The UK doesn't want to force you to have a digital ID but a 'trust me bro' approach won't make the cut

Date:
Fri, 20 Mar 2026 13:20:49 +0000

Description:
The new voluntary approach to UK digital IDs is a welcome change. But is it enough to ensure our most sensitive data remains private, secured, and free from abuse? The government wants to hear your say.

FULL STORY
"No to digital ID." "Checkpoint Britain." "A digital prison." These were the messages on the placards of the thousands of UK citizens who took to the streets of London to oppose a national digital ID card last October. That backlash resonated with Downing Street, pushing the government to introduce a new-look BritCard in the hope of alleviating concerns. But experts still
aren't convinced.

On March 10, the government launched a national consultation in search of a more palatable scheme. But without a clear idea of how to make a digital ID system truly "private by design," is it all just a waste of time and money until the next proposal is called out once again? The biggest bone of contention with the original BritCard plan was that it was mandatory. Sold largely as a way to tackle illegal immigration, everyone in the country was going to require one to live and work in the UK.

Cue the cries of " mass surveillance and digital control "
from privacy experts, technologists, and lawmakers from all sides of the political spectrum, as well as the movement of public concern. Prime Minister Keir Starmer decided to drop the BritCard scheme in January 2026, but the government remains focused on introducing a digital ID scheme by the end of
its current term. That gives it until August 2029 at the very latest to come
up with something that works. With the launch of the national survey, the process is now back in motion with the government turning the problem on its head and asking the country how they would like it to be done, perhaps, as well, a way to create the buy-in that was clearly missing at the last
attempt.

The most significant change in the proposal, though, is that, currently,
there will be no legal obligation for anyone to have or present a digital ID
in the UK. But that does beg the question of whether its worth creating them
at all? Echoing what EU countries are doing with their EU Digital Identity Wallet (EUDI), access to public services will not be made dependent on having the digital ID. People will have full control to decide whether or not they want one. The hope from the UK government, though, is that a digital ID will speed up and modernize bureaucracy, enabling citizens to prove their identity more easily and securely online. That could mean cost and time savings for
both the system and its people.

On paper, these changes might be enough to win over some of the skeptics, but theres nothing yet to address the technical concerns. How does the UK government plan to secure this highly sensitive data and make sure that the countrys most personal data remains private and free from abuse?

"Voluntary must remain voluntary" -- Evin McMullen, the CEO and Co-founder
of ID management provider Billions Network whose tech was selected in Europe to support the privacy and security infrastructure behind the EUDI describes the shift towards a voluntary user-centric model as "a clear and welcome improvement" from the original mandatory BritCard proposal.

According to McMullen, clear legal safeguards are now needed to ensure this won't change over time. "Voluntary must remain voluntary," she said, adding that "even voluntary systems are at risk of function creep."

The rules of the initial setup may become subject to change further down the line. This may occur, McMullen explains, if the service starts demanding more data or if the scheme is later made mandatory.

Senior Legal and Policy Officer at Big Brother Watch, Jasleen Chaggar, warns, though, that even a voluntary digital ID system can still threaten citizens' privacy, while wondering why the government still wants to spend billions on the development of such an unpopular scheme

"If the government insists on pushing ahead, legislation will be vital to protect rights, but because parliament is sovereign, a future government
could just undo the laws," she told TechRadar, while adding that only a truly "private by design" infrastructure would help minimize the risk for data
abuse. Privacy by design cannot be just an empty promise As of today, we
still don't know how the government intends to build its digital ID system.

The official documentation states that the plan is to harness existing infrastructure "to create a national digital ID that will be useful,
inclusive and trusted." A system that "will be designed and delivered with privacy at its core." While that's good on paper, this description is still
too abstract to feel certain about.

As McCullen from Billions Network points out, the key now is to ensure "these privacy by design promises are held fast through implementation." And this is where the real problems begin.

Let's start with the elephant in the room.

The GOV.UK One Login and GOV.UK Wallet services are expected to be at the
heart of the digital ID system. These systems, according to lawmakers, "are already operating as trusted parts of government."

Unfortunately, reports last year uncovered multiple security shortcomings in those systems, which pose serious questions about the safety of those identifiers.

As Chaggar from Big Brother Watch notes, the UK's public sector has a
"horrible record" of breaching confidential data and the sensitivity of the data involved with digital ID couldn't be any greater.

She said: "Digital ID is linked to biometric information, which uniquely identifies you and cannot be changed. If there is a breach, you can't just reset your face like a password; it is breached and vulnerable forever."

According to ID
management expert McMullen, the needed next step for the UKs digital ID
system to live up to its promise is simple: the government needs to get explicit about how its going to do it.

"In the age of AI and digital ubiquity, that 'trust me bro security' is not acceptable for government entities," she told TechRadar.

According to McMullen, a better approach should start with a mandate on zero-knowledge proof (ZKP) tech as standard architecture. That's an ID verification technology that enables users to prove their identity or age without the need to disclose all information. A green light that is cryptographically signed and verifiable.

Big Brother Watch, however, is also worried that building such a
"centralized" digital ID database could lead to the loss of control over our data and digital rights.

"Even though they say the system isn't centralized, the backend data will
still be joined up," Chaggar told TechRadar. "Theoretically, NHS data could
be shared with school, welfare, and criminal data, which can then be mined
for insights and used to profile you." Worried about your privacy? Have your say Despite the current lack of detail, privacy-conscious UK citizens are
still in a far better position than a few months ago.

But even from the pro-digital ID card point of view, without strong legal safeguards and clear security measures, the whole scheme risks crumbling.

Whichever side of the debate youre on, its an important moment to have your
say if the government is really going to introduce some form of digital ID as promised.

"We want to build a system that works for everyone. Now is your chance," said Darren Jones, Chief Secretary to the Prime Minister, in the official announcement .

The consultation is open to anyone in the country, with 100 respondents set
to be randomly selected for the next phase of the debate. You have until May
5 to help make the UK digital ID as good as it can be. You shouldn't miss it.

Link to news story: https://www.techradar.com/vpn/vpn-privacy-security/the-uk-doesnt-want-to-force -you-to-have-a-digital-id-but-a-trust-me-bro-approach-wont-make-the-cut

$$
--- SBBSecho 3.28-Linux
* Origin: Capitol City Online (1:2320/107)