier (mentioned just three times in the consultation) is the classic ‘single number for every citizen’ that NO2ID has long warned about. While the document downplays it – saying, e.g. “this identifier would not need to be visible or used outside the public sector” – the UUID is the foundational architecture of a cradle-to-grave tracking system."
The scheme has lots of vague ambitions about mission and scope creep which NO2ID call out explicitly. There were around 50 categories of information included in the Bliar government 2006 National Identity Register.
The joined up government philosophy raises significant concerns around privacy and fundamental rights. NO2ID are explicit:
"this approach to ‘joining up’ the state is highly surveillant and potentially dangerous.
Cross-matching across services and Departments like this will tend to create a comprehensive
profile on each citizen...
Much like the notion of ‘official truth’ and the assumption that government databases are 100% correct all of the time, ‘joined up’ government is a fantasy; in reality, and all too often, it is a single point of failure. For this reason, the only ethical approach is for any and all cross-matching to only ever be done with the explicit informed consent of the individual – with full transparency, and always with the option of keeping identities separate.
Given the context, however, consent in such situations can be highly problematic...
Cross-matching also engages privacy and confidentiality concerns...
worse than this are the ‘chilling effects’...someone...may avoid seeking vital help or
support, fearing ‘knock on’ consequences in other areas...
Tearing down silos in the name of efficiency ignores that silos often exist for good reason; when consequences and power imbalances are real, segregation and separation can provide essential protections...
where are the mitigations to protect due process and democracy?
...David Blunkett notoriously said “No one should fear correct identification”. A quarter
century may have passed, but history tells us otherwise.
Centralised, quasi-monopolistic state-controlled ID is dangerous and other options exist...
It is well understood that digital-first and digital-only systems are inherently exclusionary...
Given the system is designed to provide government with a detailed audit trail of every individual’s life, not to provide individuals themselves with a detailed record of each event is unconscionable...
the basic design assumption is that fraud or misuse will be almost entirely from the user end – with little to no appreciation of the power the government would be handing to ID checkers, and how to constrain and mitigate the risk of misuse and abuse from that end."
NO2ID:
"recommend Government listens to people other than the Home Office and the Blair
government-in-exile, understands that the architecture of a “rewired state” fit for the future cannot be grounded in 1930s thinking, and comes up with an Identity Assurance alternative – rather than yet another Identity Management (Control) system – that sits within the original PCAG Principles ...
Digital ID is not a benign administrative initiative. It is a fundamental shift in the relationship between citizen and state, embedded within an architecture of compulsion and coercion, in contexts that will impact on tens of millions of people’s lives in ways far more profound than fixing the public services’ – which, as the details of a never-ending stream of examples show, digital ID will not do."
NO2ID Illustration of UK Government Digital ID Architecture of Compulsion & Coercion
The reponse is worth reading in full.
