Loading summary
A
Foreign.
B
Welcome to the Tech Pill, a podcast that looks at how technology is reshaping our lives every day and exploring the different ways that governments and companies use tech to increase their power. My name is Gus Hossain and I'm the Executive Director at Privacy International.
A
And I'm Caitlin at Lampier's campaigns coordinator. Hi.
B
So today we're really, really pleased to be having yet another old friend today.
A
Yes, a ghost from Gus's past, from his student days, who I'm hoping is going to tell us lots of very interesting stories about Gus as a student. We invited him here to talk about id, obviously. Hopefully we get some of that. But obviously we also hope 75% is Gus is a student making a lot of trouble and being horrendous. Of course, you were probably very boring and diligent.
B
And actually, this is the interesting thing. So Edgar is a professor at the lse, London School of Economics. I was at the London School of Economics from 1996. I did my PhD there, and I taught there for a while. And we're going to be talking about a moment in history where we actually made the LSE a little bit infamous in British politics. We got the LSE in a lot of trouble, which is unusual for the
A
lsc, which is famous for being quite boring.
B
It is very, very boring. So in a way, the naughtiness that we got up to was actually joint, and it was for the betterment of the lse.
A
So we're very excited to get to talk to Eka today, and we're going to be talking about ID systems. Another ghost from your past.
B
And so, yes, we're talking about id and mostly Caitlyn, because Caitlin got terribly excited about the idea of bringing Edgar along to talk about id. For some reason you like id and I don't like ID anymore because generally it's promoted as a solution to all of society's woes, often government's woes. And really what government wants is, is that government wants to know who you are. And so at a large level, the higher level, the grand theory level, identity systems necessarily redefine the relationship between the individual and the state. However, where I find identity much more interesting is when you get into the weeds, where you get into things like expiration dates, how often is an ID verified by who. Who owns the risks and whether your bank account details are safe to share. And we'll get to that. And we're also very aware that many people listening to this podcast probably come from countries where you have ID systems and you're Wondering, why do people in Britain and America and Canada make such a big deal about ID systems when ID systems go way back in time often. And in our research, we found that these ID systems are established in darker times in history, before democracy was established. But all these countries, even those with long standing ID systems, are now seeking to modernize them. And what we found is that when you modernize these systems, legacy issues still rear their ugly heads. And as much as I love it too, the boring implementation issues still come up. In this podcast, we're going to talk a lot about the uk.
A
Yeah, we're going to be discussing the UK because the UK has a new proposal and we're going to be discussing other countries because PI has worked on ID in a lot of other countries. And so we have thoughts and experience and understanding of ID in a lot of other countries and contexts which are useful when you're thinking about it as a concept.
B
Exactly. And particularly around the concept of legacy. For instance, in a previous podcast, we discussed the case in Kenya where the legacy of identity systems in Kenya resulted in what is the double registration scandal, where people who were rightly to be given an ID were excluded from getting an ID because they'd been registered in an alternative database. And we'll include a link to the podcast in 2022 where we discuss that at great length. And a version of that occurred in the United kingdom in the 2017-2018 era, where when the UK government decided to create a hostile environment for migrants. And what ended up happening is that they created what was called the Windrush scandal, where people who were citizens of this country and have been citizens of this country since the 1960s because they came from the colonies, their citizenship was essentially discarded because they didn't have the right paperwork. And the UK government had a horrible, horrible set of behaviors towards a large number of people who were treated as illegal and were deported or being threatened to be deported because they couldn't prove their citizenship. This is what identity systems do. They classify people based on what the government sees and doesn't want to see and says whether you're legal or whether you're illegal. And so, yeah, Caitlin's right, we're going to be looking at the UK system a lot because the upcoming UK policy, it's been a policy that's been about 10 months in gestation. The government's still not quite sure what it's going to be 10 months in
A
gestation this time around.
B
This time around, others would say it's 26 years in gestation ever since Tony Blair's government failed to get their ID system. But it's interesting to see this dance a government has to go through to justify why they want to build an id, what the ID system is going to do, what it's not going to do, and how they change this. But ultimately, the way that we see ID systems on top of it, including excluding people, is that ID systems build an intelligence system. They build an intelligence system so that governments can map your interactions of your daily life. And we're going to explore that with one of the world experts on identity systems, Edgar Whitley from the lsc. Now for a statement of interest. And I'm going to ask Edgar to introduce myself after I've embarrassed him. He was my second supervisor on my PhD back in the day. We've even co authored a book on ID issues internationally. We've gone on long road trips together, including one from like Seattle to Boise and back. And yet we've never had this conversation. That is, we meet up periodically with friends and others who've worked in this field for ages and we gab about id, but we've never actually had a
C
tape recording of it.
B
Yeah, a tape recording conversation from first principles. What do you genuinely think about id? And I'm going to challenge him just a little bit because one of the first conversations you and I ever had, which was 27 years ago, he was actually being a little rude. It was before he became my supervisor. I'm still surprised he agreed to become my second supervisor, but he'd made a dismissive comment about a theorist who was visiting the LSE at the time. And Edgar said, oh, these ridiculous big theories. And Edgar seemed to indicate he preferred little theories. And when it comes to id, the big theory of ID is that ID is oppressive or ID is going to enable the transformation of the state and the individual. I somehow think that you really live and you are the embodiment academically of this idea of little id. I've never known you to be a forceful, opinionated thinker. You're always somebody who approaches things with nuance and detail. And today I'm really excited we're finally going to have this conversation about ID all these years later. The book was what, 2010? Yeah. So it's six.
A
Available in all good bookshops.
B
Yes, Just Google the names.
C
And certainly available as an ebook. The paper copies may have been returned to Mother Earth.
B
Absolutely. A few academic libraries across the planet have it. So can we just ask you to introduce yourself a little bit and then we can get on to the Question?
C
Yeah, so I'm Edgar Whitley, I'm a professor of Information Systems in the Department of Management at the London School of Economics. And that I think partly explains the focus, emphasis on the kind of smaller theories. So information systems we describe in the LSE context, particularly as the social study of information technology and we are doing it in the context of a department of management, so actually doing things and making things happen. And so I'm always interested in what's the system design, where is the data going, how is the data being transmitted, how is the data being shared? And yeah, I can understand how those particular design choices can enable or restrict more high level surveillance societies, freedom societies, whatever it might be. But I'm always interested in those low level details about what actually is going on because then you can build from the ground up to your understanding of these larger concepts. And that just kind of reminds me, when I was doing my A levels, our physics teacher always talked about working from first principles. And I think there may be an element of that kind of. If you are talking about a surveillance system or an ID system, there is data, it's going to be going from one computer system to another, who collected it, where was it stored, who had access to it, et cetera. So that kind of ground up first principles probably does drive a lot of the thinking and then the consequences of that come about. Another example, and we'll come to it later on, is some of the work I've been doing in other countries has been about how do countries build the capability for building ID systems, registration systems, et cetera. And then you still are interested in how are you going to hire the people who run the local offices? How do you make them proud of your jobs? Little things like, I know, give them a uniform so that they can feel appreciated for doing this important task. It's often from the bottom up where the things come.
B
A great example of this, Caitlin, and to the listeners is when Tony Blair was Prime Minister introduced the idea of an ID card back in 2002, 2003 and then officially in 2005. And the LSE and civil society were very, very deeply engaged in this discussion, nerding out like some of the fighting was from the grand narrative scale of like only Hitler would ever introduce something as ridiculous as this to me. One morning, waking up to the Today program, the premier broadcast radio broadcast in the country that sets the news agenda for the day. And I wake up to Edgar's voice on the Today program and he's talking about ID and he's speaking so sensibly and yet what he's talking about is the sound the card will make if you flick it. And you are describing the nature of the government's latest version of the ID and how it would be verified. And one of those verifications on top of the biometrics and all this fantastical system that they were building was the sound it might make if somebody were to flick it. And that's how you could trust it.
C
So one of the problems in terms of the proposals was it's going to be a digital system, but with a plastic card. Because in 2005, 6, 7, 8, 9, 10 plastic cards were going to be the thing. And of course, lots of people were asking, so where are the card readers? Who's going to have access to a card reader? If you don't have a card reader and you don't have smartphones that can read chips on cards, how are you going to know that this is a genuine card rather than a piece of plastic that I've got created? And the sound it makes when it flicks would be a low risk. Quick check of the actual.
A
Like looking through a banknote.
C
Yeah, the equivalent. Looking through a banknote or checking the font sizes on the passport information page. Just a quick check that goes. I don't suspect anything in this particular situation. This is just a quick reassurance that it probably is fine. If it sounds slightly unusual, then I might need to do further checks. I might need to connect and see whether this is correctly issued. Did the details match or whatever it might be.
A
Can you flick driving licenses? Like, do they make a noise?
C
I don't think it's a particular.
B
So it's not part of government policy. Did it make a particular noise? Is particular. But it was part of the UK government ID proposal.
A
That's fascinating. That's so specific.
C
And it would be to do with the specification of the production of the thing that you make sure. I mean, how you would train somebody at scale to be able to do that. But it was just a. I think there had been a public narrative about how will we differentiate between a real ID and a fake ID if they look the same? And in the same way that you get. Banknotes are securely printed on very particular paper or passports are printed with secured features. The cards would not be bog standard cards. It would be kind of specialist. And maybe you could hear the difference,
A
though I suppose we never had to find out.
B
Well, yeah. And. Well, this is what's so unique about ID policy in the last 25 years versus the existence of ID throughout time is that the existence of ID throughout times just become accepted, kind of like paper banknotes. But now if a government introduces an id, it has to withstand the scrutiny of those who would say only Hitler would do this, and the scrutiny of every technologist who says this is hackable
C
and the technologies who say this is brilliant and it will transform society.
B
That's right. They're also a threat. And also like what happens when somebody just has a card and we don't have a computer. All those use cases have to be analyzed. Because this is what our book ultimately argued was that a government who wants to introduce an ID system because it's going to be so goddamn expensive, it has to say it's going to solve every problem. For it to be value for money, it's going to cost billions. And so how's it going to save society? Oh, we're going to. They're going to stop fraud, we're going to stop terrorism, we're going to police our borders better. But in order to do all those things, it has to work in all those circumstances. And that's how we were able to.
C
And in 2005 it also was tobacco smugglers. Was one of the tobacco smugglers.
A
Yeah.
C
So even the problems that you are going to solve have changed, change over time. And of course, some of these are not actually ID problems at all. I mean, you could be a perfectly legitimate British person with a British digital ID who still smuggles tobacco. And other than being able to track you down if they stop you and et cetera, et cetera, it doesn't actually
B
solve the id, doesn't need.
A
Well, so this is the question that I've had with the most recent iteration of the UK government trying to introduce this new digital id, which was they said they were going to be for right for work checks. Right for work checks already happen. I've had to give, you know, Joanna, our resource director, a copy of my passport. I didn't understand what would be materially different about the new system versus handing over my passport.
C
So for non UK or people who've not been following in detail, there's been a whole series of iterations. The first version, shall we say, was. So yes, we have this whole existing infrastructure either for digital IDs being provided by the private sector or show your passport to your HR person and they will do whatever checks they need to do, but that's a non digital and et cetera, et cetera. So the proposal was that you will have to do a digital ID check, so you'll have to Have a digital id. And one of the attributes that will be stored on your digital ID for those who have a right to work will be, you have a right to work. So you could be a foreign national, say a student who does not have the right to work, but does have a digital id. But the attribute is this person allowed to work in the UK would not be present. If you are a Brit who doesn't have a digital ID up front, you would have a digital ID with the flag that says you have the right to work. And so the logic was that the employers would have to do the digital ID check and therefore say, yep, it's okay to employ Edgar or whatever it was. The next part of the proposal that was sort of there was one of the concerns about right to work checks that have been going on for a long time is that we don't really have effective enforcement because we don't know how many checks each employer is going to do. So if My company has 100 employees and we do 20 right to work checks a year, that might be a reasonable turnover. If Gus's company or PI has 100 employees but only does two checks a year.
B
Right.
C
Then that becomes maybe, of course, not the case, but maybe they are perhaps not doing proper checks of everybody. So if I was going to prioritize who I would investigate further, I would be doing the one with the unusual number of checks.
A
That makes a lot more sense.
C
Okay, then we get back to the boring technical details.
A
Right?
C
So you've got a digital credential that says right to work, yes or no. How do you keep track of how many checks my company has done versus Gus's company has done? Well, you're going to have to send that data back to home office or whoever, and you've suddenly created an audit trail of every time your digital ID right to work check has been checked.
A
Right.
C
Recorded centrally in a single government database. So it's a single database. And of course, if you are doing it for right to work checks to target enforcement action, please explain to me how you would differentiate that from over 18 checks for buying alcohol, seeing a film that is an 18 certificate or whatever. And that's where lots of people go, hang on a second. If you're building the system to record when these transactions are taking place, all of your claims about being privacy friendly are at least a little bit suspect. Because you have to, if that's what you're trying to do, keep a record of all of the checks that you've done so that you can then target the enforcement action.
A
So I now have new concerns. And yet the first concern which was that this is really, really pointless, has at least because my concern was, you know, if it's no different to checking a passport or people that are employing people, you know, who may be in the worst case scenario, experiencing human trafficking, for example, they're not doing those checks to begin with.
C
So that was the other big problem. So the kind of the technology narrative becomes. This becomes a much more reliable and quicker process to follow.
A
Right.
C
The problem is that only applies to people who are actually doing right to work checks. Choose your favorite sector that may be pushing the boundaries of employing people without doing due checks. I don't think they're suddenly going to rush to become compliant just because they can quickly scan a QR code on your credential and go, great, we can employ people.
A
Okay, so concern one remains a problem, but there's this new fun concern which is tracking all of the checks.
B
Yeah.
C
And particularly there's a lot of move to kind of verifiable credentials. Store it on there. The data comes onto your device once from an authoritative source. It's digitally signed, but the authoritative source has no record of every time that credential. That attribute is checked. But you're suddenly building in because you want to have the targeted enforcement, some kind of record keeping. And since it is just an attribute, it happens to be right to work. It could be over 18, it could be voted, it could be whatever discriminatory things you want to do. How can you say please keep an audit trail for this, but never, ever, ever honest, technologically, keep an audit trail for that. Technologically it's possible. But proving that you haven't actually switched off the constraints to allow other things to also be tracked really has a big push for kind of public trust
A
in the systems and public trust in government. UK government IT projects has not traditionally been high because of their long and storied history.
C
And when they as the proposals kind of developed, the government was saying, well, we want it to be trustworthy, we want it to be inclusive and we want it to be useful. But the first one useful should be the first one rather than the last one. And yes, I might as a general society have a concern to make sure that everybody who is being employed has the right to work in the uk. But that's not the kind of thing that motivates me to get up in the morning. So it's not that useful to me. And again, why there was lots of people saying this was the worst possible way to sell A potentially quite useful, convenient, if you've got the devices, et cetera, policy to tie it to something that really benefits the government, the credential issuer, and not directly. Obviously there is a sense of we don't like people who shouldn't be getting jobs doing it, but it's a little bit of the kind of current political scene, but it's not a major driver, it's not going to be the one that's. If that was the only issue between two parties that's going to make you suddenly vote one way or the other.
A
And the intention now is it was going to be mandatory, but only for right to work checks, and now it's not going to be mandatory for anything, but will still exist.
C
So not completely clear as of today exactly what it is, because they're going to consult and it's not clear exactly what they're consulting on. So the first version was it's not going to be mandatory for everyone, only when you change job, which basically means absolutely everybody if you are in employment. I'm an academic, I've got a permanent position at lse, but if I want to be appointed to be an external examiner, I have to still prove my right to work because it is a job. So it would have become mandatory for absolutely everybody who's likely to be in the workforce pretty quickly. And it was mandatory to probably use the government's ID system, which is the one login system, not the private sector services that are doing the same thing. Now it seems to not be mandatory. And now they're saying, we don't just want you to waive your passport, we want to do some kind of digital check that could be using the government id. It could be using one of the private sector companies who do a digital check, or possibly something in the middle where we don't quite know what that is.
A
In terms of digital ID in the uk. The other thing that I wrote to Miami about was digital ID in general has traditionally been a problem, partly because of lack of access to digital devices. This was supposed to sit on like a phone, presumably a smartphone, and there is some percentage of people in the UK left who don't have a smartphone, one of whom works in our office. Although that is a decision and not a hardship, does that remain a concern the way that we've seen in other places in the world?
C
So I went to a meeting with the minister who was taking charge of this, and most of the people in that particular meeting were digital exclusion individuals, old people, street home. The whole range of scenarios where There are people who do not have regular, reliable access to digital devices. I was also particularly concerned about what happens if you don't have the proof of your id. You may be technologically sophisticated, but if you can't prove that who you are and that you have a right to work, you're in a similar kind of thing. And at least at that time, which is all of December ago, part of the initiative was that this would be used to drive a digital inclusion initiative to kind of bring up skills and Internet access across the whole of the uk.
A
But it was going to be done together rather than first.
C
Yeah, because it's going to take a long time to get digital up. And they had at least sort of thought about and said, well, there will be some people who don't have devices, there will be analog versions available. Never completely clear whether it would only be. You'd have to prove that you couldn't use a smartphone or if you could.
B
Oh, my God.
C
I mean. I mean, it's not quite that. Or if you could kind of choose to go for the analog version. So your colleague, even though they clearly are bright and sophisticated, could they choose to only have the printed QR code or whatever as a version of their id? And that was never completely clear either. So in the uk, you currently have to present some form of photo ID to vote, typically driving license, senior rail car, bus pass, et cetera, et cetera. Not student id, but you could also apply for a paper voter entitlement thing with a photo of it. So I of course applied for one of those, even though I've got a driving license with my photo on it in my pocket, and I went to the voting office and said, this is my photo ID to prove who I am. And they go, ooh, not seen one of those so far today, but I was allowed to vote. So with dealing with the people who are not digitally included, include anyone who wouldn't. And then you could imagine a mass campaign that says, all apply for the analog version, because then you can tear it up, be confident that it's not doing possibly suspicious things on your smartphone, et cetera, et cetera.
B
So to abstract out from the uk, because it seems that there's UK is
C
very special in its own.
B
It's very special because it doesn't have a history of an ID system. But also, for some reason, every time they introduce an ID proposal, it ends up being bat crazy. And that's a technical, technical term. And I have my suspicions as to why that's the case. And my suspicions is very Clear to people who listen to this podcast, which is, it's the Home Office, it's the UK government's internal police ministry, that just once it gets its hand on an ID or any policy, it just makes the worst out of it. But with your work internationally and from us observing what's going on internationally, like we were involved in the Kenyan ID system for a number of years now in litigation, but also supporting our partners, doing some work there. And we've been monitoring the deployment of welfare and benefits systems and generally we're seeing that identity is hard. Why is it so hard? Like we've started to cover a little bit of the exclusion, we've started to cover the expense of purposes. Are those just UK issues or are those the fundamentals of why ID is hard everywhere?
C
I think it's hard everywhere partly because of the role that it plays in so many other things. So we did some research for an NGO funder because they were looking at, I know, educational opportunities, female inclusion in society, property rights, as in inheriting land of your family. And every one of those policies kept coming along and hitting we need to know who you are. You cannot inherit your parents farmland, assuming that you have land management kind of things, if the state does not know that the owners of the land and you are related, as in children to pass it on to or whatever. So every time they kept wanting to do this ID kind of kept coming up as one of those underlying issues. And then you also come to the problem of how much coverage are you going to do? If you were going to do a transition from old processes to new processes, who's going to rush to set up a brand new process? When 10% of your population has the new or 20% or 30% or 40%, 50%, maybe it's worth doing. But you're still going to have to have two routes for the new system and the old system. And then you come back to boring, practical implementation issues. So again, back to the UK example, they were initially going to link it with your passport because your Passport has a 10 year expiry and not everybody applied for the passport in the same year. So let's say 1/10 of the population in year one, 110 of the population in year two, 110 of the population in Year three. Because that's just when people randomly got their passports. It should be reasonably distributed. So if you tie it to passport renewal in year one, you've got 10%, in year two, you've got 20%, in year three you've got 30%. So it's going to take you five years before you get 50%. And if you want 50% before you start thinking about your processes, then you've got four years where nobody has the alternative because it's not worth your while to kind of make that transition. So it's that implementation details always become really easy.
B
So you have to build the infrastructure from day one in order to start enrolling people. But you're going to be enrolling people nine, ten years later still.
C
If you. So some places. So India did have a really big. Yeah, big bang, basically a big bang. Let's get huge proportion of the population to have an Adhaar number pretty quickly, a small number of years. And they just threw it loads of resources at doing it because they knew that if they didn't have the critical mass then you can't do the next kinds of things. The problem with the big bang is that you're then outsourcing to hundreds of independent contractors who may be incentivized to try and enroll as many people as possible rather than necessarily focusing on doing it to the highest quality that you require. You can try to manage that. But if you're really going at scale and potentially it's a big project that let's say is going to run for three years and then it's going to go to just newborns and new adults or whatever, there's a lot of prep work to get that going well, knowing that it's going to fade away again in three years or whatever that kind of cycle time is and you're just onto the regular new people entering the system.
A
Like say with Adha, with the big bang, they're trying to do it all at once. Aadhaar also started quite quickly to govern things like access to food supplies and other things Incentivizing presumably take up like how much is that circular where if you don't wait for the process.
C
It was more. I suspect that the logic was we will get as many people in up front and knowing that we expect to get a good proportion of the population in then in parallel or just slightly behind, we can then do these additional kind of connections. I suspect it was more of that. Particularly if you're talking about welfare type payments. Even now you can't. I mean the Supreme Court kind of said you cannot make access to welfare dependent on doing these things in the way that it could be understood. So you can't force people to enroll in order to do that because you really don't want to be the one who had people starving to death. Because they couldn't get round to doing it quickly enough or I know there was an outage, it was raining, there was no registration system around at the time, but you've already switched over. So I don't think it would work in that kind of a way or it'd be as they would say, for yes Minister, that's a very brave choice. So I suspect it wouldn't have been realistic.
A
I mean, it's part of the problem with developing or rolling out ID systems, how the ways in which they need to be able to fail well versus having it and hoping it goes well. Because speaking of the Adhar example, where it has failed quite repeatedly in lots
C
of different ways, particularly in India where you've got a good chunk of the population with very poor levels of literacy that they need support to fix any problems. They registered five years ago, they gave a mobile number, they've now got a different mobile number, but they don't know how to go through the process to prove it's them. But give the new mobile number because if the one time passcode to allow you to get an employment opportunity goes to the phone number that no longer works. You need support services and infrastructures, which at the moment often seems to be a lot provided by support agencies rather than the ID system per se.
B
Going back to the big theory versus little theory, the painting of ideas being authoritarian, has that never really borne itself in reality? Because the reality is that the oppressiveness of ideas from the fact that you fall into the gears.
C
So when the Windrush situation happened in the UK, a common response was if only we had IDs of some form for everybody, then they could prove who they were and what their rights were and we wouldn't have had the Windrush scandal. And I go, but the problem is how could they have proved their identity and attributes? Because that was the problem that was causing it in the first place. So once you have a well functioning, well trusted ID system, then we can have a, you can call me back in 20 years time and we'll have a conversation about the big oppressive kinds of versions. I mean, to some extent there are examples that are closer in terms of global coverage and with states that have interests and instincts that perhaps are not necessarily in the best interests of all citizens, but most of the time it's more about getting people in, fixing all of the problems, etc. There was one civil registration senior official in a particular country who was saying, people tweet the President to say, I've got a problem with my ID and the President tweets me and says, fix this. And that was just because the President was on social media and that was the way to kind of get access. But that's dealing with exceptions. And that's not building the system. Right. That's people desperately trying to find a solution to the problems that they're facing.
A
Is it fair to say that ID systems aren't inherently authoritarian, but authoritarianitarian governments like ID systems?
C
I don't think anything is inherently anything.
B
Again, he hates big theories.
C
Yeah, I mean, you can get very deep and academic about can any technology be inherently. Because if it really is inherently, then you might as well close down PI and everybody else. Because if it's inherent in the technology, then there is nothing that you can do about it. If it is chosen to be done in those kinds of ways, then you have opportunities for intervention, for activism, for campaigning, for clarification, etc.
B
It sounds like it takes a 20 year time frame to get a ID system, either a new one or an updated one. So it's called a digital ID system. Whether it comes from a country that has a long history or doesn't, it takes 20 years to get there, which means at least five political leaders, except in an authoritarian state where there's just that singular leader. And so it takes a political attention span, financial attention span, and then that system to be viable at 20 years. It sounds like it needs to be universal and so everybody should be in it, regardless of their status. So whether they're a citizen or they're not a citizen.
C
So I like to say you should be building an ID system for the nation, not a national id. And that's something that's particularly conscious of from the uk, where we've always had people living and working legitimately in the country from around the rest of the world. And even if you need your ID to collect your parcel from the post office, which is one of those boring examples that's often given, you don't want to have one system for the Brits to simply prove it's Edgar, can I have my parcel? And a completely different process for someone who's legitimately here, has lived here for 20 years, or but is not a British citizen to be able to prove who they are so they can collect the parcel in the same way. So you want one for everybody in the country, not one for just the
B
nationals of a country, but then the very leaders who want to spend the money on building a system. They don't want some woolly airy, fairy, generous, universal system. You're Talking about they want one that determines who's good, who's bad.
C
It depends on what they see the overall goal of the system to be. So if you want to reduce fraud, if you want to be able to use attributes about the identity to determine whether or not you're eligible for social welfare payments, then there is a good argument for include everybody who legitimately should have those attributes. It's a different one to say we want this only for Brits or for people of the country as a way of differentiating them from non nationals.
A
So we've done podcasts before in double registration and the double registration issues in Kenya. Is that a good example, which was when people in Kenya, during a particularly hard time and particular famine, registered as refugees despite being citizens of a country in order to get access to increased food rations and other things. If there had been the Kenyan national ID system had been an ID for the nation and everyone had access to it, that's something that couldn't have happened, Right?
C
My understanding of that particular case was you were applying for your Kenyan id. They cross checked against the refugee database and refugees by definition are not Kenyans, therefore you cannot be a Kenyan, therefore we're not going to give you a Kenyan id.
A
Yes. So there had been a previous enrollment thing and then when the new ID system had come in, they double checked all of these old databases and lots of people.
C
And the problem was that the almost the metadata around who is in the other database did not actually reflect who had chosen to be registered as a refugee. And that could have been the refugee agency should have really been saying, again, sorry, we're going to let you starve, because although you are. So it is a really complicated, but seem to be somebody saying the people who are in this database are refugees, therefore they are not Kenyans, rather than going, probably they are refugees, but if they've got plenty of evidence that shows they're actually Kenyans, and we know that there was a load of Kenyans applying for refugee status because of their circumstances, then maybe we should have a triage process to separate those.
B
Doesn't that get back to maybe ID systems aren't authoritarian by nature, but because there are classification systems, categorization systems, and allows for simplistic logic and Boolean logic, often, then it almost inevitably ends up sorting people in categories that people do not choose to be sorted in, but
C
a policymaker does, and even the policymakers are not necessarily completely thinking that through. So Bronwyn Manby, who you may have interviewed, or you should, is really good on all of the citizenship laws in Africa, many of which are kind of logically complete, but many of which are also probably unintentionally slightly incomplete. So if your father was from this country, your mother's from that country, you're a citizen. But if it was the other way around, you end up not being a citizen, but you're not a citizen of the other. And it's not as straightforward as just do a logical table. But there are often inconsistencies which I don't think are vengeful, manipulative. It was just somebody didn't have the kind of computing training to go right, this categorizes these people. What about this set of circumstances? What's the test case? What's the outcome if you've got this combination of attributes? Oh, undefined. Okay, we need to go back and fix that. And it's often constitutional law where it makes it even more difficult to fix.
B
And then I once examined a PhD on Ghana's ID system and the student who was from Ghana was describing in the examination how there are the address system alone in some of the major cities you can live at an address and have four addresses for it, depending on whether it's electricity company gave the address or the government gave the. And any moment in time you don't know which address you're supposed to be giving. And then it was unclear which one should go. And they in the national ID database and it just all that chaos. But I guess that is the world.
C
Yeah.
B
And yet ID comes along and says we will draw these lines in the
A
category a question is, obviously there are these big ID schemes, you know, all over the world there are lots of different versions of it, but there are lots of smaller things which function as ID in lots of different ways, but don't try and do the whole totality of a person. And PI talks a lot about they're having different options. You've got passports, you've got driving license, but then in the UK you've got much nicher things like your national people record number and all sorts of other things. What is the value of one big massive system versus all these lots of small niche things which only try to capture some small aspect of your life? I mean, even the national people database had people guessing other people's ethnicity to write down forever. But yeah, what is the value of trying to capture all four of those addresses into one perfect total solution?
C
So somebody needs to decide, do you need the address? What's the purpose of the address? Do you want a single consistent address so you can now use postcode lookups and get a consistent formatting of your address. It used to be quite useful even in the UK to have one utility with top floor flat, another utility, flat C another, because then you could see where the data was going. And realistically, normal human beings will have had slightly different versions of their address on different forms, particularly if it was paper and then it got typed up and so fraudulent in the early stages would be suspiciously similar address formats across systems. Now you've got exactly the opposite. That there is a single in the uk, a single address lookup that is consistently formatted, and then you've got the variations that kind of come afterwards. I'm not sure where that was going.
B
But are you asking Caitlin that should we have a singular database with all these unique identifiers in it, an authoritative source of truth, or is it better to have this chaos of multiple identifiers and the only person who ever understands them is you?
A
I guess my question is really, given the likelihood of an authoritative source of truth being adequate for every single possible use case of which there is more than the human mind can reasonably conceive, like what is the value of trying to make the attempt to capture everything in1 database versus having these lots of smaller.
C
Okay, I think there's an interesting halfway position. So a common digital transformation is just think how easy it would be if you have one persistent permanent identifier, U.S. social Security Number that you use across absolutely everything. Because then we can match your pupil record with your health record, with your tax record, with whatever. And there is a kind of nice appeal to that being lovely and simple. And then you just go back to the Second World War and you go, oh, we can track exactly the same person across all of these systems. And that's possibly not quite what we want.
A
But with the American Social Security number, if you lose it or someone else gains access to it, it's everything.
C
But it's not really used or it should not be used to unlock things. It's just my record is Social Security Number 12345. And all you should be able to do is look at my records or be able to ask to look up the records of person 12345 you shouldn't be able to do anything with.
A
And yet I think it's often connected to banking in America.
B
Banking and telephone, you used to have to give your Social Security number in order to get him have a phone contract.
C
Okay, but that's still. If you were then given a phone, you should be able to lock down your phone. So even if I know Gus's Social Security number, I can't unlock his phone knowing he's 2, 3, 4, 5, 6.
A
No, what I mean is, if I have access to Gus's Social Security number and I start applying for loans in your name, I start taking out phone calls.
C
The loan agency should not just be saying, we will grant a loan because you say he's called Gus and you say his number is this, but the address that they're going to use is my personal address. It should be about locking down the system. So another UK example, people talk about don't give anybody your bank details, but no, it should be perfectly fine because you shouldn't be able to do anything just knowing my bank account, other than paying money, in which I'm very happy with. You should not be able to do anything in 2026 with my bank details because my phone should be saying, this account or this card wants to make a payment to something else. Are you approving it?
A
Yeah.
C
The one exception, and this was a Jeremy Clarkson example from. Love that example 20 years ago. So he. Jeremy Clarkson, TV personality, etc, etc. At the time, again, going back to the original ID proposal, was saying, I don't know why people are really scared about this. Here is my bank account details, here's my full name, here's my address.
B
You publish in the newspaper, you can
C
do anything you want with it, because you shouldn't be able to do anything. But in the uk, certainly at that time, you could set up direct debits with a paper form that you would then send to the charity. And I think it was. It was something like a cycling charity, which is. And so technically that was a limitation of paper processes still in place, not checking back with the account holder to do that. But that was the only way that he could actually get.
B
And that was the day he became a privacy advocate. His next article in response to that was something very graphic, like, whoever leaks this data needs to have their eyeballs poked out with toothpicks or something ridiculous like that.
C
But the point being that it's about that relationship between the identifier and what the authorization that the identifier has. And that's where the checking back with the device asking for your PIN code or your password or your face or fingerprint or whatever.
A
The craziest story, it was really early in my time at PI, and I think we did a podcast on it before it was called the Tech Pill. So that's really old. But in Peru, they were starting to use fingerprints for so much stuff that there was a gang that was stealing fingerprints, printing them onto latex and using it to buy phone contracts which it was a so so high tech for such like a small time crime. The the gap between I've printed your fingerprints and I've stolen your identity and I'm using it to my phone contracts I found deeply confusing but also bizarrely fascinating because fingerprints are such a like security measure that I remember from and
C
nowadays a good device will be doing a liveness check so that it's not just a rubber image of the fingerprint but that there's some sense of a pulse.
A
But I think they were putting them on their fingerprints.
C
You can probably again the most sophisticated devices in 2026 as opposed to when this happened.
B
Peru are corner shop that wants to sell a mobile phone. They're not going to do that. Absolutely. Well even like the news out of America in the last couple of weeks was about the Washington Post journalist whose home was raided by law enforcement, federal law enforcement and there was a warrant to take the phone and the laptop and apparently the laptop was accessible because the journalist had touch ID which doesn't have a liveness check. But equally they could still say put your your finger on it.
A
The warrant specifically said they were allowed to attempt to use her face or her fingerprint but they weren't allowed to ask her were enabled because her having to say which one it was was a testimony protected under the appropriate amendment and asking for your PIN as a testimony protected under the appropriate amendment but just trying it anyway, waving it in your face.
B
But what I find fascinating is that the iPhone like this wasn't covered because I'm the only nerd who cares about this. The iPhone if you have face ID but if it detects another face first. So if law enforcement picked up your phone, look at it and said and put in front of your face it would have detected the law enforcement face and so it would have immediately said oh you need to enter your pin.
A
Also that particular journalist I believe had their phone on lockdown mode so it doesn't accept biometrics anyway.
B
But if the phone was on lockdown mode then the computer would have been on lockdown mode too because it's done against your account. Which is why I had to turn lockdown mode off because it just got
C
so annoying because the other one so Android phones quite recently have said everyone's now got this kind of snatch detection. But also if your phone has been on airplane mode for a couple of days and then tries to connect it will then switch on PIN codes rather than anything else as an additional.
B
So it presumes you got stopped at the border, the government's taking your phone. Oh, that's nice. So we've talked about these grand systems, we've talked about the more local systems and the one thing we were, I guess, kind of getting at compared to, like banking in The Jeremy Clarkson 2008 moment to now. It feels like our societies are so much more advanced from an ID perspective, in the sense that with your bank details, somebody can't do anything bad to you. So in a way, we don't need grand ID solutions. But equally, it's entirely possible to build ID systems today that would be secure, useful first and then secure and empowering all at the same time. And I know you led a process in the UK where there was a lot of industry consultation for a number of years and government participation back when the government was more open, more minded about id. And for a moment it felt like there was an emergence of expertise from the UK that could go global about how ID systems could be built better. And I haven't seen a single ID system being built better as a result of that, which is very, very sad. And that includes the UK government's current proposals. But I was wondering if there's one or two lessons you would advise a government official anywhere around the world who says, I have a terribly good idea about an ID system, apart from you saying don't. What is it you wish they would understand? As a founding building block, I think
C
a key one is what things are you trying to do, because there's never just going to be one. The better ones typically are useful for the citizen and probably helpful for society. They are not societal control, law enforcement kinds of activities. So in 2026, we've got much more kind of verifiable credentials where the data comes from the authoritative source, which, for things about you as a citizen, typically are held by the state. But equally, it could be your online game that says you've got these powers and they are the authoritative source for that, that can be stored locally and which do not need to report back every time they are done, because the reporting back is just so that you have an audit trail or you can do your targeted enforcement or whatever, and you can understand why that might be desirable, but you can also see why people don't like that and why that might undermine the trust and undermine the effectiveness of what you're actually trying to do. So if you just want people to be able to prove things about themselves in a good way for the good employers who are actually going to care whether you have a right to work. Maybe don't disconnect that targeted enforcement mindset from the well, look, we can simplify everybody, every regular good employee's employer's good employment check by making it a quick flash of a QR code. Yep, it's fine. Tick the box, file it away. Not have to do the audit trail. So it's not about have a digital AI. It's always about how you design the digital idea. And there's those choices because they're all choices may be influenced by the vendors that you are working with, but they're always choices. And the way I like to see it is, I mean, I have my views on many of these choices to make, but as long as you've thought about them, and my role as an academic is to remind you about some of the examples of where these things can go horribly wrong if you've thought about it and still decide to do something I disagree with. And it's not in a country where I have a right to vote on that issue. I've done my best. I'm not going to impose my views around the world, but I will do what I can to encourage people to think about the consequences of those choices.
A
Max, the human experiences is incredibly diverse and wonderful and exciting and broad and it's very difficult to capture that in a database.
B
And that's a beautiful way to end it.
C
Yeah.
B
Thank you very much. Thank you very much, Edgar. Thanks so much for joining us. That was awesome. Thanks for listening. That was a excellent discussion on ID systems, something that I have tried to avoid talking about for a very long time.
A
You have. It's this, an encryption. You spend so long talking about it now, you're traumatized.
B
Well, what I thought was really interesting about Edgar's representation of the UK ID system is that he kept on referring to the UK as very special. And that is very true in the sense that it's a very special place. And Caitlin and I like to talk about UK identity policy because we live here and it affects us, but also there's something really broken about ID policy in the uk.
A
I think there is something interesting about the UK as an example, and that's for two reasons. One is all the proposals the UK everyone have ever put forward about S as I talked about, as you talked about, but also the UK and I think partly is a legacy, which I think we mentioned of the first round of trying to introduce ID has a gut reaction to id, which is no, thank you that's polite, but we're very suspicious of it. What I always find interesting is I talk to lots of European colleagues and people from other places where ID is. They have ID systems, and that's just normal. And my instinctive reaction to ID as a British person being, wait, what? And their instinctive reaction to ID being like, you mean this thing in my wallet that I've had since forever and I don't think or care about. I don't know why there's that difference. It might just be we're not used to it, we haven't had it, we don't really want it. That might be the summation difference. It might be, we haven't had it, we're not used to it. Every time government has tried to implement it, they've done it in the weirdest way possible. But it is different, and I don't know why it's different. And I think it's interesting that it's different.
B
And my theory as to why it's different and what makes the UK very special is, as listeners to this podcast will know, there's a certain department of the UK government called the Home Office that of all the interior ministries we've ever had to deal with in any country around the world, this ministry always manages to take a bad idea and make it worse. And there's something about. As much as I respect what you say, Caitlin, about the natural British response to an id, I don't know if
A
it is the natural British response. It's just the response that currently exists.
B
Yes. But I also find is in politics in this country, whatever the Home Office wants, the natural response is we must give it to them. So Parliament always bends over backwards to approve whatever the Home Office wants. And that tends to be, in any given parliamentary session, tens of bills, 20 bills at any moment in time involve the UK Home Office's demands. And I say this out of real anger because right before Christmas this year, the UK Home Office that introduced the idea of GPS tagging of migrants, that we did all the hard work of using the rule of law and going to regulators and asking regulators, is this compliant with law? They said no. We supported court cases that expose this practice as being unacceptable. And then what does the Home Office do? It gets legislation through Parliament in December now allowing the use of GPS tags all over again. And that's the problem with ID in this country. Ultimately, it's going to get the interest of the Home Office, and the Home Office is going to say it's important for tracking people and stopping migrants and terrorists and all that. And then you're going to get another, as Caitlin and I both say, crazy proposal coming through.
A
Well, I think the GPS tagging stuff's interesting and relevant to what Edgar was talking about, which I think we mentioned, which is to say that when asked to make a decision or to have a think about something, when it has come to GPS tagging into non fitted devices, which we've done work on as well, which are another way of tracking migrants, the Home Office has made every decision. Those small implementation decisions, they've picked the meanest option. And it's dumb little things. It's like, you know, really short charging cables. Well, if it's attached to your leg and you need to charge it overnight and it's a really short charging cable, you got a problem. And it's all of those tiny things that make the experience of using it as rubbish and cruel and difficult and sleep depriving as possible. And if you assume that any ID system implemented by the Home Office is going to follow the same trend, it's not a fun assumption.
B
Exactly. And I highly recommend going Back to our 2024 podcast edition where we interview someone who tells a story of what it was like to be GPS tagged. And it's just, it's horrific. So, okay, that is us talking about id, whether it's the uk, whether it's Kenya, whether it's India, or any of the other places where ID systems are going to be deployed. And just to put a bow on it, essentially, when it comes to digital id, the purpose is everything. Why is it actually being deployed? And that has to be questioned not just because of the democracy and the human rights aspects of it, because it dictates the design of the system. The more the purpose is, the crazier the purpose is the crazier the design of the system. And going back to what Edgar said, it's in the implementation where you see brand new challenges. Yes, there's this redefining of the relationship with the individual, the state, but there's also just how do you enroll a whole country of people? How long does that take? How much staff does it take? What technologies are you going to use in that period of time?
A
And if something goes wrong, what does that mean for that person? Which is what we've seen repeatedly. If the ID mandates your relationship or your access to healthcare, for example, and something goes wrong, the implementation defines how if something fails, does it fail well or does it fail badly? And if it fails badly, like, does that mean someone dies or does it mean someone is inconvenienced like that is all implementation.
B
Absolutely. And then there's the philosophical point. We're trying to categorize people and this categorization is hard. You can say it's malicious, you can say governments are trying to pick good people and bad people. But we take the more pragmatic implementation level approach, which is life is messy, people are messy, data is messy. And trying to create stable labels around what kind of person you are for an identity system tends to box people in and boxes people out. And that's going to be chaotic. But I don't want to be all negative on id. Identity systems can be beautiful, they can be empowering. It's just that the ones that governments want to build tend to have political momentum or economic momentum that involves vast amounts of data to be exploited to box people in and to box people out. And I wish we were in a world and we're in a timeline where we could have identity systems that gave us power, gave us the ability to assert what we want to assert and only what we want to assert, and open doors for us as we go through our lives. But unfortunately we have yet to see that day come. Thank you for listening and you can sign up to be the first to learn more about our work on say, ID systems@pvcy.org podsign up and we'll include some links to some of Edgar's relevant articles. I might even include a link to the very ancient book if somebody wants to have a look at the book that we wrote on global identity system systems and other examples of PI's work and the work of our partners on ID systems. And we'll include that information in the description wherever you're listening or on our website@pbcy.org techpill currently our website's down because we're getting hammered. I wonder if we'll be up Scrapers again. I know this is exasperating. The people who are building the future of the world are destroying the current
A
Digital we're being DoS. We're being DoS, which is quite feels quite old fashioned as well.
B
Yeah. DOS by LLM Scrapers don't forget to rate and subscribe to the podcast on whichever platform you use. Music is courtesy of Sepia. This podcast was produced by Max Burnell for Privacy International.
A
Sam.
Host: Gus Hosein (Executive Director, Privacy International)
Co-host: Caitlin (Campaigns Coordinator, Privacy International)
Guest: Prof. Edgar Whitley (London School of Economics)
Release Date: March 27, 2026
This episode dives into the complexities of government-issued ID systems and explores why creating and implementing these systems is such a challenge worldwide. With a deep focus on the UK’s persistent ID proposals—past, present, and future—the conversation, featuring Professor Edgar Whitley, breaks down both the philosophical and technical dilemmas that haunt digital identification. Spanning history, global case studies, and implementation woes, the discussion exposes how IDs redefine the relationship between the individual and the state—often in surprising ways.
"The human experience is incredibly diverse and wonderful and exciting and broad and it's very difficult to capture that in a database."
— Caitlin, 54:04