Editors Note: our long form stream notes tend to be quite extensive, we wanted to provide these ones for free as an example of what paid subscribers can expect from our Research Notes vertical. We hope people who are more interested in deeper research will use these are a resource to perhaps make their own takes on the issues we talk about or use them as a jumping off point to perhaps find some things we missed. These notes represent the hours of research and cross referencing that goes into most of our twice weekly streams, which are now collected all in one place for ease of use. If you want to keep receiving these, or if you want access to our research archive, please do consider subscribing.
We’ve covered a few aspects of this in our previous streams, most notably the Attributes framework, but the process is moving very fast and has not been covered in a dedicated way:
We’ve commented before that there is a Digital ID shaped hole in the flagship legislation of the UK government. We tackled this specifically in a section of our stream on The Online Safety Bill and how it interacts with The Digital Economy Act 2017.
Blair has been pushing national/digital ID since at least 2002, and received constant push back.
LSE back in 2006 (above article) said the plan was unworkable, costly and likely to invade privacy, yet in March this year they hosted conference on it that appears to be positive: https://www.biometricupdate.com/202303/digital-identity-interest-group-forms-with-initial-meeting-at-the-lse
In 2006 the Blair Government passed the Identity Cards Act 2006, but due to a poll-tax like outcry it was repealed in 2010 prior to implementation by the conservative government who has spent the last 13 years quietly implementing the groundwork for universal digital ID. A great example of performatively putting something back in the bottle to be worked on in secret: https://www.legislation.gov.uk/ukpga/2006/15/contents
Hague and Blair pushing Digital ID in February this year: https://news.sky.com/story/amp/tony-blair-and-william-hague-call-for-everyone-to-have-digital-id-cards-12817051
“So the question is what changes that situation? So if you take, for example, the ambition we have on climate, there is no way we can meet that ambition without changing planning. There's literally no way we can do it.
"And a lot of these things, they're not airy-fairy, they're actually about people's lives. People already live their lives digitally. The question is whether government and politics can catch up with that reality."
Digital ID to control migration is already a proposed labor policy for the next election:
We covered this in “The Political Switcheroo” stream, when we talked about this EIGHT MONTHS ago.
All the framing from 2002 onwards has been slowly but surely shifting to the idea that national, come digital, identify schemes aren’t just something that’s needed, but something that already exists and ergo politics must catch up because the necessity of ID is beyond political.
Within the UK system, “Digital Government Services” have crept up on the public in every area, but the “Great Leap Forward” for digital ID was The Lockdowns.
The UK framework is similar to the EU framework initialized in 2014 but lacking full implementation: https://www.cryptomathic.com/news-events/blog/will-the-uk-follow-the-eu-on-digital-identities
A lot of this can be seen in the context of “Regulatory Alignment” with the EU as the systems mirror those of the EU digital ID projects almost exactly, like with The Online Safety Bill.
The process to officialise this patchwork began in earnest in July 2019, with a public call for evidence–the first of many. The initial push was bundled with a push for digital inclusion and access to services:
https://www.gov.uk/government/consultations/digital-identity
The UK Government has tried to assuage fears that this system is being made, even as it is asking advice on making it, and seemed annoyed people rejected their framing in the consultation:
https://www.gov.uk/guidance/digital-identity
Policy Exchange called upon the government to do… what it was already planning to do.
And of course there is a Policy Exchange report recommending the government do what it was already doing:
https://policyexchange.org.uk/wp-content/uploads/2020/10/Verified.pdf
Bottom of page 40 to page 41 “No cards, but there will be ID”
The design of GOV.UK Verify was guided by the Government’s decision to repeal the Identity Cards Act on 21 January 2011. To avoid establishing a central Government database or citizen registry, GOV.UK Verify was designed with a “federated” architecture in which the task of verifying identities was outsourced to a set of private companies, each of which had to go through rigorous checks to make sure they could be trusted to keep identity data secure.144 Crucially, the use of private companies meant that the Government could receive identity assurance “without the need for ID cards.”
UK digital identity and attributes trust framework
This was then used to partially justify the creation of a digital ID framework in early 2021 through early 2023:
The 0.1 Version
Current 0.3 Version
Being justified by these people:
The link initially provides you with a “back to safety” notice as the site appears to have no SSL cert. When you do access it, it simply redirects you to their homepage. We had to access this landmark report justifying digital I.D. via The Wayback Machine:
Reminds me of: https://www.goodreads.com/quotes/40705-but-the-plans-were-on-display-on-display-i-eventually
The report is a joke and seems to just be researchers asking ever more leading questions to a group of people unable to fully understand questions asked and unwilling to tell them what they want to hear.
Who are BritainThinks AKA Thinks Insight? https://www.mrweb.com/drno/news34521.htm
Cofounders: https://twitter.com/viki_cooke and https://twitter.com/debmattinson?lang=en https://www.bitebackpublishing.com/authors/deborah-mattinson
The ministerial foreword is different than the previous version we’ve looked as, since 2021 when we first picked up on this framework it has gone from simply a way to regulate the digital ID industry with common standards to a full blown central digital ID framework with the “One Login”
The pilot program is already here:
These companies are going to make billions being the certifiers of attributes providers: https://www.ukas.com/resources/latest-news/uk-digital-identity-and-attributes-trust-framework-pilot/
GOV.UK One Login:
Draft Legislation Consultation Jan 2023:
https://techmonitor.ai/government-computing/one-login-uk-government-consultation
“The UK government intends to take forward legislation as soon as parliamentary time allows.”
As was called for by Policy Exchange, a dedicated position for digital ID in government has been created. Natalie Jones OBE - Director of Digital Identity, Government Digital Service
https://www.gov.uk/government/people/natalie-jones#current-roles
Managed the digital end of The EU settlement scheme. Not only do they argue for ID via immigration. They also use the extra-legal status of migrants to prototype these systems. This trend will continue with UBI, Housing provisions.
The system being consulted on and having legislation drafted for it is already being celebrated as operational this month:
https://gds.blog.gov.uk/2023/06/24/gov-uk-one-login-june-2023-update/
“One Login is not used for other purposes other than verifying someone’s identity to allow legitimate identity access; consent is not required from citizens for these purposes.”
So what is this new digital ID legislation needed for, what will it contain and how will it be used?
The fig leaf that physical services will still be accessible by those not wanting to do so digitally is a farce laid bare by the current impossibility of accessing in person services and the long waiting lists even for digital ones ala DVLA after the backlog caused by remote working during the lockdowns, which itself demonstrates “the states of exception” in which these physical services will be cut off entirely.
A Machine Fighting Itself?
The UK Gov has tried this kind of “unified approach” before, with .gov Verify, and it was an expensive failure with each department and agency trying to retain its own system and jostle for digital ID leadership. The issue isn’t skepticism, the issue is that departments have already been doing this ad-hoc for years with almost no oversight bar GDPR:
https://techmonitor.ai/government-computing/gov-uk-one-login-verify
https://www.biometricupdate.com/202307/uks-one-login-still-has-competition-in-government
The Government does not have the resources to develop these systems in house, but no one seems able to point to WHO is developing the “One Login” system for the UK Gov. Much like with Serco’s involvement in the UK Test and Trace program and the NHS app, there is a lot of intentionally conflicting or missing information:
https://fullfact.org/health/test-trace-march-2021/
Much like Blair’s original National ID framework it is suggested that a number of “identity providers” will be operational, this we presume creates a greater illusion of choice and helps to manufacture consent.
Immigration and Digital ID:
Same line since 2002:
https://www.upi.com/Defense-News/2002/07/03/UK-proposes-compulsory-ID-cards/93311025717083/
The first schemes to use fully digital ID checks were predicated on cracking down on illegal immigration:
“New digital identity checking for landlords and employers to tackle immigration abuse.”
https://www.gov.uk/government/news/new-digital-identity-checking-for-landlords-and-employers-to-tackle-immigration-abuse - Modern Slavery Act, Centre for Social Justice.
“Identity document validation technology in the right to work and right to rent schemes”
Explicitly ties this to the attributes framework.
There are already certified providers carrying out these checks using things like biometrics:
“For private sector IDVT service providers to be eligible for certification, they will need to be certified by UK Accreditation Service (UKAS) and meet the requirements of the UK Digital Identity Attributes Trust Framework.” These are both talked about further up and this provides a practical example of where wholly digital ID checks already exist, despite there not fully being a framework for them and legislation to enable them still being drafted.
Biometrics are already an accepted part of some forms of residence permits and are something we will talk about in full in another stream.
https://www.gov.uk/biometric-residence-permits
The New National Security Bill already talks about “Automatic retention of biometric data” by security services.
Confluence with Digital Pound project:
“Sunak’s Britcoin currency ‘could be used to check ages and nationalities’”
Digital Pound will use the Digital ID Attributes framework and possibly be absorbed into the “One Login” infrastructure in time:
Nuggets is one of the few organizations verified both by the UKAS new ISO 27001 standard that is based on the Digital ID and attributes framework and by the department itself as an attribute provider. They are not listed as part of the pilot scheme.
Conspiracy Jacketing or Misreporting:
Andrew Bridgen is being used as a heel and as conspiracy nut in chief as a way to discredit what is existing policy:
https://www.andrewbridgen.com/parliament/bridgen-calls-debate-any-plans-introduce-digital-ids
This is not a separate policy and seems to interlock fully with the existing scheme, it is basically a lie to say this is now or unique to Scotland:
https://www.scottishdailyexpress.co.uk/news/politics/nicola-sturgeons-government-roll-out-28532790
STEPHEN GLOVER: Tony Blair’s terrifyingly illiberal plan for digital ID cards makes me more glad than ever that he’s no longer in power. Feb 23
https://www.dailymail.co.uk/debate/article-11782209/STEPHEN-GLOVER-Tony-Blairs-illiberal-plan-digital-ID-cards-makes-glad-hes-not-power.html
Internationally, there are efforts to portray this as a crank talking point:
https://www.abc.net.au/news/2022-04-26/minor-parties-campaign-against-digital-id-proposals/101014152
Conclusions:
As we’ve talked about before, there is a digital ID shaped hole in most of the UK’s law when it comes to online services, security and immigration. This is intentional, and goes as far back as the much laughed at “porn ban” in the Digital Economy Act of 2017 and was only made stronger by The Online Safety Bill. Mandatory Digital ID will be a requirement to access online services because of the provisions in these bills and many others, they do not function without it. It is not a single bill, but a confluence of bills, policies and secondary legislation that provides us with a full picture of the scope Digital ID will soon have–and in many ways already has–in every day life.
What little accessible research we have, there is no public demand for digital ID services. The ‘demand’ is predicated on a focus group by “BritainThinks” which is staffed by the government and the Labour party itself and Policy Exchange, which is just the Tory Party. In fact, the government seemed exasperated by the responses to its public consultations, with the majority simply telling them that they want “no digital ID system.”
The schemes are a direct contravention of the spirit of the Identity Documents Act 2010, which went as far as to Close the Office of the Identity Commissioner as a core provision, but we now have a Director of Digital Identity as part of a digital ID commission and the implementation of a formalized central database via information sharing–the most hated part of the Identity Cards act.
There has been a deliberate effort by all managerialists at the policy making end to ensure that loose Digital ID solved ends are existent in all policy, they will implement all of the above possibly without a functioning digital ID to hold it together so that the public does demand it in the near future. The Conservatives have gone 99% of the way with a convoluted system, Labour will simply “make it sane” with the proper database and digital ID wallet.