I actually think national ID systems need a dual mechanism where you can hand out IDs that are unique for any given relationship you establish. That way business relationships can be formed with the government providing assurance of identity, but even if the business leaks all those ID numbers nothing can actually happen to you unless the business’ private key is stolen. Similarly, the government can only establish your identity but cannot determine your relationships with businesses or other individuals. You can also choose to revoke ID permissions for any relationship and entities are not allowed to store identifying info about you (i.e. they have to query the government database whenever they need it) similar to how they’re not allowed to store CC info.
Another approach is the one implemented in Estonia. A citizen there has the ability to query who has accessed their records [1]. Combined with proper laws, this feature lead to "some very public cases of government officials being caught accessing private data of Citizens - without any legitimate and authorized reason for such access."
Note that through this mechanism, the society is still a control society [2], even though citizen themselves have more to say in that control.
I'm a dual Estonian-Canadian citizen and after getting my Estonian national ID card last year I just bought a card reader to log into the digital services.
I'm absolutely blown away by how clear and functional these services are and how seamless and user friendly the whole thing is.
I just signed up for blood transfusions should I ever need them in Estonia and that process involved using my smart card to sign the consent agreement and can see which department and when accessed this information.
Meanwhile the province I'm from is still handing out paper healthcare cards in 2024.
Genuinely this appears to introduce unnecessary friction. After all, if you can trust the government, you don't need this feature. If you cannot trust the government, then it is safe to assume that they aren't just sitting on their hands pouting that there's no national ID they can use to tie together an identity with.
I think it's dangerously naive to assume a nation with as capable a surveillance state as the US to be physically unable to tie together everything about you just because there's no national ID.
The government isn't a large, monolithic entity (despite all rumors to the contrary), and the biggest issue would probably be single employes or departments that use this system for things they aren't supposed to. Trusting the goverment at large or every single employee are different things.
I would argue that google employees are a much smaller issue:
- There are many less people (probably 2-3 orders of magnitude) accessing the data at all at Google, and (probably?) most sensitive data isn't accessible at all
- As you can't choose to avoid the government, the standard of trust should be much higher
- I don't know how well it works at Google. The reports of videogame leaks through employees accessing accessing unreleased Videos and the (for now) inability from Google to solve this problem at least indicates to me that the approach has issues.
- There are many more valid reasons for a government employee to access the data, so it's harder do differentiate. You also have the issues of police dempartments (and similar), where an access might not be allowed but done as unoffical policy "for the greater good"
- I would think that Google is much more capable of implementing and managing such a system than goverment suppliers or agencies, unfortunately
If you can’t trust the government, the friction is irrelevant. They just generate a different primary key and don’t give it to you. Evil adversaries don’t play by rules. You’re just harming yourself in the good times and not helping yourself in the bad times. It's not like a government who wants to do real harm to individuals is just going to go whelp, no national ID, I guess we'll just go home and not hurt anyone.
If I were a hypothetical evil US government and there wasn't an SSN, I'd just create a database with an INTEGER PRIMARY KEY, compel Visa, MasterCard and American Express to send me 6 months of transaction history under a national security letter, correlate and quantize them all and presto, a few hours later, indexing complete.
It doesn't even have to be 95% accurate, although with some otherwise-anonymous looking demographics data you can get several nines of uniqueness. [1]
> You can also choose to revoke ID permissions for any relationship and entities are not allowed to store identifying info about you (i.e. they have to query the government database whenever they need it) similar to how they’re not allowed to store CC info
How do you propose doing this without a centralised (or public) place that tracks your relationships?
If the answer is local, you'd expect to be inundated with cases within a few years of people who couldn't revoke a permission because they lost their phone or whatnot.
You can look into "Sovereign Identity", which could offer a solution to this very problem, in theory. It's a decentralised digital identity framework using cryptography.
The idea is to take identity upside down: you issue your own identity (think key pair), and an authority certifies it (aka. signature). That's why it's called sovereign.
Adding zero knowledge proofs adds support for more privacy preserving tech: prove your address is in a specific country, without giving your address, or prove your age without giving your birthdate.
Although it could all be implemented today, governments don't... because they love centralisation for the power it gives them. European institutions are working on Sovereign Identity projects, but it's mostly 100% centralised bullshit from what I know.
As with all things cryptographic, if you don't own the keys, you own nothing.
Exactly like with your paper wallet, you'll have to go to the authorities and they'll have to certify your new ID / keys... except it's possible to rekey you identity, to have escrows hold rescue keys, etc... many things you can't do without a Digital ID.
