The Cabinet Office has assembled six advisers, including the CEO of Mumsnet and an IoT security veteran, to scrutinize its digital ID scheme. The roster reads like a genuine attempt at outside pressure. It also reads like a project that has learned it needs cover.
When a government announces an advisory board whose stated job is "to challenge the government on emerging ideas or policy decisions," the framing tells you as much as the membership does. The UK Cabinet Office has set up exactly that for its digital ID program, a six-member panel meeting quarterly for the life of the project. The choice of verb is the interesting part. You don't promise that a board will challenge you unless you expect the public to assume it won't.
That assumption isn't unfair. Advisory boards have a well-documented tendency to become legitimacy machinery: bodies that absorb criticism, lend credibility, and meet just often enough to produce minutes. Whether this one breaks that pattern depends less on who sits on it than on whether ministers treat dissent as input or as a box checked. The early signals are mixed, and worth reading closely.
The membership is more pointed than it looks
Start with David Rogers, an Internet of Things security expert and CEO of consultancy Copper Horse. He is a real technical voice, not a ceremonial one. He chaired the GSMA's fraud and security group and helped shape the thinking behind the Product Security and Telecommunications Infrastructure Act. His past public comments lean toward a pragmatic security philosophy. Back in 2014, discussing iPhone biometrics, he argued that better usability actually reduces data loss, because people abandon security controls they find annoying. That's a genuinely useful instinct to have in the room for an identity system, where the failure mode isn't just a breach but mass user workarounds.
Then there's Justine Roberts of Mumsnet, and her inclusion is either inspired or awkward depending on your read. Mumsnet's user base has been openly hostile to the digital ID plans. Responses to the prime minister's October 2025 announcement ranged from "Honestly, who is he kidding?" to blunter dismissals of what posters called authoritarian overreach. During the consultation, some users pushed the Sex Matters campaign to have biological sex recorded in digital IDs, dragging a separate and contentious fight directly into the scheme's design questions. Putting the head of that community on the board could mean the government wants unfiltered skepticism. It could also mean it wants to be seen listening to a constituency it has already irritated. Roberts also carries the institutional memory of a 2019 Mumsnet data breach tied to a cloud migration, which affected 46 accounts and prompted a public apology. That's relevant context for someone now advising on a national identity database, in both directions.
Victor Dominello brings the most direct operational experience. As a New South Wales minister, he launched the state's digital driver's license in 2019, pitching it as more secure than the plastic card. The counterpoint arrived in 2022, when researchers at security firm Dvuln reported numerous flaws in the Service NSW app hosting the license. The state insisted customer information was never at risk. Both things can be true: a digital credential can be better designed than a physical one and still ship with exploitable bugs. Dominello's value to the board is that he has lived through exactly that gap between the security pitch and the security reality.
The remaining seats go to John Fallon, former Pearson chief and a Cabinet Office non-executive; Anne-Marie Imafidon of Stemettes; and digital regulation lawyer Emma Wright. It's a competent group. It is not, notably, a group with a single dedicated privacy or civil liberties campaigner of the kind that organizations like Big Brother Watch or the Open Rights Group would recognize as one of their own.
The context the board inherits
This appointment doesn't land in a vacuum. The digital ID rollout has already been described by MPs as a "fiasco" after a botched launch, and the program faces a political threat from Manchester mayor Andy Burnham, whose opposition could complicate the wider plan if it gains traction. A board convened against that backdrop is not setting the agenda. It is being handed a project that is already controversial, already behind, and already politically exposed. The honest question is how much room a quarterly meeting actually has to alter a system whose architecture and timelines are largely set.
The parallel engagement work hints at where the real consultation pressure sits. Alongside the board, the government is running structured exercises with the digital verification and financial services sectors, the industries that stand to build and profit from the infrastructure. It's also convening a People's Panel of roughly 100 to 120 participants, meeting in Birmingham and on Zoom, paid £550 in cash or vouchers to hear from experts and ministers before issuing recommendations. Paying citizens to participate is a defensible way to avoid a panel of only the unusually motivated. It also produces a body whose recommendations the government commissioned, on terms the government set.
What would make this credible
The pattern across these mechanisms, advisory board, sector engagement, citizen panel, is breadth of input feeding into decisions made elsewhere. That isn't inherently cynical. Plenty of good policy is shaped by exactly this kind of structured listening. The test is observable and specific: does any of it produce a documented instance of a minister changing course because the board pushed back? If the quarterly meetings generate published advice and the government has to respond to it on the record, the "challenge" framing earns its keep. If the output is summaries and warm words, the board becomes what skeptics already expect.
Digital identity systems are genuinely hard to get right, and the technical members here understand the actual failure modes: not just breaches, but exclusion of people who can't easily enroll, scope creep from a single credential into a de facto internal passport, and the security debt that accrues when delivery deadlines outrun engineering. A board that spends its meetings on those problems would be useful. Whether it gets to is a decision ministers have already started making, in how they chose to describe the job. Watch what the board publishes, not what it was promised it would do.
Comments
Please log in or register to join the discussion