Evaluating National Digital ID Proposals: A Civil Society Guide to Protecting Privacy and Power

Overview

In September 2024, the UK Prime Minister announced plans for a national digital ID scheme that would create a virtual identity on personal devices, storing names, dates of birth, nationality or residency status, and photos to verify rights to live and work. While proponents argue it streamlines services, the Electronic Frontier Foundation (EFF) and 12 UK civil society organizations have raised serious concerns. This guide walks you through the critical issues to assess in any proposed digital ID system, using the EFF's consultation submission as a framework. By understanding these six interconnected flaws, advocates, policymakers, and citizens can evaluate proposals, identify red flags, and push back against systems that erode privacy and power.

Prerequisites

Before diving in, ensure you have a basic grasp of digital identity concepts (e.g., authentication, biometrics, data centralization) and the legal context of the region. Familiarity with civil liberties principles helps. You should also access the full EFF submission for deeper detail—see references below.

Step-by-Step Guide to Analyzing a Digital ID Proposal

1. Identify Potential Mission Creep

Mission creep occurs when a system designed for a limited purpose gradually expands to serve other functions. In the UK consultation, the government plans to start with verifying right to work and live, but the underlying architecture could easily be repurposed for voting, financial transactions, or even social scoring. Ask: Is the system designed with narrow, lawful purposes explicitly stated? Are there safeguards against future scope expansion? Any vague language about “future uses” or “efficiency” is a red flag. Practical checkpoint: Review the proposal's stated objectives and see if they align with the technical capabilities. For example, if the system collects biometrics “only for identity verification,” but the data is stored centrally, it opens doors for police or immigration enforcement.

2. Assess Infringements on Privacy Rights

Digital IDs create a single point of linkage—every transaction tied to your digital token can be tracked. The EFF highlights that even with consent, the system normalizes surveillance. Key privacy concerns include: mandatory enrollment (technical or social coercion), data retention periods, and third-party access. Evaluate whether the proposal mandates that private companies (like banks or telecoms) cross-reference your ID. Also look for a clear data minimization principle—does it collect only the minimal data needed? For instance, proving you are over 18 should not require revealing your exact birth date. Checklist:

• Is enrollment optional or effectively mandatory?
• Are there strict limits on data sharing?
• Can the government see all transactions tied to your ID?

3. Evaluate Serious Security Risks

Centralized digital ID databases are honeypots for hackers. Breaches could expose millions of citizens' personal data, irrevocably damaging trust. Additionally, the system itself could be weaponized—e.g., authorities could revoke or disable IDs to cut access to services. Ask: What encryption standards are used? Is the system decentralized (e.g., self-sovereign identity on devices) or centralized? Are there fallback mechanisms if the system fails? Consider real-world examples: Estonia's e-ID faced service-disruption attacks; India's Aadhaar saw data leaks. Strong security requires end-to-end encryption, minimal data storage, and robust auditing. If the proposal relies on “secure hardware” without open-source review, be skeptical.

4. Scrutinize Reliance on Inaccurate and Unproven Technologies

Many digital ID schemes depend on facial recognition, liveness detection, or AI verification. These technologies have well-documented biases—especially against people of color, women, and people with disabilities. They also suffer from false positives and negatives. Examine the proposal’s technical specifics: Are the algorithms independently tested? What error rates are acceptable? Is there a human review process for automated denials? The EFF notes that even with best safeguards, the underlying tech may still discriminate. Example: In automated benefits verification, legitimate claimants can be locked out due to failed biometric checks. Insist on transparent testing data and opt-out alternatives for those who cannot use biometrics.

5. Analyze Discrimination and Exclusion Risks

Digital IDs risk excluding marginalized groups—the unhoused, elderly, undocumented, or those without smartphones or reliable internet. If the system is tied to public services, these groups could be denied healthcare, housing, or voting. Check if the proposal includes multiple verification methods (offline, in-person, paper backup). Also consider whether the system penalizes those who opt out. The EFF points out that a “digital first” approach can push people into compliance. Look for explicit nondiscrimination impact assessments. Key question: Does the proposal mandate digital-only access to essential services? If so, it entrenches inequality.

6. Consider Deepening of Entrenched Power Imbalances

The core problem is that a mandatory digital ID shifts power from individuals to the state. Instead of just verifying who you are, the system becomes a key that can open or close doors to services, jobs, travel, and more. This enables the state to control access based on compliance, political affiliation, or arbitrary rules. Evaluate whether the proposal includes independent oversight and appeal mechanisms. Even the strongest safeguards are insufficient if the architecture itself grants the state unprecedented gatekeeping authority. The EFF submission states that no one should be coerced into a digital system to participate fully in public life. Ask yourself: Would this system function without a “kill switch” for dissenters?

Common Mistakes

Assuming Safeguards Are Enough

Many proponents argue that privacy-impact assessments, encryption, and audit trails resolve risks. But the EFF warns that systemic power imbalances persist regardless of safeguards. For example, even if data is encrypted, the state still decides who can authenticate. Don't fall for the “technical fix” fallacy—the problem is social and political.

Ignoring Social Coercion

A system might be “voluntary” on paper, but if businesses or government agencies only accept digital IDs, it’s de facto mandatory. Be alert to language like “optional but encouraged” or “convenience features.” Monitor whether private sector adoption is mandated.

Overlooking Offline Alternatives

Failing to ensure non-digital methods of identity verification perpetuates exclusion. The UK proposal initially didn't mention paper backups—this gap must be fixed. Always demand a parallel analog system for critical services.

Trusting Unproven Tech

Biometric and AI vendors often overstate accuracy. Look for independent audits and error rates by demographic. Avoid enthusiasm for “innovative” technologies without rigorous testing in diverse populations.

Summary

National digital ID schemes are not neutral tools—they reshape the balance of power between citizens and the state. By systematically evaluating mission creep, privacy infringements, security risks, technology inaccuracies, discrimination, and power imbalances, civil society can mount evidence-based opposition. The EFF's six issues provide a robust checklist. Remember: even with ideal safeguards, the core problem remains a shift in power. Advocate for systems that are decentralized, optional, and with strong data minimization. The UK must listen to its people and say no to a mandatory digital ID.

References

• EFF Submission to UK Consultation on Digital ID
• Joint letter from 13 civil society organizations, December 2024
• UK Government Consultation: “Making public services work for you with your digital identity”