Posted by Tim Harford
https://timharford.com/2025/10/in-defence-of-digital-id/
https://timharford.com/?p=9666
In the late 1930s, a Dutch civil servant, Jacobus Lentz, designed a near-unforgeable identity card. In 1940, the Dutch government rejected his proposal as too intrusive. Weeks later, Germany occupied the Netherlands and Lentz travelled to Berlin to pitch his idea. The Nazis loved it, and it became as much a tool of the Holocaust as barbed wire or Zyklon B.
In the hands of a totalitarian regime, an identity card can be a horrifying tool for control. It is no surprise then, that Lentz’s brainchild has cast a shadow over the UK’s efforts to introduce digital ID. It should not. Digital ID, if done right, could strengthen our civil liberties rather than undermining them.
First, let’s realise that digital ID is not a compulsory identity card. You can have either one without the other: Denmark, for example, has a digital ID system without a compulsory ID card; in contrast, Lentz’s identity card became a tool for oppression before digital computers existed.
The simplest form of a digital ID system is that every resident should have a unique number. Different parts of the UK government have assigned me a passport number, an NHS number, a Unique Taxpayer Reference number, a National Insurance number, a driving licence number and, no doubt, various other numbers are floating around too. Introducing a digital ID could be as modest a step as gradually replacing this motley bunch with a single number for each resident.
This doesn’t require a big centralised database; indeed, it doesn’t significantly change what the state knows about me. The tax authorities don’t need my medical records and my doctor doesn’t need to see my tax returns, but it would be handy for all of them to use the same unique number to connect me with their records about me. It should allow services to be joined up, from the basics (not having to tell every government agency when I move house) to more ambitious steps, such as ensuring that child benefit is automatically paid when the birth of a baby is registered.
It’s possible to go further than rationalising all these different official numbers. But further in which direction? Andrew Whitby, author of The Sum of the People, a history of censuses and population registers, tells me that we should ask “what data is collected, how it is stored, and what constraints there are on its use”.
That is fair; in fact, a well-designed digital ID could go a long way to clarifying such questions and strengthening the protection of our liberties. How? Here it is worth considering the potential for abuse and fraud in the current system. I lose track of the number of institutions who have received copies of my utility bills, my bank statement or my passport because there is no simpler or more convenient way for me to demonstrate some basic fact about myself such as my address or that I am old enough to vote.
A cleverer system is summarised in a recent working paper by the computer scientist Steven Bellovin. It could work like this: I log into a government website or app using my digital ID and password, and I request a temporary cryptographic token attesting to some minimal fact about me. (What kind of fact? That I am over 18. That I have a legal right to work. That I have no criminal record. My verified address. That I have a recognised disability. There are all kinds of things I might want to be able to prove, without also revealing every other detail about myself.)
The app would issue the token, which I could then immediately use. In some cases it would be a seamless digital handshake behind the screen of my computer browser. Or the token might generate a barcode on my smartphone, which could be scanned by a landlord letting out a flat or an employer giving me a job. None of this is very different from what happens when I use a credit card.
Beyond this sheer convenience, a token-based ID system provides protections both against identity theft and state surveillance. Identity theft is harder because I can prove what needs to be proved without circulating scans of my passport and bank statements. State surveillance is harder because these cryptographic tokens reveal minimal information: I don’t need to tell the government that I want to watch fetish videos, I just need to request an encrypted token attesting that I am an adult.
That all sounds rather splendid. But couldn’t we have the convenience and security of such a system on a more ad-hoc basis, without a single universal ID number? No. We might like the idea of a system that, for example, allows users to privately verify their age before being allowed to access social media, pornography or alcohol, yet does nothing else. But as Bellovin explains, such a system would be full of holes without a single digital ID system to back it up.
Digital ID is, of course, about more than administrative convenience: it allows the denial of services to people who have no right to them, such as irregular migrants; it also prevents the arbitrary denial of services to people who do have a right to them. The Windrush scandal showed all too clearly that rights for the vulnerable are at risk without a modern identification system. The scandal saw people who had lived for decades in the UK, and who had every right to continue, deported or threatened with deportation because neither they nor the government had the documents to prove it. It is foolish to believe that holes in the population register really protect the innocent.
There is a defeatist argument for digital ID, namely that it does no harm because our privacy is already hopelessly compromised. There is some truth in that. But what that argument misses is that a well-designed digital ID offers us an opportunity to take some of that privacy back by minimising the need to share too much information, and by clearly specifying our rights — including the right to know which information has been accessed, by which authority, and why. (If the state needs covert access, a court order would be required.)
In the hands of a truly oppressive government, such protections would mean little. Nobody should be complacent about such a prospect. But oppressive governments have many other technologies at their disposal. Nobody is proposing the abolition of the telephone, the index card or the lockable door, no matter how convenient they were to the Gestapo and the KGB. It is important to ask how any technology might be abused in the wrong hands. But that cannot be the only question we ask, especially since the best defence against authoritarianism is not to cripple the functioning of liberal states, but to make them work better. Digital ID might just help with that.
Written for and first published in the Financial Times on 2 Oct 2025.
I’m running the London Marathon in April in support of a very good cause. If you felt able to contribute something, I’d be extremely grateful.
https://timharford.com/2025/10/in-defence-of-digital-id/
https://timharford.com/?p=9666
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
![[syndicated profile]](https://www.dreamwidth.org/img/silk/identity/feed.png){kind=small}
tim_harford_feed
