Digital ID & The Slippery Slope

I’m sure you’ve heard by now, but “digital ID” seems to be a recurring buzzword these days. 

Around the world, not only at home, but also EU, US, and as far as Australia, governments all appear to be coordinating and promoting it through things like faster access to public services, less paperwork, and better security… whatever that means. For us in the Yookay, Starmer even says it will help control illegal immigration by making it harder for people without legal status to work. On the surface the idea sounds practical and benign, yet beneath it lies a system capable of tracking and restricting large parts of people’s daily lives.

Any critics are often parried with almost snarky justifications of “well, you already use an e-passport gate at the airport and accept facial recognition in supermarkets to stop shoplifters without a fuss, so what exactly do you have to hide?”, as if the pieces have not clearly been slowly boiling the frog since as far back as 2006 with the Identity Cards Act, and the later (but now scrapped) infrastructure set out for the Biometric Residency Permits (BRP) in 2008, both heavily and openly pushed by Tony Blair back in the day. Contemporary efforts have included the idea for  “digital drivers licenses”  and “digital wallets”, but the mechanism which seems to be working best at producing conversations and conditions necessary for manufacturing consent towards a digital ID system is the 2023 Online Safety Act, which drives age verification on websites and apps, often pushing toward biometric or document checks under the guise of “keeping children away from harmful content”. 

One of the concerning enforcements of this law occurred as recent as March this year with Apple’s iOS 26.4 update, which enabled the requirement for UK users (and only UK users) to prove they are over 18 for certain Apple ID account features and services (read: if you don’t upload your documents, you now cannot access your “adult” apps or websites, under what Apple largely opaquely filters as age inappropriate). Whilst yes, it is easily resolved with a linked credit card or by image of a driving licence, many users have struggled when their phone automatically installed the update (per Apple’s default settings), which also had no mention of the feature, facing the finicky requirements which would not allow them to upload certain forms of ID like a passport. Steps like feel minor when taken one at a time; just last year Apple complied with the UK government’s request to disable Advanced Data Protection, a feature which allowed a user to encrypt a larger set of data stored in iCloud. This is suggests that Apple is willing to comply with state requests for local censorship and surveillance, as they already do with countries like China.

Gradual changes like these create a classic slippery slope scenario, where eventually one day you wake up and everything has slowly been chipped away. Small, reasonably justified changes today make larger changes easier tomorrow. Given enough spaced out erosions, they eventually train the public to blindly accept handing over all personal data just to use their own devices and access normal online functions, and treat it like it is inevitable and futile to do anything about such violations of freedom and dignity. This is not to mention the broader issues of services like OpenAI using middlemen like Persona to funnel data directly to other government agencies, Discord’s ID verification database getting leaked, or services simply pulling out of the UK in protest at the requirements, like the case of Imgur. 

Once a form of universal digital ID links to banking, transport, retail, and government services, targeted exclusion becomes almost trivial to implement. People have already seen debanking cases where accounts are suddenly shut down over a holder’s controversial views or activities. Facial recognition in shops could very easily feed into personalised dynamic pricing systems or pub entry bans. Hypothetically, a low digital ID social credit score, a-la-China, whether from speech, associations, or what many would deem “minor” trivial offences (like “banter”), could quietly limit access to jobs, loans, or even basic utilities, as well as impede severe social-reputational costs. Underground cash or informal economies might dodge parts of it for a time, but most ordinary people cannot live fully off-grid in a modern connected society without huge personal and technical cost.

Government language still will frame all this as necessary and beneficial, nonetheless. In September 2025 Prime Minister Starmer announced plans for a national digital ID scheme, claiming it would make borders more secure and cut illegal working. The original idea included making digital ID mandatory to prove the right to work by 2029. Fortunately, after strong public backlash, including petitions with nearly three million signatures and criticism from civil liberties groups, the government performed a U-turn in January 2026, with the compulsory element for right-to-work checks dropped. Ministers now call the scheme voluntary, with talk about a public consultation. However, the UK’s digital verification services trust framework reached version 1.0 in pre-release in March 2026, and now sets rules for certified digital identity providers to create a “trusted ecosystem for verification”… again, whatever that means. The fact is, the underlying infrastructure keeps moving forward regardless, and keeps appearing as something that, like a lot of things these days which no one really chose to vote for democratically, always ends up passed by brute force anyway. The house always wins. 

But the dangers I suggest are really not science fiction. Even without getting into the overengineered specifics of how the currently planned implementation works, history demonstrates how centralised identity data can get dangerously repurposed; for example, Dutch census records helped the Nazis identify and round up Jews during their occupation. Records and databases have almost always served every kind of tyrannical regime, left or right, for targeting “enemy” groups, whether political, social, religious or racial, in all directions of cause and victim. In the UK, social trust fabric is already worn pretty thin, and our fragmented multicultural society of conflicting demographics (in all senses of the term) indeed have many groups which are rather not fond of one another. If any one were to be put in control, it’s almost certain another group will end up paying a cost somehow; either as hunted “far-right online extremists”, or in ICE-like raids based on health data collection. To be clear, I iterate; is not a left versus right issue, and for the record I am not taking either side here. Anyone whose activities fall outside whichever current official authority’s acceptance could, in theory, be tracked and face consequences via the apparatus of a digital ID system. A centralised digital system makes anarcho-tyrannical enforcement far more efficiently enforced and scalable; in the UK’s case, “online hate speech” already hands out longer sentences for mere words than what is given to assault crimes committed by illegal entrants. And like the ICE-raids using medical data, tools like Palantir already help the government analyse large datasets for the NHS, so what difference would it be if they also managed a digital ID database?

We should additionally keep in mind that as artificial intelligence improves, sifting through everyone’s digital footprint and applying automated restrictions and penalties would, in theory, become trivial, even though such surveillance has been technically proven possible for over a decade since Edward Snowden leaked the UK’s involvement as part of the Five Eyes/PRISM. The tools of tomorrow could and likely will be vastly more capable than those of today, and likely only given to those who are “trustworthy” to widen already existing asymmetries of power. And again, once such system embeds itself in smartphone operating systems, digital wallets, and other daily services, reversing the system or escaping past records becomes nearly impossible. Your life would eventually shrink to and be mediated by maintaining your digital persona which determines what you can buy, sell, travel for, or access; a “Mark of the Beast”, if you will.

To add, existing government IT projects suffer frequent failures and data breaches, and technical competence more broadly feels low given ministers’ lack of understanding of Internet etiquette regarding genuine discourse, humour and meme culture and the lack of national boundaries of cyberspace. Defenders point to buzzwords like “certified providers” and “technology-neutral standards”, yet in practice the direction points toward deeper integration. Recent AWS outages have already shown how fragile existing UK government systems can be, since they lean on external cloud providers; not only is a future where your live depends on staying in favour with whoever controls the systems bad enough, the controller not even being competent enough to even keep it running smoothly (if they even are sovereign over it themselves) is probably not far-fetched and makes the matter even worse. But unfortunately it is the logical end point of current trajectory.

Another example further showing the technologically backwards mentality of the Labour government is in its documents detailing that encryption is treated as a potential threat to child safety. VPN usage draws similar suspicions and talk of regulation crackdowns, likely because they have realised you can use both to simply get around the walls any laws are building around the country’s infrastructure. The only message anyone mildly literate can seem to gather is that resistance to this equals criminal, which cannot be true in a country which is free and just and values the rights of the individual to express or communicate privately.

The worst part, in truth, is that better and healthier technical paths do in fact exist for a digital ID system, in theory. Decentralised systems using zero-knowledge proofs or homomorphic encryption can allow people prove a fact, such as being over 18 or holding the right to work, without ever revealing anything about themselves in the data being processed. Projects like Urbit already create modular/pluggable sovereign identities under user control, and many Web3 ideas (the ones that aren’t pure grift) can indeed offer secure routes for verification systems, arguably better than anything centralised we tend to make use of currently. Even without venturing into the whole cutting-edge crypto world, Apple and Google already offer the tools for a parent to setup a device linked to a parent ID, and allow for parents to setup restrictions as they deem fit for their own children without anyone needing to involve external middlemen databases or government services. 

If a digital ID really must be implemented, a competent government would surely at least wish to build a dignity-preserving version which avoids mass surveillance, especially if public trust is at what is probably all time lows. The UK (and broader worldwide) approach so far shows little sign of that priority due to the aforementioned low technical literacy in the state and clear incentive issues, which makes trusting them with such power risky at best. And we’re not even getting into any allegations of corporations such as Meta in fact lobbying for these ID verifications, due to the “dead internet” posing a risk to advertisers buying ad real estate, only for it to be shown to bots and not real users.

Nevertheless, with the “digital ID” repeatedly appearing like a whack-a-mole, it’s likely that it will at one point or another affect everyone, even if some will feel its negative effects later than others. As I say, it does not matter which side of the political spectrum you sit on; the incentives are simply stacked in too tempting of a way for anyone not to abuse the power of such a system. Even so, as with all the issues mentioned, convenience will probably push most people toward compliance because daily life’s inconveniences are already taxing enough as it is, figuratively and literally, either through soft pushes or crisis engineering.

Given the problems with the existing bureaucracy in power needing to be gutted and streamlined anyway, the only decent move may be to attempt as best one can to reject whatever this currently centralised, government-led version is outright and insist, at the very least, on designs that keep real control with the individual if one cannot refuse digital ID’s inevitable existence. Pushback has already forced one major retreat on the mandatory element for now, and continued resistance can almost certainly slow or reshape the rest. 

Without it, the UK risks crossing a point of no return where freedom truly does become conditional on maintaining an approved digital self under Big Brother’s guise. The pieces are aligning and the direction is clear; the time to recognise it and act on it is now.