Civil service officials last week attempted to quell the second uproar of the year from private sector digital ID app providers in a behind-closed-doors meeting, while this week (Monday 13 October) new technology secretary Liz Kendall attempted to face down MPs from all parties in a House of Commons debate as they expressed their concerns and protestations at the plans.
Kendall was correct when she told MPs: “There is a lot of misinformation out there about this proposal.” But she did not acknowledge that any misinformation was largely a result of the government’s poor communication around the original announcement.
As fintech industry body Innovate Finance – a supporter of digital identity – put it: “The reaction, frankly, has been to focus on the worst-case scenario – ‘compulsory digital ID’ is being framed as an erosion of civil liberties, a gateway to mass surveillance, and a tool of digital exclusion. It’s all fear and no finesse.”
Based on discussions with industry insiders, however, it may in fact be the case that Starmer’s mandatory national digital ID scheme will prove to be neither mandatory nor national.
However, the language used in the Commons by Kendall was subtly different. She talked about “making ID checks both mandatory and digital for all employers”. Her speech tried to focus on the wider benefits of digital identity, citing the need to modernise public services and make them easier to access in a digital age.
Years from now, having your ID on your phone will feel like second nature, putting more power directly into people’s hands and giving them more control over how they interact with government services. That is worth striving for Liz Kendall, technology secretary
“Years from now, when we look back, I believe that having your ID on your phone will feel like second nature, putting more power directly into people’s hands and giving them more control over how they interact with government and the whole range of services. That is something worth striving for,” she said.
As shadow technology secretary Julia Lopez pointed out, the previous Conservative government had already introduced mandatory right-to-work checks for employers and launched a mechanism whereby a digital identity app can be used, voluntarily, to prove an individual’s right to work in the UK. Most UK citizens will have had to prove their right to work (RTW) using physical documents such as a passport.
Any apps used as part of RTW checks have to be approved through the government-backed Digital Identity and Attributes Trust Framework (DIATF), which was given a statutory basis through the Data (Use & Access) Act (DUA), which received Royal Assent in June.
Run by the Office for Digital Identities and Attributes (OfDIA), nearly 50 third-party identity service providers (IDSPs) have received approval under DIATF for their apps to be used for RTW and other statutory government checks, such as age verification or registering as a company director.
Kendall confirmed to MPs that the government will bring legislation during this Parliament – so, before 2029 – for “making ID checks mandatory and digital”. She said there will not be a central database of digital identities, and there will be no sanction or penalty for people if they do not have a digital ID – only for employers that do not conduct RTW checks.
The only legal change the government has proposed so far is that RTW checks will have to be conducted digitally. There will be a government digital identity app that people can use to digitally prove their right to work, but the question remains: will they be compelled to use the government app, or will any app from a DIATF-approved IDSP be acceptable?
The first attempt came after the announcement of the Gov.uk Wallet and its proposed use for age verification – for example, when buying alcohol or accessing age-restricted online services. Many IDSPs specialise in age verification and have spent millions of pounds developing, testing and proving their capability to determine someone’s age using facial verification through a smartphone app.
So, when Starmer announced that the government would be further treading on the IDSPs’ turf, there was understandable outrage.
At the meeting last week, civil service officials outlined how Starmer’s plans would be brought to fruition.
IDSPs were told that OfDIA chief executive Hannah Rutter would be moving into a new role, leading development of the policy and overseeing a consultation planned for early 2026. They heard that Rutter would be replaced at OfDIA by John Peart, who is seen by suppliers as supportive of the private sector’s role. When asked by Computer Weekly, DSIT would not confirm or deny the appointments.
The consultation process – calling for, and responding to, submissions – is likely to take about a year. Draft legislation would then be put before Parliament in 2027, with the new government digital ID scheme likely to be in place by mid-2028, about a year before the next general election.
The legislative process will not be easy. As David Crack, chair of industry body the Association of Digital Verification Professionals, told Computer Weekly, many Labour MPs are opposed to the concept of mandatory digital identity, opposition parties are lining up against it, and because the policy was not included in Labour’s manifesto, the House of Lords may find it constitutionally acceptable to delay or even deny its approval. If millions of voters are against the proposals too, it’s not a policy likely to be enacted in a general election year.
“There is a plan – for a plan for a national ID scheme – but not an [actual] plan. Realpolitik will prevail,” said Crack.
During the meeting with IDSPs, DSIT officials reiterated that measures introduced by the DUA Act will still be implemented.
Significantly, this includes the launch of an “information gateway” which will allow IDSPs to access government-held data as part of the process of confirming people’s identities digitally – for example, passport or driving licence checks – greatly expanding the range of public data that non-government apps can use as credentials to prove that app users are who they say they are.
Well before the likely launch of a government digital ID scheme in 2028, therefore, there will already be a wide variety of digital identity apps and services on the market and already in use by people choosing voluntarily to prove their right to work digitally.
If use of those apps numbers in the millions by 2028, will legislation really force them to move to a government-developed app instead?
Crack said DSIT officials told suppliers they are open to ideas on how to implement mandatory digital RTW checks. “Note, mandatory RTW checks, but not necessarily a mandatory digital ID scheme,” he said. Crack believes that “government is listening”.
Others in the industry are less convinced. “The truth is out – a confirmation that the government made a policy decision to go ahead and do this stuff themselves. We are told the DUA Act will be continued, but my sense is that they see the private sector as interim or peripheral,” said one supplier executive, who asked to remain anonymous.
However, stakeholders across the digital identity sector agree on two things.
First, that Starmer’s announcement has propelled digital identity into a topic for national debate – something even the most worried suppliers have welcomed.
And second, that the manner of Starmer’s announcement – linking digital ID to tackling illegal immigration – means the public will need to be educated on what digital identity really means.
Dispelling the myths
With nearly three million signatories, the petition against the government proposal is one of the largest such online protests, but the statement people sign up to support says, “We demand that the UK government immediately commits to not introducing a digital ID card”.
Furthermore, critics have lined up to attack the use of a centralised government database – but Kendall confirmed there is no such plan, there never was, and as anybody familiar with how digital identity works would explain, the technology relies on the secure sharing of credentials, not large amounts of personal data or referencing an identity database.
For example, an age verification app simply confirms that the holder is over 18 when buying alcohol. It shares a digital credential saying “yes” when asked, “Is this person over 18?” – the app does not need to identify the person to the retailer in any way.
Lurid newspaper headlines have warned of US tech companies getting their hands on UK citizens’ personal data, with particular fears over the involvement of Palantir, the controversial data integration supplier that works closely with US military and intelligence services, as well as the NHS. One MP in the Commons debate warned of “writing Fujitsu a blank cheque” – a reference to the shamed IT services supplier that developed the Horizon system at the heart of the Post Office scandal.
However, Kendall confirmed that the government app will be developed in-house, by the Government Digital Service – there are no plans to award a contract to a single supplier to develop the digital ID software from scratch.
The software will be a continuation of existing developments – notably, Gov.uk One Login, the digital identity system that will become the standard way to log in to online public services and is already in use by many government websites.
It’s likely that the digital ID system will use the Gov.uk Wallet to store digital credentials, provided by the government, that prove the holder is who they say they are and that they have the right to work in the UK – much the same as the existing private sector apps that are used for the same purpose today.
By the time any legislation is passed, the amount of further development needed for One Login and the digital wallet is likely to be comparatively minimal – and certainly not require a huge new software development project.
DSIT will need to be far more transparent about how it has solved those problems before public trust in the system can be established.
Industry trade association TechUK has called on the government to help address the concerns its announcement has provoked, and to work together to explain the benefits that digital identity can offer the public, citing the “uncertainty for citizens and the private sector alike” that came as a result of Starmer’s announcement.
[Keir Starmer’s announcement] inappropriately positions digital ID as a silver bullet for a multifaceted and nuanced issue, rather than focusing on the benefits that digital ID can actually deliver, meaning its broader benefits are currently missing from the current political narrative TechUK report
“The announcement primarily centred on immigration enforcement, with government linking digital ID to the reduction of illegal working – and without acknowledgement that digital ID solutions, provided under the DIATF, were already being used for this purpose,” said TechUK, in a new report, Digital ID & the UK: Empowering citizens, enabling growth.
“It inappropriately positions digital ID as a silver bullet for a multifaceted and nuanced issue, rather than focusing on the benefits that digital ID can actually deliver, meaning its broader benefits are currently missing from the current political narrative.”
The report added: “Government must work alongside the digital ID sector, civil society, citizens, and other key stakeholders to build public trust, support innovation, and drive adoption. Indeed, the digital ID sector is prepared for a sustained period of engagement, where long-term decisions on digital ID infrastructure, governance, and market design will need to be carefully considered. Clearer communication around future plans is imperative for citizens and the digital ID sector alike.”
There is a path that Starmer and his government could follow, to back away from a badly received proposal and appear to be listening to public concerns, which would promote digital identity as the social and economic benefit it has proved to be in numerous other countries.
It would involve rescinding plans for a “national, mandatory” scheme, in favour of offering the public a wide choice of digital ID apps – both private sector and government-developed – that will enable a mandatory digital right-to-work check to be implemented nationwide. Who knows, maybe it might even have an impact on immigration?
But industry, the public and sceptical MPs alike can only wait and see whether Starmer is politically savvy enough to grasp the opportunity to turn a bad proposal into good policy.
Android devices are vulnerable to a new attack that can covertly steal two-factor authentication codes, location timelines, and other private data in less than 30 seconds.
The new attack, named Pixnapping by the team of academic researchers who devised it, requires a victim to first install a malicious app on an Android phone or tablet. The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen. Pixnapping has been demonstrated on Google Pixel phones and the Samsung Galaxy S25 phone and likely could be modified to work on other models with additional work. Google released mitigations last month, but the researchers said a modified version of the attack works even when the update is installed.
Like Taking a Screenshot
Pixnapping attacks begin with the malicious app invoking Android programming interfaces that cause the authenticator or other targeted apps to send sensitive information to the device screen. The malicious app then runs graphical operations on individual pixels of interest to the attacker. Pixnapping then exploits a side channel that allows the malicious app to map the pixels at those coordinates to letters, numbers, or shapes.
“Anything that is visible when the target app is opened can be stolen by the malicious app using Pixnapping,” the researchers wrote on an informational website. “Chat messages, 2FA codes, email messages, etc. are all vulnerable since they are visible. If an app has secret information that is not visible (e.g., it has a secret key that is stored but never shown on the screen), that information cannot be stolen by Pixnapping.”
The new attack class is reminiscent of GPU.zip, a 2023 attack that allowed malicious websites to read the usernames, passwords, and other sensitive visual data displayed by other websites. It worked by exploiting side channels found in GPUs from all major suppliers. The vulnerabilities that GPU.zip exploited have never been fixed. Instead, the attack was blocked in browsers by limiting their ability to open iframes, an HTML element that allows one website (in the case of GPU.zip, a malicious one) to embed the contents of a site from a different domain.
Pixnapping targets the same side channel as GPU.zip, specifically the precise amount of time it takes for a given frame to be rendered on the screen.
Introducing X1: The world’s first multirobot system that integrates a humanoid robot with a transforming drone that can launch off the humanoid’s back, and later, drive away.
The new multimodal system is one product of a three-year collaboration between Caltech’s Center for Autonomous Systems and Technologies (CAST) and the Technology Innovation Institute (TII) in Abu Dhabi, United Arab Emirates. The robotic system demonstrates the kind of innovative and forward-thinking projects that are possible with the combined global expertise of the collaborators in autonomous systems, artificial intelligence, robotics, and propulsion systems.
“Right now, robots can fly, robots can drive, and robots can walk. Those are all great in certain scenarios,” says Aaron Ames, the director and Booth-Kresa Leadership Chair of CAST and the Bren Professor of Mechanical and Civil Engineering, Control and Dynamical Systems, and Aerospace at Caltech. “But how do we take those different locomotion modalities and put them together into a single package, so we can excel from the benefits of all these while mitigating the downfalls that each of them have?”
Testing the capability of the X1 system, the team recently conducted a demonstration on Caltech’s campus. The demo was based on the following premise: Imagine that there is an emergency somewhere on campus, creating the need to quickly get autonomous agents to the scene. For the test, the team modified an off-the-shelf Unitree G1 humanoid such that it could carry M4, Caltech’s multimodal robot that can both fly and drive, as if it were a backpack.
The demo started with the humanoid in Gates–Thomas Laboratory. It walked through Sherman Fairchild Library and went outside to an elevated spot where it could safely deploy M4. The humanoid then bent forward at the waist, allowing M4 to launch in its drone mode. M4 then landed and transformed into driving mode to efficiently continue on wheels toward its destination.
Before reaching that destination, however, M4 encountered the Turtle Pond, so it switched back to drone mode, quickly flew over the obstacle, and made its way to the site of the “emergency” near Caltech Hall. The humanoid and a second M4 eventually met up with the first responder.
Credit: California Institute of Technology
“The challenge is how to bring different robots to work together so, basically, they become one system providing different functionalities. With this collaboration, we found the perfect match to solve this,” says Mory Gharib, Ph.D., the Hans W. Liepmann Professor of Aeronautics and Medical Engineering at Caltech and CAST’s founding director.
Gharib’s group, which originally built the M4 robot, focuses on building flying and driving robots as well as advanced control systems. The Ames lab, for its part, brings expertise in locomotion and developing algorithms for the safe use of humanoid robots. Meanwhile, TII brings a wealth of knowledge about autonomy and sensing with robotic systems in urban environments. A Northeastern University team led by engineer Alireza Ramezani assists in the area of morphing robot design.
“The overall collaboration atmosphere was great. We had different researchers with different skill sets looking at really challenging robotics problems spanning from perception and sensor data fusion to locomotion modeling and controls, to hardware design,” says Ramezani, an associate professor at Northeastern.
When TII engineers visited Caltech in July 2025, the partners built a new version of M4 that takes advantage of Saluki, a secure flight controller and computer technology developed by TII for onboard computing. In a future phase of work, the collaboration aims to give the entire system sensors, model-based algorithms, and machine learning-driven autonomy to navigate and adapt to its surroundings in real time.
“We install different kinds of sensors—lidar, cameras, range finders—and we combine all these data to understand where the robot is, and the robot understands where it is in order to go from one point to another,” says Claudio Tortorici, director of TII. “So, we bring the capability of the robots to move around with autonomy.”
Ames explains that even more was on display in the demo than meets the eye. For example, he says, the humanoid robot did more than simply walking around campus. Currently, the majority of humanoid robots are given data originally captured from human movements to achieve a particular movement, such as walking or kicking, and scaling that action to the robot. If all goes well, the robot can imitate that action repeatedly.
But, Ames argues, “If we want to really deploy robots in complicated scenarios in the real world, we need to be able to generate these actions without necessarily having human references.”
His group builds mathematical models that describe the physics of that application to a robot more broadly. When these are fused with machine learning techniques, the models imbue robots with more general abilities to navigate any situation they might encounter.
“The robot learns to walk as the physics dictate,” Ames says. “So X1 can walk; it can walk on different terrain types; it can walk up and down stairs, and importantly, it can walk with things like M4 on its back.”
An overarching goal of the collaboration is to make such autonomous systems safer and more reliable.
“I believe we are at a stage where people are starting to accept these robots,” Tortorici says. ” In order to have robots all around us, we need these robots to be reliable.”
That is ongoing work for the team. “We’re thinking about safety-critical control, making sure we can trust our systems, making sure they’re secure,” Ames says. “We have multiple projects that extend beyond this one that study all these different facets of autonomy, and these problems are really big. By having these different projects and facets of our collaboration, we are able to take on these much bigger problems and really move autonomy forward in a substantial and concerted way.”
Citation:
Robot ‘backpack’ drone launches, drives and flies to tackle emergencies (2025, October 14)
retrieved 14 October 2025
from https://techxplore.com/news/2025-10-robot-backpack-drone-flies-tackle.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.
The GHF was created in early 2025, having emerged from conversations between individuals such as Eisenberg, Tancman, and consultant Yotam HaCohen—who, like Tancman, is a part of COGAT. They were reportedly concerned that Hamas was stealing aid meant for civilians, however, an analysis by a USAID agency found no evidence of this.
Through conversations with Israeli officials, GHF began to receive on-ground support from two American companies: Safe Reach Solutions, run by former CIA officer Philip Reilly, and UG Solutions, run by former Green Beret Jameson Govoni. Neither responded to requests for comment.
GHF is currently run by Johnnie Moore Jr., a former Trump official, and evangelical Christian. It was originally headed by Jake Wood, a former Marine who founded Team Rubicon, an organization that deploys veterans to disaster zones. Wood resigned after about three months, claiming that he couldn’t oversee aid distribution at GHF while “adhering to the humanitarian principles of humanity, neutrality, impartiality, and independence.”
Alternative Paths
The GREAT Trust presentation is not the only business-minded plan for redeveloping Gaza.
Former UK prime minister Tony Blair has been linked to the development of an alternative plan that was leaked to the Guardian and Haaretz. Among other things, the plan proposes creating a Gaza Investment Promotion and Economic Development Authority, which would be a “commercially driven authority, led by business professionals and tasked with generating investable projects,” according to various reports of the plan, but it does not mention any specific companies.
Another group called “Palestine Emerging”—made up of an international collective of business executives and consultants—also created a post-war Gaza blueprint. It does not get into detail about investments from businesses abroad, but argues that there will have to be a “phased development strategy” in the short, medium, and long-term in order to rebuild Gaza’s housing and economy. The blueprint also mentions that there were “about 56,000 businesses in Gaza” before October 7, 2023, which were subject to “historical constraints” that limited their success.
Tech1 week ago
Tech1 week ago
Tech1 week ago
Tech1 week ago
Tech1 week ago
Tech1 week ago
Entertainment1 week ago