From the outset, the phrase “digital ID” in the UK sounds innocuous, even modern: a convenient smartphone credential, no more fumbling for documents, everything simplified. But beneath the smooth language lies something more serious. What if this isn’t just about convenience? What if it’s about control?
As someone who has spent years building privacy protecting infrastructure with Scramble Technology and championing user owned identity through AperiMail, I’m not ideologically opposed to digital identity. Far from it. I believe identity matters, especially in an increasingly digital world. The question is: who controls it? Who builds it? Who holds the keys? In the UK’s current trajectory, the answers are worrying.
The Mask of Modernisation
When the Keir Starmer government announced a new “free digital ID” scheme to be rolled out for citizens and legal residents, the language used was telling. On one hand: “will make it easier for people across the UK to use vital government services” (via the official government explainer). On the other hand: “it will make it tougher to work illegally in this country.”
Convenience meets security. But in practice, when identity becomes something you must have to live, work, rent, vote, or travel, convenience is no longer the core issue. Autonomy is.
The scheme’s working title, the “Brit Card,” shows the ambition: every adult eventually bearing a digital credential. The government’s own documentation states the digital ID “will be stored securely on your phone” and expects roll out to “all UK citizens and legal residents by the end of this Parliament.”
It’s worth noting that Britain abandoned ID cards in the 2010 Coalition era, citing cost and civil liberties concerns. So the resurrection of a national digital ID has historical baggage. We are not entering virgin territory.
When a government says “we’ll make your life easier” and “you’ll need this to work,” something shifts. The conditional becomes the norm: identity becomes not a right but a service. And services can fail, expire, or be revoked. That’s the architecture of dependency.
The Architecture of Dependence
Imagine for a moment that your identity is a token in a system you don’t control. You hold the token; someone else issues the rules, operates the databases, controls the revocations and suspensions. That’s the model the UK is chasing.
Private identity service providers (IDSPs) are already certified to verify people for right to work, right to rent and criminal record checks. Private sector runs the checks; the government sets the framework. Fine, until things go wrong.
Security concerns around the UK’s existing identity infrastructure, such as the One Login system, illustrate the risk. A whistleblower reported “serious data protection failings… significant shortcomings in information security” within One Login. We are already at the edge of a hole before we’ve built the full system.
More broadly, experts warn that a national digital ID scheme poses “an enormous hacking target.” Centralised identity systems concentrate power and risk. If you build one big vault of identity, you build one big target.
From my vantage point, this becomes a moral issue as much as a technical one: When identity stops being something you are and becomes something you access, your freedom becomes a permission. And permissions are underwritten by legality, technology and trust in institutions, which can erode.
The Architecture of Dependence
One of the more troubling aspects of the current UK model is how state and corporate powers are entangling around identity. The trust framework documents show private IDSPs being certified to carry out identity verification. The government promises federation, but private certification and operation mean data flows through circuits that cross public and private boundaries.
We’re seeing the fusion of convenience and control. The state provides legitimacy; the corporations provide scalability. Together, they build systems that no individual can opt out of without significant cost.
It’s naive to assume that all private actors are benign. Surveillance capitalism has taught us that data is power, behavioural data, identity data, metadata. Once your identity is digital and centralised, it becomes an asset to be monetised, analysed, scored, adjusted. Public sector promises seldom cover all the edge cases.
Civil liberties groups warn that a unique “digital identity” and centralising databases would “remove much of the individual’s agency in managing their data.” Let’s be clear: when privacy by design is abandoned, identity by service takes its place.
Democracy and Conditional Existence
Here’s where the liberal tradition gets tested. Democracy presumes that you exist before the system recognises you. Citizenship is a status, not a login. When you move to a system of digital identity as necessary for accessing rights, the reverse happens: you must be recognised to exercise rights. That’s a profound shift.
Consider this: if the only way to access services, benefits, work or travel is through a digital ID you don’t control, then full participation in society depends on infrastructure. Fail the system or opt out and you cease to participate. That is not a free society. That is a conditional society.
My lived experience: as the founder of technology built for privacy, I have seen how systems drift. Today’s optional feature is tomorrow’s default. Once the infrastructure exists, it will be used. Historical examples abound: what begins as “just to make things easier” ends as “you can’t without it”. Now add digital identity and you have the blueprint of a layered form of control.
The petition signed by more than 1.6 million UK citizens opposing the digital ID plan was not just about inconvenience; it was about the principle of “being required to register with a state controlled ID system”. People sense the drift. They sense the shift from being a citizen to being a user of a system.
When identity becomes a managed credential rather than a birthright, you become a subject of the system. You don’t just live in a democracy; you continuously prove you can. That changes the relationship between individual and state and rarely for the better.
Decentralisation and Trust Without Permission
Let me pivot now. I am a technologist. I believe we can build a system where identity is secure, usable, and trustworthy but not one in which freedom is compromised. The alternative is neither chaos nor a return to physical paper; they’re neither scalable nor future proof. The alternative is decentralised identity.
Technologies such as Decentralised Identifiers (DIDs), verifiable credentials and zero knowledge proofs enable what I call trust without permission. You don’t need to ask the state to validate your identity; you prove what you need to prove to the verifier you choose. Your data stays yours. You control who sees what and when.
AperiMail and Scramble Technology are constructs of that belief: architectures where privacy is not an afterthought but the design. Where you don’t hand over your identity to be managed; you present proof in real time, hold the keys yourself.
This falls back to a core moral statement: identity must start at the edge (the individual) and scale outward, not begin at the centre and scale inward. When identity is centralised, autonomy shrinks.
Yes, decentralised systems are complex. They require new user experience paradigms, new governance models, new business models. They challenge legacy assumptions. But consider this: we are designing an infrastructure for the next century. Are we going to hand that over to a handful of institutions and corporations, or build it with those who live inside it?
In the UK’s current plan, the trust framework and certification imply central trust anchors. That may seem efficient, but in the long run it means centralised control.
The Liberal Tradition and the Modern Betrayal
The UK has a history of resisting national ID cards, rooted in post War suspicion of intrusive state power. In 2010, the ID card programme was scrapped. Yet today we are seeing almost the same logic re emerge under a digital guise.
I grew up believing that the individual mattered more than the system. That rights were not rewards. I believe in a paradigm where the state is subject to the individual, not the other way around. When identity infrastructure flips that, the liberal order is betrayed.
Consider this line: “We will make your identity simpler to manage, we will toughen up labour checks, we will reduce illegal work.” The framing is pro service until you turn the lens and see what it implicitly does: expands state surveillance, centralises data, and places reliance on digital credentials not personal dignity.
You cannot safeguard liberty by centralising trust. Either I own my identity, or someone else holds it. Either I decide how my identity is used, or it is decided for me.
The UK’s messaging of “optional at first, mandatory for work” is the classic opening move of lock in. Give people the convenience; then require it. Consider this: if the digital ID becomes necessary to rent, to buy, to bank, to work, then “optional” is practically non existent.
Reclaiming Identity as a Civic Right
Here’s the call to action. We must reclaim identity as a civic right, not a service. It means insisting on systems where:
- The individual holds the credential, or the key, or the proof, not the state alone.
- Design is human first: inclusive of those offline, those skeptical, those marginalised.
- Transparency is not optional: audit logs, clear governance, revocation rights, dispute mechanisms.
- Privacy is infrastructure: not an add on, not afterthought.
- Control is distributed: no single point of failure, no single actor who holds the master key.
Let us build identity systems as we build democracy: rooted in autonomy, accountable to the individual, open to change and challenge.
I believe in a future in which my identity does not sit in a government wallet app devised by ministers and corporations. I believe in a future where I carry my proof, we negotiate our relationship to services, and the system adapts to me, not the other way around.
Because, and this is the core truth, without the right to vanish, we lose the right to be seen as human. If everything you are must be validated by the state or a credential, then you are no longer human first; you are a node in a system.
So today, the UK stands at a choice point: build an infrastructure of obedience, or build an infrastructure of autonomy. Convenience must not trump dignity. Efficiency must not erase freedom. Let this be the moment we reject identity by permission and reclaim identity as ownership.
A note for readers:
If you believe identity should remain a right, not a permission, you can make your voice heard.
The Liberal Democrats are gathering support to oppose the UK’s proposed national digital ID scheme.
Sign the petition here: https://www.libdems.org.uk/nodigitalid
Your signature isn’t just a protest; it’s a reminder that democracy begins with the individual, not the database.
