Last week, the government announced plans to introduce a voter ID. This idea needs to be looked at very carefully if the benefit, reducing the risk of electoral fraud, isn’t to be outweighed by the risk of impeding people’s ability to vote – a particular worry for disadvantaged groups. But either way, the animated debate is obscuring a far more fundamental problem: whether or not it’s used for voting, Britain needs a modern identity infrastructure. And rather than narrowing in on a single application, the focus should be on the broader, transformational potential of a private, secure and decentralised digital identity.
Such a system would result in hassle-free interactions between citizens and the state, radically simplified public services, and a far more effective model of government. But in order to get to this point, we must first recognise the byzantine nature of the system as it currently exists. We all need to prove our identities when accessing both public and private services, yet often this leads to endless loops of Kafkaesque bureaucracy.
Invariably we have to obtain passport photos or recent bank statements to verify who we are. In contrast to many of the services provided by internet-era companies, who constantly seek to simplify and make the user experience as seamless as possible, these cumbersome processes fly in the face of users’ increasing demands for time and convenience. And perhaps most worryingly, these proxies create opportunities for physical documents to be routinely stored, copied or transcribed in ways that take data outside users’ control. If historically many worries about identity systems have focused on privacy and security, then it’s time to acknowledge that the status quo is already failing us.
To move forward, the government should put in place a fully secure, private and decentralised model of digital identity which is designed around users. In short, we need an easy, secure and inclusive way for people to authenticate themselves online. To this end, the coalition government’s GOV.UK Verify programme was a step in the right direction. Using external providers like banks which already hold identifying information about individuals, Verify provided a way for citizens to prove their ID without establishing a central database, which would have been a potential honeypot for hackers and risked giving too much power to the state. But it has also fallen short both practically and institutionally, failing to deliver many of the expected financial benefits while only working for a limited pool of users and proving hard for government departments to use.
A better option would instead be a simple digital wallet with data held securely on devices that users already trust. This would again negate the need for a central database, but modern encryption and decentralised storage would make it easier to use and better protect privacy and security. In technical terms, the government would then play a critical role in signing credentials and setting interoperability standards, ensuring that different institutions, agencies or individuals can interact seamlessly and authoritatively.
For the public, it would bring three fundamental benefits.
First, it should address the historical concerns over privacy, security or an all-powerful state that arose when ID systems have been mooted before. Encryption and decentralisation allow us to shift the debate away from the idea that identity is about tracking individuals, and in turn should allow government to secure public consent. Given this opportunity, starting with voter ID seems an odd choice.
Second, decentralising the system also means that the public can take control of their own data profile. As it stands, the government already holds lots of personal data about citizens in the forms of passports, driving licences or other records and registrations, but this information is fragmented across different departments, agencies or services. Citizens have no way of knowing how or when this data is being accessed, shared or used. Unlocking the potential opportunity by correcting this fragmentation and promoting transparency – bringing data points together but under the control of individuals, not the state – must be the focus for a new approach.
Third, it should streamline citizens’ interactions with both the public and private sectors. Instead of having to reveal your entire date of birth or home address on your physical driving licence, you could just show a simple ‘over 18’ credential. If your address or name changed, you would be able to correct that detail for all the hundreds of services you deal with, in one swift move. Different bits of government would no longer ask you for the same information twice, with public services tailored to your needs supporting you at all stages of your life – a progressive goal all should be on board with.
In every country that is serious about bringing itself up to the speed and standards of the internet era, identity is foundational to transforming the entire operating model of government, helping to break down the inefficiencies which are so often a brake on progress. In this model, government provides the building blocks to enable innovation across the whole society and economy, such as simplifying access to both public and commercial services; making registering for a doctor pain-free instead of a paper-based headache; or even allowing for more active and participatory forms of democracy.
As the government progresses with its own consultation, then, it must take advantage of this transformational potential and establish digital identity as the cornerstone in a bold modernisation of the state. Despite the politically fraught history of identity in the UK, modern encryption and decentralisation should allow us to shift away from old thinking; yet we risk failing to move the debate on. It’s time to start over, with a privacy-protecting digital ID that puts citizens at the centre.
Andrew Bennett is a policy analyst at the Tony Blair Institute for Global Change. You can follow him on Twitter @andrewjb_.