The Return of Identity Control
Digital identity should belong to the individual. That principle defines freedom in the digital age. Yet the UK government has announced plans to roll out a national digital ID scheme. Ministers describe it as modern, efficient, and secure. They say a smartphone wallet app will hold your proof of identity and that “state-of-the-art encryption” will protect it. They insist you won’t need to carry a card, but you will need the ID to get a job, apply for childcare, or file taxes.
History already told us what happens when governments and corporations take control of identity. Britain’s failed ID card project of the 2000s tried to centralise the lives of citizens inside a National Identity Register. Officials planned to collect up to fifty categories of data: names, addresses, biometrics, and even logs of every verification event. That register collapsed under cost overruns, political mistrust, and the obvious risk of surveillance. The government ordered the hard drives destroyed in 2011.
The new scheme repeats the same assumptions with fresher packaging. A digital wallet replaces a card. Encryption buzzwords replace vague promises. The underlying logic remains the same: the state issues, manages, and revokes identity as if it were a license, not a birthright. Politicians frame this as inevitable. But inevitability is the language of power, not of liberty.
The Mirage of “State-of-the-Art Encryption”
Officials lean on encryption to defend centralised identity schemes. They repeat the phrase “state-of-the-art encryption” as if it settles the debate. But encryption by itself does not guarantee safety. The architecture determines resilience, not the cipher. You can lock a fragile door with the strongest padlock and still lose the house when the frame splinters.
So what does state-of-the-art mean in practice? Most systems today use AES-256 for symmetric encryption and elliptic curve cryptography for public-key operations, often with EdDSA or ECDSA signatures. These standards remain strong against today’s adversaries. Banks, messaging apps, and secure websites all depend on them. But no algorithm can protect a poorly designed system. If managers mishandle keys, if too many agencies gain query rights, if the system centralises every credential, breaches and misuse will follow.
Quantum computing also threatens this model. Shor’s algorithm will eventually break elliptic curves and RSA. The UK’s own National Cyber Security Centre urges organisations to prepare for post-quantum algorithms. Yet the government’s digital ID proposal does not mention hybrid schemes, post-quantum migration, or selective disclosure protocols. They promise encryption but ignore architecture. They defend the lock while leaving the door in the same brittle frame.
Centralisation creates the deeper risk. A national database of identities becomes an irresistible target. Even if the cryptography holds, the governance may fail. Politicians will feel pressure to extend the system from right-to-work checks into housing, banking, and travel. Bureaucrats will argue for efficiency. Security services will demand integration. What begins as a tool for convenience grows into a system of control.
Why Centralisation Appeals to Power
Governments and corporations prefer centralisation because it consolidates power and profit. A government that controls identity controls access to work, welfare, and mobility. Corporations that win contracts to build the system control the infrastructure, the analytics, and the revenue stream. Deloitte, BAE Systems, PA Consulting, and Fujitsu already position themselves to benefit. They see billions in contracts, not the dignity of citizens.
Other nations show what happens. India’s Aadhaar enrolled more than a billion people, linking biometrics to welfare and banking. The system enabled payments but also excluded vulnerable citizens when scans failed. Hackers repeatedly breached its databases. Estonia’s digital ID works better, but only because Estonians demanded transparency, decentralisation, and legal safeguards. The European Union’s upcoming wallet uses verifiable credentials and selective disclosure, a design that empowers citizens. Britain has ignored those lessons and chosen the path of centralised control.
The reason does not lie in technical difficulty. The standards for decentralised identity already exist. The W3C and open-source communities maintain them. The EU implements them. Governments choose centralisation because it creates leverage. Corporations lobby for it because it guarantees contracts. Citizens rarely get a voice in this architecture.
The Philosophical Core: Identity as a Birthright
The deeper issue is philosophical. Who owns identity? Classical liberalism argues that the individual precedes the state. Identity does not arrive from a passport office. It comes from existence itself. Governments may issue credentials, but they do not create the person.
When states centralise identity, they reduce people to subjects waiting for verification. Access to housing, work, and healthcare depends on whether a database responds. Errors become existential. A failed biometric scan can deny rations, as happened in India. A false negative can cost employment. A bureaucratic mismatch can exclude a family from services. The machinery of verification swallows the dignity of the person.
Privacy is not a luxury. It defines autonomy. Without privacy, citizens cannot exercise agency. Without agency, democracy corrodes. Centralised ID schemes erode trust by design. They create checkpoints instead of commons. They extend control instead of protecting liberty.
The Web3 Alternative: Self-Sovereign Identity
Digital identity should belong to the individual. Web3 technologies already make this possible. Self-sovereign identity (SSI), decentralised identifiers (DIDs), and verifiable credentials provide the architecture.
In this model, you hold your credentials on your device. Governments can still issue proof of citizenship. Employers can issue proof of work. Universities can issue degrees. Banks can issue account attestations. But you own and carry them. Verification happens peer to peer. You decide what to disclose.
Consider how this works in practice. A person can prove they are over eighteen without ever revealing a date of birth. Employers and applicants can confirm work status without disclosing the full contract. Border crossings could happen without leaving behind a centralised trail of every query and check. This vision already exists. The European Union builds its wallet on these standards. The W3C’s Verifiable Credentials framework has matured, and open-source projects already provide working implementations. Any government that values privacy and resilience could adopt them immediately.
This design offers resilience. No single database exists to breach. Each credential carries a cryptographic signature that others can verify without consulting a central server. Each disclosure reveals only what is necessary. This system cannot eliminate all risk, but it reduces abuse by distributing trust and eliminating honeypots. It embodies a philosophy of empowerment rather than control.
The Cost of Getting It Wrong
If Britain pursues the wrong design, the cost will fall on liberty as well as security. Centralised systems always break under pressure. Hackers have compromised identity registries across the world. Breaches lead to mass identity theft, fraud, and exploitation. Encryption cannot prevent this outcome if architecture and governance concentrate power in one place.
Exclusion adds to the harm. Citizens who lack smartphones risk being locked out. Biometric mismatches already excluded vulnerable people from food distribution in Aadhaar. Errors in Britain’s welfare systems have left families destitute. A centralised digital ID would hard-code these failures into daily life.
The result would be predictable: mistrust, alienation, and resentment. A society built on conditional access erodes cohesion. A state that demands a credential for every interaction corrodes dignity. Convenience for the many would come at the expense of justice for the few.
A Call for Design Principles
Britain still has a choice. We can build digital identity as a commons rather than as a control system. To do so, we must insist on three principles.
First, identity must remain self-sovereign. Individuals must own their digital identities. Governments can issue credentials but cannot monopolise them. Second, the system must decentralise verification. Citizens should not rely on a single database that every check queries. Third, disclosures must remain minimal. People should prove only what is necessary, not hand over every detail each time.
In addition, Britain must prepare for the future. Post-quantum cryptography is no longer theoretical. NIST has standardised algorithms. Governments should deploy hybrid schemes today, not wait for crisis tomorrow. Architecture, not rhetoric, defines security.
A Compass, Not a Leash
The UK’s digital ID proposal represents a fork in the road. One path offers convenience at the cost of liberty, with governments controlling identity and corporations monetising it, with access to work and services depending on the smooth operation of a centralised database. The other path offers sovereignty, with individuals owning their identities, with credentials portable and verifiable without surveillance, with privacy respected by design.
Officials insist digital IDs are inevitable. Perhaps they are. But inevitability does not determine design. Citizens still control the choice of principles. We can demand architecture that protects dignity or accept a structure that enforces control.
Identity should not become a leash that tethers us to governments and corporations. It should act as a compass we carry ourselves, guiding us toward autonomy, privacy, and resilience in the digital century. If we fail to demand this, we inherit a system that treats identity as infrastructure for profit and policing. If we succeed, we build a commons worth inheriting, one where identity belongs to the individual.
Britain stands at a decision point. If we stay silent, identity will drift into the hands of governments and corporations who see it as infrastructure to control and monetise. If we speak clearly, we can demand a different future, one where digital identity belongs to the individual, anchored in privacy, dignity, and open standards.
This debate does not belong to experts alone. It concerns every citizen who wants to work, move, or live without surrendering autonomy. Share this argument, question your representatives, and push for self-sovereign design. The tools already exist. What matters now is whether we claim them.
