The UK government has just confirmed plans to roll out a mandatory digital identity card — a “Brit Card” that everyone will need to work, rent, or access key services. It’s a bold step into the digital age, but also a decision that splits opinion down the middle.
On the surface, the idea sounds attractive. No more juggling passports, driving licences, and utility bills. One secure ID to prove who you are — instantly. Employers and landlords could quickly check someone’s right to work or rent. Estonia and other countries show how digital identity can speed up healthcare, banking, and public services. It promises a sleek, joined-up system that saves time and tightens security.
But that’s only one side of the coin. A centralised ID also carries risks that are impossible to ignore. It could become a powerful tool for surveillance, where every move is traceable. System glitches could lock people out of jobs or housing. And what starts as proof for work and renting could easily expand into social media logins, voting, even travel permissions. History shows that when states build big databases, the temptation to expand their use is never far behind.
As a cybersecurity specialist, here’s my take: digital ID for every adult is not progress. It’s the end of a free society dressed up as convenience. Ministers are selling it as a fix for illegal migration. That is bollocks.
We already spend hundreds of billions a year on cybersecurity and yet breaches keep breaking records. Threats are growing faster than our ability to defend. A digital ID won’t stop boats, won’t break trafficking gangs, and won’t fix a broken border. Criminals will find ways around it. Honest citizens will pay the price.
The truth is it builds giant databanks that track where you go, what you buy, what you read and who you speak to. It ties your identity to every checkpoint in daily life. And one breach is all it takes for your entire life to be exposed.
Think of the Jaguar Land Rover cyberattack, or the chaos at airports in recent weeks. Now imagine that happening at national scale, on a system that controls everything from healthcare to wages. The government won’t say it out loud, but the real risk is ransomware seeded quietly through a supplier or insider. It lies dormant for months, rolling through backups. On trigger day, both the live system and the recovery sets are encrypted. Payments fail. Benefits stall. Borders jam. Citizens are frozen out until a ransom is paid or the state somehow rebuilds from scratch. Centralise identity and you centralise failure.
And then there’s the slippery slope. It starts as a login. Then it becomes access to money, to travel, to speech, to public services. Rights turn into permissions controlled by the state and its contractors. A single point of failure for criminals, insiders, and hostile states to target. A system that punishes the elderly, the poor, or anyone not always online.
It will not stop fraud. It will not stop illegal migration. What it will do is create the machinery for a social credit system by stealth.
If the government really cared about the border, it would enforce existing laws, properly resource patrols and processing, close loopholes, and remove those with no right to stay. None of that requires a national ID system.
We scrapped ID cards in 2010 for a reason. Britain does not need a central register to prove age or status. What we need are privacy-first solutions, not a database state.
The real question isn’t whether we can build a digital ID, but whether we should — and whether the price is too high for a society that still values freedom.