Share this post:
So much for “security at its core”.
The government’s digital ID system – a scheme that will make it impossible to work without official state approval – has been branded insecure, untrusted and potentially catastrophic.
According to a BBC investigation, the systems at the heart of Keir Starmer’s planned digital identity plan are already riddled with vulnerabilities.
Whistleblowers, MPs and technology experts are warning that the very structure of the project could expose the personal data of millions of people to hackers, criminals and hostile states.
The prime minister insists that the system will be secure. But the evidence suggests that, if anything, hackers are at the centre of it.
Note to readers
Vox Political is evolving – TODAY!
I’m opening a new home for my reporting — The Whip Line on Substack — where independent journalism will be supported directly by readers.
From November 1, you’ll still get one free article here every day, but most of my work will appear on The Whip Line, available to subscribers whose paid contribution will make this reporting possible.
Join The Whip Line today and help keep independent journalism alive:
https://thewhipline.substack.com
The plan nobody asked for
Under the proposals, every UK citizen and legal resident will be offered a digital identity – but for most people, it won’t be optional.
The government intends to make it mandatory for employment, meaning anyone who wants a job will need to sign up.
So much for “choice”.
It’s a policy that should chill anyone who values civil liberties.
The state is creating a database of every working person in the UK, potentially able to track where you live, what you do, and – depending on what’s added later – how you interact with public services.
Polls show most people do not want digital ID, for the very reason that it could be used to restrict rather than enable freedom.
Yet Starmer’s government is pressing ahead, insisting it will somehow be different from every previous attempt.
The Blair government tried to impose ID cards two decades ago.
That plan was abandoned after a wave of public outrage forced ministers to back down.
Now the idea is back, digitally re-branded – but even more dangerous.
‘Worse than Horizon’
Conservative MP David Davis has sounded the loudest alarm yet. Speaking in a Westminster Hall debate, he said:
“What will happen when this system comes into effect is that the entire population’s entire data will be open to malevolent actors – foreign nations, ransomware criminals, malevolent hackers and even their own personal or political enemies.
“This will be worse than the Horizon scandal.”
That comparison should make the government sweat.
The Horizon IT system destroyed the lives of hundreds of innocent sub-postmasters because ministers and officials refused to believe their technology could be wrong.
Now we have the prospect of another government-run system, this time tied to the identity of every person in the country – and run by many of the same kinds of departments and contractors that gave us Horizon in the first place.
Davis has written to the National Audit Office demanding an urgent investigation into the soaring cost of the scheme, which has already topped £305 million.
He also raised the alarm over a 2022 incident in which developers in Romania – working on unsecured computers and lacking proper security clearance – had access to parts of the Gov.uk One Login system.
That’s the platform on which the entire digital ID scheme rests.
Red teams, red flags
The BBC reports that a “red team” – specialists hired to simulate real-world cyber-attacks – were able to gain privileged access to One Login systems earlier this year.
If true, that means hackers could, in theory, do the same.
A whistleblower told the Liberal Democrat technology spokesman Lord Clement-Jones that the government missed its own national cybersecurity deadline, and that One Login will not pass required tests until March 2026.
That’s long after the government wants people to start using it.
The Department for Science, Innovation and Technology (DSIT) insists that its systems are robust, claiming they “follow the highest security standards used across government and the private sector”.
But we’ve heard all that before.
We heard it from the Post Office.
We heard it from the Home Office over the Windrush database.
And we’ve heard it after every government data breach that ever made the news.
DSIT also admitted that One Login’s certification under the Digital Identity and Attributes Trust Framework lapsed earlier this year – meaning that, for months, it hasn’t even been officially classed as a “trusted” identity system.
The department blames a supplier and says the certificate will be restored “imminently”.
But in cybersecurity, “imminent” isn’t good enough.
Hackers don’t wait for paperwork.
Not one database – but many targets
To reassure the public, ministers say there will be no single centralised database of citizens.
Instead, personal data will be stored in different government departments, linked through the One Login and Gov.uk Wallet systems.
In theory, that’s meant to reduce risk.
In practice, it means more attack surfaces – and more weak points.
Each department’s servers could become a target, and the more connections there are between them, the more opportunities hackers have to exploit them.
In the digital world, every door is a potential break-in point.
This system proposes to build hundreds of doors – and hand out millions of keys.
“Security at its core”? Pull the other one
Starmer told reporters that digital ID “will have security at its core”.
The evidence suggests the only things at its core are hackers.
Even the government’s own watchdogs don’t trust the project.
Lord Clement-Jones says One Login still fails to meet National Cyber Security Centre standards.
Davis warns that if the government gets this wrong, the entire population’s private data could be laid open to anyone with the skills and motivation to take it.
And remember – once your digital ID exists, you can’t change it.
You can’t reset your date of birth.
You can’t swap your fingerprints.
If a hacker steals your digital identity, you’re compromised for life.
Centralising control
Starmer’s decision to move overall responsibility for the project to the Cabinet Office – under his loyal lieutenant Darren Jones – shows how politically sensitive it has become.
But that’s not accountability – it’s containment.
The Government Digital Service, still under DSIT, will keep building the system, while the Cabinet Office handles the politics.
So if it goes wrong, Starmer can claim it’s someone else’s fault.
We’ve seen that before, too.
Meanwhile, the government boasts that more than 12 million people have already signed up for One Login, mostly to access routine services like tax or benefits.
By this time next year, that could rise to 20 million as company directors are forced to register through it.
The trap is already being baited.
A danger disguised as convenience
Officials talk about “streamlining access to services”, “reducing fraud” and “improving efficiency”. That’s the sugar-coating.
The reality is a system that could one day be used to control who gets a job, who can rent a home, who can claim benefits – or who can be quietly locked out.
This isn’t paranoia; it’s precedent. Every authoritarian regime starts by making identification sound like common sense.
It ends with you needing government permission to exist.
The Whip Line
You’ll need Starmer’s permission to work – and hackers might get there before you.
The UK doesn’t need a digital ID system that hands power to the state and data to criminals. We need a government that understands privacy, liberty and competence.
Right now, we have none of those three things.
Never miss a Vox Political post!
Social media algorithms often hide what you want to read. If you’d like to get every article directly, here are your options:
RSS Feed – instant updates, no filters:
https://voxpoliticalonline.com/get-every-vox-political-post-no-algorithms-no-blocks/
Mailing List – updates delivered to your inbox:
https://voxpoliticalonline.com/join-the-vox-political-mailing-list/
Video Mailing List – updates go straight to your inbox:
https://dashboard.mailerlite.com/forms/1503041/155584006128141972/share
Discord Server – direct updates, discussion and campaigns
https://discord.gg/SMCRE39XGm
Telegram Channel – every post, direct to your phone:
https://t.co/be9EMGHXFV
Support Vox Political!
With social media algorithms acting as gatekeepers – allowing users to read only what their owners want them to, sites like Vox Political need the support of our readers like never before.
You can help by making a donation:
https://Ko-fi.com/voxpolitical
Share this post:
Like this:
Like Loading...
Starmer’s digital ID plan: insecure – untrusted – and unwanted
Share this post:
So much for “security at its core”.
The government’s digital ID system – a scheme that will make it impossible to work without official state approval – has been branded insecure, untrusted and potentially catastrophic.
According to a BBC investigation, the systems at the heart of Keir Starmer’s planned digital identity plan are already riddled with vulnerabilities.
Whistleblowers, MPs and technology experts are warning that the very structure of the project could expose the personal data of millions of people to hackers, criminals and hostile states.
The prime minister insists that the system will be secure. But the evidence suggests that, if anything, hackers are at the centre of it.
The plan nobody asked for
Under the proposals, every UK citizen and legal resident will be offered a digital identity – but for most people, it won’t be optional.
The government intends to make it mandatory for employment, meaning anyone who wants a job will need to sign up.
So much for “choice”.
It’s a policy that should chill anyone who values civil liberties.
The state is creating a database of every working person in the UK, potentially able to track where you live, what you do, and – depending on what’s added later – how you interact with public services.
Polls show most people do not want digital ID, for the very reason that it could be used to restrict rather than enable freedom.
Yet Starmer’s government is pressing ahead, insisting it will somehow be different from every previous attempt.
The Blair government tried to impose ID cards two decades ago.
That plan was abandoned after a wave of public outrage forced ministers to back down.
Now the idea is back, digitally re-branded – but even more dangerous.
‘Worse than Horizon’
Conservative MP David Davis has sounded the loudest alarm yet. Speaking in a Westminster Hall debate, he said:
That comparison should make the government sweat.
The Horizon IT system destroyed the lives of hundreds of innocent sub-postmasters because ministers and officials refused to believe their technology could be wrong.
Now we have the prospect of another government-run system, this time tied to the identity of every person in the country – and run by many of the same kinds of departments and contractors that gave us Horizon in the first place.
Davis has written to the National Audit Office demanding an urgent investigation into the soaring cost of the scheme, which has already topped £305 million.
He also raised the alarm over a 2022 incident in which developers in Romania – working on unsecured computers and lacking proper security clearance – had access to parts of the Gov.uk One Login system.
That’s the platform on which the entire digital ID scheme rests.
Red teams, red flags
The BBC reports that a “red team” – specialists hired to simulate real-world cyber-attacks – were able to gain privileged access to One Login systems earlier this year.
If true, that means hackers could, in theory, do the same.
A whistleblower told the Liberal Democrat technology spokesman Lord Clement-Jones that the government missed its own national cybersecurity deadline, and that One Login will not pass required tests until March 2026.
That’s long after the government wants people to start using it.
The Department for Science, Innovation and Technology (DSIT) insists that its systems are robust, claiming they “follow the highest security standards used across government and the private sector”.
But we’ve heard all that before.
We heard it from the Post Office.
We heard it from the Home Office over the Windrush database.
And we’ve heard it after every government data breach that ever made the news.
DSIT also admitted that One Login’s certification under the Digital Identity and Attributes Trust Framework lapsed earlier this year – meaning that, for months, it hasn’t even been officially classed as a “trusted” identity system.
The department blames a supplier and says the certificate will be restored “imminently”.
But in cybersecurity, “imminent” isn’t good enough.
Hackers don’t wait for paperwork.
Not one database – but many targets
To reassure the public, ministers say there will be no single centralised database of citizens.
Instead, personal data will be stored in different government departments, linked through the One Login and Gov.uk Wallet systems.
In theory, that’s meant to reduce risk.
In practice, it means more attack surfaces – and more weak points.
Each department’s servers could become a target, and the more connections there are between them, the more opportunities hackers have to exploit them.
In the digital world, every door is a potential break-in point.
This system proposes to build hundreds of doors – and hand out millions of keys.
“Security at its core”? Pull the other one
Starmer told reporters that digital ID “will have security at its core”.
The evidence suggests the only things at its core are hackers.
Even the government’s own watchdogs don’t trust the project.
Lord Clement-Jones says One Login still fails to meet National Cyber Security Centre standards.
Davis warns that if the government gets this wrong, the entire population’s private data could be laid open to anyone with the skills and motivation to take it.
And remember – once your digital ID exists, you can’t change it.
You can’t reset your date of birth.
You can’t swap your fingerprints.
If a hacker steals your digital identity, you’re compromised for life.
Centralising control
Starmer’s decision to move overall responsibility for the project to the Cabinet Office – under his loyal lieutenant Darren Jones – shows how politically sensitive it has become.
But that’s not accountability – it’s containment.
The Government Digital Service, still under DSIT, will keep building the system, while the Cabinet Office handles the politics.
So if it goes wrong, Starmer can claim it’s someone else’s fault.
We’ve seen that before, too.
Meanwhile, the government boasts that more than 12 million people have already signed up for One Login, mostly to access routine services like tax or benefits.
By this time next year, that could rise to 20 million as company directors are forced to register through it.
The trap is already being baited.
A danger disguised as convenience
Officials talk about “streamlining access to services”, “reducing fraud” and “improving efficiency”. That’s the sugar-coating.
The reality is a system that could one day be used to control who gets a job, who can rent a home, who can claim benefits – or who can be quietly locked out.
This isn’t paranoia; it’s precedent. Every authoritarian regime starts by making identification sound like common sense.
It ends with you needing government permission to exist.
The Whip Line
You’ll need Starmer’s permission to work – and hackers might get there before you.
The UK doesn’t need a digital ID system that hands power to the state and data to criminals. We need a government that understands privacy, liberty and competence.
Right now, we have none of those three things.
Support Vox Political!
With social media algorithms acting as gatekeepers – allowing users to read only what their owners want them to, sites like Vox Political need the support of our readers like never before.
You can help by making a donation:
https://Ko-fi.com/voxpolitical
Share this post:
Like this:
you might also like
Why is Tony Blair renewing his ‘ID cards’ plan right before elections when we’ll need them?
Like this:
Starmer’s plan: digital ID – or a dead cat?
Like this:
Mass backlash against Starmer’s digital ID ‘dead cat’
Like this:
Like this: