As a Dual British/Swedish Citizen, I really do not trust the UK government. They have proven over and over and over, that at every opportunity presented they will increase their own authority. I don’t believe I have personally witnessed any other advanced economy that so ardently marches towards authoritarianism.
So, no matter if it’s a good idea or not. I can’t in good faith advise the UK having more powers. Unfortunately the UK government themselves can sort of just grant themselves more power. So…
[0]: https://e-estonia.com/card-security-risk/
[1]: https://therecord.media/estonia-says-a-hacker-downloaded-286...
Implementing those requirements didn't depend on there being a digital ID system. Instead we have a hodge podge of bad requirements (like "wet" signatures on specific documents, using of non-UK based private providers etc).
Implementing a digital ID system could reduce inequalities (for example, people who don't have passports and driver's licenses have more difficulties in some circumstances) and also reduce dependencies on non-UK orgs who may not do that well with privacy.
That's not to say there aren't risks of course, but other European countries seem to have managed to implement these systems without becoming totalitarian police states :)
Indeed if done with physical smart card + reader, it would reduce the requirement for mobile devices, allowing for people unhappy with their presence to avoid them :)
Moreover, I actually on principle refuse to make myself dependant on my phone for these things, which means that (at a small convenience cost) I don't have any banking apps, or investment apps, or healthcare apps, or whatever).
My phone is strictly a general computing device and I on principle only permit a technology into my life if it doesn't impose special restrictions on the hardware/software it works with.
So if the UK government creates a digital ID app which only runs on a phone and which potentially only runs on google/apple approved phone (this is e.g. the requirement imposed by google pay), then that would be unprecedented.
I'd hope that a system as implemented is as technologically neutral as possible.
Good on you for avoiding the smartphone tie on banking though, it's getting increasingly hard for decent MFA not to tie to it in some way or another, and travel's a right pain without the smartphone apps.
It's also incredibly popular in the security industry (I know, I work in it) to claim that every possible app in existence must:
* Obfuscate
* Do root detection and refuse to work
* Detect attempts to attach a debugger, and refuse to work
* Detect running from a VM, and refuse to work
* Do certificate pinning (although as an industry we've stopped recommending this bullshit practice, although we still insist on it for some things)
* Prevent screenshots from being taken
* Force you to re-authenticate using biometric ID every time you look away from the app
* and... break at the slightest hint of a non-standard build of android
So I don't have high hopes, because the company I work for does work for the UK government, will likely be picked to review this app, and inevitably all that shit is what we'll recommend (although I hope I won't be working here by then because I'm just sick and tired of cargo cult / checkbox security).
[0]: Not because of any specific feature, but solely based on signing keys.
[1]: I believe specifically you have to license GMS integrate them into the build, which e.g. GrapheneOS does not do.
[2]: And no, GOS's sandboxed google services don't fix this problem, Google Pay will still refuse to work.