How you feel about reliable national ids really comes down to "do you trust the state or not".
Error-prone-ness is a feature for people who want the state to be less powerful.
Personally I think that for purely practical reasons national ids are good infrastructure.
I don't think in 2023 a "weak" national identity system offers much protection against an adversarial government.
Forget trusting the state, do you trust the endless parade of crappy companies that will demand your national ID verification to but everything from house insurance to fortnight skins to prevent fraud, and then promptly lose it in a data breech without ever receiving meaningful punishment? Because that is the state of things.
Isn’t this just already the case? It’s not clear to me why it would get worse for the drivers license I give everybody as proof of identity to be issued by the federal rather than state government.
This is especially true given that for many applications, I can already use my passport as an ID.
Actually, the more I think about this the weirder it is as a threat model. Photo ID pictures are basically only worth the value of the info printed on them to an attacker. They’re likewise not really valuable to retain as a business, because you might as well retain the information as tabular data, and then have a checkbox for “we saw this on a physical ID”. The only upside of storing the photo of the ID is if a business doesn’t trust its own employees, so having the photo provides them a way to make sure their employee really checked it.
An attacker who pops my bank’s network doesn’t need to look for ID photocopies: my identifying info is in the database in an already parsed format.
Yep this is a fair concern. Proponents would say that a good implementation would mitigate a lot of the data loss issues we currently see (I work in the digital id space so not entirely disinterested here).
Right now the way we verify identity is "dumb" in the sense that we prove identity using document ids or photos. This is "too strong" - to prove I am over 18 or just "the account holder" I must present valuable document IDs or scans which disclose other things about me such as my exact date of birth or my legal name. It is also "too weak" in that any verifier who receives these things can present them to someone else and impersonate me.
Today, every entity we deal with who verifies our identity can also impersonate us. There are billions of ID scans absolutely everywhere, in realtor's offices and lawyer's cabinets, at car rental agencies, etc ad nauseum.
A good "digital id" scheme allows for cryptographic proofs of identity which are non-transferable between verifiers. It allows things like proving that I am John Smith who is over 18 and holds a driver's license in a way that does not allow the verifier to then present those to someone else and impersonate me. It can allow for proofs of uniqueness, e.g. I can prove that I'm a person you've seen before with id xxxyyy in your database without disclosing my name (if the verifier chooses not to collect that). It can allow "blinding", e.g. I can hand over a token to someone who doesn't need to "see" my actual identity details unless they initiate legal process (say car rental scenario) and then I can be notified if that happens.
It is likely that a lot of verifiers might choose to "over collect" (say, request up-front proof of my legal name when strictly speaking they don't need that to rent me a car) but this can at least be discouraged by measures like tuning service charges so that more invasive verifications cost them more and ensuring that verifiers are subject to different regulation tiers based on the scope of data they collect. Even if the entity loses my PII e.g. my name, DOB, phone number, the systems are designed to not allow anyone accessing that information to impersonate me.
Strictly speaking digital id schemes / properties are orthogonal to "national ids". There are centralised, de-centralised and more or less anarchic (p2p) "versions" of digital identity. However, a government operated scheme at the national level could reduce a lot of commercial capture and the kind of "waste" that happens when you need to stitch together many disparate data sources.