zlacker

[return to "UK Petition: Do not introduce Digital ID cards"]
1. dijit+N2[view] [source] 2025-09-28 18:23:32
>>DamonH+(OP)
As well as the Estonia eID system works (aside from that time it got hacked[0] and that other time they leaked all the photos[1]) and how well a digital (non-government) system works in Scandinavia… I have to say…

As a Dual British/Swedish Citizen, I really do not trust the UK government. They have proven over and over and over, that at every opportunity presented they will increase their own authority. I don’t believe I have personally witnessed any other advanced economy that so ardently marches towards authoritarianism.

So, no matter if it’s a good idea or not. I can’t in good faith advise the UK having more powers. Unfortunately the UK government themselves can sort of just grant themselves more power. So…

[0]: https://e-estonia.com/card-security-risk/

[1]: https://therecord.media/estonia-says-a-hacker-downloaded-286...

◧◩
2. Ethery+rb[view] [source] 2025-09-28 19:28:15
>>dijit+N2
Having a vulnerability is very different to getting hacked though. To date, there hasn't been a single breach of Estonia's ID system itself as far as I know, correct me if I'm wrong? And that's saying something given the adversary is Russia. Reading through your link, the leaked pictures incident was a separate external service that's not tied to the ID system itself.
◧◩◪
3. Avaman+Hd2[view] [source] 2025-09-29 15:23:57
>>Ethery+rb
You're basically correct. But it's also a weird thing to refute in the first place? How do you hack a "passport" or your "social security card"? Artisanal elliptic curves from Russia and extremely deep corruption in most branches of the government?

Most human-related problems around bootstrapping one's identity still remain the same and have to be solved. Electronic identity or not. (Also see the XKCD about the "wrench attack")

But a proper ID system gives a nation the opportunity to rely on elliptic curve cryptography and an EAL4+ SmartCard or SIM. Not on a pinky promise about identity based on knowing some number, some face pics or having a gas bill.

Verizon could still leak your hypothetical future e-SSN. But then it wouldn't be sufficient for identity theft or impersonating you in some places. That's not what would be an "identity" any more.

◧◩◪◨
4. Ethery+4q2[view] [source] 2025-09-29 16:33:53
>>Avaman+Hd2
Estonia's digital ID system is used for everything you could do with an ID and a signature in person. You can vote in elections, log in to your bank and send money, sign binding agreements, and so on. Hacking the system would mean you could, as a simple example, win elections, empty out retirement funds, and many other grim outcomes. This isn't about any one person, if you hacked the system, you could do that to the country as a whole, every single person.
[go to top]