Mandatory Digital ID Debate
Full Debate: Read Full DebateDepartment: Department for Digital, Culture, Media & Sport
David Davis
Main Page: David Davis (Conservative - Goole and Pocklington)Department Debates - View all David Davis's debates with the Department for Digital, Culture, Media & Sport
(1 day, 20 hours ago)
Westminster HallRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Westminster Hall is an alternative Chamber for MPs to hold debates, named after the adjoining Westminster Hall.
Each debate is chaired by an MP from the Panel of Chairs, rather than the Speaker or Deputy Speaker. A Government Minister will give the final speech, and no votes may be called on the debate topic.
This information is provided by Parallel Parliament and does not comprise part of the offical record
David Davis (Goole and Pocklington) (Con)
In view of the time limits, I will focus solely on the scandalously insecure One Login procedure. I will be writing to ask the National Audit Office to investigate because, apart from the strategic weakness of having a single login, the Government’s handling has been a disaster.
As early as 2022, the information assurance team responsible for ensuring the security of the system raised concerns that it was being developed on unsecured workstations, by contractors in Romania who did not have security clearance. When it ran a red-team operation to see how secure it was, they broke into the system easily. They would have been able to install malware, and they were not even detected by the people running the system.
What will happen when this system comes into effect is that the entire population’s entire data will be open to malevolent actors—foreign nations, ransomware criminals, malevolent hackers and even their own personal or political enemies. As a result, this will be worse than the Horizon scandal.
Emily Darlington
I am happy to go through it. First, it is not about centralising data. Rather, digital ID allows the citizen to access federated data. The data stays in the individual Departments; it does not stay on a card—this is not about a card. Digital ID adds a level of security to Government datasets. There is no travel or location data. There is no access to external providers. It uses sovereign tech that allows citizens to know what the Government hold and who is accessing it. There is no new data that the Government do not already hold, and a single login is actually better for a person to prove who they are with a digital ID.
Emily Darlington
I think the right hon. Member will find there is a split in the community because there is a lack of detail.
Emily Darlington
I agree, but there is a lack of detail. When we are at the beginning of the conversation and going out to consultation, which is exactly what we are doing, we have to ask the public what they want. Do they want either of the two scenarios that my hon. Friend the Member for Bassetlaw and I presented, or do they not want access to their Government data in a way that enables them to know what is happening, and so that they can prove who they are without having to pay for a passport or driver’s licence?
David Davis
The tech has already been abroad. It has already been in Romania, and it is quite possible that malware is already inside it.
Iqbal Mohamed
One of the reasons for proposing the scheme was to give citizens and residents of the UK easy access to Government and public services. We have been crying out for joined-up government for decades, under the previous Government and the Labour Government before them. Our systems across Government Departments are islands of automation. They are separate—they do not connect; they do not talk to each other. Before this ID could be effective, we would need a fully integrated, safe, joined-up Government system with systems that talked to each other. There are people working in the NHS who have multiple log-ins to do their normal job. That is the environment that we are in.
My constituents and millions across this country are opposed to the scheme because they see the breach of their civil liberties but do not see the benefits of the scheme. The Government have not articulated them or the use cases. I asked the Secretary of State in the Chamber about what use cases the Government want to introduce the scheme for, about whether the prerequisites to deliver those use cases have been met, and about how the public can have guarantees about security, privacy and breach concerns before they are required, compulsorily, to sign up to the scheme.
The scheme needs detailed review. The pilots and previous attempts to implement such schemes have failed. They have exposed our country to third-party risks. Our data is already out there, and we cannot introduce a system that will make the rest of the data, which is not out there, easily accessible to those criminals.