More technical report www.volexity.com/blog/2025/10... via the excellent @fipr-policy.bsky.social

Systems like this need real institutional legitimacy to work.

Governments and industry are building ID systems to support their needs to administer, govern - and profit.

In turn, these systems are being used to facilitate targeting, profiling and surveillance.

Learn more about our approach to identity: privacyinternational.org/learn/identity

The PM mentioned taking inspiration from systems in Estonia and India.

Our research on the ID systems in both countries has documented a lack of transparency around data processing, and the high risks to people’s safety and dignity.

privacyinternational.org/long-read/46...

The other countries where this kind of digital ID has been implemented are far smaller, and don’t have our appalling track record of expensive government IT disasters.

There are absolutely real cybersecurity risks as well - not least, from the people with legitimate access to the system. For example, every year more than half of the prosecutions under the Computer Misuse Act are of serving police officers caught misusing their access to police databases.

Linking together all these different government systems and databases and tying them to a single point of truth about you - the obsession of the Tony Blair Institute - is going to be incredibly complicated, and is a disaster waiting to happen.

This isn’t just about ID - most people have some form of ID, and digital ID systems can be designed well and preserve our privacy and basic rights. It’s about the particular design of this system and what they want to achieve with it.

Has this all be throught through. In short, this has all the makings of another fiasco like the Post Office scandal. People will be wrongly denied access to basic services, employment, and other aspects of day to day life when this all breaks down.

The government would be sensible to step back and retract this notice, and instead focus on the important work of renewing the UK’s basic infrastructure, digital security, and privacy protections."

Law enforcement have much more effective tactics - ones which don’t involve undermining our shared security - to investigate and disrupt serious criminal activity where encryption is being used.

As the UK government’s own guidance for companies and the public makes clear, strong encryption is at the heart of keeping the services we all use safe and secure. There is no way to undermine encryption which doesn’t leave huge weaknesses that criminals and hostile state actors can exploit.

Our basic human rights and democratic freedoms rely on security, privacy, and the accountability of our institutions. Tactics like issuing encryption removal orders to tech companies will only make every iPhone user in the UK less secure.

My comment on behalf of FIPR: “It’s not surprising that the Home Office’s attempt to compel Apple to undermine the security of their products is facing resistance from the US Government. The UK Government’s order would effectively ban Apple from telling the US Congress what they had been asked to do

We explain the key issues behind the case, arguing that this fundamentally breaks security and privacy for Apple's users, and outlining some of the many alternatives which law enforcement have to these backdoors.

It has been the source of significant controversy, with the US Government pushing back against the order and making it an issue in ongoing trade negotiations between the US and UK.

This order - initially made in secret and which Apple is not allowed to discuss even with the US Congress - effectively requires Apple to build a backdoor into its encrypted systems.

It emerged earlier this year that the Home Office has issued a TCN to Apple. This notice requires Apple to make technical changes to its Advanced Data Protection service, which provides users with secure encrypted storage, to allow the UK Government to access encrypted user data on request.