Digital ID cards could be a disaster in the UK and beyond

The first ID I had was a thin piece of laminated paper that made up my driver's license. In the US, a driver's license includes a photograph, biometric information (eye color, height, etc.) and date of birth. This led to increased usage, with people using the cards as more than just a license to drive. Bars and liquor stores would “tag” kids trying to drink, taking this information as proof that we were reaching the legal drinking age of 21. Needless to say, I was 18 when I figured out how to alter the date of birth on my card with a pencil so I could buy cheap cocktails.

The story sounds like a little 20th-century tale, but it is deeply relevant to the current debate about whether digital IDs should be introduced in the UK and beyond. Of course, the cards themselves may be radically different, but the problems are the same. First, ID cards are always prone to usage creep. And secondly, they are incredibly easy to hack.

The British government is far from the first to encourage all its citizens to have a small identity app on their phones to access government or other public services. Digital IDs are currently required by the Chinese government, as well as by the governments of Singapore, India, Estonia, and many other countries. Proponents of digital IDs typically cite similar reasons for using them: reducing fraud, making it easier to buy things or travel, and proving who you are without having to carry around a bunch of physical cards or documents.

“You'll be safer with this digital ID,” the government might say. “You can use it to shop or get medical care, and as a nice bonus, no one will ever mistake you for an immigrant or send you to a detention center without proper food, sanitation, or medicine for weeks.” Oops, sorry, this got weirdly specific for no particular reason. But you know what I'm talking about. These cards are offered as solutions to problems that are not problems (it's not difficult to carry a health insurance card) or require much more than just an ID (immigration is a huge and multi-faceted problem).

But back to my question about creep in use. What happens when the government embeds a digital ID in your phone that must be used to verify your citizenship status when you apply for a job or for social services? At a basic level, it is adjacent to all your other applications, possibly sharing data with them. Some of these apps have access to sensitive information such as bank accounts, doctor's appointments, private conversations and photos.

As journalist Byron Thau notes in his excellent book ControlsMany apps already collect information about you that you don't even know about, like your location, spending habits, and even what other apps are installed on your phone. There are companies that specialize in extracting this data from, say, your dating apps and selling it to third parties, including government agencies.

It's mostly legal in the US, and it's very creepy. There are regulations in the UK and Europe to prevent this kind of rampant data sharing. However, the technology is there. The only thing protecting you from a government ID app that tracks your location by connecting to an unrelated app is the government itself. And governments change. The rules are changing. However, once you start using this digital ID to find work, go to bars, pay for chips and take the subway, you're unlikely to give it up.

This is a trap of usage creep. The government may start using its digital identities in much more aggressive ways than initially promised. Meanwhile, citizens may start using it for so many purposes that they decide the trade-off is worth it. Who cares if the government knows where you are every second of the day if chewing gum is easy to buy without a credit card? That's great until the government decides you're the bad guy.

And I haven't gotten to the hacking part yet. Even if the government doesn't start using its digital ID to spy on you, a malicious adversary could. Someone could find a backdoor into government servers and thus gain access to your ID, or they could get your information through a phone app filled with spyware. That's why security experts were warning British government on the dangers of digital IDs. Even Palantir infamous American surveillance firmabandoned support for digital IDs because, as one of its executives recently put it, they “very controversial“.

You shouldn't worry about this because someone might steal your identity. You should be concerned if they can track your location, read your messages, break into your bank account, and listen to your phone calls. The point is, there's nothing wrong with old-fashioned ID cards. Yes, they can be lost or counterfeited. But at least when this happens, you'll only lose the card. In this case, you will not lose everything else.

Annaly's week

What am I listening to

Our The ancestors were dirty, a podcast about century-old black celebrity scandals ripped from the pages of black newspapers.

What am I reading

Philosophy of thieves Fran Wilde, a futuristic adventure film in which rich people hire thieves as entertainment at their parties.

What am I working on

Research the history of “review bombing,” where a media outlet or product receives a barrage of one-star reviews from users with a political agenda.