Monday, September 29, 2025
Compulsory digital ID cards - a hacker's paradise
The paper quotes Alan Woodward, a professor and cybersecurity expert at the University of Surrey, who says that if the data is also held on a vast database to allow for cross-referencing, “it’s painting a huge target on something to say ‘come and hack me’”:
The government has not yet provided detail on how it would make the system work, sparking calls for greater transparency. Woodward’s warning comes amid rising public concern about criminal data breaches, which this week hit a chain of children’s nurseries with photos of infants leaked on to the dark web, and continued to cripple Jaguar Land Rover. Data, including photographs, has previously been criminally exfiltrated from a government ID system in Estonia, according to reports.
...
Companies including Deloitte, BAE Systems, PA Consulting and Hinduja Global Solutions already have government contracts worth a combined £100m to support the scheme’s IT systems, but industry estimates of the total cost of a national digital ID range from £1.2bn to £2bn.
US tech companies have also been circling the UK government. In February, Starmer was a guest at the headquarters of Palantir, co-founded by the Trump donor Peter Thiel, which already has contracts with the NHS and the Ministry of Defence. OpenAI signed a memorandum of understanding with ministers earlier this year to explore the deployment of advanced AI models in public services. Last week Starmer was the special guest on stage at a corporate event in London for the $4tn chip-maker Nvidia.
Experts in government technology said most of the data needed is already held on government databases including in birth registers, e-visa records for migrants, on passports and driving licences. Data storage companies such as Amazon and Google could provide a vast database for all the data to be gathered, but this would bring a greater security risk, Woodward said.
Starmer’s announcement also sparked concerns that millions of people who lack credentials or suffer from digital poverty could be excluded from public services.
“When things don’t go well it could have serious consequences, especially for those on the margins of society who could be excluded,” said Peter Chamberlin, who developed part of the scheme’s digital architecture and is the senior director of technology at consultancy Public Digital. “In order for this to succeed, transparency is absolutely crucial.”
The campaign group Liberty warned that digital IDs could become “a nightmarish surveillance system”.
“Technological advancements mean that digital ID systems pose an even greater risk to privacy than they did when last proposed in the 2000s,” it said. “A single and unique ‘digital identity’ and centralising databases would remove much of the individual’s agency in managing their data. This information could be used to profile individuals across multiple datasets and would pose particular risks to marginalised communities.”
Keeping the data secure will be a major issue with thia proposal. It may not just be the government that is compromising our privacy.
