Comment by lxgr 2 days ago
The lack of digital ID is a huge problem in many domains and enables a lot of scams and crime in the first place.
Requiring identification in situations that don't need it is where the problems start, but that's possible with analog IDs as well, and is often even worse there (since these provide neither security against digital copies, nor privacy, which digital ID can, e.g. via zero knowledge proofs).
Definitely, requiring the entire smartphone to be "trusted" is way too much.
Small external signers with a display and confirmation button are a nice compromise (and also largely solve MITM!), since I don't mind an external device being under somebody else's administrative control as long as I can run what I want on my smartphone or computer.
But people don't want to carry two things... Hopefully we can at least have both as alternatives going forward.
>But people don't want to carry two things...
It can be moved into a security processor within the smartphone's SOC.
True, but that's already a much less clean separation between the credential issuer's and my domain on many dimensions other than security.
As an example, this was the security model for mobile contactless payments for the longest time, and arguably as a result these never really took off until Google came up with a software-only alternative for Android. The potential for rent seeking of the hardware vendor is often too great, and even absent that, it requires close cooperation of too many distinct entities (hardware vendor, OS developer, bank, maybe a payment scheme etc).
(Apple had no issues, because their ecosystem is already a fully walled garden, and they can usually get away with charging access fees even for non-security-relevant hardware interfaces.)
With a contactless smartcard, I might have to carry one more plastic card than strictly necessary, but the technology for that is pretty mature (wallets), and I can migrate to a new phone without any hassle or use my credential on somebody else's device in a pinch.
Some of the current EU ID cards are actually smartcards, so in terms of privacy guarantees and separation of concerns, we are moving backwards. I am also more comfortable with a low-tech solution that is not linked to my personal devices. Something like a FIDO passkey would be ideal as those are also able to verify the identity of the other side, but are relatively low-tech and won't serve to track me.
> Requiring identification in situations that don't need it is where the problems start
Which is exactly the argument against digital ID, because it reduces the friction to asking for ID in situations that don't need it, causing it to become epidemic.
Meanwhile nearly all the instances where ID actually should be required are also instances where showing up in person should be required, like taking out your first line of credit with a financial institution, or signing on to a new job. Because the entire point is to verify that that person is the person on the ID and not someone in Russia who managed to hack their phone.
The problem with digital ID is that it can be switched off in an instant. I was talking to some people in a strike picket line about this. They seemed unaware of it. Suddenly you would be unable to travel, pay your bills and access internet etc for doing the wrong thing.
A digital ID is not doing all of that. The way it's implemented in Sweden, just to take an example already mentioned, is simply to identify you, and only for certain parts of society (mostly governmental services, banks, insurance and the like, and a few more). It's not about authorizing you for travel. If you need an ID for picking up your valuable shipment from the post office then you simply show your driver's license or passport, you don't use a digital ID for that. At all. If someone took away your digital ID then that would mean zero for your internet access, and zero for your ability to travel. It's not used for that at all. What would be a problem is paying the bills, because the ID identifies you for using network banking. However, alternative ways for identifying you for the latter are far worse concerns.
But GP raise a valid point: If IDs are ubiquitous and commonly used for non-government business, the government does implicitly gain substantial "veto power" over non-government transactions (by revoking existing credentials or not issuing new ones).
Availability has to be ensured just as much as security and privacy in such a scenario, and that's not trivial. (I still personally think it's worth trying.)
In those places where a system like Sweden's has been implemented, the usage is constricted to certain areas. And in the case where it's used elsewhere, that's an option that is not mandatory (and in any case far and few between). A way to identify an individual is typically related to financial or contractual issues. So far, at least. Looking at you, the UK
It's like people want to hand over scans of their passport and/or driving license to random businesses again and again, every time the need to prove who they are; and have their ID documents littered in Outlook mailboxes or company file shares with zero permissions.
Or be forced to install yet another ID app from a private service that requires you have an iPhone or "compatible" Android.
The debate about this in the UK is just crazy. Notwithstanding the current "febrile" state of politics. It has always received weirdly vitriolic push back.
What really is the Government going to do with a digital ID service that they can't do already?
I just want to be able to give estate agents, solicitors, a bank, etc my ID number and a time-limited code that proves I am in control of that ID (or however that might work), and be done with it.
> What really is the Government going to do with a digital ID service that they can't do already?
In 20 years, the UK suffers a terrorist attack just before an election, and then elects a ultra right wing government on a platform of "remigrating foreigners." You're a British born citizen but your mom fled from Iran in the 80s and immigrated to the UK.
If you don't have digital ID, and the government decides to "remigrate all Iranians," they have to collect information from several different government groups, e.g. maybe your mom got a passport in which case one government agency may just know she's a non-native British citizen but nothing more. Maybe your immigration agency stands up to the government and engages in legal battles to prevent turning over immigration information.
However if there's a digital ID system that lets the government instantly know everything about a person, you lose the protection of friction.
I believe this is one of the fundamental premises of representative liberal democracy, and one of its most redeeming features: balance of power is spread not just between branches of government, but through ministries/departments/agencies, which makes it much harder for a despot to do despotism.
I broadly agree on the theory of administrative friction increasing the resiliency of societies against non-democratic government action, but I wonder if that ship hasn't sailed with the digitziation of most governments: All that data is already present in some database, public or private (with the government able to coerce access in many cases).
So I get the historical aversion to IDs as the stepping stone of governments to gaining access to potentially democracy-subverting informational hazmat, but these days, I feel like the downsides of not having a ubiquitous and privacy-preserving ID scheme vastly outweigh the little bit of extra friction of it will ever add.
> However if there's a digital ID system that lets the government instantly know everything about a person, you lose the protection of friction.
"Digital ID" doesn't necessitate that all data is collected into one gigantic store with centralised access. Just that you can use the same attestation of identity to access the various systems. And you can also grant others access to a limited subset of the data.
If the government wanted to they could already have set up some direct access from (say) the passport office to HMRC. It's all digital anyway, backwards as the UK government can be, they're not sending people to pore over paper ledgers in person like in The Jackal.
Some of the system already works like this anyway with the share codes for permission to work for foreigners and proving your driving licence.
Theoretically you would also be able to have an audit log of who asked for attestation for access to which system using that ID. Which you currently don't have when everyone is doing it by passport scans, NI numbers given over the phone and so on.
What it does allow is a creeping over-attestation especially of non-government services where you need to use the ID to do things that were previously anonymous or at least potentially anonymous. But since you currently need to use a driving license or selfie to look at boobies, that's already a thing.
It also, depending on cryptographic implementation, can leak information about attestations directly to the government. For example if I certify my identity at BumTickling.com, the website might only find out that I'm over 18, but the government may then know that BT.com's operator requested attestation of my ID's age field. Whereas currently, BT.com's (probably) shady identity service partner may have my selfie and know I tried to look at BT.com, but the government (probably, maybe they forward these things secretly) doesn't know about it unless they audit that partner.
It also has the possibility to gate access to government services behind app installations which, when done lazily, means not only smartphones are required which is bad enough, but specifically Google and Apple devices.
I don’t think there is much “protection of friction”. A despot may not bother checking citizenship. For example https://en.wikipedia.org/wiki/Detention_and_deportation_of_A... says:
“ICE was confirmed by independent review and U.S. judges to have violated laws including the Immigration Act of 1990 by interrogating and detaining people without warrants or review of their citizenship status”
Being able to break the law is never a good thing. Immigration agencies can still fight whatever after people have been kicked out as has been decided. Government inefficiency should never be celebrated.
> Immigration agencies can still fight whatever after people have been kicked out as has been decided.
Given that dragnet operations result in all sorts of random people being deported, including citizens, and given that sometimes these people are deported to countries where they face violence or death, you are arguing for state-sponsored violence without due process. Other than people immigrating, what other circumstances do you feel justify the elimination of due process?
> Being able to break the law is never a good thing.
Suppose there is a law against being Jewish.
Can anyone explain the history of "self ID" rules and laws in the UK? It seems like you do not have to prove your ID to the police. It is the reverse. As an outsider, I don't understand it.
Basically there is no universal ID system. You are not required to have a passport or driving licence, which are the usual IDs. There is an optional kind of ID you can use to prove your age if you don't or can't have those. Even if you do have one of these, you don't have to show it to the police if they stop you. The police can ask your name, but unless the police has "reasonable grounds" to search you, you can just walk away.
This is at odds to much of the EU where carrying ID is normal and you can be fined for not having it on you in public.
Proving your identity to a company usually involves a copy of passport and a recent utility bill. Sometimes you need to get a "professional" (doctor, lawyer) to write "I certify this is a valid copy" on it. Financial systems often use your NI number (think SSN) as the ID factor for things like KYC, the NHS uses a separate number. There are several fairly mysterious companies that provide this service to companies who need to know like solicitors (you upload the photos, they authenticte it "somehow", hopefully they look after it, presumably they can be audited I turn out to be a money launderer using a fake document). Getting a passport is a bit of a performance as you have to bootstrap the trust chain by getting someone you know to submit their documents and vouch for your photos.
It also means that, to use a hot-button subject recently, the police have limited practical ways to prove a right to work, unless they have strong intelligence that a particular place is using illegal labour and do a raid. The current tactic seems to be arresting people for illegal e-bikes, where they have reasonable grounds for an arrest and can then get the name and do the immigration checks at that point.
This is a great post. I learned a lot. Thank you.
I remember once seeing the UK passport application. It struck me as having utterly byzantine requirements. When I read your post and think about it again, the lack of a universal ID could make it very tricky to get a passport, which is ultimately a national/universal ID.
The fundamental proposition on which all of English culture flows from is that of innocence. For example, in court, you do not have to prove your innocence because you are presumed innocent.
In the case of ID cards and the like, the state does not rule over the populace, it rules on behalf of the populace. I am innocent and they work for me. Hence, I do not have to prove to some random government agent who I am unless it is relevant to the task they perform, e.g.
- the police have a reasonable and justifiable suspicion that I am engaged in criminal activity - an immigration officer may only ask for my details when I am crossing a border or, again, have some reasonable and justifiable suspicion that I am in need of deportation etc. - Or perhaps I just need some documents from my local municipal office, and they rightly ask who I am and to prove it before giving out my private info.
Me going about my business is no business of the government's until I start abusing the rules.
The opposite view is that:
- I am ruled over - Any agent of the government can question me and prevent me from going about my business
Of course, in practice, the application of such liberal principles like not requiring ID to go about my day are often not done well, but to change the principle is to change the entire character of the most fundamental aspects of Englishness. You'll note, much of the continent lurches between different forms of collectivist oppressive government whereas, until of late, the UK has not. This is because of the lack of this fundamental principle there, I am sure of that, and those calling for these kind of ID laws, digital or otherwise, are not to be entertained.
The most interesting case will be the USA, where they still care about the principles of English liberty, far more than the English do.
This theory mixes up the distinct concepts of the government, as a trusted entity (where applicable), issuing identity document for the use of its citizens (including in person-to-person or person-to-private-company scenarios), and that of the government requiring its citizens to identify themselves to it on demand.
Sure, its slightly harder to have a government issue credentials to everybody and not have them abuse the possibilities that come with it, but if a society can pull it of, there are vast benefits in many areas of life.
On top of that, the flip side of people regularly not carrying any identification documents seems to be a police force much more eager to arrest people on the spot to figure out their identity. (Presented as an observation without value judgement: This way of doing things does lower the likelihood of the police arresting somebody because of not carrying identification.)
> The fundamental proposition on which all of English culture flows from is that of innocence.
One thing I have found true (and somewhat different from other countries), when UK folks talk about how they view the police, it is generally beneficial. (Don't throw your tomatoes at me just yet!) Versus other countries, the police are viewed as more neutral or negative (especially the US). I always thought the idea of having no regular police carrying guns is a pretty brave policy in the 21st century. In many ways, imperfect policy, but it works well, and (appears) to reduce police violence against the public. On a more personal note, I also find the UK police are incredibly restrained during heated protests. Imperfect, yes, but they make a real effort. As an outsider, when I watch a short YouTube clip of a heated protest in the UK, and the police are doing their best to keep cool and not antogise the crowds. (I promise: I'm not here to shill for UK police; I'm sure they do some bad stuff too.) The best phrase that I ever heard from a British person to describe UK police: "They police by consent (of the people)." It is a powerful phrase and idea.
Successive governments have been determined to change this.
A good current example is the Children's Wellbeing and Schools Bill which very much is based on the idea that the state, rather than parents, is primarily responsible for children. The Online Safety Act reflects much the same thinking.
I think there has been a cultural change. Both from the state, and from people who expect to be told what to do to a greater extent than the past.
> It has always received weirdly vitriolic push back.
Because, as the Home Secretary herself observed, it would fundamentally change the relationship between the individual and the state.
> What really is the Government going to do with a digital ID service that they can't do already?
This gives the impression of having done no research into a topic of which you now opine opposition to be "weirdly vitriolic". We live in an age of search engines and GPTs, free encyclopaedias and entire lecture series online, and even libraries are still open and free, but you've done nothing to get past the very first thoughts you've had on the subject.
Was that weirdly vitriolic, or someone pointing out that an argument to undermine everyone's rights should have some effort behind it?
I dunno man, your reply doesn't sound _kind_. Maybe you could try to explain the point you're defending rather than ad hominem and overextrapolate a perceived insult. I genuinely want to learn and it's frustrating that your comment does not do that.
If what you say were to be true then an accusation of ad hominem would itself be ad hominem.
I addressed their unkind and ad hominem argument. If you think me unkind then I will shrug and say, in hacker parlance, they should RTFM. They have not put in the slightest work before opining and criticising, and on something as important as this?
May they receive such weird vitriol until they learn to at least Google first. Doesn't it automatically run a GPT for you now? They, and surely the people around them, will thank me for instilling such basic discipline.
Calling their objections “weirdly vitriolic” belies both a complaint about “kindness”, and shows an explicit desire to not learn a single thing. Perhaps, if you have genuine curiosity in the future, you should be thoughtful about the questions you ask, and the ad hominem attacks you make in the asking, rather than whining after the fact because people didn’t excuse your lack of tactful interaction sufficiently?
Or just complain about “kindness” more - it’s easier to accuse others of being mean than to look in a mirror, I suppose.
Personally, I liked the low-tech solution of code cards + password (2FA), used by e.g. Denmark as digital ID, now discontinued. I am aware that it is imperfect, and if you are not careful with MITM attacks you can get in trouble, but it was a good compromise to avoid the temptation to track citizens. Something like a hardware TAN generator, but with protection against MITM, would be an ideal compromise. The current trend of moving towards mobile apps that require hardware attestation is worrying.