Last Friday, on Radio 4 PM Programme, one of the objectors was interviewed and she failed to land any blows at all. Perhaps her best argument was that the ID would create a vulnerable data asset that might be hacked by (unnamed) malevolent actors. She certianly wanted an opt out (an act of self harm IMHO). There was no coherent argument against other than an idea of "personal choice" being fine, but any "enforcement" being not fine. She also deployed the "slippery slope" argument, without any realistic scenario (but see below, for one such).
Consider the following: you cannot really get anywhere these days without a smart phone, a driving licence, a passport, and an NI number. Consequently you really need an Apple ID and iPay, or a Google Wallet, which in turn require Face ID and Touch ID. The benefits of these services to all citizen users are obvious.
We are moving towards a cashless society now, with a generational OAP lag for some that will need to be managed (as in China already). The benefits to citizens are so obvious. Users clamour to opt-in every day, choosing to do so. Excited by the impacts and opportunities these innovations bring into their lives. We all move (fairly) seamlessly through both public sector and commercial services, with our ID established and subscriptions, payments, media consumption, travel, and ticketing. These days the NHS app is improving access to information and ordering repeat prescriptions.
So your own ID data is held by your banking and payment mechanisms, by your digital service providers (commercial, not public, and mostly US), your media providers, your email and WhatsApp accounts, your state NI + passport + driving licencing; the UK Government Gateway for HMRC; your NHS number; your DVLA car tax; your pensions; your energy and utility providers, and so on. Your employer probably knows the least! All of this is digital - and increasingly the non-digital option is being left behind (a new form of second class citizenship - of self-harm). Digital inclusion is more important than any Cnut-like holding back and hand wringing.
In fact, the objectors should better focus on who can store and examine personal biometric data (which are not completely the property of an individual, being partly shared by close kin), rather than any ID data. They are tilting at the wrong windmill because they aren't properly (technically) au fait; and are ignorant at worst.
Biometric data, such as the UK Passport database and the DVLA database, which are linked and both contain facial images (which is demonstrably shared between them, sideways), is a big further step, and it is discoverable and examinable for purposes that ill defined by the police. Even the police DNA data base for anybody arrested is a concern as deletion required by law isn't automatic as it should be. On the other hand many historical crimes (from decades ago) are resolved when some kin of the perpetrators are put onto the DNA database (I am saying that while fingerprints are unique to the individual, DNA and facial features are not). Professor Serious certainly looks like his brother! Just sayin'
Lots of good points - like data minimisation, and also exemplar of Estonian System. Just to also support that not all government projects are bad - DVLA (which includes a form of id) was a big win, and points the way. What I question is a) whether it would actually simplify citizens lives and b) whether it would actually reduce government costs much at all - the big wins were simply going digital (as we have for NHS, HMRC, DVLA etc). So unifying sign-on is only a win for the services if there's some data joins they can then usefully do, but that flies in the face of privacy and data minimisation. For the user, unifying sign on can just be hidden in a wallet app - you don't need to have one id - you just need a nice federated service - I already use such tech for many things. The argument (made in some quarters) it will solve small boats/illegal immigrants is 100% BS - legal immigrants already get a digital identifier from the home office which they show for entitlement (to work, healthcare, accommodation etc). Else we have NI, etc... what I'm failing to see is a proper analysis of the actual cost/benefit that would preceded any such large project in a sensible business (due diligence too:-)
Thanks for this interesting comment. Probably scope for a longer discussion on data and service architectures. I suspect you might underestimate the cost of maintaining multiple legacy authentication methods, matching across schemas etc. It is feasible to join data but maintain privacy, I would rather that were explicit rather than implicit. I do worry that HMT business cases fail to account for strategic benefits.
i've actually talked to people in GDS so I have a very good idea of the cost of both maintaining, but also upgrading the thousands (yes thousands) of little government digital widgets to all use on single system. I also believe it would represent a potential security problem since any flaw in the implemenation would lay open every single service to attack, whereas simply federating all the disparate systems would retain the diversity. matching schemas is also something we tried in aligning lots of services in the NHS so that health data research could be done more easily. in the end, federated learning is simpler and safer....in my view....plus controlling FL to prevent exfiltration of models that can be attacked (e.g. via model inversion or set membership inference) is easier than controlling a monolithic database and hoping that access control is working 100% (there's no 100% security system:-) but i'm still in favour of some kind of digital id, just how it rolls out is the challenge.....i'd love to see one worked example of a government side cost benefit:-)
by the way, i've now heard 3 horror stories about how bad is the id verification system used by companies house - one from an id tech expert and two from lawyers....
I think I am persuaded that the advantages of digital ID properly implemented will outweigh the disadvantages. But it has to be based on reliable data as to sex. Unfortunately government data sources are corrupted by the ability to obtain official documents including passports based on self-ID. Human beings cannot change their sex only their gender. The Gender Recognition Act needs amendments to ensure that sex is always correctly recorded, alongside self-described gender if necessary, before we can have a reliable system of digital ID.
Very much agree with this. The frustration and complexity of doing even very banal things like getting a parking permit for the estate I live on — the government knows that I (a) live there (b) own the car (c) have insured the car (d) have paid VED. Being able to give de minimis confirmation of this rather than send over 5-6 personal documents is a huge win in privacy and time saved.
I am massively in favour of digital ID for all the benefits that are listed — which, as a Portuguese citizen, I have benefited from for many years now — and also the increased levels of security that are now available.
However, there is also an onus on ensuring that data is made available and shared in ways that that make them usable and trustworthy. Let me give you an example. The NHS app is a massive step forward but it is still marred by the way data is being processed, stored and shared; for instance, medication and test results. In the last few months, I had tests and treatment performed at my GP practice and three different NHS trusts, all in the region I live in, some in the same city. Data collected at the GP practice is readily available on the app, but, say, medication prescribed at an NHS trust is shared with the GP in the form of a letter – in one case, a physical letter that I had to personally hand in to the GP practice. When at a given trust, I had to show them the letter with the medication prescribed by, or test results from, a different trust (which I had downloaded and saved in a cloud) as there was no way they could access it.
In summary, by all means bring forward a digital ID but ensure services operate in a true digital environment.
Facial Recognition is tainted as " Big Brother" biometrics! As you may know UK police services have 18 million innocent UK citizens faces in facial databases and refuse to remove them despite high court instructions. See https://www.bbc.co.uk/news/uk-31105678. The republicans upon taking office in the USA found similar illegal databases of innocent US citizens in US Govt server farms. It shows citizens cannot trust government there is always pressure to trangress against the citens right to privacy.
The accuracy of vascular biometrics is significantly higher than facial recognition plus it dosen't lend itself to mass surveillance. Our smartphone based vascular system is currently being tested by the US department of homeland security and the US TSA contact former congreessman Mark Green who chaired the US Govt homeland security committee for details.
Labour are likely to back the wrong horse if they insist on facial recognition allied to mass surveillance systems.
My view is to trust your citizens trust your electorate. A viewpoint I shared in the current LinkedIn debate.
-------
I'm now working with Global Edentity to introduce multidimensional vascular via standard smartphones as new camera chips can image in the NIR ( near infra red ) with a software tweak and an AI algorithm.
However, I think that European woke authoritarian government's will insist on facial recognition for mass surveillance / control reasons ( they don't trust their citizens). Lets see how the debate pans out
I'm for every citizen having control of their own biometric authenticator with a distributed database where the encrypted vascular template is stored in each phones secure element and only a token exchange is needed to access and use external services.
I think America will go for personal vascular lets see if we can get European, Canadian & Australian governments to drop authoritarian mass surveillance solutions in favour of a civilised, distributed privacy enhancing solution.
I think vascular biometrics are very interesting. I expect that a UK digital ID will include a photograph. The type of the biometric information stored seems to me independent of the design of the digital ID and what is stored where. I discuss 'self-sovereign' approaches in the article.
Last Friday, on Radio 4 PM Programme, one of the objectors was interviewed and she failed to land any blows at all. Perhaps her best argument was that the ID would create a vulnerable data asset that might be hacked by (unnamed) malevolent actors. She certianly wanted an opt out (an act of self harm IMHO). There was no coherent argument against other than an idea of "personal choice" being fine, but any "enforcement" being not fine. She also deployed the "slippery slope" argument, without any realistic scenario (but see below, for one such).
Consider the following: you cannot really get anywhere these days without a smart phone, a driving licence, a passport, and an NI number. Consequently you really need an Apple ID and iPay, or a Google Wallet, which in turn require Face ID and Touch ID. The benefits of these services to all citizen users are obvious.
We are moving towards a cashless society now, with a generational OAP lag for some that will need to be managed (as in China already). The benefits to citizens are so obvious. Users clamour to opt-in every day, choosing to do so. Excited by the impacts and opportunities these innovations bring into their lives. We all move (fairly) seamlessly through both public sector and commercial services, with our ID established and subscriptions, payments, media consumption, travel, and ticketing. These days the NHS app is improving access to information and ordering repeat prescriptions.
So your own ID data is held by your banking and payment mechanisms, by your digital service providers (commercial, not public, and mostly US), your media providers, your email and WhatsApp accounts, your state NI + passport + driving licencing; the UK Government Gateway for HMRC; your NHS number; your DVLA car tax; your pensions; your energy and utility providers, and so on. Your employer probably knows the least! All of this is digital - and increasingly the non-digital option is being left behind (a new form of second class citizenship - of self-harm). Digital inclusion is more important than any Cnut-like holding back and hand wringing.
In fact, the objectors should better focus on who can store and examine personal biometric data (which are not completely the property of an individual, being partly shared by close kin), rather than any ID data. They are tilting at the wrong windmill because they aren't properly (technically) au fait; and are ignorant at worst.
Biometric data, such as the UK Passport database and the DVLA database, which are linked and both contain facial images (which is demonstrably shared between them, sideways), is a big further step, and it is discoverable and examinable for purposes that ill defined by the police. Even the police DNA data base for anybody arrested is a concern as deletion required by law isn't automatic as it should be. On the other hand many historical crimes (from decades ago) are resolved when some kin of the perpetrators are put onto the DNA database (I am saying that while fingerprints are unique to the individual, DNA and facial features are not). Professor Serious certainly looks like his brother! Just sayin'
I very much agree! And acknowledge that my many crimes are actually attributable to my brother.
Lots of good points - like data minimisation, and also exemplar of Estonian System. Just to also support that not all government projects are bad - DVLA (which includes a form of id) was a big win, and points the way. What I question is a) whether it would actually simplify citizens lives and b) whether it would actually reduce government costs much at all - the big wins were simply going digital (as we have for NHS, HMRC, DVLA etc). So unifying sign-on is only a win for the services if there's some data joins they can then usefully do, but that flies in the face of privacy and data minimisation. For the user, unifying sign on can just be hidden in a wallet app - you don't need to have one id - you just need a nice federated service - I already use such tech for many things. The argument (made in some quarters) it will solve small boats/illegal immigrants is 100% BS - legal immigrants already get a digital identifier from the home office which they show for entitlement (to work, healthcare, accommodation etc). Else we have NI, etc... what I'm failing to see is a proper analysis of the actual cost/benefit that would preceded any such large project in a sensible business (due diligence too:-)
Thanks for this interesting comment. Probably scope for a longer discussion on data and service architectures. I suspect you might underestimate the cost of maintaining multiple legacy authentication methods, matching across schemas etc. It is feasible to join data but maintain privacy, I would rather that were explicit rather than implicit. I do worry that HMT business cases fail to account for strategic benefits.
i've actually talked to people in GDS so I have a very good idea of the cost of both maintaining, but also upgrading the thousands (yes thousands) of little government digital widgets to all use on single system. I also believe it would represent a potential security problem since any flaw in the implemenation would lay open every single service to attack, whereas simply federating all the disparate systems would retain the diversity. matching schemas is also something we tried in aligning lots of services in the NHS so that health data research could be done more easily. in the end, federated learning is simpler and safer....in my view....plus controlling FL to prevent exfiltration of models that can be attacked (e.g. via model inversion or set membership inference) is easier than controlling a monolithic database and hoping that access control is working 100% (there's no 100% security system:-) but i'm still in favour of some kind of digital id, just how it rolls out is the challenge.....i'd love to see one worked example of a government side cost benefit:-)
A lot to unpick here ... for an in-person discussion I think.
by the way, i've now heard 3 horror stories about how bad is the id verification system used by companies house - one from an id tech expert and two from lawyers....
funnily enough, just about to use it ... an argument for a proper UK ID in my view!
just completed it ... and OK ... as these things go ... but the need for this would have been obviated by a UK ID
I think I am persuaded that the advantages of digital ID properly implemented will outweigh the disadvantages. But it has to be based on reliable data as to sex. Unfortunately government data sources are corrupted by the ability to obtain official documents including passports based on self-ID. Human beings cannot change their sex only their gender. The Gender Recognition Act needs amendments to ensure that sex is always correctly recorded, alongside self-described gender if necessary, before we can have a reliable system of digital ID.
I think that this issue well analysed by Alice Sullivan at UCL. Of course, what you include is independent of the ID technology itself.
Agree. And am sending a link to my MP who has already,sadly, knee jerked their opposition.
Very much agree with this. The frustration and complexity of doing even very banal things like getting a parking permit for the estate I live on — the government knows that I (a) live there (b) own the car (c) have insured the car (d) have paid VED. Being able to give de minimis confirmation of this rather than send over 5-6 personal documents is a huge win in privacy and time saved.
I am massively in favour of digital ID for all the benefits that are listed — which, as a Portuguese citizen, I have benefited from for many years now — and also the increased levels of security that are now available.
However, there is also an onus on ensuring that data is made available and shared in ways that that make them usable and trustworthy. Let me give you an example. The NHS app is a massive step forward but it is still marred by the way data is being processed, stored and shared; for instance, medication and test results. In the last few months, I had tests and treatment performed at my GP practice and three different NHS trusts, all in the region I live in, some in the same city. Data collected at the GP practice is readily available on the app, but, say, medication prescribed at an NHS trust is shared with the GP in the form of a letter – in one case, a physical letter that I had to personally hand in to the GP practice. When at a given trust, I had to show them the letter with the medication prescribed by, or test results from, a different trust (which I had downloaded and saved in a cloud) as there was no way they could access it.
In summary, by all means bring forward a digital ID but ensure services operate in a true digital environment.
Facial Recognition is tainted as " Big Brother" biometrics! As you may know UK police services have 18 million innocent UK citizens faces in facial databases and refuse to remove them despite high court instructions. See https://www.bbc.co.uk/news/uk-31105678. The republicans upon taking office in the USA found similar illegal databases of innocent US citizens in US Govt server farms. It shows citizens cannot trust government there is always pressure to trangress against the citens right to privacy.
The accuracy of vascular biometrics is significantly higher than facial recognition plus it dosen't lend itself to mass surveillance. Our smartphone based vascular system is currently being tested by the US department of homeland security and the US TSA contact former congreessman Mark Green who chaired the US Govt homeland security committee for details.
Cheers
Joe
Labour are likely to back the wrong horse if they insist on facial recognition allied to mass surveillance systems.
My view is to trust your citizens trust your electorate. A viewpoint I shared in the current LinkedIn debate.
-------
I'm now working with Global Edentity to introduce multidimensional vascular via standard smartphones as new camera chips can image in the NIR ( near infra red ) with a software tweak and an AI algorithm.
However, I think that European woke authoritarian government's will insist on facial recognition for mass surveillance / control reasons ( they don't trust their citizens). Lets see how the debate pans out
I'm for every citizen having control of their own biometric authenticator with a distributed database where the encrypted vascular template is stored in each phones secure element and only a token exchange is needed to access and use external services.
I think America will go for personal vascular lets see if we can get European, Canadian & Australian governments to drop authoritarian mass surveillance solutions in favour of a civilised, distributed privacy enhancing solution.
I think vascular biometrics are very interesting. I expect that a UK digital ID will include a photograph. The type of the biometric information stored seems to me independent of the design of the digital ID and what is stored where. I discuss 'self-sovereign' approaches in the article.