Tag: privacy

A New Identity

UK’s digital ID revival rekindles old doubts about trust, privacy, and control.

A close-up photograph of a worn card showing the UK Passport Service logo in red with an arrow, text reading "An Executive Agency of the Home Office", a gold EMV chip, and the words "Demonstration Card" and "Reference Number:" printed below
A relic from the UK’s 2004 biometric identity card trial – an official demonstration card complete with chip that served no purpose beyond showing what the future might have looked like, had it ever arrived.

Back in 2003, I wavered. The government wanted us to carry ID cards; I wasn’t convinced, but I wasn’t completely against them either. My main worries were privacy and the lack of proper debate. It felt like something too important to be slipped through quietly. I did take part in a 2004 Passport Service trial of biometrics, which I imagine paved the way for the biometric border controls we have today. But, they did give you a little identity card: it couldn’t be used for anything, but it might have been the start of something.

Now, more than twenty years later, here we go again — but this time it’s not a plastic card in your wallet, it’s a digital identity on your phone. The sales pitch is familiar: security, fraud prevention, migration control, efficiency. The packaging has changed — “digital wallet,” “verification services,” even the cheerfully tabloid nickname “BritCard” — but the underlying tension is the same. How much do we give the state in return for the promise of convenience and safety?

I can’t help but notice the parallels. In 2006, the Identity Cards Act reached Royal Assent, yet the scheme collapsed under its own weight: too expensive, too intrusive, too unloved. Today’s plan is billed as leaner and smarter: no centralised biometric database (at least not yet), a free app instead of a paid-for card, targeted use cases like “Right to Work” checks rather than a universal compulsion. Progress, of sorts.

But the old worries remain. Function creep is the classic risk: once the technology is there, the temptation to expand it will be irresistible. And for those excluded — the people without smartphones, the ones who struggle with digital bureaucracy — “alternatives” often mean long queues and clunky paper processes.

That temptation to expand is not theoretical. We’ve seen how governments argue for back doors into encrypted messaging or demand that companies like Apple weaken their security “for national security reasons.” If a digital identity scheme exists, the same logic applies: today it’s Right to Work checks, tomorrow it could be banking, housing, or even access to encrypted communications themselves. The concern isn’t just about convenience or cost; it’s about whether a tool created in the name of efficiency slowly becomes a lever of control.

We don’t even need to speculate to see how this plays out. In Spain, where the FNMT digital certificate has become the de facto way of dealing with the state, the risks are clear enough. Citizens have been tricked by phishing emails promising their certificate was “ready” — only to deliver a Trojan instead. Trust has also been shaken when FNMT itself let key certificates expire, triggering browser warnings on its own official pages. A system sold as frictionless, in practice, adds its own layers of risk and dependency — and once embedded, it’s very hard to opt out.

So, two decades on, has my thinking shifted? Maybe only slightly. The technology is better, and in theory the safeguards stronger, but my scepticism hasn’t gone away. If anything, the experience of the last twenty years — hacks, leaks, surveillance scandals — makes me more cautious. A shiny app doesn’t change the fundamental question: do we trust the state with the keys to our identity? Or are we just being asked to trade the old plastic for a sleeker way of showing our papers at the digital border?

Still, at least if it all goes wrong, we won’t have to cut up a plastic card — we’ll just delete an app and hope the database forgets us too.

Privacy Policy

It’s always important to know what personal details are stored for use on any site and this site is no different. Read about my privacy policy.

This page was replaced on 13 February 2024 with a new policy. See https://www.curnow.org/privacy/ for the current privacy policy.

I believe the sites and services we use online should be open about what information is collected and how it is used. In spite of some nonsense having been written about privacy threats, collecting information like this is not always as creepy as it sounds because some information is needed just to make the internet work. For example, this page mentions your IP address. That’s the way the internet gets pages, music and video to your computer, phone or TV (depending on what you’ve connected). Without that address the internet won’t work so it has to be passed around a little bit.

The internet is also global which means it might not always be obvious where this information is going. For example, although I was born and live in the UK, the machines that hold this site are physically in the United States. I also use some services from Google which is headquartered there. So, some information passes through them.

So, in the spirit of letting you know what this site does – and doesn’t – do this page aims to explain it all as clearly as possible. If it’s not clear then I want to know. Tell me @curns.

Respecting Your Privacy

The curnow.org website does not need to collect nor store your personal data in any way. You can use this site without sharing any personal information.

In common with most sites, the web server – which is the machine that sends the pages to you –  may collect information from your browser, including your IP address and the page you request, This is used to identify the most popular pages or issues with this website. In addition to information stored by the web-servers of my hosting provider, Dreamhost, I use Google Analytics to help me understand how visitors use my site. It is anonymous and I do not know who you are. I have disabled any advertising related features that I can for Google Analytics because I do not use any advertising services. Google’s privacy policy is here.

Comments and Email Addresses

If you contact me with your email address it will not be sold or released to anybody else unless the law requires it.

You are able to comment on selected entries within the site. I have removed the option to store your name and email to facilitate commenting on multiple sites because I got so few comments. Your email address is required if you wish to comment or contact me. This is to help authenticate real users and to deliver your message to me. It will never be shared with anybody else (I hate spam too) and you’re not going to get any emails from me except for any automated ones I set up to confirm your comment or contact (unless your contact request asks me to get in touch, of course) or if you tick the boxes asking to be notified about other comments. For security and to prevent spamming, the system collects your IP address from which you made the comment and this is recorded alongside the comment. That data is stored on my servers which, as I have mentioned, are located with Dreamhost in the US.

I use the Akismet anti-spam service for comments. The data on the comments – IP address, user agent, name, email address, website, and message — is submitted to the Akismet service (owned by Automattic) for the sole purpose of spam checking. You can see details of they privacy policy here. The actual submission data is stored in the database at curnow.org and is emailed to me. This email will include the submitter’s IP address, timestamp, name, email address, website, and message.

Please remember that any details you leave in the actual comment on a page will be displayed. Do not enter anything you do not want to be published on the site. Please think before posting any personal details. I will remove all posts containing obvious real world information and I reserve the right to remove any posts.

Moderation

Depending on the amount of comments – or spam – I am getting, I sometimes – but not always – hold them until they have been reviewed. Don’t worry if I don’t publish your comment quickly as it can often take me some time to get round to it. You can always nudge me @curns.

Cookies and embeds

A ‘cookie’ is a small file that is placed in your browser and allows curnow.org to, amongst other things, recognise that you have seen the cookie notification on the top of the page.

Specifically, a cookie called cookie_notice_accepted is used to show you have seen and accepted the cookie message. Once this cookie is set you will not see the message for aa month unless you delete it. A cookie called w3tc_referrer may be set. This helps with speeding up the site (technically known as caching). It knows nothing about you and is used to help the site function well. You may see cookies with a name like __utma (or similar). These are related to Google Analytics which I use to understand how people use my site. Google have a whole page, here, devoted to explaining these cookies and a mechanism for you to opt-out if you wish.

I do embed media from other sites and those sites may set cookies. Specifically, I use Soundcloud and Audioboom to share some audio. Soundcloud’s cookie policy is here and Audioboom’s is here. Occasionally I may embed content from Twitter (their privacy policy is here) or YouTube (policies here). I try to use code that does not set cookies but that’s not always possible.

There are a series of posts that embed Instagram images. They may set cookies and collect data. Their privacy information is here.

I also use a service called ShareThis to enable posts to be shared. They may set cookies. You can find our more, and opt out, here.

Gravatar

I use the Gravatar image service when you comment on the site. curnow.org will contact Gravatar to see if you have a picture that you wish to set with your comments. If you have never set this then it won’t find one. It’s a fun thing to do but if you don’t use that service then it can’t magically put a picture of you there.

The sites does not use cookies for anything else. There are no tracking or advertising cookies set. For more information on cookies please see aboutcookies.org and remember that you may delete the curnow.org cookies at any time. It will not effect your interaction with any other site. If you do not accept cookies, you can still use the site. If you want to delete your cookies then aboutcookies.org has a handy guide.

Other Services

There are a few other services supporting this site. I use Google Fonts for some of the display fonts. No cookies are sent by website visitors to Google Fonts. Requests to the Google Fonts are made to resource-specific domains, such as fonts.googleapis.com or fonts.gstatic.com, so that your requests for fonts are separate from and do not contain any credentials you send to google.com while using other Google services that are authenticated, such as Gmail.

The technology behind this site is WordPress and I use some elements of their Jetpack service to provide this site. These services are provided by a company called Automattic and information about the data they collect is here.

Credit Card Details

We do not need this information ever, so you do not need to enter it anywhere on this site.

External Sites

curnow.org is not responsible for the content of external internet sites. You are advised to read the privacy policy of external sites before disclosing any personal information.

Remember The Risks Whenever You Use The Internet

There is no reason to send us any personal details other than as specified above. In addition other Internet sites or services that may be accessible through curnow.org have separate data and privacy practices independent of my site, and therefore I want to let you know that I disclaim any responsibility or liability for their policies or actions.

Please contact those vendors or sites directly if you have any questions about their privacy policies.

Corrections and Contact

Please don’t hesitate to contact me if something on the site requires correction or removal. This policy was last revised in August 2021 to clean up some references and add more details about embedded media.

Previous versions of this policy can be found via The Wayback Machine.

This page was replaced on 13 February 2024 with a new policy. See https://www.curnow.org/privacy/ for the current privacy policy.