Sunday, 17 August 2025

Response to “Call for Evidence” on new forms of digital ID

<Name and address redacted>

<E-mail address redacted>

17 August 2025


Image credit: https://bigbrotherwatch.org.uk/campaigns/no2digitalid/

This is my response to the “Call for Evidence” on the subject of “Harnessing the potential of new digital forms of identification.” The Call for Evidence is to be found at [[1]].

Background to my response

I am responding, in the first instance, as a member of the public who is very knowledgeable in the area of computer systems and databases, and who has a strong commitment to full respect for the human rights of all those who earn them.

I am also campaign manager for my local branch of Reform UK, and leader of the local group of the civil liberties organization Together: [[2]]. My history of activism for human rights and civil liberties goes back more than 30 years. Not only to my membership of NO2ID in the 2000s, but also to my association with the Libertarian Alliance as far back as 1989.

As I recall, a major argument made for Tony Blair’s ID card project in the 2000s was that to mandate that everyone’s data be held in a centralized database would provide “a single source of truth” for those accessing that data. This, of course, raises questions such as “how do we know the data is correct?” and “is it possible that data can become corrupted?” (whether maliciously, inadvertently, or through malfunction).

After decades as a software developer and project manager, I know – without doubt – that data in a database is often incorrect, and the possibility of corruption can never be discounted. No database can ever be “a single source of truth,” and the reason is very simple; the only source from which truth can possibly be extracted is the real world in which we live.

The argument also raises questions of ethics and human rights. Like: Just how much should government be allowed to know about each individual among the people they are supposed to be serving? I would say, “only the absolute minimum required to deliver service.”

To go on. Who should be allowed to access the data, and who not: and who decides? And precisely what level of mandatory data, in any given situation, breaks the threshold of reasonability, and becomes a violation of the human right to privacy, or dignity, or both?

NO2ID’s efforts in the 2000s resulted eventually in the shutdown of Labour’s ID card project through the Identity Documents Act 2010: [[3]]. I would remind you of the words of then deputy prime minister Nick Clegg: “The wasteful, bureaucratic and intrusive ID card scheme represents everything that has been wrong with government in recent years. By taking swift action to scrap it, we are making it clear that this government won’t sacrifice people’s liberty for the sake of ministers’ pet projects.”

In the interim, we have seen chilling examples of what can happen when “whatever the computer says is right” is adopted as a general principle. Several hundred sub-postmasters were falsely accused of defrauding the Post Office because of exactly this. Many lost their entire careers, some were falsely imprisoned, and some committed suicide.

Moreover, Mr Clegg’s words back in 2010 seem to have been forgotten. To give three recent examples: We have had “vaccine passports” mandated for people who merely wanted to go about their work and their daily lives. We have had an “on-line safety” bill, that is stifling free expression on-line. And we have police using facial recognition technology in the public space, without any legal oversight.

And yet, today, we have Tony Blair – once more – advocating even more draconian intrusions into our rights of privacy and dignity than he was 20 years ago. The same Tony Blair, that was caught lying for the sake of starting a war in Iraq. And Blair is doing this with the support of the “opposition” shadow home secretary, Chris Philp. The same Chris Philp, who wanted police to double their use of facial recognition technology: [[4]]. And whose statement that the on-line safety act “won’t endanger freedom of speech” [[5]] was shown to have been misinformation, just a few months after the act came into force: [[6]].

I shall now address the individual questions.

Question 1. How effectively is data relating to individuals currently being used and shared by the Home Office and its agencies?

It does not take much googling to come up with a long list of data breaches committed by the Home Office, or their agents or sub-contractors.

·       2009: A memory stick with data on prisoners was “lost” by the Home Office’s contractor, PA Consulting: [[7]]. As the BBC reported there, PA Consulting were “heavily involved in the department’s ID card scheme.”

·       2016: The High Court awarded damages to six asylum seekers for privacy and data protection law breaches after their personal data was inadvertently published on the Home Office website: [[8]].

·       2018: The Home Office lost a privacy and data protection appeal concerning former asylum seekers: [[9]].

·       2019: The Home Office revealed the e-mail addresses of hundreds of people seeking help with the EU settlement scheme: [[10]].

·       2020: The Information Commissioner’s Office (ICO) says the Home Office has been responsible for more than 20 data breaches a month in the administration of the EU settlement scheme, including losing passports and sending ID cards to wrong addresses: [[11]]. The Independent Chief Inspector of Borders and Immigration (ICIBI) said the scheme breached GDPR law 100 times – which campaigners said had “sinister implications” for the planned digitisation of the wider immigration system.

·       2021: The ICO reprimands the Home Office for data breaches concerned with follow-ups to the Windrush scandal: [[12]].

·       2022: A very serious data breach relating to the Afghan Relocations and Assistance Policy, which led to the High Court granting an unprecedented superinjunction: [[13]].

·       2024: The ICO finds that the Home Office’s pilot of GPS electronic monitoring of migrants breached UK data protection law: [[14]].

·       2025: The Guardian reports that a Home Office contractor collected data on UK citizens while checking migrants’ finances: [[15]].

·       2025: The Telegraph reports that the Home Office is allowing police to use their passport photo database and immigration database for facial recognition searches: [[16]].

Not only is this last being done without the consent of the people affected. But unfettered use of facial recognition technology in the public space is already very likely beyond the line which divides ethical right from wrong. The two together are clearly beyond that line.

While not strictly in the province of the Home Office, it is also notable that the government’s “One Login” project, seen as a vital component of proposed systems such as “gov.uk wallet,” has failed to meet the government’s own standards for digital identity systems: [[17]].

So, the answer to the question as posed can only be, “Atrociously.” However, there are wider questions, too. Should any organization be allowed to hold as much data on everyone, as the Home Office and government now do? Or do the risks inherent in having so much data held centrally, about so many people, for so many purposes, all but guarantee that there will be abuses such as the ones I listed above – and perhaps worse problems, as yet unreported?

Question 2. What potential benefits could the use of new forms of government-issued digital identification have for the Government’s ambitions to reduce crime and to manage migration?

This is, in my opinion, the wrong question to ask. Before even thinking about potential benefits of new forms of digital ID, should not the measurable benefits of existing forms of digital ID, and the checking that goes with them, be evaluated against the costs to the people who have borne them? Both financially, and in terms of loss of rights and freedoms?

The public good

Let us never forget that a government is only legitimate when it acts for the public good. That is, per John Locke, “the good of every particular member of that society, as far as by common rules it can be provided for.” This means that a government becomes illegitimate as soon as it acts without regard for the benefit of the governed. And it must not act just for the aggregate benefit of some collective called “the governed,” but for the benefit of every individual among the governed, real criminals excepted. It is hard to see how any new form of digital ID could be legitimate under this definition, most of all if it was mandatory.

Existing forms of digital ID checking fail to reach significant numbers of people. For example, those who, for reasons perhaps of age, disability or clumsiness, are unable to use a mobile phone effectively, and therefore choose not to have one.

I myself have never yet been able to pass any on-line ID check, for just this reason. So, for example, when I reached the state pension age, I was forced to apply for the pension by post. How, then, could projects like “one login” and “gov.uk wallet” possibly meet the needs of people like me? And what would be the effects on us if such things were mandatory?

Why is there a need for new forms of ID checking?

The majority of people in the UK already have passports. And most of those adults who don’t have passports, have driving licences. Why are these documents not already sufficient to identify any British citizen, or legally resident foreigner, in any situation within the UK?

I can see that a card issued to new asylum applicants might help them prove that their application is still ongoing, so it is not “illegal” for them to be in the UK. And it could help to make sure they are not allowed benefits they are not entitled to. But I cannot see any advantage at all for British people in any new form of ID checking.

The pitfalls in going ahead with more digital ID

Moreover, based on the Home Office’s record as outlined above, and the all but certain injustices that will result whenever data in a computer is regarded as “truth” over evidence from the real world, perhaps a better question would have been: should digital forms of ID be downgraded in importance, or even abolished altogether?

And does not the “mission creep,” that seems far too prevalent in government today, lead inexorably to ever-increasing pressures against our human rights and freedoms? As Messrs Blair and Philp are showing, by their support for more digital ID schemes? In my more cynical moods, I would say that Blair and Philp are the kind of individuals that government ought to be defending us against, rather than it taking on board their illiberal agendas.

The government is not being honest with us

I cannot leave this question without commenting on two rather odd phrases towards the end of the question. One, the government claims to have “ambitions to reduce crime.” That does not sit well with a recent incident locally, in which a village shop was raided at night, at a time when – according to the officers themselves – there were only two police officers on duty for a whole borough of 130,000 people. Nor does it sit well with the fact that, when you do see police in the area, they are usually not doing anything to combat crime, but either driving around at high speed with sirens blaring, or sitting by roadsides waiting to catch out people driving some tiny smidgeon above a totally arbitrary speed limit, which wasn’t there even a few years ago.

And two, government claims to want to “manage migration.” Yet successive governments of all parties have allowed nett incoming migration to climb to absurd levels, resulting in a UK-wide population increase of more than 16% in 25 years. It is impossible to believe this has not been deliberate. And the current Labour government seems to have ceased to do anything to stop, or even or to staunch, the flow of immigrants that, according to their own laws, are “illegal.” Again, this “management” (or lack of it) has to be deliberate. So, any claims that a national digital ID system will “fix illegal immigration” are deceitful, if not also risible.

Question 3. What different categories of information about individuals could most usefully be included in government-issued digital identification?

I already answered this question above: “only the absolute minimum required to deliver a service.” That means that individuals should only ever need to identify themselves to government when using a particular government service, and should never have to supply any more information that is needed to deliver that service.

The idea that there should be a single, all-encompassing government digital ID system goes completely against this principle. If it is mandatory, that makes it even worse. “Convenience” for government should never take precedence over the human rights and freedoms it is supposed to be defending. Moreover, given the constant tendency of government towards “mission creep,” the more comprehensive the data collected for any purpose, including identity checking, the greater the danger of that data being used for purposes which harm innocent people. That George Orwell’s “Nineteen Eighty-Four” was supposed to be a warning, not an instruction manual, may be a cliché; but that does not make it any less true.

Question 4. What potential risks does the adoption of new forms of digital identification have for individuals, including risks to privacy and security of personal data?

I have identified, above, a number of these risks:

·       Digital ID systems treat data in a computer as if it was “a single source of truth.” But this data may be, and often is, inaccurate.

·       Data may be held, beyond that strictly required for the purpose for which it is to be used.

·       Wastefulness, bureaucracy, and intrusiveness by government in people’s lives, as already seen in earlier government ID schemes in the UK.

·       Violations of the human rights to privacy and dignity.

·       Breaches by government of the standards to which it is supposed to keep.

·       Government acting without the consent of the people it is supposed to be serving.

·       Government ID requirements making it difficult or even impossible for some people or groups to go about their daily lives.

·       Mission creep being used to bring about Orwellian total surveillance and control.

Questions 5, 6 and 7

These questions seem all to be predicated on the assumption that those setting the digital ID agenda intend such a project to go ahead, regardless of what the people of the UK may think, and ignoring any objections that may be raised.

It is easy to find recent government “consultations,” that have proved to be nothing but a “box-ticking exercise” for an already pre-determined agenda. The 2020 consultation on “de-carbonizing transport” was a case in point, and the recent consultation on local government in Surrey looks set to be another. Such behaviour is extremely dishonest, and certainly violates the Nolan Principles of Public Life, if not also the ethical norms of British culture.

To sum up

I am strongly opposed to any plan for any form of compulsory digital ID. It would violate the human rights to dignity and privacy. And it goes against the values of British culture – the culture which sparked the Enlightenment, and nurtured the Industrial Revolution.

I will list six specific issues I identified:

·       The idea, that data in computer systems can be “a single source of truth,” which can override evidence from the real world, is fundamentally flawed. The whole idea of digital ID checking, therefore, is also fundamentally flawed.

·       The Home Office, and government in general as at present constituted, are untrustworthy, and should not be allowed the kind of power that any new digital ID system would bring.

·       If use of a mobile phone is to be a necessary part of a digital ID system, some individuals, particularly disabled and older people, will be unable to prove who they are.

·       There are serious risks to human rights and freedoms in any digital ID system. These include inaccuracy, overreach, wastefulness, intrusiveness, violations of privacy and dignity rights, and failing to act in the interests of, and with the consent of, the people.

·       Digital ID systems could far too easily lead towards an Orwellian system of total surveillance and control.

·       The call for evidence is asking the wrong questions. Instead of what new digital ID systems should be developed, it should be asking whether attempts at digital ID systems in the UK have gone too far, and should be scaled back or even scrapped.

Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)