We shouldn't need to debate online identity again, but it's right that we do
The latest select committee report by MPs into the progress of digital government in the UK has resurrected a question that has reared its head on several occasions in the past – do we need a unique single identifier for every citizen, to be associated with our online presence?
This debate was most recently quashed in 2010 with the advent of the coalition government that quickly scrapped the outgoing Labour administration’s ID cards scheme and its associated central database. It was widely accepted that the concept of a physical card to prove who we are was a step too far in terms of individual liberty and personal rights.
That political decision led directly to the creation of Gov.uk Verify, the troubled digital identity scheme that has gone out of its way to avoid having a single identifier, instead working on a federated model.
While most experts agree that federated identity is the ideal solution, it’s hard to deliver on a national scale – as Verify has proved.
A single identifier has many benefits, say supporters – it makes identity verification easier, and it could allow citizens to quickly associate all the data government holds on them, to check it is correct and even enable some form of personal control over that data.
Critics, however, point out that a unique identifier could just as easily be used by government to connect personal data together in negative ways – for example, look at how the Home Office used health records to identify immigrants as part of its controversial hostile environment policy.
This is to some degree a peculiarly British debate. Most European countries have a single identifier for citizens – often in the form of a physical card – and the success of digital identity schemes in the Nordic countries is at least in part down to the existence of a unique identifier. The Science and Technology Committee report cited Estonia as a successful digital identity scheme, based also on a unique identifier.
It’s true to say that Scandinavians tend to trust their governments more than we do in the UK – which not an insignificant difference in this debate. And Estonia, as a former Soviet country, has very different cultural attitudes to the issue.
But it’s also relevant to point out that we already have a unique identifier in the UK – two in fact – in your national insurance (NI) number and NHS number.
The NI number, however, is not considered secure enough to use – it’s too easy for people to have multiple NI numbers, and there are more NI numbers in existence than there are people in the UK, partly thanks to historic IT system problems in the past.
The National Health Service in England is using the NHS number as part of the digital ID system it is developing for patients. It’s fair to say the NHS is a lot more trusted by citizens than the wider public sector.
Of course, the reason why MPs on the Science and Technology Committee suggested opening up this topic for discussion is because of the failure of Verify, and the way it has impeded the development of a wider commercial market for federated digital identity systems in the UK. If Verify worked, we wouldn’t be having this debate all over again.
While it’s generally agreed that a single unique identifier is not the right way forward in the long term for digital identity, we nonetheless find ourselves in a position where it is right to have this debate again. Let’s hope it’s for the final time.