The UK's proposal makes the "digital ID" a pointer to an entry in a centralized database. This database is the definitive record of what you are allowed to do or not do (like reside and work). Which can be changed or deleted at the stroke of a key, through human error or malice. Then what?
When (not if) the database becomes an attribute store across a wider scope, the implications are scary. The "digital ID" as set out today can't work for its ostensible purpose. Therefore its actual purpose isn't being declared. Not hard to connect the dots.
This is not true. Government agencies generally look up your ID as necessary to check if it's still valid.
Stopped for speeding? The cop is going to look up your driver's license.
Leaving the country? They're running your passport number.
Starting a job? They're checking the status of your SSN.
The physical ID is good enough for low-stakes stuff like renting a car with a driver's license, or proving your age to get into a bar. But it's already not trusted on its own for any of the serious stuff you're talking about, like where you can reside and work.
In reality I've never been asked for the code when renting cars (outside the UK), the physical card seems to generally be sufficient for the hire companies.
Now they want to make it illegal for employers to illegally give a job to people it was already illegal to give a job to by making them have a new ID, when it was already illegal to give someone a job without getting proof of their right to work in the UK!
You are 100% right
I guess, depending on how it's implemented, maybe an ID could be cloned and still appear valid, but that seems like a possibility for the UK's approach as well (the clone would just point to the same database entry).
But considering that they've been retiring things like biometric residence cards in favour of web-based systems, it's possible there will be no physical component.
We have this is NSW in Australia: the Services NSW app provides a digital drivers license which is guaranteed to be accepted by authorities as legitimate.
Really? If anything it would make them easier. Hackers routinely break into government databases to exfiltrate information. An ID attribute databases would be no exception, for exfiltration, or simply modification of data. Ie: creating a fake ID.
Very similar to the "EU settlement scheme" which would gave EU citizens which had work and settled in the UK pre-Brexit after a very lengthy and non-deterministic application process the right to stay without any paper document to prove that they actually got that right. Just a database entry on a government computer. Too bad if an extreme right-wing goverment came to power and something happened to that database.
Penury and deportation are quite a bit of scope already! Maybe they'll put an "arrest" bit in there. Warrants are already a thing. I don't see the UK going in for murder just yet. What's left?
Not really. It's part of identity management or whatever it's called to have an ability to recall ids, because they get lost, stolen and people to who they are issued die.
>When (not if) the database becomes an attribute store across a wider scope, the implications are scary.
What are the scary implication really? Most of the EU and beyond has some kind of login to the government capability. And?
What's the threat model really? The government will revoke your fancy thing to report taxes digitally for no reason and bankrupt you? They can do so without such roundabout ways.
In fact, if British Digital ID is based on PKI, then CRL will come out of the box
