Few things stir the imagination of conspiracy theorists like the prospect of a government-backed digital-identity scheme. The obsessive advocacy of digital ID by Tony Blair of all people is just more grist to their mill. But there are perfectly rational reasons to be wary of the British state’s digital-ID scheme. For one thing, it will make us less safe.
As I recently reported in the Telegraph, I was contacted by a senior civil servant working on One Login, the UK’s digital-identity project. Announced in 2021 and developed by the Government Digital Service (GDS), One Login has absorbed over £300million in public funds so far. It is ultimately designed to help citizens access hundreds of government services and, in the shape of the gov.uk wallet, retain digital documents including an individual’s driving licence. It currently processes the sensitive personal and biometric data for three million citizens, but that number is expected to rise as the service expands.
What the senior civil servant told me was disturbing. He arrived on the project in 2022 to set up an information-assurance team, which performs a function similar to that of an auditor, assessing risk. At One Login, he found a chaotic and insecure work culture. The system was being accessed by users with ‘do anything’ system-administrator privileges thousands of times a month. Many of these users did not have the recommended security-clearance level required to work with the sensitive personal data of millions of citizens. Moreover, the GDS did not mandate locked-down workstations for staff working from home, or for the hundreds of contractors developing the system – a legacy of the GDS’s ‘geeks in jeans’ culture once eulogised by commentators. The civil servant also discovered that part of the system was being developed in Romania, a nation named by Oxford University researchers as one of the world’s ‘key cyber-crime hotspots’.
It would only take one developer with the right administrator privileges to create havoc on the system, perhaps developing ‘back doors’ into One Login that no one would even be aware of.
Hellbound and Down 