Back in 2003, I wavered. The government wanted us to carry ID cards; I wasn’t convinced, but I wasn’t completely against them either. My main worries were privacy and the lack of proper debate. It felt like something too important to be slipped through quietly. I did take part in a 2004 Passport Service trial of biometrics, which I imagine paved the way for the biometric border controls we have today. But, they did give you a little identity card: it couldn’t be used for anything, but it might have been the start of something.
Now, more than twenty years later, here we go again — but this time it’s not a plastic card in your wallet, it’s a digital identity on your phone. The sales pitch is familiar: security, fraud prevention, migration control, efficiency. The packaging has changed — “digital wallet,” “verification services,” even the cheerfully tabloid nickname “BritCard” — but the underlying tension is the same. How much do we give the state in return for the promise of convenience and safety?
I can’t help but notice the parallels. In 2006, the Identity Cards Act reached Royal Assent, yet the scheme collapsed under its own weight: too expensive, too intrusive, too unloved. Today’s plan is billed as leaner and smarter: no centralised biometric database (at least not yet), a free app instead of a paid-for card, targeted use cases like “Right to Work” checks rather than a universal compulsion. Progress, of sorts.
But the old worries remain. Function creep is the classic risk: once the technology is there, the temptation to expand it will be irresistible. And for those excluded — the people without smartphones, the ones who struggle with digital bureaucracy — “alternatives” often mean long queues and clunky paper processes.
That temptation to expand is not theoretical. We’ve seen how governments argue for back doors into encrypted messaging or demand that companies like Apple weaken their security “for national security reasons.” If a digital identity scheme exists, the same logic applies: today it’s Right to Work checks, tomorrow it could be banking, housing, or even access to encrypted communications themselves. The concern isn’t just about convenience or cost; it’s about whether a tool created in the name of efficiency slowly becomes a lever of control.
We don’t even need to speculate to see how this plays out. In Spain, where the FNMT digital certificate has become the de facto way of dealing with the state, the risks are clear enough. Citizens have been tricked by phishing emails promising their certificate was “ready” — only to deliver a Trojan instead. Trust has also been shaken when FNMT itself let key certificates expire, triggering browser warnings on its own official pages. A system sold as frictionless, in practice, adds its own layers of risk and dependency — and once embedded, it’s very hard to opt out.
So, two decades on, has my thinking shifted? Maybe only slightly. The technology is better, and in theory the safeguards stronger, but my scepticism hasn’t gone away. If anything, the experience of the last twenty years — hacks, leaks, surveillance scandals — makes me more cautious. A shiny app doesn’t change the fundamental question: do we trust the state with the keys to our identity? Or are we just being asked to trade the old plastic for a sleeker way of showing our papers at the digital border?
Still, at least if it all goes wrong, we won’t have to cut up a plastic card — we’ll just delete an app and hope the database forgets us too.