zlacker

[return to "UK Petition: Do not introduce Digital ID cards"]
1. dijit+N2[view] [source] 2025-09-28 18:23:32
>>DamonH+(OP)
As well as the Estonia eID system works (aside from that time it got hacked[0] and that other time they leaked all the photos[1]) and how well a digital (non-government) system works in Scandinavia… I have to say…

As a Dual British/Swedish Citizen, I really do not trust the UK government. They have proven over and over and over, that at every opportunity presented they will increase their own authority. I don’t believe I have personally witnessed any other advanced economy that so ardently marches towards authoritarianism.

So, no matter if it’s a good idea or not. I can’t in good faith advise the UK having more powers. Unfortunately the UK government themselves can sort of just grant themselves more power. So…

[0]: https://e-estonia.com/card-security-risk/

[1]: https://therecord.media/estonia-says-a-hacker-downloaded-286...

◧◩
2. Ethery+rb[view] [source] 2025-09-28 19:28:15
>>dijit+N2
Having a vulnerability is very different to getting hacked though. To date, there hasn't been a single breach of Estonia's ID system itself as far as I know, correct me if I'm wrong? And that's saying something given the adversary is Russia. Reading through your link, the leaked pictures incident was a separate external service that's not tied to the ID system itself.
◧◩◪
3. Avaman+Hd2[view] [source] 2025-09-29 15:23:57
>>Ethery+rb
You're basically correct. But it's also a weird thing to refute in the first place? How do you hack a "passport" or your "social security card"? Artisanal elliptic curves from Russia and extremely deep corruption in most branches of the government?

Most human-related problems around bootstrapping one's identity still remain the same and have to be solved. Electronic identity or not. (Also see the XKCD about the "wrench attack")

But a proper ID system gives a nation the opportunity to rely on elliptic curve cryptography and an EAL4+ SmartCard or SIM. Not on a pinky promise about identity based on knowing some number, some face pics or having a gas bill.

Verizon could still leak your hypothetical future e-SSN. But then it wouldn't be sufficient for identity theft or impersonating you in some places. That's not what would be an "identity" any more.

[go to top]