Digital ID Finally Surfaces in the UK
Oh, how things can vary over a stretch of water. On the one hand, the EU is promoting digital ID (e-ID) as a foundation for promoting the freedom of movement, while, on the other side, politicians are promoting digital ID as a means to restrict the movement of certain individuals. Both know that digital ID has the potential to break down many of the data silos of the past and build a new economy, but have different ways to promote it. If done well, digital ID and digital wallets will become the anchor of our digital world, and if done badly, they will open up a nightmare of governments spying on our every move.
This week was a significant week for me. First, we hosted a PQC conference, featuring the esteemed Daniel J. Bernstein as a presenter, and second, the UK Government announced that it would roll out a Digital ID scheme. For me, a digital ID scheme has been something we have been pushing for, for years. We now need to start a debate on how best to use digital ID in the UK to push us into the 21st Century, and build a new world of digital trust.
In our lives, we have many identities, and we should not just have one digital identity. Some of our online services require a high level of trust and will necessitate verification of our identity by the UK or Scottish Government. At the current time, I have virtually no real provable identity with the public sector. This is especially seen in the NHS, where we need to start to anchor our digital identities with the interaction we have with health and social care. At the core of any identity system, we must put in place safeguards for an identity system, and make sure that government agencies cannot track our online activities.
Me and ID
Let me put my cards on the table first. I am a strong advocate for digital ID, as well as a strong advocate for privacy. I believe that it is possible to integrate digital ID into our world, and then carefully balance the risks of privacy and the threats to our society. Unfortunately, with digital ID, the debate tends to be between the two extremes. On the one side, it is used as an argument to stop illegal workers, and on the other side, it is proposed that it moves us to a Big Brother world. But it is not black and white, and in a modern economy, digital ID should be a fundamental building block in building trust in our digital world.
While countries like Estonia have built the fabric of their society around digital methods, countries like the UK have struggled to get citizens onside in seeing the opportunities — and the threats — that digital ID will bring. For us, the opportunity of being able to properly digitally sign documents will finally move us out of a paper-based world. Just imagine completely the sale of a house using a digital signature that is generated from your mobile phone, rather than sending an email that has so many risks associated with it. But, without proper security and privacy controls, we could be entering into a time of great risk, especially as politicians generally have very little understanding of what digital ID really is and how it can best be used.
Without a proper digital identity infrastructure for government services and the public sector, we build on sand. But, at the start of the 21st Century, the UK tried to implement a national identity system, but it failed because it could have been used as a spying network on citizens. There was no real debate, no showing of plans, and no discussion. A single anonymous blog post killed it dead.
At present, the current integration of citizens into government services in the UK seems almost non-existent in so many places. While the integration of citizens into tax and in the payment of parking tickets is generally good, the rest are lagging and barely reach a level beyond putting a form online. Overall, the NHS has a fleeting digital interaction with me.
e-ID and e-IDAS2
So, rather than promoting the great benefits of using government sources to attest to an identity, the UK government may be laying another trap for itself. The EU, though, is taking a different tack and prompting an openness in digital wallets, and where governments become just one identity provider — and one which is highly trusted. For this, a citizen or organisation will have their public key placed on the EBSI blockchain, and then a private key — stored in a wallet — can be used to sign messages, and which are verified by the trusted public key.
While the citizen side is a little more difficult to manage and set up, the business registration part is fairly easy, and where there are trusted processes for the registration of the public key. A good example of this is with a university awarding an academic qualification, and where a digital award will be granted, and which is signed by the university, and where the public key will be placed on the EBSI ledger, and then verified by any other entity.
An old digital world
At the current time, I still fill in bits of paper for the NHS and have no proper digital interaction with most things in the public sector. For all the great words on supporting digital integration into the NHS, nothing really ever happens at scale. With the NHS, we often have another “flagship project for digital integration and innovation, and with citizen-focused care”, and which will then just fail after seven years (this is a common measure and is typically the time it takes digital projects in the NHS to fall), and followed by a new flagship project. There’s no debate, no digital architecture for e-government and health care, no Estonian X-Road, and no technical leadership.
Cybersecurity and the Digital ID
Which job role was praised in getting the Estonia X-Road up and running? Ans: The Penetration Testers. Many people helped to build and test the X-Road system, which ensured that it was secure for citizensto use.
From a cybersecurity point of view, there will be risks in using a digital wallet for our identity. But if these are managed properly, we should have better security than using paper-based approaches. Overall, many people are now using their bank card on their mobile device, and I would expect the same levels of security applied to Digital ID in the UK.
To overcome security problems, we must integrate other authentication methods, such as biometrics (especially around facial recognition), SMS authentication and one-time code generation.
At the present time, the usage of Gov.UK identity is all rather confusing, so it would be expected that there was a clear path on the usage of Digital ID, and how citizens can add their identity to the devices. This is not an easy task, and many countries started with smart cards for Digital ID, but the UK will move straight to mobile device integration. If the UK can make this work, there are great opportunities in improved government services, such as around voting and the NHS, along with improved use of KYC (Know Your Customer) within banking. The UK should certainly look to countries like Estonia in making sure that the cybersecurity aspects are well covered, especially in getting citizens and businesses on board.
A New Digital World
So, there’s one confusing element in Scotland, and where there is already a non-mandatory ID scheme (ScotAccount). It has never really been pushed, and has a soft integration into public sector services in Scotland. I hope, finally, that we can move to much improved integration of the citizen with the public sector, and one which respects privacy.
To overcome this, we should view the UK and Scottish Government ID systems as just one method of proving our online identity, allowing us to establish this once and not have to continually prove it. There are many areas of our economy which will benefit from the application of the UK and Scottish Government ID system, including KYC (Know Your Customer) in financial transactions.
A key advancement will be the advancement of proper digital methods within our work, including identity verification in voting and in international travel. We should now be moving into a world where we see our digital wallet just like the wallet in our pocket, and where we can store the credentials we need to interact in a truly digital way.
Estonia has led the way with this, and the UK should follow, especially in opening up new opportunities in economic development, and which require the proof of identity at their core. If we do not take advantage of the advancements in digital identity, we will lose out. To me, this is less about stopping people from coming into the country illegally and more about building a future economy and a new world of digital engagement with the public sector in UK, and for citizens to have more control of their data. We need an X-Road data architecture for the UK — otherwise, citizens will have no idea about how their data is being used.
Be part of the debate
The debate is happening, so be part of it, please consider signing up for our conference on Digital ID, Digital Wallets and AI on 23 October 2025 in Edinburgh:
