The Ouroboros, the ancient symbol of a snake swallowing its own tail, represents the eternal cycles of life. And we might now want to apply it to Westminster’s policy-making. There is certainly an ouroborian quality to the government’s attempts to introduce a compulsory national digital identity.
The latest iteration, the so-called ‘BritCard’, was formally introduced as government policy ahead of the Labour Party conference. It originates from the think tank Labour Together and has been endorsed by the Tony Blair Institute, it is pitched as a tool to curb illegal immigration.
Yet, like the mythical serpent consuming its own tail, it risks going nowhere while repackaging unworkable ideas. It’s time to chew on something better; the Trust Framework.
CEO of Orchestrating Identity.
I certainly know enough to know when something isn’t working. I have watched the UK’s digital identity debate from the inside for more than two decades, starting with the Home Office Identity Cards Programme in 2005 and ending with GOV.UK Verify in 2018.
My conclusion is that a state-issued BritCard would drain public money, duplicate existing systems, pose undue risks, and antagonize the British people. But perhaps worst of all, it will set back investment in the UK’s digital economy - a rare area for growth and innovation.
Needless risks
The timing certainly makes little sense. In June, the government established the Digital Identities and Attributes Trust Framework (UK DIATF) in law through the Data (Use and Access) Act.
It has changed secondary legislation to enable employers to remove their regulatory liabilities by carrying out right-to-work checks digitally through certified service providers using passports and other existing credentials.
For most of the UK population - 85 per cent of whom own a valid passport - proof of status is therefore already only a few clicks away.
The small minority who cannot use these digital checks need support, but that is where limited public funds should be directed - not into building a new national infrastructure for everyone else.
Risk, control and failure. More alarmingly, a compulsory BritCard system would create needless risks. Channelling access to public sector data through a single government provided solution is an unnecessary impediment to citizens and a drag on the development of the digital economy.
Civil liberty concerns
It also raises civil liberty concerns - a compulsory app on everyone’s phone would present a potential point of control for a future government. Why create a prospective government point of risk, control and failure?
This makes little sense when legislation has so recently been put in place for a more sensible approach, one by which the government can govern the market of providers through operational and technical standards, annual audits and a TrustMark?
The UK has already implemented OneLogin for Government as a single identity verification mechanism to access public services digitally and is developing a GOV.UK Digital Wallet to accompany it. The government has also stated it will issue a Digital Passport as a Verifiable Credential into this Wallet.
For the majority of the population that hold a passport this acts as a right-to-work credential. Many of the remaining 15% are either too young or too old to require a verifiable right-to-work-credential, but they should be able to ask the Home Office to issue one.
If these reasons were not enough to raise eyebrows, then the financial case certainly will.
Labour Together’s figures suggest £140–£400 million in set-up costs and up to £10 million annually for administration. The Tony Blair Institute meanwhile estimates £1 billion in set up costs and £100 million in annual running costs. Based on the UK’s track record with large IT projects, the real bill might be higher still.
Meanwhile, employers and landlords - the people who bear legal responsibility for checking IDs - already have digital tools to meet their regulatory obligations. Imposing another layer of compliance would add costs for businesses without clear benefit. The rest of the sums are glossed over.
A path forward is possible
What this points to is not the absence of government responsibility but a different kind of leadership. Rather than trying to operate a centralized identity scheme, ministers should focus solely on governance: building the rules and safeguards that allow the existing certified intermediaries to interconnect under the new regulations.
The UK DIATF already sets out how multiple certified providers - public and private - can issue and manage trusted credentials within clearly defined security and data privacy requirements. The annual audit process ensures the public need have no concerns about surveillance or data leakage under this model. So the foundations are in place.
What is needed now is the political will to let a decentralized model - developed over 15 years with extensive engagement between government, industry and privacy campaigners - flourish.
Such a model would reflect how digital identity is evolving in an era shaped by AI and distributed technologies. It can grow in stages, adapt as new threats and challenges emerge, and support selective disclosure so people share only what is necessary.
Banks, telecoms and many other organizations are well placed to deliver this, provided they follow shared standards and strong privacy protections.
I do understand the psychology of a government wanting to own and operate something tangible that could win votes; but being in government is about governing, not operating.
A constructive path
The Trust Framework offers the structure under which the government can govern efficiently and effectively by incrementally improving the standards and operational protocols that certified companies are required to meet. This should be the constructive path forward.
For example, many people have concerns about how their personal data is being used; few people read the terms and conditions when they sign up to a new service. The government could consider giving people more effective controls when they use services that carry the TrustMark of the Trust Framework.
History shows the cost of chasing headline schemes that promise easy fixes. The UK now has the chance to break the policy ouroboros - to stop circling back to failed ideas - by using the Trust framework it has already legislated for and by supporting public and domestic private providers to make it work for everyone.
We've featured the best identity theft protection.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.