Because the alternative is that we provide our passport to every online service that 'needs' to verify our identity. Then – lo, would you believe it! – they get hacked, and now all of our data is in the wild again.
I'd much rather the government, who already know everything about me because may I remind you they issued the documents, had some way of that company querying my 'verified identity'. They might do it by me providing, say, an ID number string which is looked up. That's all they get: my ID number. In return, they get confirmation that I am who I say I am.
Oh by the way I already have at least 2 of these ID numbers as an Australian citizen. My aforementioned passport, and my driver licence. Both of which I know I should keep 'private', lol, but if I want to interact with the world in any meaningful way the reality is that I spray these digits – along with my date of birth and address and whatever else they ask for – all over the goddamned place.
But sure, centralised identity is bad.
What service needs a solution to verify identity that doesn't already exist?
Banks do KYC now. Employers already need a National Insurance number to employ someone. Benefits get paid to a named payee. Emergency healthcare needs no insurance and waiting lists come via a GP who indeed knows me.
What service needs a further centralised deposit of power over identity?
For example I get married abroad and I need to change my name, if a system was present I could just go to a website, enter my request, identify and then wait for my new docs to arrive, all while staying abroad.
But it’s even better - banks / employers don’t need all of my information all the time, thy just need to verify that I am who I say I am at that moment, so the credentials I am giving them through a digital system can reflect that. Call it requesting a scope from a government openid system.
And I have the power to revoke that.
And all of the various little government agencies don’t need to request all the documents to bootstrap trust every single time, they can just be given a convenient (timed) access token by me.
Implemented right, it gives much less data to people in a much more convenient and secure way. I guess the “implemented right” is the problem.
But maybe that’s an orthogonal thing that needs to be solved by itself? How we have an independent central banks that doesn’t (shouldn’t) succumb to the whims of governments - they have a clear narrow mission and they are supposed to follow it regardless of what an administration would want.
If we had an “auth provider” government thing that’s mission might be more closely aligned with the population, giving a government _just enough_ data to make it efficient but so it cannot abuse it.
Built in adversity and distrust is how we finally got a government to “work” with the separation of powers and all of that, maybe we need to think about improving the political system with some know how from web tech, cause I think working efficiency, effectively and reliably in an environment of mistrust is what web tech is known for.