> If everything goes offline for one hour per year at the same time, then a person is blocked and unproductive for an hour per year.
The consequence of some services being offline is much, much worse than a person (or a billion) being bored in front of a screen.
Sure, it’s arguably not Cloudflares fault that these services are cloud-dependent in the first place, but even if service just degrades somewhat gracefully in an ideal case, that’s a lot of global clustering of a lot of exceptional system behavior.
Or another analogy: Every person probably passes out for a few minutes in their live at one point or another. Yet I wouldn’t want to imagine what happens if everybody got that over with at the very same time without warning…
Not too long ago, critical avionics were programmed by different software developers and the software was run on different hardware architectures, produced by different manufacturers. These heterogeneous systems produced combined control outputs via a quorum architecture – all in a single airplane.
Now half of the global economy seems to run on same service provider, it seems…
Netflix outside of the US is a very different experience.
In the US, it's mostly their own productions and older content they explicitly acquired, but elsewhere, especially in markets that don't have a local HBO or Disney streaming service, they have incredible backlogs.
I remember finding basically everything I could wish for on there when traveling in SE Asia almost a decade ago, compared to a still decent offering in Western Europe, and mostly cobwebs in the US.
I believe Apple UX guidelines mandate some sort of explicit confirmation before taking any action after authenticating the user with Face ID, but I've unfortunately also seen many apps not really conform to that.
> IIRC just looking at the confirmation if i wanted to buy something in the app store via face id was enough to confirm it.
Apple themselves are generally good about asking for explicit confirmation, but annoyingly in a way nobody else can replicate: They repurposed double pressing the power button, which is otherwise the Apple Pay secure attention sequence, for exactly one non-Apple-Pay action – buying something in the App Store (or iTunes store etc.)
The lack of digital ID is a huge problem in many domains and enables a lot of scams and crime in the first place.
Requiring identification in situations that don't need it is where the problems start, but that's possible with analog IDs as well, and is often even worse there (since these provide neither security against digital copies, nor privacy, which digital ID can, e.g. via zero knowledge proofs).
Personally, I liked the low-tech solution of code cards + password (2FA), used by e.g. Denmark as digital ID, now discontinued. I am aware that it is imperfect, and if you are not careful with MITM attacks you can get in trouble, but it was a good compromise to avoid the temptation to track citizens. Something like a hardware TAN generator, but with protection against MITM, would be an ideal compromise. The current trend of moving towards mobile apps that require hardware attestation is worrying.
Definitely, requiring the entire smartphone to be "trusted" is way too much.
Small external signers with a display and confirmation button are a nice compromise (and also largely solve MITM!), since I don't mind an external device being under somebody else's administrative control as long as I can run what I want on my smartphone or computer.
But people don't want to carry two things... Hopefully we can at least have both as alternatives going forward.
True, but that's already a much less clean separation between the credential issuer's and my domain on many dimensions other than security.
As an example, this was the security model for mobile contactless payments for the longest time, and arguably as a result these never really took off until Google came up with a software-only alternative for Android. The potential for rent seeking of the hardware vendor is often too great, and even absent that, it requires close cooperation of too many distinct entities (hardware vendor, OS developer, bank, maybe a payment scheme etc).
(Apple had no issues, because their ecosystem is already a fully walled garden, and they can usually get away with charging access fees even for non-security-relevant hardware interfaces.)
With a contactless smartcard, I might have to carry one more plastic card than strictly necessary, but the technology for that is pretty mature (wallets), and I can migrate to a new phone without any hassle or use my credential on somebody else's device in a pinch.
Some of the current EU ID cards are actually smartcards, so in terms of privacy guarantees and separation of concerns, we are moving backwards. I am also more comfortable with a low-tech solution that is not linked to my personal devices. Something like a FIDO passkey would be ideal as those are also able to verify the identity of the other side, but are relatively low-tech and won't serve to track me.
ICAO biometric travel documents, the underlying standard which almost all EU ID cards implement these days, aren't suitable for remote identity verification though, as they don't have any way of verifying whether the legitimate holder or a thief/fraudster is using them.
Selfie or video face verification is susceptible to deepfakes, and remote fingerprint reads would also require trusted reader hardware.
Some countries have domestic schemes implemented on the same cards (e.g. Germany), but these are not interoperable across the EU, and many countries just don't have any non-ICAO scheme on their cards to begin with, and are instead implementing eIDAS (the current EU digital signature scheme) using some alternate scheme.
> Requiring identification in situations that don't need it is where the problems start
Which is exactly the argument against digital ID, because it reduces the friction to asking for ID in situations that don't need it, causing it to become epidemic.
Meanwhile nearly all the instances where ID actually should be required are also instances where showing up in person should be required, like taking out your first line of credit with a financial institution, or signing on to a new job. Because the entire point is to verify that that person is the person on the ID and not someone in Russia who managed to hack their phone.
The problem with digital ID is that it can be switched off in an instant. I was talking to some people in a strike picket line about this. They seemed unaware of it. Suddenly you would be unable to travel, pay your bills and access internet etc for doing the wrong thing.
A digital ID is not doing all of that. The way it's implemented in Sweden, just to take an example already mentioned, is simply to identify you, and only for certain parts of society (mostly governmental services, banks, insurance and the like, and a few more). It's not about authorizing you for travel. If you need an ID for picking up your valuable shipment from the post office then you simply show your driver's license or passport, you don't use a digital ID for that. At all. If someone took away your digital ID then that would mean zero for your internet access, and zero for your ability to travel. It's not used for that at all. What would be a problem is paying the bills, because the ID identifies you for using network banking. However, alternative ways for identifying you for the latter are far worse concerns.
But GP raise a valid point: If IDs are ubiquitous and commonly used for non-government business, the government does implicitly gain substantial "veto power" over non-government transactions (by revoking existing credentials or not issuing new ones).
Availability has to be ensured just as much as security and privacy in such a scenario, and that's not trivial. (I still personally think it's worth trying.)
In those places where a system like Sweden's has been implemented, the usage is constricted to certain areas. And in the case where it's used elsewhere, that's an option that is not mandatory (and in any case far and few between). A way to identify an individual is typically related to financial or contractual issues. So far, at least. Looking at you, the UK
Yes, but those "certain areas" are mandatory for functioning in society. And that ID is managed by a single central authority.
The US by contrast, has a distributed system where there are many authorities that can issue IDs that are valid for the activities of daily life.
The only common nationally issued ID in the US is a passport and people only get that for international travel -- and it wasn't even until 2024 that a majority of Americans even had one.
With many authorities then you have as many more possibilities to break them, right? Note that the central digital ID used in e.g. Sweden is not the same as a central place for storing your private information.
The problem occurs any time someone need an ID to do something they need to do, and are unable to get one. It is better with multiple authorities because people have more options for obtaining that prerequisite valid ID.
There are many instances throughout history of ID requirements being weaponized to suppress minority groups, from Apartheid Pass Laws, Jim Crow, or recent US suppression of minority, young, or transgender voters.
Of course, these things certainly aren't fixed by simply having more options to get a valid ID, but they are mitigated to some degree.
If an authoritarian state tells a bank to block you as a customer you get exactly the same result. All these options of blocking people are already available to states in general.
It's like people want to hand over scans of their passport and/or driving license to random businesses again and again, every time the need to prove who they are; and have their ID documents littered in Outlook mailboxes or company file shares with zero permissions.
Or be forced to install yet another ID app from a private service that requires you have an iPhone or "compatible" Android.
The debate about this in the UK is just crazy. Notwithstanding the current "febrile" state of politics. It has always received weirdly vitriolic push back.
What really is the Government going to do with a digital ID service that they can't do already?
I just want to be able to give estate agents, solicitors, a bank, etc my ID number and a time-limited code that proves I am in control of that ID (or however that might work), and be done with it.
> It has always received weirdly vitriolic push back.
Because, as the Home Secretary herself observed, it would fundamentally change the relationship between the individual and the state.
> What really is the Government going to do with a digital ID service that they can't do already?
This gives the impression of having done no research into a topic of which you now opine opposition to be "weirdly vitriolic". We live in an age of search engines and GPTs, free encyclopaedias and entire lecture series online, and even libraries are still open and free, but you've done nothing to get past the very first thoughts you've had on the subject.
Was that weirdly vitriolic, or someone pointing out that an argument to undermine everyone's rights should have some effort behind it?
I dunno man, your reply doesn't sound _kind_. Maybe you could try to explain the point you're defending rather than ad hominem and overextrapolate a perceived insult. I genuinely want to learn and it's frustrating that your comment does not do that.
If what you say were to be true then an accusation of ad hominem would itself be ad hominem.
I addressed their unkind and ad hominem argument. If you think me unkind then I will shrug and say, in hacker parlance, they should RTFM. They have not put in the slightest work before opining and criticising, and on something as important as this?
May they receive such weird vitriol until they learn to at least Google first. Doesn't it automatically run a GPT for you now? They, and surely the people around them, will thank me for instilling such basic discipline.
Calling their objections “weirdly vitriolic” belies both a complaint about “kindness”, and shows an explicit desire to not learn a single thing. Perhaps, if you have genuine curiosity in the future, you should be thoughtful about the questions you ask, and the ad hominem attacks you make in the asking, rather than whining after the fact because people didn’t excuse your lack of tactful interaction sufficiently?
Or just complain about “kindness” more - it’s easier to accuse others of being mean than to look in a mirror, I suppose.
The person to whom you are replying is not the person who said the "weirdly vitriolic" remark. You're chastising someone who didn't do the thing you are (rightly) opposing.
> What really is the Government going to do with a digital ID service that they can't do already?
In 20 years, the UK suffers a terrorist attack just before an election, and then elects a ultra right wing government on a platform of "remigrating foreigners." You're a British born citizen but your mom fled from Iran in the 80s and immigrated to the UK.
If you don't have digital ID, and the government decides to "remigrate all Iranians," they have to collect information from several different government groups, e.g. maybe your mom got a passport in which case one government agency may just know she's a non-native British citizen but nothing more. Maybe your immigration agency stands up to the government and engages in legal battles to prevent turning over immigration information.
However if there's a digital ID system that lets the government instantly know everything about a person, you lose the protection of friction.
I believe this is one of the fundamental premises of representative liberal democracy, and one of its most redeeming features: balance of power is spread not just between branches of government, but through ministries/departments/agencies, which makes it much harder for a despot to do despotism.
I broadly agree on the theory of administrative friction increasing the resiliency of societies against non-democratic government action, but I wonder if that ship hasn't sailed with the digitziation of most governments: All that data is already present in some database, public or private (with the government able to coerce access in many cases).
So I get the historical aversion to IDs as the stepping stone of governments to gaining access to potentially democracy-subverting informational hazmat, but these days, I feel like the downsides of not having a ubiquitous and privacy-preserving ID scheme vastly outweigh the little bit of extra friction of it will ever add.
> However if there's a digital ID system that lets the government instantly know everything about a person, you lose the protection of friction.
"Digital ID" doesn't necessitate that all data is collected into one gigantic store with centralised access. Just that you can use the same attestation of identity to access the various systems. And you can also grant others access to a limited subset of the data.
If the government wanted to they could already have set up some direct access from (say) the passport office to HMRC. It's all digital anyway, backwards as the UK government can be, they're not sending people to pore over paper ledgers in person like in The Jackal.
Some of the system already works like this anyway with the share codes for permission to work for foreigners and proving your driving licence.
Theoretically you would also be able to have an audit log of who asked for attestation for access to which system using that ID. Which you currently don't have when everyone is doing it by passport scans, NI numbers given over the phone and so on.
What it does allow is a creeping over-attestation especially of non-government services where you need to use the ID to do things that were previously anonymous or at least potentially anonymous. But since you currently need to use a driving license or selfie to look at boobies, that's already a thing.
It also, depending on cryptographic implementation, can leak information about attestations directly to the government. For example if I certify my identity at BumTickling.com, the website might only find out that I'm over 18, but the government may then know that BT.com's operator requested attestation of my ID's age field. Whereas currently, BT.com's (probably) shady identity service partner may have my selfie and know I tried to look at BT.com, but the government (probably, maybe they forward these things secretly) doesn't know about it unless they audit that partner.
It also has the possibility to gate access to government services behind app installations which, when done lazily, means not only smartphones are required which is bad enough, but specifically Google and Apple devices.
“ICE was confirmed by independent review and U.S. judges to have violated laws including the Immigration Act of 1990 by interrogating and detaining people without warrants or review of their citizenship status”
Being able to break the law is never a good thing. Immigration agencies can still fight whatever after people have been kicked out as has been decided. Government inefficiency should never be celebrated.
> Immigration agencies can still fight whatever after people have been kicked out as has been decided.
Given that dragnet operations result in all sorts of random people being deported, including citizens, and given that sometimes these people are deported to countries where they face violence or death, you are arguing for state-sponsored violence without due process. Other than people immigrating, what other circumstances do you feel justify the elimination of due process?
People should not be hiding in our country to escape death. If someone was willing to break the law that heavily, they should be deported and faced judgements as soon as possible as those are the people we should be removing from society as fast as possible.
> People should not be hiding in our country to escape death.
You're presuming people that face death in other countries do so because they're criminals or something? Sometimes it's because they're the wrong religion or wrong political ideology. I really can't understand your psychopathy here.
I take quite seriously our American value of "give me your tired, your poor, your huddled masses yearning to be free." It's what made America the land of opportunity. For your country as well I recommend promoting this value, it's the ethically good position.
Are you being purposefully obtuse? This is clearly a reference to early Nazi Germany, when being Jewish was made slowly illegal over time, and many Jewish Germans lived in, well, Germany of course!
Also in what world would the answer to "making an ethnicity illegal" be "don't visit that country" instead of "that country has an unethical law and should change it?"
Can anyone explain the history of "self ID" rules and laws in the UK? It seems like you do not have to prove your ID to the police. It is the reverse. As an outsider, I don't understand it.
The fundamental proposition on which all of English culture flows from is that of innocence. For example, in court, you do not have to prove your innocence because you are presumed innocent.
In the case of ID cards and the like, the state does not rule over the populace, it rules on behalf of the populace. I am innocent and they work for me. Hence, I do not have to prove to some random government agent who I am unless it is relevant to the task they perform, e.g.
- the police have a reasonable and justifiable suspicion that I am engaged in criminal activity
- an immigration officer may only ask for my details when I am crossing a border or, again, have some reasonable and justifiable suspicion that I am in need of deportation etc.
- Or perhaps I just need some documents from my local municipal office, and they rightly ask who I am and to prove it before giving out my private info.
Me going about my business is no business of the government's until I start abusing the rules.
The opposite view is that:
- I am ruled over
- Any agent of the government can question me and prevent me from going about my business
Of course, in practice, the application of such liberal principles like not requiring ID to go about my day are often not done well, but to change the principle is to change the entire character of the most fundamental aspects of Englishness. You'll note, much of the continent lurches between different forms of collectivist oppressive government whereas, until of late, the UK has not. This is because of the lack of this fundamental principle there, I am sure of that, and those calling for these kind of ID laws, digital or otherwise, are not to be entertained.
The most interesting case will be the USA, where they still care about the principles of English liberty, far more than the English do.
> The fundamental proposition on which all of English culture flows from is that of innocence.
Is this not true in all highly advanced democracies?
One thing I have found true (and somewhat different from other countries), when UK folks talk about how they view the police, it is generally beneficial. (Don't throw your tomatoes at me just yet!) Versus other countries, the police are viewed as more neutral or negative (especially the US). I always thought the idea of having no regular police carrying guns is a pretty brave policy in the 21st century. In many ways, imperfect policy, but it works well, and (appears) to reduce police violence against the public. On a more personal note, I also find the UK police are incredibly restrained during heated protests. Imperfect, yes, but they make a real effort. As an outsider, when I watch a short YouTube clip of a heated protest in the UK, and the police are doing their best to keep cool and not antogise the crowds. (I promise: I'm not here to shill for UK police; I'm sure they do some bad stuff too.) The best phrase that I ever heard from a British person to describe UK police: "They police by consent (of the people)." It is a powerful phrase and idea.
This theory mixes up the distinct concepts of the government, as a trusted entity (where applicable), issuing identity document for the use of its citizens (including in person-to-person or person-to-private-company scenarios), and that of the government requiring its citizens to identify themselves to it on demand.
Sure, its slightly harder to have a government issue credentials to everybody and not have them abuse the possibilities that come with it, but if a society can pull it of, there are vast benefits in many areas of life.
On top of that, the flip side of people regularly not carrying any identification documents seems to be a police force much more eager to arrest people on the spot to figure out their identity. (Presented as an observation without value judgement: This way of doing things does lower the likelihood of the police arresting somebody because of not carrying identification.)
> This theory mixes up the distinct concepts of the government, as a trusted entity (where applicable), issuing identity document for the use of its citizens (including in person-to-person or person-to-private-company scenarios), and that of the government requiring its citizens to identify themselves to it on demand.
I don't agree that there is any such mix up, you'd need to point to the actual mix up.
> Sure, its slightly harder to have a government issue credentials to everybody and not have them abuse the possibilities that come with it, but if a society can pull it of, there are vast benefits in many areas of life.
There are lots of things that may benefit the group at the expense of individuals, but that is exactly why any group that values individual liberty should be opposed to it.
> On top of that, the flip side of people regularly not carrying any identification documents seems to be a police force much more eager to arrest people on the spot to figure out their identity.
The police in the UK aren't allowed to arrest people simply for not providing ID, and they are sued and lose when they do. I used to enjoy watching the Crimebodge account on Youtube where there are plenty of such scenarios. It's especially fun watching teenagers who know the law frustrate authoritarian rozzers.
So no, the way to lower the risk of the police arresting people for not having ID is to make not having ID a normal thing and increase the rights the individual has against persecution by the police.
Successive governments have been determined to change this.
A good current example is the Children's Wellbeing and Schools Bill which very much is based on the idea that the state, rather than parents, is primarily responsible for children. The Online Safety Act reflects much the same thinking.
I think there has been a cultural change. Both from the state, and from people who expect to be told what to do to a greater extent than the past.
Basically there is no universal ID system. You are not required to have a passport or driving licence, which are the usual IDs. There is an optional kind of ID you can use to prove your age if you don't or can't have those. Even if you do have one of these, you don't have to show it to the police if they stop you. The police can ask your name, but unless the police has "reasonable grounds" to search you, you can just walk away.
This is at odds to much of the EU where carrying ID is normal and you can be fined for not having it on you in public.
Proving your identity to a company usually involves a copy of passport and a recent utility bill. Sometimes you need to get a "professional" (doctor, lawyer) to write "I certify this is a valid copy" on it. Financial systems often use your NI number (think SSN) as the ID factor for things like KYC, the NHS uses a separate number. There are several fairly mysterious companies that provide this service to companies who need to know like solicitors (you upload the photos, they authenticte it "somehow", hopefully they look after it, presumably they can be audited I turn out to be a money launderer using a fake document). Getting a passport is a bit of a performance as you have to bootstrap the trust chain by getting someone you know to submit their documents and vouch for your photos.
It also means that, to use a hot-button subject recently, the police have limited practical ways to prove a right to work, unless they have strong intelligence that a particular place is using illegal labour and do a raid. The current tactic seems to be arresting people for illegal e-bikes, where they have reasonable grounds for an arrest and can then get the name and do the immigration checks at that point.
I remember once seeing the UK passport application. It struck me as having utterly byzantine requirements. When I read your post and think about it again, the lack of a universal ID could make it very tricky to get a passport, which is ultimately a national/universal ID.
The consequence of some services being offline is much, much worse than a person (or a billion) being bored in front of a screen.
Sure, it’s arguably not Cloudflares fault that these services are cloud-dependent in the first place, but even if service just degrades somewhat gracefully in an ideal case, that’s a lot of global clustering of a lot of exceptional system behavior.
Or another analogy: Every person probably passes out for a few minutes in their live at one point or another. Yet I wouldn’t want to imagine what happens if everybody got that over with at the very same time without warning…
reply