Voices: Blair and Hague’s ‘digital ID’ scheme will leave us all vulnerable
As someone who spends an inordinate amount of time on social media with those who think that automated tills at the supermarket are part of a plan for world government, that reptiloids run the Earth, and that the Covid vaccines contain microchips put there by Bill Gates, I feel that I am well qualified to reject the whole government digital ID thing.
This is also despite it now being endorsed by Tony Blair, a politician I respect (though the inexplicable involvement of William Hague is less of an encouraging sign). They say it’s part of a technological revolution comparable to the first industrial revolution. Artificial Intelligence and all that.
They argue that if all the information any state agency (and possibly private company) holds on us is combined into one gigantic database, then Britain could be once again leading the world into a new economic future. Imagine!
Health records, tax returns, time detained at His Majesty's pleasure, property owned on the land registry, motoring and other offences, children and ex-wives, educational attainment (or lack thereof), salary, savings, what you spend on petrol, prunes, plimsolls and prophylactics in a year; the absolute lot could, in theory, be tracked, aggregated with everyone else, analysed, and perhaps even sold, either as datasets or as individual data.
Hague and Blair say they want Prometheus unleashed via the Government Gateway. To which I can only reply: “I’m not convinced, and even if I was, I don’t care for it”.
You see, it’s very simple. I don’t trust the British state, neither to construct a workable system in the first place, nor to guarantee its privacy and security. I’ve had some experience of the Government Gateway and the NHS database, and, while magnificent in some respects, they’re also flawed.
I can also remember the disastrous NHS IT database scheme that was eventually abandoned in 2013, after £10bn had been spent on it and written off (stretching over the period when Blair and Hague were in government, funnily enough). Not to mention when that civil servant left the tax records of millions of people on a train.
Even if they could construct a mega-database that could cope with the different personal circumstances of the British populace, who says the North Koreans couldn’t hack it and wreck it? They’ve done it already – you may recall the ransomware WannaCry cyberattack on the NHS a few years ago, when the doctors and nurses had to go back to pen and paper.
There is no database – no computer system anywhere – that is immune from cyber assault. That is not a reason to go back to paper ledgers and index cards, but it’s a powerful reason not to put all your fragile digital data eggs into any one basket.
It’s all a bit creepy, too. I don’t really want the tax man to see my medical records, and I don’t want my doctor to see my tax records. I don’t want the bank to know about my speeding fines, or the DVLA to know how much I earn. I don’t see the point.
Moreover, I don’t trust the human beings involved to create and operate a system that is secure enough to keep my information separate and prevent that kind of thing from happening.
Someone, somewhere in a busy surgery or overstretched passport office is going to use their first and last names as their password and 1234 as the PIN, or lose their smartphone and frustrate two-factor authentication, or whatever else comes along to protect our privacy. It would be a fraudster’s paradise.
With criminals and hostile foreign powers, it is always going to be a game of cat and mouse, and sometimes the bad guys will win. Before you know it, the details of your divorce settlement or colonoscopy results will be splashed on some website, Wikileaks-style. No thanks.
I’m all in favour of databases, especially those used for medical research, and of clever people detecting links between consumption of red meat and certain types of cancer through conventional survey techniques. There is a balance of risk/reward there that seems reasonable.
What I fear is that aggregated personal data on a mega-database creates far too much risk for individuals with little conceivable reward; and the potential for a mega-disaster. It will happen when, one day, someone in Pyongyang will get in to the thing, wipe the lot, and the nerds in the Department for Science, Innovation and Technology will have forgotten to do the British megabase back up.
An entire nation, the victim of an audacious identity theft. Whoops!