Does Britain need a digital ID?
Replicating a model such as that in Estonia might bring significant economic benefits, but trust issues persist
Britain needs a ‘new national purpose’, argued former prime minister Tony Blair in a report published by his Institute for Global Change. Co-authored with his erstwhile rival from across the despatch box, he joins former Conservative Party leader William Hague in calling for Britain to implement a wide range of science and technology proposals, in order to create a “strategic state”.
One idea sticks out above all others: a renewed call for the government to create a “digital identity” system to better manage the relationship between citizens and the state.
The report recommends that Britain take inspiration from countries such as Estonia and develop a system of legally recognized digital IDs. It further suggests a law be passed to codify the “only once” principle in how the government handles our data – the idea being that if, for example, you update your address, you don’t need to tell every bit of government you interact with. When your details are updated by one government agency, others would see the changes too. It’s a bold vision – but we’ve been here before. Has the idea finally come of age?
Replicating the Estonian model
“Every Estonian citizen, including me, has an ID card,” says Liisa Rohumaa, a freelance journalist and lecturer, who grew up in Britain but has just moved to live in Tallinn, the capital of Estonia, “You cannot actually live, work or do anything without this card.”
This is because the small Baltic nation is widely regarded as the world leader in digital identity, having first launched its now ubiquitous system in 2001. It’s a country where the citizenry is now used to plugging a USB card reader into their computer, inserting their ID card, and using that to securely access government (and even some private sector) services. In more recent years, the physical card hasn’t even been necessary, with the launch of a ‘Smart ID’ mobile app.
It enables the sort of functionality that might sound almost like science fiction to people living in Britain – as Rohumaa discovered when buying her flat. “You meet everybody in an office: the bank, the mortgage person, and the notary, the solicitor. And then after that, everything can be signed digitally,” says Rohumaa. “I've got my smart card in my computer. I drag and drop the file, ping it through [the Digidoc app], it says you have now digitally signed this document. It’s so easy.”
It gives the government a mechanism to know you really are who you say you are when interacting online, which makes it easier to do everything from paying your taxes to managing your membership at your local cinema. In fact, using their smart cards, Estonians can even vote online, instead of walking down to a polling booth.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
“It really penetrates every aspect of life,” says Siim Sikkut, the Estonian government’s former CIO, who is now an independent consultant and member of the President’s Digital Advisory Council.
“It's infrastructure that others can use if they want to,” Sikkut continues. “Digital ID really just does two things. It's a key you need to access services online. And secondly, it's to attach digital signatures, to then manage transactions, documents, whatever it might be.”
It’s hard to overstate just how embedded the system is now, reaching into even the most mundane use cases. When Rohumaa bought a washing machine for her new flat, she was surprised that all she needed to do was hand over her ID number to register for a warranty, with no further paperwork required.
Could a digital ID card work in Britain?
The obvious question to ask then is, can such a system work here too? “The UK is missing a huge opportunity by not having a better foundational digital ID capacity,” says Kirsty Innes, director of the Digital Government Unit at the Tony Blair Institute for Global Change. She points to a 2019 report by the consultancy McKinsey, which estimated Britain could boost its economy to the tune of 3% of GDP if it had a digital ID system that works with both public sector and private sector services.
“If you want to prove that you can drive, to rent a car, or prove that you've got the right to rent [a home], we just need one thing that is privacy-preserving, and easy to use and available to everyone,” says Innes.
Britain has dallied with the idea before. In 2011, work began on a program known as ‘GOV.UK Verify’, which would use a more decentralized, federated model. Instead of relying on a government database to hold the master list of identities, individuals could prove their credentials to different services by using their accounts with “identity providers” such as utility companies, banks, and mobile phone networks.
The 3D skills report
Find out how designers can future-proof their careers, and what they need to do to thrive in a fast-changing landscape
The system was scrapped when it struggled to verify the credentials of people with a small digital footprint, however, such as those without credit scores, who tend to be disproportionate users of government services like the Department of Work & Pensions (DWP).
“When we have so many people, often marginalized people, who haven't got access to digital services, or have trouble getting online, or haven't got a smartphone… these systems risk deepening the exclusion for those groups,” says Tom Fisher, senior researcher at campaign group Privacy International.
In place, the government is now working on a new identity system, which will still confirm identity credentials for government services (such as tax, car registration and so on), but won’t yet take on the expansive private sector role like the system in Estonia.
But this is something Innes expects might change. “I think what is likely is the government will need to end up taking responsibility for a bigger chunk of designing the underlying infrastructure to make it work, and [will] draw on the existing advantages that the government has as the issuer of these credentials to make sure it can assure the security and the accessibility and the inclusivity of it, to make sure it works in the public interest,” she says.
Resolving the lack of trust
There is, of course, the elephant in the room: trust. Do we really want the government to maintain a central registry of citizens? It was these sorts of civil liberties questions that defeated Tony Blair’s attempt to introduce ID cards when he was prime minister in 2006.
“People are somewhat reassured by the fact that the government has got this reputation for being kind of unjoined up and crap,” says Innes. “Different parts of government know different things about you, but they wouldn't be able to get their act together to share the information, even if they wanted to or were entitled to. [But] I think that is not a good basis for providing assurance to people about their privacy.”
So how can Britain build a digital ID system without making citizens fear the government is overreaching? “We built a lot of legal procedures, technical and other safeguards that can assure you the trust that if you use the Smart-ID device, your privacy is not violated against you,” says Sikkut of the Estonian system. “It's always been built up to be secure by design.”
But earning this trust might not be so easy – because “trust” isn’t just one thing. “The state's not this one monolith,” says Fisher. “People have different levels of trust in different parts. There are huge amounts of trust with the NHS, but perhaps less trust in the Home Office or DWP.”
Ultimately, Britain will probably need some sort of digital ID system, whether centralized like the Estonian approach, or decentralized like the federated Verify approach. “If you don't have a digital ID and signatures, there's a ceiling to what you can do,” says Sikkut.
That might involve tricky trade-offs with our hypothetical privacy concerns. “I think there's not a good proportionate argument for denying yourself the benefit of technology that could be helpful on the basis of a potential risk in the future,” says Innes.
“In a lot of cases, yes, you do need guardrails around it and you need countermeasures. And you need democracy to be functioning. But part of why you would want public services to improve is so that democracy can function better and people are less disillusioned with the way governments are serving them.”