(Yet) another digital ID card isnt the answer

Date:
Fri, 31 Oct 2025 15:26:38 +0000

Description:
BritCard: political theatre versus progress, and the case for smarter digital ID.

FULL STORY

The Ouroboros, the ancient symbol of a snake swallowing its own tail, represents the eternal cycles of life. And we might now want to apply it to Westminsters policy-making. There is certainly an ouroborian quality to the governments attempts to introduce a compulsory national digital identity .

The latest iteration, the so-called BritCard, was formally introduced as government policy ahead of the Labour Party conference. It originates from
the think tank Labour Together and has been endorsed by the Tony Blair Institute, it is pitched as a tool to curb illegal immigration.

Yet, like the mythical serpent consuming its own tail, it risks going nowhere while repackaging unworkable ideas. Its time to chew on something better; the Trust Framework.

I certainly know enough to know when something isnt working. I have watched
the UKs digital identity debate from the inside for more than two decades, starting with the Home Office Identity Cards Programme in 2005 and ending
with GOV.UK Verify in 2018.

My conclusion is that a state-issued BritCard would drain public money, duplicate existing systems, pose undue risks, and antagonize the British people. But perhaps worst of all, it will set back investment in the UKs digital economy - a rare area for growth and innovation.

Needless risks

The timing certainly makes little sense. In June, the government established the Digital Identities and Attributes Trust Framework (UK DIATF) in law
through the Data (Use and Access) Act.

It has changed secondary legislation to enable employers to remove their regulatory liabilities by carrying out right-to-work checks digitally through certified service providers using passports and other existing credentials.

For most of the UK population - 85 per cent of whom own a valid passport - proof of status is therefore already only a few clicks away.

The small minority who cannot use these digital checks need support, but that is where limited public funds should be directed - not into building a new national infrastructure for everyone else.

Risk, control and failure. More alarmingly, a compulsory BritCard system
would create needless risks. Channelling access to public sector data through
a single government provided solution is an unnecessary impediment to
citizens and a drag on the development of the digital economy.

Civil liberty concerns

It also raises civil liberty concerns - a compulsory app on everyones phone would present a potential point of control for a future government. Why
create a prospective government point of risk, control and failure?

This makes little sense when legislation has so recently been put in place
for a more sensible approach, one by which the government can govern the
market of providers through operational and technical standards, annual
audits and a TrustMark?

The UK has already implemented OneLogin for Government as a single identity verification mechanism to access public services digitally and is developing
a GOV.UK Digital Wallet to accompany it. The government has also stated it
will issue a Digital Passport as a Verifiable Credential into this Wallet.

For the majority of the population that hold a passport this acts as a right-to-work credential. Many of the remaining 15% are either too young or
too old to require a verifiable right-to-work-credential, but they should be able to ask the Home Office to issue one.

If these reasons were not enough to raise eyebrows, then the financial case certainly will.

Labour Togethers figures suggest 140400 million in set-up costs and up to 10 million annually for administration. The Tony Blair Institute meanwhile estimates 1 billion in set up costs and 100 million in annual running costs. Based on the UKs track record with large IT projects, the real bill might be higher still.

Meanwhile, employers and landlords - the people who bear legal responsibility for checking IDs - already have digital tools to meet their regulatory obligations. Imposing another layer of compliance would add costs for businesses without clear benefit. The rest of the sums are glossed over.

A path forward is possible

What this points to is not the absence of government responsibility but a different kind of leadership. Rather than trying to operate a centralized identity scheme, ministers should focus solely on governance: building the rules and safeguards that allow the existing certified intermediaries to interconnect under the new regulations.

The UK DIATF already sets out how multiple certified providers - public and private - can issue and manage trusted credentials within clearly defined security and data privacy requirements. The annual audit process ensures the public need have no concerns about surveillance or data leakage under this model. So the foundations are in place.

What is needed now is the political will to let a decentralized model - developed over 15 years with extensive engagement between government,
industry and privacy campaigners - flourish.

Such a model would reflect how digital identity is evolving in an era shaped
by AI and distributed technologies. It can grow in stages, adapt as new
threats and challenges emerge, and support selective disclosure so people
share only what is necessary.

Banks, telecoms and many other organizations are well placed to deliver this, provided they follow shared standards and strong privacy protections.

I do understand the psychology of a government wanting to own and operate something tangible that could win votes; but being in government is about governing, not operating.

A constructive path

The Trust Framework offers the structure under which the government can
govern efficiently and effectively by incrementally improving the standards
and operational protocols that certified companies are required to meet. This should be the constructive path forward.

For example, many people have concerns about how their personal data is being used; few people read the terms and conditions when they sign up to a new service. The government could consider giving people more effective controls when they use services that carry the TrustMark of the Trust Framework.

History shows the cost of chasing headline schemes that promise easy fixes.
The UK now has the chance to break the policy ouroboros - to stop circling
back to failed ideas - by using the Trust framework it has already legislated for and by supporting public and domestic private providers to make it work
for everyone.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry
today. The views expressed here are those of the author and are not
necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro ======================================================================
Link to news story: https://www.techradar.com/pro/yet-another-digital-id-card-isnt-the-answer
$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)