On a damp morning in London, a job applicant is told a smartphone app will decide whether she can work. In Sacramento, police mined a utility’s hourly electricity readings on 650,000 households. And across the United States, law enforcement tapped a private network of cameras to trace cars at protests. These are not isolated stories; they form a pattern.

The UK government’s late-September announcement that a national digital ID will be introduced before the end of the next Parliament - with a target to be in force no later than August 2029 and an initial rollout for right-to-work checks in 2028 - has reignited a debate about who controls identity and access. Prime Minister Keir Starmer’s blunt line, “You will not be able to work in the United Kingdom if you do not have digital ID,” has forced a public reckoning over exclusion, mission creep and the role of private vendors in running civic infrastructure.

Policy push in the UK: mandatory for work, optional for other services - for now

The mechanics the government sketches are simple: a virtual ID held on a personal device that proves name, date of birth, nationality or residency status, and a photo, used to verify the right to work. The Prime Minister’s office clarified that pensioners, students and those not seeking employment will not initially be forced into the system, and that the scheme will not be retrospective; nevertheless, officials admitted the first compulsory use will be for right-to-work checks beginning in 2028.

Civil-society groups warn this “first use” is a classic entry point for expansion. The Electronic Frontier Foundation and others point to a familiar pattern: once identity becomes digital and centralized, it can be repurposed for benefits, travel, licensing and more. That is the essence of mission creep - a system designed for convenience becomes a de facto gatekeeper to employment, housing or public services if legal limits and technical safeguards are not baked in from day one.

Everyday surveillance shows how data becomes identity

Practical exclusion is not hypothetical. UK charity Big Brother Watch reported about 20 percent of Universal Credit applicants cannot complete online identity verification today; people without a passport, without reliable internet, or with disabilities are disproportionately at risk of falling behind. The government says alternatives - physical documents, in-person support - will be available, but independent researchers argue such stopgaps often prove insufficient when systems become the norm.

The SMUD case is a concrete cautionary tale. A court described a program in which the utility and police repeatedly queried the electricity database, searching for “high” usage and analyzing hourly consumption to infer activities inside homes. Over the program’s life, SMUD passed more than 33,000 tips to police about customers flagged by these searches, and the court found the effort was not a targeted investigation but a dragnet that “turned all 650,000 SMUD customers into suspects.”

Procurement, concentration, and the politics of capacity

Automated license-plate readers show the same dynamic at scale. EFF’s review of Flock Safety logs found more than 12 million searches from December 2024 to October 2025 across a network run by thousands of agencies. Some queries were explicitly tied to protest events - the database shows agencies searching hundreds or even thousands of camera networks for vehicles described as part of demonstrations. Tulsa Police logged at least 38 protest-related searches; other agencies queried 400, 700 or more networks for a single vehicle description.

Functionally, utility readings and plate traces become a second identity: temporally anchored, location-rich fingerprints that can be stitched into dossiers. That raises two policy problems at once - scale, because private vendors centralize data; and standards, because law enforcement often searches those troves with minimal judicial oversight.

It is no accident that these surveillance capabilities are concentrated in a handful of firms. Researchers at the AI Now Institute warn that the “fusing of AI firms and the state is leading to a dangerous concentration of power,” pointing to exclusive procurement deals, land and data center leases, and privileged access that lock government into a small vendor set.

Sources

• The UK Has It Wrong on Digital ID. Here’s Why. - Electronic Frontier Foundation, 2025-11-28

• Victory! Court Ends Dragnet Electricity Surveillance Program in Sacramento - Electronic Frontier Foundation, 2025-11-21

• How Cops Are Using Flock Safety's ALPR Network to Surveil Protesters and Activists - Electronic Frontier Foundation, 2025-11-20

• The fusing of AI firms and the state is leading to a dangerous concentration of power - AI Now Institute, 2025-10-31

• Chinese Artificial General Intelligence: Myths and Misinformation - Center for Security and Emerging Technology, 2025-11-24