“When you consolidate data into a single vast database, it undoubtedly becomes a target for the nation’s adversaries.”
Richard Dearlove, former head of MI6, has criticized the Starmer government’s initiative to implement a national digital identity system. He cautioned that this system could “immediately become a target for the country’s enemies.” Leading MI6 from 1999 to 2004, Dearlove highlighted concerns that emerging quantum technologies might compromise the security measures meant to protect such digital identification.
“When you consolidate data into one massive database, it inevitably becomes a target for adversaries,” Dearlove told the right-wing outlet, GB News. “Thus, it is crucial to ensure that the citadel is impervious to attacks. No matter how secure you believe the system to be, the advent of quantum computing could render your defenses ineffective.”
When Dearlove refers to “enemies,” it appears he is hinting at a specific nation: China. Official UK records reveal that Chinese cyber spies breached the UK’s Electoral Commission’s Microsoft Exchange Server, exposing personal information of about 40 million UK citizens for over a year.
Even those outside the UK may recognize Dearlove’s name. During his tenure with MI6, he was instrumental in supplying then-Prime Minister Tony Blair with questionable intelligence regarding Iraq’s weapons of mass destruction, which facilitated the second Gulf War. Additionally, he advised Christopher Steele on the Trump dossier during the Russiagate scandal.
Dearlove’s reputation is far from pristine, even by the standards of senior intelligence officials, as he has been implicated in some of the most egregious events of this young century. Nonetheless, his background in security matters might lend weight to his opinions.
However, this did not prevent him from apparently falling victim to a Russian cyber attack in 2018. In 2022, he publicly disclosed that his personal emails had been hacked and published on a website called Very English Coop [sic] d’Etat.
According to The Daily Telegraph, the website claimed that the leaked emails served as evidence of a conspiracy involving prominent Brexiteers, including Dearlove, Gisela Stuart (a former Labour MP), and historian Robert Tombs, to position a pro-Brexit operative in the UK’s negotiation team led by Olly Robbins, the former Brexit negotiator.
“Worse Than… Horizon”
When asked by GB News if the Starmer administration should reconsider its approach to digital identity, Dearlove advised, “It is preferable not to create such a target at all.”
Whether Dearlove’s motives for opposing Starmer’s plans stem from a desire to safeguard the interests of tech companies in the sector remains uncertain. Nonetheless, he is not the only influential figure raising alarms about the security hazards associated with the proposed digital identity system. These concerns seem to be grounded in reality.
In a Westminster Hall debate, Conservative MP David Davis voiced similar worries:
“Once this system takes effect, the entire population’s data will be vulnerable to malevolent actors — whether they are foreign nations, ransomware criminals, malicious hackers, or even personal or political adversaries.”
“Consequently, this could be even worse than the Horizon [Post Office] scandal.”
Davis’s concerns resonate. Just over six months ago, we addressed similar issues in our article titled, “Is the UK Creating a Giant Bonanza for Hackers and Nation-State Adversaries With Its ‘One Login Digital Governance System?’” Within that piece, we raised alarms about the UK’s poor record on data protection and its overall IT management.
“If not properly secured, digital identity systems risk creating an attractive target for hackers and nations wishing to exploit vulnerabilities, a situation the UK is evidently no stranger to. Such systems also pose significant vulnerabilities to the IT infrastructures of the UK government and civil service.”
According to the 2023 IBM X-Force Threat Intelligence Index, the UK faced the highest number of cyber attacks in Europe in 2022, accounting for a staggering 43% of all incidents. Concurrently, the current state of the UK government’s One Login system — the access gateway for the anticipated digital ID wallet — raises significant concerns regarding security.
Zero Trust
As reported by Computer Weekly in April, One Login has yet to meet the cybersecurity standards required for critical public services, lost its certification against the government’s digital identity system trust framework, and a recent simulated cyberattack revealed that intruders could gain unauthorized access without detection.
If that were not enough to undermine public confidence, it was also disclosed in 2022 that aspects of One Login were being developed on unsecured workstations in Romania, a country ranked sixth on the World Cybercrime Index, by contractors lacking the necessary security clearances.
Despite these issues, One Login is operational, with 12 million sign-ups — approximately one in four England residents. Once fully functional, it will support the forthcoming Gov.uk Wallet, intended to contain digital versions of vital government documents such as driving licenses, birth certificates, and passports, alongside private sector credentials.
Yet, as Andrew Orlowski of The Telegraph warns, the system lacks adequate security measures.
DIGITAL ID: “Due to One Login, you may be fully exposed to identity fraud.” – @AndrewOrlowski
The security flaws in One Login raise substantial concerns.
Company directors can find ways to avoid One Login through our toolkit for more details:https://t.co/5HHOMVF9Fu pic.twitter.com/5Qe9K3Gdgo
— Together (@Togetherdec) November 23, 2025
Criticism of Starmer’s digital identity plans continues to grow, even from traditional media.
LBC (the London Broadcasting Company) published an insightful op-ed by Irra Ariella Khi, CEO of Zamna, an aviation identity company, who advises governments and industry leaders on digital identity. She emphasized a crucial observation regarding the UK government’s frequent references to Estonia’s established digital governance system as a model:
The UK Government often cites Estonia as an exemplar for digital identity. However, Estonia’s population (1.6 million) is roughly the same as Croydon’s. You cannot merely copy and paste a small national system and expect it to function for 67 million people. It’s akin to taking a system designed to operate at 100% capacity in Estonia and anticipating it can sustain 4,000% capacity in the UK.
This sentiment is particularly relevant when considering that the UK’s IT infrastructure consists largely of a haphazard collection of poorly designed legacy systems, compounded by a dismal track record in IT management.
Even Estonia’s smaller, more efficient, and longer-established system has not escaped data breaches. In 2017, a security flaw locked thousands of individuals out of online government services. According to the BBC:
A problem with the country’s national identity cards was detected earlier this year, impacting around 760,000 people.
The issue could enable attackers to decrypt private data or impersonate citizens.
Individuals who did not update their cards with new security certificates would be unable to use them for certain services starting at midnight.
Estonia’s digital ID system allows citizens to access government and various private services, including medical records, voting, and banking.
However, security researchers discovered that the encryption used in ID cards was easily compromised, posing risks of impersonation.
In Indonesia, crafty criminals have developed malware that masquerades as the country’s digital identity application, as reported by Biometric Update:
Cybersecurity experts found a malicious application designed to steal financial data, disguised as Indonesia’s national digital identity platform, Identitas Kependudukan Digital (IKD).
The malware app, named Android/BankBot-YNRK, was detected circulating outside the official Google Play store, presenting itself as an APK file for the digital ID platform. Upon installation, the app exploits Android permissions to access sensitive information, targeting banking and cryptocurrency applications.
According to an investigation by the cybersecurity firm Cyfirma, this Trojan operates covertly by leveraging its permissions to monitor screen activity, simulate button presses, and automatically fill out forms as if it were the user. It also transmits device specifics, location details, and a list of installed applications back to the attackers.
“Overall, Android/BankBot-YNRK possesses a comprehensive feature set designed to maintain long-term access, pilfer financial data, and carry out fraudulent transactions on compromised Android devices,” states Cyfirma.
The Meaning of “Mandatory”
The UK government insists that its digital identity system will be optional, despite considerable evidence suggesting otherwise, including the government’s own announcements. They receive support in this misleading narrative from “fact-checking” entities. Full Fact clarifies that digital ID would only be mandatory for those wishing to work in the UK:
Digital ID would only be compulsory for individuals seeking employment in the UK. Therefore, it would not be applicable to everyone residing in the UK. For example, retirees would not require a digital ID.
However, even this claim may not hold up in the long run. Many governments with comprehensive digital identity systems, from Estonia to India, initially assured their citizens that these systems were completely optional—until they became necessary for nearly every aspect of life. In India, access issues related to the Aadhaar system have prevented millions from accessing their legitimate benefits, leading even to tragic outcomes.
In the UK, it has already become mandatory (as of November 18) for business owners to register with Companies House using One Login — a fact not mentioned in the Full Fact article. This adds another six million individuals to the system, unless they opt out or find alternative methods to register.
The official justifications for this shift are to attract investment to the UK through enhanced transparency and improved fraud protection. While strengthening business registration processes is necessary, compelling business owners to register through One Login raises the risk of exposing millions to heightened fraud threats, cautions Info-Security magazine:
Michael Perez, from managed service provider Ekco, warned that the One Login ID verification system itself constitutes a security risk.
He pointed out that it has failed to meet all requirements under the government’s Cyber Assessment Framework and has a history of problems, including software vulnerabilities and insecure logins.
“Requesting millions to submit sensitive identity documents via a platform that has not fully embraced secure-by-design principles introduces significant risk,” Perez argued.
“It concentrates vulnerabilities and may expose users to breaches at a time when public trust in digital systems is already fragile.”
These vulnerabilities regarding system and data security are merely a subset of the myriad challenges posed by digital identity. Phil Wiseman, from Oracle Films, offers a concise overview of additional core issues:
I observe a significant semantic issue in the Digital ID debate. This post aims to provide clarity.
In my perspective:
Digital IDENTIFICATION is the digital counterpart of physical identification — anything currently utilized to identify oneself, such as passports, driver’s licenses, bank cards, utility bills, etc.
This is what most people associate with ‘Digital ID.’ There’s little inherently wrong with this concept; that’s why the uproar and resistance to ‘Digital ID’ initiatives can be perplexing.
Digital IDENTITY encompasses the collection of identifiers existing as data about you. It represents your digital footprint, currently fragmented across various public and private sector databases.
Again, nothing inherently problematic about this notion, provided individuals comprehend the terms of the services they utilize and have given informed consent regarding the use of their data for specified purposes. I suspect most do not.
The primary concern with Digital IDENTITY, particularly regarding its trajectory, is the ambition to enable interoperability among these datasets on a global scale.
This concept is formally known as DIGITAL PUBLIC INFRASTRUCTURE.
Under the principles of DPI, your digital footprint, referred to as your ‘Digital Twin,’ will be continually updated whenever you interact significantly within society, whether by utilizing public services, filing taxes, making financial transactions, or engaging in online activities.
Any human activity requiring data exchange will lead to the collection and profiling of that data—permanently linking it to your digital twin record.
This is not speculative; it is what Digital Public Infrastructure is intended to facilitate.
This raises critical questions:
What occurs when your digital identifier is not a physical application or card, but a biometric feature, such as a fingerprint or facial scan? What does opting out entail in that context?
What implications arise if cash is eradicated, removing any analogue alternatives from this closed digital ecosystem?
What happens when massive datasets are ultimately monitored by AI, and enforcement mechanisms are introduced?
Carbon credits, social credit systems, vaccination mandates—the potential for social control is virtually limitless. Such enforcement actions could be implemented centrally and automatically at scale.
Couple these threats with the demonstrated insecurity of current systems, which attract would-be hackers. Essentially, individuals are being coerced into joining a risky system for which their consent will not be sought in the future. Should they refuse to participate, they would face penalties.
A potential glimmer of hope amidst the government’s rapid push to roll out a digital identity system is Keir Starmer’s unpopularity. If anyone has the ability to alienate an entire nation from the concept of digital identity, tarnishing it indefinitely, it is Starmer, who has quickly established himself as Britain’s least liked Prime Minister within just over a year.
Support for digital identity among the public has plummeted from 35% last summer to -14% by early October, according to polling from More in Common. Nearly three million people have signed a parliamentary petition urging the government to forgo introducing a digital identity system, making it the fourth-largest petition in British history.
A debate regarding this digital issue will occur in the House of Commons on December 8. For UK residents interested in participating, Big Brother Watch is providing a simple tool for reaching out to their MPs to express their views on the matter and encourage them to attend.
🚨 ACTION ALERT: Encourage your MP to participate in the digital ID petition debate on December 8 using our quick tool.
If thousands of us reach out to our MPs, they’ll be compelled to acknowledge public opposition to digital ID during this debate⤵️https://t.co/RJCBPMzUiQ pic.twitter.com/Hl5CQXlGnN
— Big Brother Watch (@BigBrotherWatch) November 21, 2025
Even if Starmer’s digital identity scheme becomes so controversial that he or his successor must abandon it, some revised proposal bearing a different name is likely to be put forth in a couple of years, similar to recent occurrences in Switzerland.
As noted by NC reader Vao in response to a previous article, “Whether it pertains to e-ID, CBDC, internet censorship, or other topics, authorities interpret the most forceful ‘NO!’ as merely ‘not right now.’” Digital identity is undoubtedly one of the most critical subjects, as it is designed to serve as the foundation for the digital control infrastructure that nearly every country worldwide is racing to build.
