The op is incorrect. The 'database entry' is the one that exists right now at the DVLA for driving licenses or HMPO for passports. Private sector verification services poll that data to verify the data entered by the user in onboarding. That's it.
"Just one more bit of regulation will solve the problem" is how Britain became the most centralised country in Western Europe. The sad thing is that the majority of the population still buy it.
There was recently a request by the police for new laws about overpowered electric bicycles being ridden on pavements. Yes, they want a law against riding an already illegal vehicle in a place it is already illegal to ride it.
Now they want to make it illegal for employers to illegally give a job to people it was already illegal to give a job to by making them have a new ID, when it was already illegal to give someone a job without getting proof of their right to work in the UK!
Doesn't a physically held digital ID also do that? Assuming the encryption is strong, verifying that the data on the ID has the proper cryptographic signature should provide assurance that the ID is real, shouldn't it?
I guess, depending on how it's implemented, maybe an ID could be cloned and still appear valid, but that seems like a possibility for the UK's approach as well (the clone would just point to the same database entry).
In a good modern implementation, it should be extremely hard to produce a physical card with an authenticated pointer to the database, because that would be also signed.
But considering that they've been retiring things like biometric residence cards in favour of web-based systems, it's possible there will be no physical component.
Yes, I think you're probably right. But it still solves other problems such as "the app is a lookalike". If the app is basically an ID delivery mechanism that allows an operator to call up your photo, it becomes a relatively foolproof way to identify you accurately.
We have this is NSW in Australia: the Services NSW app provides a digital drivers license which is guaranteed to be accepted by authorities as legitimate.
>but the more good faith reason for a database entry is it should eliminate fake IDs.
Really? If anything it would make them easier. Hackers routinely break into government databases to exfiltrate information. An ID attribute databases would be no exception, for exfiltration, or simply modification of data. Ie: creating a fake ID.
