Tom Bond is a cyber security consultant and photographer based in Buckinghamshire
Well, well, well.
We shouldn’t be too surprised to see Keir Starmer attempting to roll out ID cards. He and his government have form in this area (annoyingly, so too does the previous Conservative administration, but we can at least learn and change).
We’re told that we need digital ID, because if we have that then the illegal migrants won’t have them and so they can’t work here. We already have this – it’s called National Insurance. If they don’t have a National Insurance number, then they also can’t work here.
And yet they do. Because they’re cheap, and unscrupulous people do not check prior to hiring the cheap-but-illegal labour. How will this solve the problem? Of course, it won’t.
But it will introduce a wonderful new way to enforce control by the government. As the esteemed Lord Frost has noted on X, this allows the new ID to be made mandatory for other things. And with it, the government is granted the power to remove from useful society, anyone they deem unsuitable for such an ID. Read, anyone who disagrees with them.
Given the inherent lack of need for this plan, and the government’s known history of action against those with whom it disagrees, it is impossible not to be suspicious. Between this new plan, the Online Safety Act, and the updated Investigatory Powers Act, we have a government granting itself some very scary new powers.
Those powers are a sweeping set, laying the groundwork for censorship, enforcement and snooping, and then granting a swift way to trace and revoke access to services. Terrifying, in the wrong hands. Our government already made this country one that imprisons people for an errant tweet, sets free dangerous criminals less than halfway through a sentence, and fails to imprison some *actually* dangerous criminals at all. Trust, necessary for this, is at an all-time low.
And what of the technical detail? As soon as someone says online identity, the response is “hacker”. I’m sure we’ll be told that this is a very safe service, and that the contractors are the very best, and they’re certified for Cyber Security to the very highest degree.
As a cyber security consultant, let me tell you – nobody is hack-proof, and the certifications absolutely do not mean that an organisation is safe. Rather sadly, cyber compliance is a tick-box exercise, horrifically bloated and rather meaningless. It is entirely possible to have the certificates and be wide open, just as it’s possible not to be certified but be very secure. I’ve seen both happen in the real world.
Estonia has been touted by the government as the Gold standard in this, and yet in 2021 a hacker gained access to a government database and stole 286,000 ID images. Prior to that, in 2017, a flaw with the technology rendered around 800,000 ID cards vulnerable, and they had to be reissued.
The way the technology works also opens it up for potential problems. There are two keys generated per person – a public key and a private key. The public key is held wherever the service is used and works with the private key to verify that the user is authentic.
Ironically, this is also the technology the government wants to ban, because it’s the same as is used in end-to-end encryption. So, if the back door they requested from Apple ever happens, their shiny new ID cards will be useless!
Outside a smartphone, there will need to be a physical chip integrated into a physical card. Since anyone lacking a smartphone will need one, that actually means everyone will – what happens if your phone is stolen, or you buy a new one, or it breaks?
All of this leaves us with a very tough situation. The chief benefits to a central ID are that you can integrate all government services and have a simple way in which to grant access to them. A strong provision of identity really does enhance security, so this is a real, genuine positive. It can be used to simplify services – NHS records can be simply integrated with many suppliers, benefit entitlements could be calculated automatically and paid more quickly etc.
The thing is, you don’t need to make that identity record into a mandatory, produce-on-demand item. You don’t need to enforce it for illegal immigrants either, because we have national insurance. Instead, what is needed is to tie the records of people together so that NHS record matches DWP, which matches DVLA and so on. To do so, you need a unique identifier. The government says this should be the mandatory ID card.
Instead, I come back to the National Insurance number. Everyone who can work has one. It is straightforward to build a system where a potential employer can get up to date status of an applicant with that number – yes, no, or some kind of disputed status for appeals.
The government will doubtless tell us that this is less robust than their ID card. And actually, they’re right. But… trust.
For this to work, we must trust that an organisation that removes freedom of speech, tries to remove encryption, tries to censor content it deems harmful and which shows no sign of listening to its people, actually has our best interests at heart.
I don’t, and as Conservatives, we must surely focus on freedom.
Britain has debated this issue countless times – and each time we say No Thanks. We do so because our relationship with the State has been a free one – we reject the “papers, please” idea.
It is true to say that the illegal immigrant crisis is one that needs solving, but this feels like opportunism – trying to garner support for a scheme we don’t need and which won’t fix the problem anyway.
It is time, once again, to say No Thanks.
