The UK is bringing in digital IDs. Here’s how to stop them becoming surveillance tools
Everyday life already depends on proving who we are, from applying to jobs, renting homes, accessing financial services or travelling abroad.
An improvement to this system is a welcome change when done correctly, making everyday interactions smoother for people and businesses alike.
CEO & co-founder cheqd.
The UK’s newly proposed BritCard risks repeating old mistakes, scrapped in 2006 for being “intrusive, ineffective and enormously expensive”.
Putting everyone’s ID data in one interconnected place creates a single, attractive target with greatly increased exposure unlike physical IDs which is harder to access at scale.
You also make it easier for the system to be repurposed. Data gathered for one reason is often pressed into service for another reason- a tool built for convenience can become an instrument of control without the correct systems in place.
An efficiency boosting ID or all-purpose surveillance?
Digital identification is already required in everyday life. KYC for banking, credit checks, passports for travel, visas, and National Insurance numbers. What BritCard proposes is different.
By merging these functions into a single digital ID, the government could link systems that operate in isolation and promise greater convenience and efficiency. However, whether it is the goal or not, can also feature full-spectrum tracking of people’s movements and interactions both online and offline.
Recent public reaction shows how contentious this is.
Almost three million people have already signed a petition demanding the government scrap the plan, warning its implementation is ‘a step towards excessive monitoring and digital control’ or building a ‘switchlever to Orwellian surveillance’ that could be misused in ways similar to China’s social credit infrastructure.
That concern is not unfounded even if not the intention. Privacy researchers note that some Digital ID architectures include “phone home” features: background functions that report when or where ID credentials are used.
Even when intended for security or interoperability, this capability risks turning verification into quiet tracking if left unchecked.
Without clear safeguards, the ability to restrict access to movement and payments, or linking behavior across services could be knowingly or unknowingly built into its architecture.
Lessons from digital ID around the world
Digital ID can deliver real benefits when built with the right safeguards, the challenge is ensuring they enhance trust rather than centralize control. Centralized databases must be limited to the minimum necessary information.
The law must set clear limits on who can use the data and why. Without tight legal and technical safeguards, centralized systems are both surveillance tools and hacker magnets.
Estonia, often held up as a model, suffered a breach in 2021 that exposed almost one million peoples identity records, including voting, banking and medical records that forced a lockdown on all online services.
Even advanced systems fail if the architecture concentrates risk. Despite its breach, it has still built seamless e-governance and secure digital signatures because of this technology, its digital ID has enabled citizens to file taxes in minutes, sign contracts remotely, and access nearly all public services online.
Switzerland, after being rejected in 2021, only secured public support for its national digital ID recently by introducing stronger safeguards and clearer governance. The new voluntary system is issued by the federal government and stores data on users’ devices rather than in a central database.
It uses selective disclosure to share only what is necessary, relying on open-source code that can be publicly audited, and includes a national trust registry to keep issuers accountable. These safeguards put citizens at the center that turned a rejected system into one the public placed its confidence in by vote
The architecture that decides between convenience and control
So… how do we stop them becoming surveillance tools? The starting point is a privacy-first architecture based on signed, verifiable data. In practical terms this means credentials that are issued by trusted authorities, held by individuals, and presented selectively.
Instead of sharing entire identification documents each time, digital ID systems can verify specific information through digitally signed confirmations. For example, a person could confirm they meet certain criteria such as being over 18 or having the right to work without revealing every detail on their ID.
The verification happens securely between trusted parties, and the underlying data remains protected. The person stays in control of when and where their information is used, and the verifier receives only what is relevant to that interaction.
For example, a venue checks that you are over 18 without learning your full date of birth, and an employer verifies your right to work without storing a copy of your passport in their database.
This approach, known as self-sovereign identity (SSI), allows people and institutions to prove facts about themselves without exposing the data behind them. It creates systems that are secure, comparable across borders, and privacy-preserving.
For governments, SSI could underpin a digital ID framework that strengthens trust and efficiency without enabling mass surveillance, just like Switzerland.
Digital ID is inevitable. Whether it becomes the backbone of a trusted digital economy or the framework for total surveillance depends on what we build now.
If the UK chooses a privacy-first model, it can maximize efficiencies, delivering speed and security without surrendering control. If it doesn’t, we risk hard-coding a switchlever to Orwellian surveillance into everyday life, efficient, permanent, and impossible to unwind once turned on.
We’ve featured the best authenticator app.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
Everyday life already depends on proving who we are, from applying to jobs, renting homes, accessing financial services or travelling abroad. An improvement to this system is a welcome change when done correctly, making everyday interactions smoother for people and businesses alike. That is the promise of Digital identity, but…
