I welcome the witnesses to the first oral evidence session of our inquiry on harnessing the potential benefits of digital identification in the work of the Home Office. Before I ask the witnesses to introduce themselves, I am just going to make an opening statement. I want to acknowledge the level of public interest in this inquiry. We have received more than 3,500 written evidence submissions, with most coming from ordinary members of the public. That was even before the Government announced their plans for digital ID. The vast majority of submissions from individuals were strongly opposed to mandatory digital ID. The role of this inquiry is not to decide whether or not mandatory digital ID should be introduced, but to examine the strength of the evidence for and against digital ID, particularly in the areas of crime and immigration, and to scrutinise the Government’s policy on making digital ID mandatory for right-to-work checks by the end of this Parliament. We will carefully consider the views of those members of the public who have submitted evidence, as well as of our own constituents, alongside the views of our expert witnesses. Can I ask the witnesses to introduce themselves?

I am Edgar Whitley. I am a professor of information systems at the London School of Economics. I have spent 20-plus years studying digital identity in the UK and globally. Particularly in the context of this inquiry, I have also been supporting and working with both DSIT and GDS for the digital identity and attributes trust framework and for One Login as well.

Good afternoon, everyone. Thank you for inviting me to give evidence today. My name is Laura Foster, and I am the associate director for tech and innovation at techUK. If you are not aware, techUK is the UK’s tech trade association. It is our job to represent the UK tech sector and showcase how technologies, when they are applied in an ethical and responsible way, can have a positive impact on UK society, the economy and the planet. Through our digital ID working group, we are the industry voice for digital ID. We host events and webinars and publish a lot of policy thought leadership. Most recently, our digital ID report came out in October; it was the first industry response following the announcements from Government.

My name is Alexander Iosad. I am director of government innovation policy at the Tony Blair Institute. Thank you very much for inviting me today. The Tony Blair Institute is a non-profit that operates globally in more than 45 countries, advising political leaders on strategy, policy and delivery. In the UK, we operate essentially as a think-tank and as a policy research institute. We do research, we talk to people, we publish papers and then we hope that the ideas we put down are picked up by a Government of the day. I lead a team that is focused on public service transformation. It is a global team—we cover both the UK and global policy, and we hope to blend that expertise across borders. We have advocated strongly for a form of digital ID to improve public services in the UK for more than five years at TBI.

I welcome Dame Chi Onwurah, Chair of the Science, Innovation and Technology Committee. She is guesting on the panel today because her Committee also has an interest in this area and we want to ensure cross-Committee working. We will go into questions, starting with Peter Prinsley.

My first question is very wide, and you could probably spend all afternoon answering it. We would like to know what you see as the main potential benefits of a more widespread adoption of a digital form of identification in this country.

Digital ID, per se, has lots of advantages. For me, the big question is always how you implement it, but the idea is that you have a digital credential that includes facts about yourself—attributes, particularly; the identity part is less important. It is mostly the attributes—that come from a source that is the appropriate source to give that attribute. So, my university is the best place to determine whether you have a degree from that university; the UK Government is the best place to determine whether you are a citizen, and so on. The idea of having a digital representation of identity, and particularly attributes, is definitely a useful thing, because it takes all of those different documents that are typically used to prove those claims and puts them in a form that you can use and share. The big question, of course, is how you go about doing that, but there will probably be a later question on that.

I will start by talking about the economic benefits of the digital ID sector to complement what has already been said. In case you are not aware, the UK already has a thriving digital verification services sector. They employ over 11,000 people and deliver a £2 billion impact to the UK economy—a figure that is set to double by 2030. Those companies are already delivering services to millions of citizens who have chosen to use digital ID, and the benefits in the cases in which they have chosen to be used are great. They can be used for a teenager or a young person who wants to access their academic record. They can be used for a retiree who wants to verify that they have a right to access their pension. But actually, where we see most people already choosing to use digital ID is in the financial services industry and for fraud mitigation. Why is that the case? Well, digital ID allows the presenting of trustworthy information so that it can help streamline services and reduce compliance costs. For the financial sector, digital ID is already delivering benefits. I will finish by saying that the financial sector sees the compliance benefits of digital ID as really important, but, through the Government’s own statistics, time savings and convenience are the reasons why citizens are choosing to turn to digital ID to access services.

I agree with everything that my co-panellists have said. From a public services perspective, when we talk about digital ID, we talk about the ability to prove that you are who you say you are, and that is an identity element. We talk about the ability to prove that certain things about you are true. Again, with digital identity, that can be done much more easily in a much more convenient, private and secure way. We also talk about the ability to access services on the basis of who you are and what we know to be true about you, and that opens really exciting possibilities for how public services, and services more broadly, operate. It allows us to move from a reactive, one-size-fits-all model that was built for a different age, to a personalised, preventive model with a layer of accessibility that is not possible with a traditional model, where you have to apply for every service and prove again and again things about you that the state may already know. An additional benefit to digital ID is the ability to change how public services operate to make them much more responsive to citizens, and to put citizens in control of their own data in a way that is not currently available to them. This is something we see countries around the world embark on as a journey, and one where the UK has arguably fallen behind.

You have partially touched on my next question, which is about the impact that the widespread adoption of digital ID could have on crime reduction and particularly on fraud.

Crime reduction is a very broad concept. It will not have that much effect on street crime. You could potentially link the photo that you might have as part of a digital ID to face recognition cameras, but that is a horribly complicated mess. On fraud, as Laura has already said, a key part of the requirement for the financial sector is to know your customer. Everything that you can do to simplify that process will reduce the risk of fraud because the customer is better known. It will not stop all fraud because quite a lot of financial fraud involves, for example, mule accounts, where I am definitely the person who opened the account and definitely a real person, but I am using my account for fraudulent transactions and getting a payment for doing that. It will not be a panacea, but for the initial registering of an account—making sure it is a real person, and so on—it has an important role to play. Bear in mind that the onboarding of customers is not just the “know your customer” anti-money laundering checks; there are a whole lot of other, “What other services and products can we sell to you?” offers. It is also not going to fix the fact that everyone can have a bank account in 10 seconds.

Just as crime can be an incredibly broad term, fraud can be incredibly broad. There are different types of fraud. Fraud is the UK’s most common crime. It is 40% of all crime and costs the UK £6.8 billion every year. Identity fraud costs the UK over £1 billion every year. That is where digital ID probably finds its sweet spot. CFIT has already said that there could be £1.7 billion in savings in compliance and time-saving costs to build on from “know your customer”. Fraud is multifaceted. It is changeable. Digital ID will have to be deployed in a way that does not add to fraud, but it could mitigate fraud. Government are already realising the benefits of digital ID for mitigating fraud. That is why they are currently going through the process of changing anti-money laundering guidance and attaching it to something called the trust framework so that there can be clear guidance on how digital ID can be used within the financial sector. I am happy to talk more about the trust framework.

I want to move on to another thing that is very topical. A lot of people have said that a mandatory digital ID would help with our immigration system. Do you believe that to be the case?

We do not believe that digital ID is a silver bullet for anything, including the reduction of irregular migration. I am sure that we will get into more debate about that. Where I see an argument for digital ID helping to reduce the pull of the UK for illegal migration is, first, in narrowing the business model of organised criminal groups that are exploiting people to get them across the channel. We know that they advertise, as part of their services, the ability to access falsified documents. They hand you a paper passport that, under current systems, which are quite fragmented when it comes to existing checks such as right-to-work checks, can be essentially waved through with no record of that happening. There are loopholes in the system that a universally used system—we should get into the mandatory element of this in more detail—for digital verification of the right to work can help to close. A second element is the ability to target enforcement much more accurately. At the moment, we have essentially told businesses that they are responsible for carrying out these checks. We have made it quite hard for law-abiding businesses to carry out their legal obligations and quite easy for those who do not want to follow those rules to slip through the net. With a system that allows us to have a record of which checks are being carried out, we can target enforcement much more accurately.

That answers my next question. There would be some point to this from the point of view of checking whether employers are complying with this stuff.

That becomes a boring, technical architecture choice. You are now creating a record—which, the proposals suggest, is shared with the Home Office—of every time my digital ID is checked for a right-to-work check. If you have built in the capability to create an audit trail of those checks, you can easily imagine all the other digital ID checks and see a good, sensible argument for, say, improving the health of the nation by checking every time you prove that you are over 18 if there was an age limit on when you could buy cigarettes, or when you prove your age in order to buy alcohol. Would it be okay to also have an audit trail—a record—of that, not to target enforcement, but to target health interventions? That is where the technical choices, as opposed to the high-level principles, become incredibly important. I suspect that a large number of the individual submissions address an unease at that kind of scope creep.

A surveillance society problem.

A record-keeping and auditing society that could then be used for other purposes.

I have two more bits to my questioning. One is about international models. There are plenty of countries where this is happening. What would be a good example that this country could learn from?

I do not think any country has built a system that operates in the way that we think the technology can do and that has got all those technical architecture points right—I completely agree with you that most of these questions are boring technical architecture questions. There are countries that have done different elements well. Countries like Ukraine have kept the data safe and secure, even in the face of really massive cyber-attacks. Countries like Estonia and others have done well on disclosing the data that the state holds on you, who accesses it and for what reason. Countries like India have done remarkably well on the scale of implementation, and in countries like Singapore satisfaction with public services rapidly improved as digital ID was rolled out. For the UK, the opportunity is that of being a late adopter that takes the best of every known implementation to build something that works for us.

Just on the India example, because it is frequently pointed to, yes, it has scale, but it is designed only to ensure that every person has a unique ID or, technically, just a number—people laminate the letter with the number on it, because they are still very much a paper-driven economy in large sectors. But it has no attributes about you; it does not even do citizenship. It does residency, because anybody who is resident in India can get an Aadhaar number.

I agree that there are elements from lots of different nations that we can learn from and draw on here in the UK. I would highlight examples that align closely to the UK, such as Sweden, where the digital ID system started through banking—they have a bank ID. Canada is another example. There are also parts of the eIDAS scheme—the European scheme—which is a framework setting out what good digital identity looks like. But I would add two points. We need to recognise the nuances in this country; we are a country with a mixed history when it comes to mandatory or national ID. We need to meet UK citizens—UK populations—where they are and where they feel comfortable with what has already been used. We also need to recognise that the UK already has a marketplace when it comes to digital ID. I would also comment on something that was just said about the UK being a late adopter. We are not actually a late adopter. The Government’s own statistics show that 44% of the people they surveyed have already used some form of digital ID service in the UK. Again, it is primarily for things such as opening a bank account or for right to work or right to rent—through the trust framework, you can already use digital ID for right to work.

Finally, if the Government are to do this for the British people, how do they sell this as politically acceptable? We have received thousands of submissions, most of which, as you correctly predicted, were in opposition to anything remotely like this. I think many of us can see the huge advantages of this system in all matters of state, but how would you go about presenting it simply and understandably to the British people as something that is a big advantage to them?

It is interesting—with my academic hat on—that your language has moved from “sell” to “persuade”. If this is something that works for people, they will choose to adopt it, because it makes life easier and so on. But we still do not have the perfect model for how this is going to work. To take a simple example, if you want to do a digital right to work, and you are a freelancer, you could, in an extreme situation, have to prove your right to work with 49 different ID providers, because there are 49 companies, and they have all done a deal with different employers. Then, the 50th time, you have to do exactly the same checks to access your online tax returns. It is great from a market perspective, but it is not quite there yet from a citizen’s perspective, which is part of the problem. There is also a lack of clarity on the details of how it will actually be implemented. What choices are being made? What choices are up for consultation? What choices are up for decision? It is very difficult to sell a vision without the detail behind it.

Could you see it being an app, for instance?

Realistically, the form of implementation for those who have a smartphone will probably be an app, but that is just the method of delivery. Aeroplane tickets used to be paper, and they are now on a smartphone app, but it is just a representation of the underlying data.

I completely agree. This will be taken up and embraced if it is useful, and that is what we have seen around the world. If people see the benefit, they will look at it and accept it. Even Estonia’s introduction of digital ID was met with significant controversy 20 years ago, but we have all forgotten about that because it was so long ago. Because it has proven to be useful, they are now very proud of it. Talk to any Estonian and they will tell you all about it. What we need to do in this country is to have a very clear vision of what we want to accomplish, and in our view it is about improving public services and the interactions between the state and the citizen, which are so difficult today. And it is about delivering quick wins, so having a very focused delivery plan that is communicated in the open and that allows people to see the progress very quickly.

Certain attributes about you are things that the state issues. I cannot come along and say that I am a citizen of Germany because that is something the German state decides. The British state says that I am a British citizen, and if I were not, it might still say that I have the right to work. It is the idea of a trusted authority that is the correct issuer of attributes that are linked to the individual.

It is sad and geeky, but this is about who is the correct person to issue attributes. If the state is not the one who determines whether you are a British national, I cannot imagine who would be. It is the state, rather than politics, that issues attributes.

Yes, the Government are the body who issue these kinds of attributes.

Yes. The other point about interaction with the state is that, yes, the Home Office has a gazillion and one other projects—all Government Departments have lots of things that they need to do to improve, digitise and transform their processes—and there is no money to do any of that, and there is a lot of work involved in redesigning systems to operate at a UK scale of 80 million citizens, or whatever it is. I am optimistic, while recognising that there are very practical problems behind the scenes in doing this.

I think the point to be clear on is that the Government can and should be the source of truth when it comes to citizen data created by the Government, such as your birth certificate. I do not think anyone would be upset that the DVLA gives us our driving licence. Through the gov.uk wallet, the Government are already in the process of digitising driving licences—we will hopefully get a digital driving licence very shortly. That, in itself, is really uncontroversial. Where the digital verification ecosystem comes in, however, is that you would not then expect the Government to be involved in how I choose to use my physical driving licence. If I want to go to Tesco and buy a bottle of wine, I do not expect the Government to be involved in that transaction. It is the same in the digital case; the Government can give me my digital driving licence, but I do not want them knowing whether I buy my bottle of wine from Tesco. That is where the wider digital identity ecosystem comes in, and that is why we need citizen choice and citizen empowerment. That is why we need to leverage the expertise of the digital ID sector that we already have operating on the trust framework.

There is a strong public appetite to see the state work better, and there is a belief among the public that technology is not being utilised to its full potential to make the state work better. We know that part of that mistrust in the Government comes from the state failing to improve the status quo. Digital ID, in the wider sense that we are discussing it, is a means of improving the interactions between the state and the citizen, so that citizens see the state working for them, not against them.

Thank you for coming in. In response to Peter’s questions, you talked about the benefits in mitigating fraud or immigration offences. Do you think there is any scope, in how this is designed, for it to end up creating opportunities for fraud or immigration offences? Do you think that, by making digital ID our line of defence, there is a possibility for a state actor or data corruption to catastrophically undermine our ability to take on fraud or immigration offences?

Anything that becomes a key part of any process will be targeted by fraudsters, organised crime gangs or whatever. The rules that are used to determine whether somebody has the evidence to support their identity claims in the first instance have been evolving over the last 20 years, as we have become aware of different fraud vectors, approaches and attacks. This will be a target for fraud, and the role of a Government-led process—whether it is private, public or both—is precisely to be aware of where the latest fraud vectors are arising and how best to respond. They might say, “We now need to have three pieces of evidence, when previously we were happy with two.” If we suddenly start discovering a whole series of incorrectly issued but genuine British passports, because someone stole them from the passport factory and is giving them to organised crime gang members, you need to double-check not just that it is a genuine passport but, using the passport database, that it was issued to this person, and that it has not been reported as one of the batch that was lost or stolen. There are lots of things that organisations, both public and private, can do—and are doing—to manage those fraud risks. Yes, it will absolutely be a target for fraud, because the more important it becomes for our processes, the more valuable it becomes as an opportunity for fraud. To give a simple example from many years ago, when your driving licence used to have a paper counterpart, if you were really concerned about fraud, you would ask to see the paper counterpart as well as the plastic card. There was a market in creating fake plastic cards, but nobody could be bothered to do the paper counterpart. There are things that you can do, because it is essentially a market of transactions going backwards and forwards.

There is an arms race when it comes to fraud. The latest examples might be deepfakes to try to fool systems that use video to identify likeness. I know that our private sector is doing amazingly well in keeping up with that arms race, and there is a really strong argument for the Government to work with them to integrate those technologies into any state-run system that we may end up with. I would also say that what gives me optimism in this space is that, while anything that becomes central to a process becomes a target, as Professor Whitley says, we also know that the interaction of digital ID in different contexts has reduced fraud significantly. One example of this is in Norway, where the introduction of an ID system reduced payment fraud from 1% to 0.00042% of transactions. That is the type of reduction we can see with digital ID, but it is something that we need to stay on top of, rather than introducing it once and letting it run.

I do not have an excessive amount to add, apart from to agree that anything that grows in priority is going to be a target for fraud. I also agree that increasingly complex digital fraud vectors require increasingly digital solutions. Again, we are seeing some great solutions from the private sector. I will add that digital verification systems and other types of digital ID systems can be designed in a way that prioritises things such as cyber-security, data minimisation and privacy. One good example of that is something that is called double-blind data sharing. Going back to Tesco and my bottle of wine—

Other wine retailers are available.

Sorry, other retailers are available. If I am in Sainsbury’s, buying another bottle—

You’re shopping around.

I am shopping around, getting good deals on my Clubcard, and I again show my driving licence, which shows my name, my date of birth, my address and a lot of other details about me that Tesco does not need to know. If I could show that through a digital credential, all Tesco needs to know is that I am Laura Foster and am over 18. If I can take my digital credential and use a reliable third-party verification service, it shares the information, which it has checked, that I am over 18 and am Laura Foster, then the supermarket has every right to say, “We trust this data and can let Laura complete this purchase.” The supermarket does not need to know anything else about me. That is how digital ID can be trustworthy and implement things such as data minimisation.

On that test, does the supermarket actually need to know you are Laura Foster? Does it not need to know just that you are over 18?

They will need to know it is me who is showing the ID in front of them.

One option would be that Laura has unlocked her phone, and we assume that—

Only Laura can unlock her phone. They do not strictly need to know your name, though; they just need to know you are over 18.

Absolutely. The simple one would be that I unlock my phone and there is a big, flashing green sign that says, “Over 18”, “Under 60”, “Over 60”, “UK national” or whatever it might be. Somebody has to do the binding, whether it is that they trust that I have unlocked my own phone, or they do a quick visual check to see that it is the same person. In a high-security environment, because I might have stolen Laura’s phone and seen her typing in her PIN code, you would really do a careful check, and we would not pass for each other.

Quickly, and without getting too much into the technical detail on the trust framework—I am very happy to follow up in writing—that verification layer is called an orchestration service provider. Such providers are an important part of the digital ID ecosystem. I am happy to provide more information about that in writing.

Thank you. That is useful. May I test an argument on you to see what you think? In many ways, the advantages of digital ID that you have set out are basically stuff we can already do, just more efficiently and faster. Is someone a British national? Is someone over 18? Potentially, however, the real thing that would happen here that did not happen before is what you alluded to with your bottle of wine—the interactions could be created and stored. People undertake a lot of activities that are not illegal but that Government may recommend against—if you were buying four bottles of wine every night, maybe the NHS would say, “We should be looking for people who do that, so we can help them.” You might be constantly gambling online or accessing pornography, which is clearly something people do not wish to share with others. What would be categorically different in a world with digital ID is that the information is stored, and is therefore accessible.

It does not have to be. That is where we come back to the technical design choices. The supermarkets need not have trading standards shouting at them for selling alcohol to under-age people, if they have the assurance that the process at the till is to check that the digital ID says the customer is over 18 before making the sale. We do not need to have the audit record you are talking about. In practice, we do not have the level of organisational and compliance confidence to say, “No, we trust our processes, and therefore we do not need to have that audit trail of records.”

As a citizen, if all I am asked to do is show a QR code, for example, I have to trust the Government, and I have to trust that it is a bona fide machine and that it is not storing the data somewhere.

The Government or the private sector provider.

Yes, and as it is rolled out, how many times would I show my QR code over the course of a week? I would not be checking what machines I have used—the average person is not going to do that. You are asking the citizen to trust that these machines are not storing data.

You are hopefully setting up a framework within which they operate, such that it is clear to everybody that that is not the case. Unfortunately, the announcement of the right-to-work proposals says, “create intelligence data on businesses that are conducting checks”. That immediately makes everyone think, “There’s probably a record-keeping activity going on.” The BritCard proposals, which were one of the influences of this, said, “A digital identity would allow the Home Office to build a canonical record of where and when checks have been successfully completed.” That is one of the elephants in the room. You can design it in a way that says that for things that are low risk, such as when we just want a trusted attribute from a trusted provider, we are happy to say the supermarket has checked that a person is over 18, and we are not going to fine them for trying to sell stuff to under-age kids.

Are you saying that the capacity to record-keep with digital ID would be a switch that the Government can turn on or off at will?

It could be a switch, or there could be a design choice from the very beginning not to build that in. My concern with the right-to-work checks, if they follow these principles, is that by building in the switch for right-to-work checks, everyone is going to ask, “How do we know it is not going to be built in on all the other checks that you suggested, and even if it is switched off, how do we know that this Government or a future Government might not switch it on?”

You need to have those good governance practices. The eIDAS scheme, which is the European scheme, categorically says that Government cannot collect data on its citizens through any services provided by Government. I would like to go back to an earlier question, which was: how do you want to take the UK population on this journey with you? It is about putting those safeguards in place so they know that no one is going to be tracking their data. It is about designing those systems so that privacy is there, and sometimes separating out the DVS layers. Critically, it is all about putting data in the hands of the citizens. That is another advantage of digital ID. If I have a digital wallet, and it can tell me where I have used my digital ID, through being able to live up to the standards of the trust framework, I should be able to enact GDPR and say, “I want all that data gone.” That is my right as a citizen, so it is all about establishing what that good governance looks like.

This is exactly why the debate we are having now is so important, because we can have a conversation about the parameters of what would and would not be acceptable on a policy-by-policy basis. There will be trade-offs between privacy, convenience and control in any policy decision, whether it is delivered with digital ID or without. That is why this debate is about what is possible with this technology. How do we want to draw the trade-offs in any one policy area—whether that is migration or the delivery of public services—and how much control can we give citizens in different circumstances? Again, there are areas of policy in which citizens currently do not exercise any control. That is worth remembering. We can have more control via digital ID than we do today. That is why this debate is so important. At the same time, once we come to a conclusion on what digital ID should not do, one of the ways to resolve that is by open-sourcing as much of this technology as possible. As we build the platforms, we should be open-sourcing the code so that technical experts—including those who may be sceptical about digital ID—can examine it and show that, yes, there is not a “phone home” element here that says, “Not only did you do a check but it was to buy a bottle of wine, and there are too many of those now.” That is something that is possible.

Thank you very much for inviting me, Dame Karen. It is a great pleasure to be here on behalf of the Science, Innovation and Technology Committee. I am afraid that I will try to get into what you have already called the boring technology choices, because they will drive whether this actually works in practice. We have heard a lot about the benefits of digital ID, and I think what you were saying to Margaret and Chris was effectively that the Government were best placed to deliver a digital ID that reflects Government data.

It is the best place to issue attributes that Government can issue. I would separate out whether it has to be a Government digital ID.

I recognise that. How significant is the technological effort for the Government to create digital ID? Does making it mandatory increase the significance of that? Are there key technological choices that influence how difficult that is? That is a big question; it would be helpful to have short answers.

A big part of how you do ID proofing—confirming who somebody is, so you can then get attributes about them—in the UK uses the standards that I briefly mentioned before: “Good Practice Guide 45”, which is a set of rules that determine what evidence will count as good evidence that you are who you claim to be. A current British passport is really good evidence—not having a British passport means you have to rely on other kinds of documents. Those standards are used for both the Government and the private sector, so they have both had lots of experience of all the processes for checking a passport and different kinds of documents. It also means that you can potentially have two or more digital IDs that satisfy the rules even within one login, because you can have a completely different set of data behind it. It is not difficult, but it is a known problem that has been happening. The interesting question is to do with the mandatory nature. Everybody talks about the digital divide—people who do not have smartphones or are not confident using them, and so on. The RNIB submission is really telling about the problems of knowing whether you have actually taken a proper selfie if you have sight concerns. That is just one example. You also have people who struggle to have the right mix of documents to satisfy the rules; they may have a smartphone, but they may not have the right kinds of evidence to do it. There was a report for the Government Digital Service a couple of years ago that suggests that almost 6 million people in the UK are ID-challenged. They might get through, but there is a lot of effort and work involved in helping them get that evidence, and if it is mandatory for everybody, a lot of people will struggle to demonstrate that they have an ID that can therefore add the attribute that you have a right to work.

I am a little surprised by your response. You talk about digital ID being a problem that has been solved because we have digital ID attributes, but this is about every Government Department using the same process—using the same data fetch, accessing on the same platform or however it is implemented—and you have not talked at all about the quality of data in Departments. You are just looking at the front end, basically. I am trying to get an overall idea of the challenge.

The first challenge, if it is mandatory, is for everybody who needs one, which realistically will be everybody in the country. Even I, who have had my job at LSE for a long time, have had to do other right-to-work checks for other kinds of activities. Calling it voluntary is nonsense; it will be mandatory, because everybody at some point in their life will need another job or to apply for benefits where they have to prove they are able to work. And if you do not have an ID, you cannot get a right to work. Once you have solved the ID part, you have to match “This is Edgar. Somebody has proved this is definitely Edgar”, with the records that you have in our system. This is probably something that will appeal to you: if there are multiple ways that I can prove that I am Edgar, then you cannot have a single unique number that is just my number—the equivalent of the US social security number. That means that every Government Department has to go, “Okay, if it’s the same app or the same service that’s proved it’s Edgar, we can shortcut our processes and go, ‘Well, last time, we found his tax records,’” or whatever it is. But if I sign on with a different service, you have to make sure that the back-end services can cope with, “Oh, there’s somebody else called Edgar. Let’s see whether we can find that particular record.” That is quite a lot of work for every potential relying party that is going to do that. Given that we have multiple opportunities to create a digital ID, you cannot assume that the back end just has to say, “Once we know who Edgar is, he is person 12345, so that is definitely his record.” That is kind of built in, almost as a consequence of the ID proofing standards: because there are multiple ways through the ID proofing standards, there are multiple ways of matching the evidence to the back-end systems. That is going to be a big, big problem.

Laura Foster, do you want to add to that?

Yes, thank you. There are a few things going on here. I am a bit concerned that we need to separate the use cases of digital ID and the systems of digital ID that the Government have announced from the broader digital transformation of Government. At techUK, we would encourage different Government Departments to find ways to modernise the data stack and open up data sources, especially through smart data schemes in the Data (Use and Access) Act. That complements the digital ID conversation, but digital ID is more of an application of that digital transformation. Please correct me if I am wrong, but if I put that to one side, the question then becomes, how much does a mandatory digital ID scheme cost?

You say that digital ID complements—sits on top of—the digital transformation, so the challenge of digital transformation is part of the challenge of digital ID.

It can be. Let me take a concrete example of this to try to best explain it. Right now on the gov.uk wallet, it is mandated that by 2027, every single Government Department needs to be able to add any ID—any credential—that it offers physically to the gov.uk wallet digitally. The obvious example of that is the veteran card that we have already seen and the driving licence, but there are so many IDs that you can get from the Government and they all now need to be living on the gov.uk wallet.

That is not going to be easy, so that is a concern. I would like to talk briefly about legacy systems and how they amplify the challenge involved. Do you agree?

In that particular use case, yes, that definitely would. On the use of digital ID to access other systems, the cost of the digital ID itself is separate from that. There is a whole other infrastructure that the Government are going to have to set up, depending on what level of involvement they decide to take in the digital verification stack. Correct me if I am wrong, but that is kind of what you were referring to, Professor Whitley.

Yes.

I am going to keep coming back to it, but we therefore need to recognise that the UK does already have good governance practices through the trust framework.

Actually, I would not recognise that for two reasons. First, the trust framework is not certified to the European levels that you were talking about, and it is the European levels that address things like deepfakes and so on. The current trust framework certainly cannot be considered, I don’t think, to be best practice. Secondly, as part of the Select Committee’s correspondence with the Cabinet Office following the Afghan data breaches and having looked at a review of data resilience that the Government did in 2023, there have been many examples of very, very weak data management practices, to the extent that Government Departments do not even know how many legacy systems they have, so it is impossible to estimate how they can be upgraded to best practice. So no, I would not accept that we have best practice now. How would you respond?

Apologies. I would definitely say that, yes, in terms of legacy systems, we do not have best practice. TechUK would advocate updating legacy systems. We have a whole team that works on how we can do that, and I would love to follow up in writing with you and share more detailed information on that. Regarding your point on the trust framework and how it does not adhere to European standards as it stands—and people believe that they are international standards—at this current moment the trust framework does not align with eIDAS or other standards. I believe that there are conversations actively going on within UK Government to understand how the UK’s trust framework and the eIDAS scheme can align. That is really important for really simple use cases—for example, in case we want to use our passports in other nations. The trust framework has been created, since 2021, through rigorous consultation with industry and parts of the population as well. The framework has only been legislated on in 2025, so that is quite a long consultation process. We should not scrap something just because it is not perfect. There are redress schemes in place, because things are not perfect. Let us iterate it, build upon it and get the trust framework to a level that it can work within these European schemes as well.

I wonder about the time it will take to do that, but let us move on. Alexander Iosad, do you have anything to add? You talked about open source as a solution. How much of open source is being used right now in Government to support this?

Not as much in this particular area as I think is required to earn the trust of citizens. We would certainly encourage more of that in this space. If I may add to the discussion on, “Where are we starting and where do we want to get to?” I have two points. One is a mitigating point, hopefully, which is that for the types of system we are discussing here, a lot of the building blocks are in place already. We have the framework—I agree with Laura that we want to build on and improve it. I also agree that we need to align with the eIDAS standard over time. In my view, any Government-produced ID infrastructure should be eIDAS compliant. We also have ongoing projects to mitigate the impact of legacy systems. We have the blueprint for modern digital government.

Just to say on that, they promised us a plan. The blueprint is a very high level. We were promised a plan, but we do not have a plan yet, do we?

We do not, and I await it as eagerly as I am sure you and members of the Committee do. There is a risk in this debate about digital ID where, if we see it as separate from the broader digital transformation, the digital transformation will head in one direction, the digital ID ambitions will head in another, and they will not connect. In our view, the conversation about digital ID is an opportunity to pay the kind of attention we should have done for a decade or more to digital transformation in Government. The scale of opportunity is immense, we have missed out on a lot of what we should have done, and now is the time to mitigate.

I have two quick follow-ups on that. You are saying that we have in place the building blocks, but my understanding is that for a lot of the legacy systems—the Government’s definition of a legacy system is anything that is not on the cloud, but there are probably legacy systems on the cloud as well—we do not know whether they are building blocks that effectively can work. In terms of them making it mandatory, I think Professor Whitley said that added to the technological challenge, because it meant that so many more people had to be onboarded up front. Are there other ways in which making it mandatory adds to the technological challenge? You talked about somebody called Edgar, in terms of identifying somebody. If they are to be identified, legacy systems in the DWP could have a totally different data format, and we do not even know what that could be yet. In terms of the technological challenge, we need good data management now, and we have not got that. How does making it mandatory amplify the challenge?

I agree with you that we do not have the right level of technical capability within Government right now that we need, and we need to build that up. I agree with you that delivery of the blueprint and the plan behind the blueprint, when it does come, should be a massive priority. Interoperability between Government datasets, which involves, among other things, making sure that the legacy datasets are integrated in the right way, should be a top priority for this Government. On the mandatory element of this, I think it is worth making a distinction. For the data element, the datasets that hold the attributes are in this case mostly held by the Home Office, whether that is the passport office database, birth records in some cases, the eVisa database or the asylum seekers database. There have been significant challenges with the delivery, which I believe is partly a result of not enough priority being given to this, including from No. 10 and the Cabinet Office. I hope, possibly against hope, that having a high-profile programme like digital ID would mean that enough attention was paid to these issues. But what we do not know at the moment is whether the mandatory element refers to verifying this information against Government databases—those databases are in place and can be made interoperable in this way, in my view and the view of tech experts I have spoken to, fairly quickly—or whether we are talking about everyone having to have an app and having to carry their phone around, which I hope is not the case. There is currently not enough clarity about the mandatory element. What do we mean by mandatory? It may be that by mandatory we end up meaning: “We need to be verifying someone’s identity and right to work against a Government database, but we can do that in a number of ways, one of which might be a Government app, one of which might be one of the private providers holding a credential, and one of which might be looking at the physical passport and verifying that against the database.”

I am very conscious of time. We have a second panel, and we officially have only four more minutes with you. Would you be happy to stay for a few more minutes and—I am looking at the later panellists—are the later panel happy to start a little later?

I have just one other example. Again, I have been around this space for a long time, and another example of the practical problems of systems—these are private sector systems—is all the problems that the pensions dashboard is having. I can prove who I am, but then you have to go to pensions databases that may have very old records, with incorrect data stored on a tape that takes 24 hours to be checked, to then say whether you have a pension with them or not. I have been involved in these conversations since at least before the pandemic, and I think that has all been delayed, delayed and delayed further. It is not just about Government legacy data systems; it is a much broader national problem. I also remember the national data strategy, which I think was before the blueprint for modernising government; so yes, this is a perennial problem, as I think the phrase goes.

We are going to have to move on, if that is okay. Lewis Atkinson and Margaret Mullane have some questions that go into a bit more detail on the mandatory nature of this.

Just to be really clear, to what extent are the benefits of digital ID that you have identified contingent on making it mandatory, in your view?

I think many of the benefits of digital ID should arise because they are the benefits—because it is an easier way of doing things. You should not need to sell them. My pessimistic view is that as soon as you make it mandatory, you get all sorts of problems of identity exclusion. In my submission, I pointed out the challenges that are already being voiced around Northern Ireland and the common travel area, and so on, because that will be a big issue. We saw a bit of coverage about whether you need to do a right-to-work check if you are a 13-year-old getting your first paper round. The next one is: do you need a mandatory proof of right to work before you can claim an income-based benefit? If you do not have a proof of right to work, are you deliberately putting yourself out of the opportunity—

You are rightly raising some clear challenges with making it mandatory, but can I press you on whether a significant number of the benefits that you have identified, or indeed all of them, would still accrue if there was widespread but not mandatory adoption?

For good employers, a digital right-to-work check that is easier than looking at lots of documents is clearly an advantage. For a rogue employer who is employing illegal immigrants, a digital ID is not suddenly going to make them go, “Oh, I’ll behave myself and do the appropriate checks and not hire these people.” So it will solve some of the problems, but it also forces all the good people to have to do the ID checks, and all the bad people will still be excluded from that conversation.

I would not disagree. More generally, we should focus more on highlighting the benefits of how a mandatory national ID could be used. You can look at examples that exist within the wider UK. The Government of Jersey have introduced a form of national ID, and they had 55% uptake almost immediately because they found use cases for which it would be very useful. Also, 2.5 million users have been able to access the Improvement Service in Scotland through digital ID. To go back to my first statement, that is because being able to show and prove convenience and time savings to citizens emphasised the use cases for digital ID.

On the migration use case, which we have discussed already, I do not think anyone on the panel believes that it is going to completely solve the problem. There are some advantages, but I would say that they come from the verification against the data, rather than using a particular channel to carry out that verification. There are advantages for some of those good employers as well, because often there is a misunderstanding of what actually counts as a right-to-work check. People think that national insurance numbers are sufficient proof of a right to work, and they break the law when they accept them.

To check my understanding, you are saying that there could be a mandatory right to check against the central Government record. That might be done very easily via digital ID, for people who choose to use it, but equally it could be done separately, albeit more onerously, via someone saying, “If you don’t want a digital ID, bring in two or three different pieces of evidence.”

As I understand it, the current proposal is that any time you want to take on a job, with a new contract of employment, you will have to have a digital ID, and the only way an employer will be able to employ you is if they have checked the digital ID. That is the thing that most people are reacting against. There were reports saying, “Don’t worry, it’s going to be voluntary”—until you have to change a job, which means that everybody is going to have to have it.

But your view is that you could still do the right-to-work check with a digital ID for some, but via other means for people who did not want to hold a digital ID.

Just as we have been doing for the last 10 years. All the ID providers already offer that service.

You can already use digital ID for right to work through the trust framework.

Where things can be tightened up is in respect of the more—I do not think they are necessarily onerous—analogue checks, which can also result in a verification against the database. The Government will need to figure out what they want to do on that, because they have not, in my view, made it clear enough. When they say, “You have to present digital ID for your right-to-work check,” what do they mean by “present digital ID”?

It is interesting that I am not sitting between the two positions here. One representative is saying, “It should definitely be the Government, with One Login for Government,” which is the current proposal. The private sector is saying it should be done by private companies, or some of these things should be done by private companies. They are both using exactly the same ID proofing standards. So I think I’m going to cop out and say it is a political decision. You could say, “This is something the Government should do, and to heck with the private sector.” Or you could say, “We’ve got a successful private sector. Let’s save the Government some money by downplaying the role of One Login, perhaps as an ID provider of last resort for those individuals who want a digital right-to-work check but really aren’t targeted by the private sector companies.” But there is no logical solution: it is a political choice.

May I gently correct Professor Whitley? I do not believe that this has to be done completely by the Government. I believe that if the benefits that the Government are talking about are to be realised, the most effective route to them is for the data that is held by the Government to be checked as part of the right-to-work check. At the moment that does not happen, although we still have a mandatory check of the right to work. That is another part of this debate; we have a mandatory check, it is just that at the moment it is done through one set of documents and there is arguably not enough clarity for employers on what documents count. The Government are talking about changing the list of ways in which you can carry out this already mandatory check. They have not made it clear enough what that list of ways is going to be. I agree with you completely; there is an element of inclusion here that needs to be considered very carefully. My view is that you can have a Government-run element to this—we can come back to the question of the app, but we probably do not have the time—and do that through existing private sector provider channels as long as the right-to-work credential is issued by the Government.

I also need to come back and clarify that we do not believe it is an exclusively private sector ecosystem. There is clearly a role for Government in setting what good governance practice and good standards look like, as they already have done, and in legislation. Government may need to be the source of truth when it comes to Government data. We are saying, “If things are working, don’t break them.” We have the trust framework in place. I would like to see Government focus on language around empowerment when it comes to digital ID and on the important thing that you mentioned around inclusion. It would be great if we could see Government working with the private sector and other organisations on how we can use innovative things, such as vouching, to make sure that the 6 million people who do not have access to identity can access services.

I want to follow up on the role of the private sector. You touched on this a little bit, but could the private sector introduce efficiencies that the Government could not, if you wanted to roll this out more broadly? My other question is more on the security side. One of the arguments that proponents of ID cards make is that we all hand over lots of data anyway. Anecdotally and personally, the number of logins that one now uses on a daily basis is huge. Is the fragmentation of that—handing a transport company one set of data, your online banking another set of data and your email login a different set—part of its security, and is that in any way compromised by unifying it all in one Government-backed ID? There are multiple private sector companies. Does unifying that throw the baby out with the bathwater?

On trying to unify something, it comes down to how it is designed. We would advise against centralised data systems. We would focus on federated architecture and decentralised systems, which means that lots of things are in different places and all have privacy preserving, and that type of thing, in place. Using third-party verified providers that adhere to a good standard can also add a level of privacy preserving. On your point on how the private sector can bring efficiencies into the system, it 100% can. It is already providing some of the services that have been proposed, efficiently and at no cost to citizens. That may have been a bit of information that was wrongly shared and should be corrected or we have already talked about the use cases in fraud as a really good example, but I will pause there.

Do you all agree with that? Do you have confidence in the public procurement process in securing those efficiencies?

For the record, I would have some concerns about the ability to do effective public procurement, particularly for high-risk, high-security things. It can be done. You need to have the capacity and the expertise in-house to know what you are buying and not just buy from whoever so that you do not get vendor lock-in. It does not necessarily have to be open source, but you need to have independent scrutiny of what is going on, particularly for the security elements. Open source is one way of doing that. For the previous Verify system, the Verify team brought in computer security experts from UCL to review the whole of the technical architecture and point out theoretical, computer science-type risk elements where things could be attacked. They adjusted the processes as a result.

I would not disagree with that, but I would say that, if you look at international systems, whether that is the Estonia example that has been talked about or more decentralised systems, all digital ID systems that have been created have some form of involvement from the private sector. It is pretty much impossible to do it without that.

One thing that I want to go back to is the point about centralisation. I do not think anyone here is talking about creating one massive central database in Government. We are talking about data that the Government already holds in different places, and there are some challenges around interoperability that we have discussed previously. What the eIDAS model—where you have the wallet—allows you to do in principle is have more visibility, as Government Departments integrate with the system over time, of what data they actually hold and whether that data is accurate, and, if not, to correct that data. We have recently seen stories of DWP or HMRC deciding that people have left the country when that was not the case. Again, this is something where, with the right technical design, you can build a system that allows you to see that HMRC has decided that you are no longer resident and therefore raise a query with it to say, “No, I am still here.” The wallet model also addresses some of the challenges around the interoperability issue, because it means that you can have Departments issue the credentials—they can be either identity documents or proof of eligibility for a benefit—directly into your wallet, so you can choose when to share it with other Departments. But to me, that is also an argument for there being a Government app that, alongside the private sector, would mean that these credentials, with citizen control, can be combined in ways that enable more personalised and proactive service delivery.

We are coming towards the end, but I am interested in the comments about the mandatory nature of the Government’s proposals—like Margaret, my postbag has been full of people who are very concerned about them. Obviously, we started the inquiry before the Government announcements were made. From what I understand, none of you is advocating for one entirely mandatory system run by the Government—or am I wrong?

It depends on which layer of that stack we are talking about. The credentials themselves are held by Government, and to achieve some of those benefits you would want there to be consistency that credentials are issued and verified by Government. But the second layer—the interaction between the citizen and the employer—is a much more flexible discussion, and should be.

Where we disagree is potentially on that verification layer. That comes back to the double-blind data sharing that I was talking about before; there are use cases within that.

My understanding is that in India private sector expertise was brought into Government and put as a Cabinet-level position so that it had that focus from the top. Clearly that is important. I want to touch on digital exclusion. My constituency does not have great data coverage and has a population who are not entirely users of smartphones—it is not that kind of constituency—so there is a great deal of concern around this. Do you think that the Government have given any thought to how they deal with digital exclusion? Isn’t there a potential Windrush here of people excluded from the whole system?

To my thinking, Windrush was more an identity exclusion than a digital exclusion, but they are often very closely related. I am looking at the various committees that I have been on, particularly for the Government Digital Service. I joined the Privacy and Inclusion Advisory Forum in 2023, and the previous Privacy and Consumer Advisory Group had been looking at questions of inclusion and coverage since about 2012, so you would hope that questions of identity exclusion are something that lots of people have been worrying about. In practice, it is one of those extra things where you want to build something and then you worry about the edge cases. Some research that I did for Women in Identity was about reframing the problem. So you build it as a happy path to get as many people as possible in and covered and do not see it as, “Well, we’ll get most of the people in and then just deal with your constituents later on. It’s unfortunate, but tough—they are the ones who will have to come in at a second stage.”

Does anyone want to add anything?

I am a big fan of the Women in Identity work: it really looks at inclusivity by design, which is really important. I have already talked about it. I would actually like to see the Government look at how they can address those who do not have IDs through things such as vouching as part of this.

There are countries, such as Australia, that have done a good job of thinking through these, and we can look to them. I believe the Government are looking at this. One of the first things we saw as the announcement was made, in the explainer that came out on the same day, was that there will be a focus on inclusion and on making sure that people who do not have digital devices are not excluded. Again, for me, it comes back to the distinction between the datasets that are owned and run by the Government, which are not as susceptible to 2G coverage, and the different means of accessing this data in the current context.

Thank you very much. It feels very fitting that we are doing this session just after we have had a session on Chinese espionage and the ability to get into our phones. Thank you to the panellists. We will move on to the next panel now, and I will bring things to a conclusion while the panellists switch over. Thank you again for your time. Witnesses: James Baker, Silkie Carlo and Ruth Ehrlich.

I welcome the second panel of the day. It is probably easiest if you start by introducing yourselves and then we will go into questions.

I am James Baker. In the past, I worked for the NO2ID campaign. I now work for an organisation called the Open Rights Group, or ORG for short. We have been going for about 20 years as a not-for-profit, working on digital rights issues and human rights things. Most recently, we undertook research with the University of Leicester and the University of Warwick on a programme called digitising identity, which looked at the Government’s eVisa scheme.

I am Silkie Carlo. I am the director of Big Brother Watch. We are a privacy and civil liberties non-profit, non-party campaign group in the UK. I have engaged with the Government over the past 10 years on digital identity matters in various forms, including through being on the privacy and consumer advisory group, and I have engaged with recent data Bills on digital identity verification.

I am Ruth Ehrlich. I am the head of policy and campaigns at Liberty, an independent membership organisation. We campaign to defend and extend civil liberties and human rights for everyone in the UK. We played a key role in the NO2ID cards campaign back in the noughties, and we are happy to be back and working on the issue in 2025.

You were in the room for the previous panel, so you have heard a lot of the questions, but we have some specific questions for you. I will start with Margaret Mullane.

We have digital ID already. It is mandatory for migrant workers in the UK under the eVisa scheme, and they already have to present a digital ID via their share codes in order to work. We have real-world examples of where that mandatory scheme has been hurting people. People with the right to work in the UK have lost out on job opportunities because they have not been able to access their share code to prove their right to work. We have had examples of people going into a shop and being asked to show their eVisa share code in order to purchase alcohol, and they have been unable to do it. Where you have mandatory systems introduced like that, it is not hypothetical. We are already seeing real-world examples of exclusion in existence.

The mandatory nature of the proposed digital ID scheme is really the heart of the problem. Digital identities are something that we all use every day in various different ways, but a Government-issued, mandatory digital ID has the potential to create an incredibly intrusive system of surveillance and data collection, and it opens up possibilities for the Government to issue and revoke permissions in certain ways. Where I would disagree slightly is about the eVisa scheme; it is something that we should certainly talk about, because it has been blighted with very serious issues, which have obstructed people from accessing essential services. But a visa is essentially a permit; we have never had nationals needing to have a permit in this country to go about our everyday lives. The mandatory nature of what has been proposed would introduce that. Suddenly we would be a country that is on licence—where we need a Government permit to do something that otherwise we would have the freedom to do. Why your inboxes are so full, perhaps, is the mandatory nature of the ID, coupled with a restriction on liberty, which is what the Government have suggested, for something that you would otherwise lawfully be able to do. Unless you have this digital ID card, you will not be able to work. Already other Government Departments are talking about renting, benefits, education, and so on. I think that we would be having a completely different conversation if the Government were talking about a system that they thought was so attractive that, if they made it available, lots of people would want to use it. Instead, it is a mandatory system that is paired with restrictions on people’s liberties.

We have questions on eVisas later, so let’s focus on the specifics around the mandatory nature.

To echo what has been said, Liberty would not support a mandatory digital ID system, or any mandatory ID system. I think the key thing here is that the specific privacy risks depend solely on the decisions that the Government make now about what this system is going to look like. There is a real opportunity here to create something that centres human rights, that centres privacy, and that centres the way that people need and want to access their data. But going about it in a way that makes it a mandatory system that is forced upon people to access something very basic such as work will prove a disaster for people on an individual level. Also, broader privacy risks are raised by creating any kind of database that links to a digital ID system. We know that in the past year alone there has been a 50% increase in cyber-attacks. We have seen the massive impact of cyber-attacks like the Jaguar Land Rover case. This process generally carries significant risks to privacy and cyber-security, which I am sure we will touch on later in this panel.

When you look at examples around the world, a lot of countries that have introduced digital ID have had various issues and problems. Estonia is often held up as this great example, but it had a problem with its chip certification and had to reissue all its chips. This is a small country of a couple of million people. If you had that kind of problem in a country the size of Britain, it would cost hundreds of millions of pounds. When they tried to introduce it in Greece, the Ministry ended up getting fined by its data protection authority. Italy has had a data breach. Venezuela had a data breach when it got attacked; Brazil has; Turkey has. There are a whole host of issues around the world where people have suffered losses resulting from identity cyber-security risks. In other places, people have faced digital exclusion where they cannot prove their ID. There are plenty of historical examples where ID card systems have been used to marginalise or exclude people—sometimes unintentionally, other times intentionally.

We would be going back to historical examples way back in time, but throughout the 20th century there are plenty of examples of ID cards being used to exclude people on the basis of their identity or credentials.

Talking of the Aadhaar scheme in India, something that is often overlooked is that the scheme has even been linked to citizens’ deaths through, for example, accessibility problems. It is a massive biometric identity system of over 1 billion people. That has access issues; because it is required for access to welfare, access issues have been documented to have resulted in people actually dying, so they have incredibly serious consequences. Also, that system holds health data and individuals have been refused healthcare because of their HIV/AIDS status, for instance, which is held on this digital identifier. We see examples of abuses closer to home as well. We have spoken about the cyber-security risks; when individuals are enrolled in mandatory systems, you lose that control over how you manage your data, and you are relying on either the companies or the state. Estonia, which is often held up as being the gold standard example, has suffered multiple cyber-security incidents where people’s photos have been leaked, and so on. On a more individual basis, for example, a police officer in Estonia was fined for checking his fiancée’s criminal record. You get access problems as well, where people get unauthorised access to giant databases.

To build on that, under the Indian system, you need your Aadhaar ID to pay your tax, to have a bank account and to book certain train tickets. It is part of every single bit of life. Think about people who live in remote areas, people from the poorest communities, people who are illiterate, people who have no digital connection—that is where people become increasingly locked out. The earlier panel touched on some of those risks in the UK, and there are examples closer to home, as Silkie mentioned. In previous Home Office data projects, things have gone seriously wrong. Look at the data breaches in the Windrush compensation scheme. Dame Chi mentioned the 25,000 Afghan nationals whose data was breached. There are already examples of cases where we are not holding people’s data securely. The creation of a system that looks like a centralised system, or a federated system that has broad sharing powers between the systems, poses huge risks.

It worries me. We spoke earlier about how digital ID sometimes enables people to do things faster. I use the analogy of lifts: you can get in a lift, and it might get you up to a floor faster, but if something goes wrong with that lift, you still want the stairs as a back-up system to be able to walk up and down. It worries me from a privacy point of view, regarding what a future Government could do with it. There are discussions about how it could be used for this or that, but it is not clear to me that the design scope is clear to everyone yet. Imagine the person you disagree with most in politics—picture them for a moment in your head—and then imagine what they could do with this type of system if you did not have adequate safeguards in place. That is why all of us who care about our rights and the security of the country ought to think about what systems we can put in place to stop that happening. That is what worries me about introducing this in a country like the UK. We do not have a written constitution that has privacy protections. There is a statute of Parliament—the Human Rights Act—and we have the European convention on human rights, but there is active talk about pulling us out of that convention. I worry that we do not have a resilient-enough rights framework to introduce this type of technology safely in a way that would prevent the risk of a future bad actor misusing these systems, however good the intentions of the current people. From a resilience point of view, we also need the back-up systems. If your phone battery dies, a server goes down or a foreign Government attacks your computer infrastructure, it is better for national security that you are not entirely reliant on one centralised ID system and you have multiple systems with which you can prove your ID. At the moment, if I lose one bit of my ID, I can re-establish it through a network. I can go to my bank or, if I lose my driving licence, I have my passport. With a centralised digital ID system, if something goes wrong then you have lost everything and you have no way to prove and re-establish your identity. Those are the risks that we have to avoid.

We are incredibly worried about function creep with this system. Right from the off, the warning signs have been there. This was introduced by the Government as something ostensibly to tackle illegal working, but I do not think that anyone in this room genuinely believes that the mandatory digital ID is about illegal working. That begs the question: what is it really about, and what will the other uses be? This was announced by the Prime Minister on a Friday afternoon and, just hours later, the Government webpage about digital ID was talking about tax, benefits, education, childcare and many other uses for a digital ID. Function creep is inherent in the system. People will rightly be concerned about that. I have to correct myself: I said that we have never had a mandatory ID, but there was the wartime ID card, of course. Even those ID cards, which were initially issued for rationing, ended up sprawling to 39 Government agencies before they were scrapped by the Churchill Government—so it is inherent in any system. Those other use cases are concerning. If this starts to pair with a restriction on liberty, what will the other restrictions be? In the minds of many people in this country, the most recent experience of a digital pass was the covid pass. In that case, restrictions were placed on where people could go and what they could do, depending on their vaccination status. There we saw a digital identity system that had very sensitive data and controlled where you could go and what you could do. It was also seen by many to be an attempt to influence decisions. Again, in that case, certain people could not work, such as in health and social care, if they did not have the right vaccination status. Function creep is both inevitable and an overriding concern with this system.

I would add that, in terms of function creep, much of this in the hands of the Government now. They can make policy choices that mitigate these risks and create a system that is voluntary and works for the people who choose to use it. One of the core features that this system would need, so that the function creep was not extremely detrimental to people’s rights and civil liberties, is something that made sure that the Government could not link previously separate datasets that, if linked, would essentially allow the authorities to build a very detailed, intimate picture of a person based on their healthcare, education and access to welfare and other public services. We live in an age where we are increasingly seeing predictive algorithms for public decision making. We have lots of examples from the Department for Work and Pensions where that kind of algorithmic decision making has created serious harm for people accessing welfare. Risk assessments caused 200,000 people to be incorrectly flagged for housing benefit fraud, which led to them having difficulties in paying their rent. We have already seen the risks when you introduce digital systems that are based on algorithms. If you allow all those datasets to be combined, that could be very risky for people’s human rights.

The concerns that you have raised on this panel are ones that I know are echoed by my constituents. I wonder what kind of safeguards might help to reassure you, and my constituents, about a digital ID scheme, which has its advantages. Can you think of examples that would help? We have talked about the option to delete all your data that is held by Government, or a system—I think this is the Estonian model—where you are told each time that your data is accessed. That is not the case now; I do not know when Government are looking at my data. Do you think those would help to reassure you and the public about digital ID?

There are things you can do to design systems that are more privacy-centric to restore some trust. Part of the problem we have in the UK is that people generally have low trust that, when something goes wrong with their data, it will be well regulated and action will be taken—you see that with things like the Afghan data breaches and the number of Government data breaches in general. There is low trust in the whole information security environment. Part of the problem is that we have an Information Commissioner who is reluctant to take action against Government Departments or organisations, so CEOs do not prioritise it—that is part of it. The point you made about the logs, or being able to see who has accessed a record and for what purpose, is really important. However, we also have to acknowledge that we live in a legal system where authorities can also check and access people’s information essentially in secret through things like the Investigatory Powers Act and RIPA, so people may not even know when their files are being accessed. Things like logs would help. I think it would help not to have a centralised system but something where Government could issue a credential to a wallet, which you could then see was open source, and you could maybe even build that wallet yourself if it met the framework. It could be issued to something like your Apple or Google account as a credential, or a driving licence, rather than an all-singing, all-dancing ID system. Part of the problem goes back to the point mentioned about algorithmic data sharing. Quite often, issues of data sharing and Government merging together get conflated with issuing a credential to a digital wallet. When we talk about digital ID, we suddenly end up talking about data sharing, pre-crime algorithms and all that kind of stuff. I think that separating out the debate would help, and separating out the arguments on data sharing from Government being able to issue a digital credential.

It is likely that the way that this announcement has been managed makes it irrecoverable for this Government, and potentially for the next five to 10 years. I am afraid to say that I think the Prime Minister has killed support for digital ID. We can see that in the polls. We also see it in the fact that the e-petition on this issue is the fourth biggest petition in British history and the second biggest petition on a non-Brexit issue. Your constituents are up in arms about it. I think that is because of the way it has been introduced; the fact that no one really believes it is about immigration, and it might be about something else; and how poorly the system has been explained. In that sense, it also makes it difficult to recommend safeguards, because there is not actually a policy here; there has been an announcement. I have engaged with the Government on digital ID issues, as I say, for a decade. I have spent a lot of time in Government offices with civil servants talking about how a system could be created. We have seen none of that reflected at all in what has happened over recent weeks with this announcement. There has been no detail; there is no substance. If we are talking about what kind of safeguards any theoretical digital ID system could have, we can have a very long conversation about that. Certainly, the starting point would be that it should not be mandatory—that it should be optional, so people can take up a Government-issued digital ID if they feel that it benefits them. It should be something they can exercise total control over; they get to choose who sees their information, and where, when and for what purposes. Critically, as Ruth was saying, we should not see a merging of Government databases. It is a really big risk with digital ID systems that the taxman can see your GP records and so on. That is also an impetus with these systems, because the argument will be, “Well, why can’t the DWP see your health status? Why can’t we integrate that?” In many different circumstances, there will be a strong impetus for that data to be shared, but it would have to be strongly legislated around to ensure that it could not happen.

I have a background in the health service as a surgeon. I am interested in how the digital ID might link to the health record—you were talking about that just now. It seems that if we could allow people ownership of their own health record, and that was held digitally, that would give people agency over their own healthcare. That would also be an incentive for people to voluntarily take a digital ID that would be usable across different health agencies. Everybody has an NHS number that was given to them when they were born, and that might be a way into a system such as this. It seems that encouraging people to engage in a digital ID system could be done by giving people agency over their own healthcare records, such that they were able to go between healthcare providers, hospitals and general practitioners with their own health record. If you knew what was in your health record, you would know a little bit more about your health, and you would probably look after it a bit better. I would like to see the question of how the health record can be incorporated into a digital ID spoken about a bit more. Do you think that there is any mileage in thinking about it like that?

As an organisation, we support people being able to access information about themselves that the Government hold. It is important that citizens are able to see the information that the Government hold about them, and that they understand the basis of how decisions are made about them and what information is used to make those decisions, because that enables people to challenge the decisions when things go wrong. We looked at health data in Wales for the Welsh Senedd, and we saw examples of problems such as people worrying about going to their doctor because they were worried that the data they might give to their GP or healthcare professional could end up in the hands of Immigration Enforcement. We saw issues with migrant communities that were avoiding accessing healthcare because they were scared it might then be used to check up on their status, or they might end up getting deported as a result of going to the doctor. You see a situation where people lose trust in their healthcare professionals if they think their data is going to be shared with them. MedConfidential have done a huge amount of work around that over the years. Although there are benefits for an individual being able to access their own data and see how it is accessed and for what purpose, there are massive risks about sharing that data across Government and trying to reimagine that data for different purposes. The public are concerned about that. We see the outcry about some of the big US tech companies like Palantir being involved in the delivery of NHS services, and the worry about how people’s data might go into AI systems. That breeds further distrust in Government from the population. I agree that people should be able to access their own data, but it should perhaps not be shared among Government without their consent.

I would agree with that, and also say that the legal position is that people have the right to access their health data. It could be presented in a much easier way, for sure, but I would be very sceptical about that being used in a carrot and stick situation where, if you have easier access to your health data, you enrol in a digital ID that is actually something different from just accessing your health data. You should just be able to access and control your health data regardless of a digital ID.

I have two further things to add. First, you then get into the very tricky territory of what you do about those people who are digitally excluded. Are they going to be at a disadvantage if they are not accessing their data in the same way, and you create a two-tier system? There is also the risk of whether you have this kind of system and do not have the firewalls, as James mentioned, between the health record and the Home Office, or indeed the Home Office and pretty much any other service. The Domestic Abuse Commissioner has spoken significantly about how sharing data with immigration officials—with the Home Office—deters survivors of domestic abuse and trafficking from coming forward and seeking the help that they so desperately need. A “firewall first” approach has to be integral to any system that the Government are looking at.

I want to focus on linking the digital ID to the right to work. You have been clear on your fundamental concerns and, I suppose, areas of principle that you disagree with. Do you have any specific concerns about linking it to the right to work?

It has the potential to marginalise people from being able to participate in the economy. If something goes wrong with their digital ID, they are excluded from being able to earn a living. That, to me, seems a real risk. We know that exclusion is a real problem that happens with digital ID systems around the world. We know that where it has been introduced already, under the eVisa scheme for migrant workers, that is an existing problem. If you roll that out to the whole population then, for anyone who already suffers some form of marginalisation and might struggle to get digital ID, that will further be compounded, because it will be an additional barrier to them accessing work and the economy. That will increase the chances of them falling into poverty or economic disadvantage. There are particular concerns about gatekeeping the ability of every single British citizen to go out there and earn a living behind some kind of digital system that they have to comply with and get over barriers to access. It is extraordinary when you think about the history of our country that, for years, people have been able to go out there and work, and now we are saying, “No, you lose that right to work as a British citizen,” unless they do x, y and z with this digital system. Yes, by all means, employers have to have a system of checks that someone is who they say they are, and those are in place already, but that is an enforcement issue. There is an issue with not enough people going in to check that people are doing the checks, rather than an issue with how checks are done. There are massive concerns for us as an organisation around, essentially, putting the right for someone to go out and work behind a digital ID firewall.

What is being proposed is a multibillion-pound system. It would be right to start with “Why?” rather than “Why not?” I do not think it washes that a British passport is not British enough or good enough documentation to have the right to work, as people currently use it, and that instead you would need this new mandatory digital ID. We have seen, with eVisas, that that has already locked people out of work, because of the accessibility and technical problems with that scheme. Learning from that, aside from the principles issues, the rights issues and the lack of a basis for why this is necessary for the right to work, we are very concerned about the practical implications. Bear in mind that the Government have been talking about teenagers as well, so it could apply to somebody doing their first paper round, up to a pensioner working in their garden centre. There is a massive scope for who would be forced into a mandatory digital ID scheme.

I agree with everything that other panellists have said. The other thing to add is that we know that rogue employers are still going to employ people without checking their right to work. It is a solution that is not going to fix the problem that is being spouted. As Silkie said, that speaks to the more general issue with some of the digital ID proposals that are coming out of the Government. It is being touted as a solution to irregular immigration, illegal working and—at one point—fly-tipping. It also has echoes of the Blair Government in the noughties saying that ID cards were going to fix pretty much any social problem of the day. The Government need to be cautious not to use this as a policy in search of a problem. At the moment, it feels like it is doing that a little bit. It is not going to fix the problems that the Government are saying it will.

Do you think there is any policy area in which digital ID would be justifiable to help to enforce the law?

It is so difficult to answer that question, because what is meant by digital ID is so different. Every country has a different digital ID system, and every country has experienced difficulties in trying to do it. In theory, you could design a system that was fairly privacy friendly, in which Government Departments issued credentials to a variety of public and private sector wallets and there was no tracking, and it was protected by a really good human rights framework, and you had a really well-functioning Information Commissioner so that if things went wrong, they would actually fine someone for their mistakes and hold them to account. If you had all those things in place, you could imagine a system where it would be more convenient for people to have it as an option on their smartphone and a choice between a physical and digital ID. There are situations in which using digital identity is quicker, and that already exists in society. For example, I have used my bank credentials to do things. I have booked plane tickets online and have used digital credentials to do that kind of stuff. Those kinds of systems are in place already, and some are quicker than going somewhere in person with a physical ID. But you have to have all those other things—your rights framework and your data protection—in place first to make it work.

I have never heard an argument that we could enforce an area of the law so much better if only we had mandatory digital IDs. It is just not something I have come across—unless you go to a very extreme end of the surveillance spectrum. That is one of the things I am really worried about here, in so much as what we know about the proposed digital ID system is that it will basically be a massive facial recognition system, because it would be linked to facial biometrics. That is one of the only substantive things we have been told about the Government proposal. That means you would have around 50 million British adults with their sensitive personal biometric data in a system and, quite unusually, millions of foreign nationals as well. It is not a British-only system, because it relates to everyone working here. Given that this is being introduced when the Government are also backing a significant expansion of facial recognition surveillance in this country, and we have found that the Government are now using the passport database for facial recognition searches, without having discussed it with Parliament, from a law enforcement perspective, I would be very worried about how this gargantuan new biometric system could also be used for that extension of surveillance.

There is not a model of digital ID that a civil liberties organisation would support that would specifically meet that policy objective. When we look at a good system, we look at something that is voluntary and has firewalls.

That is very clear; thank you. You have mentioned eVisas quite a few times, and you have talked about people being locked out of work because the system had broken down or whatever. Are there other impacts on individuals using eVisas, beyond the examples you have already given?

There have been examples involving issues of domestic abuse, where someone in a household is denied an eVisa, because essentially it is on a phone and an abusive partner controls access to that device. There is potential there when it comes to digital systems, because you can control people through their access to digital devices. There are issues with that. We have had issues of function creep, with private sector organisations demanding that people produce their eVisas in situations where they are not required, such as in the process of applying for a job rather than when they have got the job. I gave the example of someone being prevented from buying alcohol because they could not get internet access and show their eVisa share code. That is an example of a private sector organisation taking it upon themselves to enact a Government-mandated digital ID to deliver their service. They are the examples I’d give of where it has hurt people in the real world.

A group called the3million has published a brilliant report called “Digital Status Crisis”, which has a lot of important information and case studies in this area. It seems to me that, of the areas from that report that are most applicable to digital ID, one is the data-matching issues. People are logging in to their eVisa and finding somebody else’s migration status and somebody else’s photograph. There are very basic data issues. The second tier of issues is around access failures, whether on the user side—obvious things like if your phone runs out of battery or you do not have good internet access—or on the system side. If there is a system issue, people are finding it very, very hard to get in touch with the Home Office and try to do something about it. There are case studies in the report of people having been locked out of work, travel and education, for example.

In addition to that, people have been wrongly told they have refugee status, been unable to travel back to the UK from holiday, been charged for NHS treatment when they should not be—the kind of untold human misery that the system not working has caused. That highlights the risk of creating a digital product like this. I am sure that many of you have, through casework or through family or friends, supported people to apply for an eVisa. It is a nightmare. It is so difficult to do. Even for the most digitally literate, and for people who work in the sector, it is unbelievably hard. It is a perfect illustration of how a poorly designed mandatory system leaves people at an enormous disadvantage.

Do you think the problems are intrinsic, or can a far better system be designed that does not have those problems?

The starting place is wrong if you do not approach it from a place of, “How do we make this a system that is going to improve access to services, work for people and centre human rights?” If you start from that place, you might be able to build something much better, but this has been built from the wrong starting point.

The larger the systems get, that creates other problems. Estonia is a couple of million people, and the eVisa scheme is roughly 4 million people; what the Government are talking about is a system that would cover 50 million, 60 million or 70 million people. Some of the problems—the issues of duplicate records, matching people, biometric mismatches, and all that stuff—expand the larger the data set is. You see that in the India scheme: it is not necessarily a unique ID, because they can match someone in India to about 1,200 other people through the biometric mismatching, because these systems are not perfect in matching someone’s biometric credentials. If you use something like facial biometrics, as proposed here, there will be, given the scale of the population, a lot of mismatches and problems when you scale it up.

Lewis Atkinson and Chi want to come in, and I think Peter wants to come in as well. I am conscious that we do not have that long.

Can I be clear on the mandatory work checks? I hear really clearly that you are against mandatory digital ID for those checks—that’s taken as read. You will have heard the previous panel talk about a potential interpretation, or policy direction of Government, that mandatory work checks would have to be checked with Government, which could be done via a digital ID for those who choose to take one up, but could also be done via other means, such as a passport, but checked back with the Government. How would you react to that? How far do you think that would mitigate some of your privacy and other concerns?

It would be great to allow people a multitude of ways to prove their ability to work. It would be fantastic and really sensible not to make them rely on an eVisa if they have a passport, driving licence or anything else. I would raise a little bit of concern as to what then happens with the data that goes back to Government, and what it is used for. Is that going into an AI algorithmic system to try to automatically detect discrepancies with their bank accounts to work out who is or is not working illegally? If that is the intention, you will start wrongly flagging and wrongly prosecuting a load of people, as we saw recently with the HMRC scandal when people leaving the country got flagged as not being entitled to their benefits when they were. What will that data be used for and for what purpose? That is the real question.

I agree with that. It would seem strange that, as it currently stands, you can use a British passport for a right-to-work check, to travel, to apply for a bank account or financial services, and so on, but it wouldn’t be good enough for somebody to do a paper round and you would need this extra layer of Government checks. Likewise, that would be likely to sprawl, because if you need a Government check for that, why not for things such as healthcare and renting? I completely agree that having a multitude of ways to identify yourself is a very good thing. If the Government want to offer people some form of digital identity in a very different way, some will find that helpful, but having a Government link to that data raises many of the same concerns as mandatory digital ID.

Just to follow up on that, I have set out my concerns about digital IDs, but you seem to be saying that any form of digital ID is concerning—you seem to be opposed to any form of digital ID. It has to be said that paper-based systems, which is what the Windrush system was originally, involve big concerns and have caused many problems for constituents. Ruth, you said you would start from a different place by designing it on the basis of supporting human rights. Can you just confirm that you are not opposed in principle to any form of digital ID, and say a little bit about what would make it work for your organisation?

Liberty is not opposed to all forms of digital ID. We think there is, in fact, a way of creating a system whereby people can share less data about themselves in a more helpful way. You talked about that a bit with the last panel. When you go to rent a property, you give your letting agent a huge amount of data that they do not need. There is a way to create a system that is much more narrow, but that ID system would need to follow the principle that it is voluntary. This is not to hammer home the point, but it should be opt-in. It should be privacy-first, with firewalls to stop data sharing between Government Departments that do not need to be sharing data. It should be GDPR-compliant and so have the privacy-by-design principles. That is the baseline of what we would need to see.

I started by saying that digital identity is something that many of us use every single day, so there is not an in-principle aversion to digital identity per se at all, but when you have a Government scheme, especially if it is mandatory, it is our job as human rights defenders to identify where those risks are.

But you are not opposed to a Government digital ID scheme in principle?

In principle, it is possible for the Government to offer people a digital identity that they could choose to use, but that is a very broad conversation. It is a million miles away from what has been proposed by this Government.

We have the same kind of position. We are in danger, perhaps, of losing some of the institutional memory around how to do this right. The Privacy Advisory Group came up with the principles around how to do identity assurance. They were published and they are still on DSIT’s webpage. There is a whole list of those there already, so work has been done around how you could do this in a better way that respected people’s rights. If it were voluntary—if it were something that I could choose to have or not—and if I were able to see the code behind the wallet, choose what wallet I wanted to issue to, and it wasn’t about data sharing and my data then being used for other purposes, I would be far more willing to accept it, but that is not the scheme that appears to be on the table at the moment. Possibly things can change.

You have reflected what I was going to ask. It seems to me that you are not opposed to a voluntary digital ID system for this country that people can opt into, provided it has certain safeguards about how the data was distributed and used. If we were to create a voluntary opt-in digital ID service for the British people, what proportion do you think would be interested in adopting it? Do you think it would be around 5%, or do you think it would grow?

It would depend, in some ways. The danger is that you would have function creep—take the example I gave earlier of someone being required to use their eVisa to buy alcohol. You might then see, when buying something from Ticketmaster or from other organisations, that they say, “Well, actually, we only accept that digital ID now.” You would have to legislate in a way that did not discriminate against people who choose not to have a digital ID, and you would also have to ensure that a future Government could not come along and change the parameters of that digital ID to make it quite an abhorrent thing that would not be the type of system most of us would want to see in this country. There are a lot of risks. You have to think about the rights framework and the data protection safeguards that need to exist within society to make this safe. If you got those things right, you would see higher adoption. If you had a society where data protection breaches go unpunished and human rights are not respected, you would see a lot more scepticism and resistance from people to taking up such a system.

On the first panel, we heard about many of the advantages of digital ID; on this one, we have been well apprised of the problems—you have been very successful with that venture. If people could be made to see the advantages for themselves, as individuals, my guess is that, with the appropriate safeguards, adoption would increase. Do you agree with that?

On the language “made to see”, I think people can see for themselves whether they trust something or not. Unfortunately, from this scheme, as you can see from the petition and the way people have reacted, they do not trust it. Perhaps in the future there will be another scheme that has people’s trust, but they would need to trust the entire rights framework and the data protection framework behind it. Then you might see people adopt it and enjoy the benefits.

Currently, none of our lives are adversely affected by not having a Government-issued digital ID, and many of us have Government-issued identity documents that we use in different scenarios—for instance, passports, birth certificates and so on. It does seem like a policy in search of a problem to solve. What I would then worry about is that when you talk about making people see the benefits—we spoke about health data being used—what has happened with voluntary schemes, such as the Aadhaar scheme in India, is that although it is ostensibly voluntary, in practice it is not. Everyone has to have it to access basic services, and you can end up in a situation where something introduced as voluntary is used to gatekeep many different services. If you think about the situation we would have been in if we had had a digital ID system when the pandemic started, there are ways in which that ID would have been used in those circumstances: we had track and trace, vaccine passports, and so on. The risk is that, in response to any future moral panic, there will be a temptation to say, “Why don’t we add this to the digital ID?”, or, “Why don’t we use it in this way?” We have seen that in some of the examples around the world.

Seeing the public’s response to the Government’s announcement shows that we are a nation that is still very sceptical of any kind of mandatory ID, which is obviously lovely for organisations such as Big Brother Watch and Liberty to see. However, I would say that the Government could look to the EU approach to digital ID, which prioritises privacy and security, to look for ways to ensure a system is built where the user has control over their data, it is genuinely voluntary, and safeguards are in place to protect against discrimination for people who choose not to opt in. There are models that are better than others, which are always worth looking at.

Finally, on digital exclusion, Lewis Atkinson.

Can you outline how you think the Government should account for digital exclusion when developing their plans for digital ID—whether that be mandatory or not?

One simple thing: do not make it mandatory. That would immediately mean something for all those people who might be excluded by your design choices on the technology, the operating system it can work on, or how the software works—even getting a photograph is a challenge for some people. With eVisas, we heard examples of people with severe learning disabilities or autism—it is hard just to get them to sit still to take the photograph needed in the right style and so on. Not making it mandatory massively makes it easier for the Government to tackle a load of those digital exclusion issues.

I agree. Also, the facial recognition aspect could introduce some exclusion factors, given the issues with misidentifications and facial recognition, particularly on race and gender, as well as certain disabilities. Inclusion in a system does not always need to mean that people are forced into a digital or technological system, for example. There would have to be an offline alternative for the many people who do not have good connectivity or good digital skills, and to acknowledge that many people do not want to be forced into a system like that. Some people do not want to have smartphones—the whole conversation about smartphones is changing—but the idea is that everyone would have a smartphone with a very essential piece of data on it, so that might not stand the test of time.

The question of digital exclusion goes beyond the remit of Liberty in many ways, because we are talking about poverty more generally and about lack of access to a good connection. Touching on what Silkie said, even with a mandatory system with a fall-back of having a physical ID card, the previous Government’s own research on voter ID in the run-up to the previous election showed that there were already massive barriers to people who are excluded through, yes, having disabilities, being unemployed, not having qualifications or being first-time voters. That cohort of people are much less likely to have any form of ID, so it is not as simple as creating a system just with an option to have a paper ID.

Thank you. Did anything come out of the previous panel that you would like to respond to?

Just one point. We talked about the personal privacy risk, but there is a cyber-security risk for the whole nation. The more you make everyone reliant on a particular way of doing digital ID, the more you increase the attack vectors for a foreign adversary to take out that system and to target it in an act of cyber-warfare. The system being mandatory or non-mandatory is not just about digital exclusion or individual rights; it is also about building systems that are resilient to foreign attack and that can carry on working in a disaster situation. To go back to my analogy, digital ID might be lifts, but we still want stairs in the case of a fire or something—we need alternatives.

I thank the second panel very much for their contributions. I found it incredibly interesting and informative. As the opening piece of oral evidence for this inquiry, this has been a very good way of starting us off on our next steps. Thank you.