In the Netherlands, you cannot be compelled to disclose your identity. But you can be forced to look into a camera. That is the problem with biometric identification. And that is why we built an alternative.

The challenge posed by the Dutch government

In late 2025, the Dutch Ministry of Justice and Security posed a simple question to innovators:

The scenario being, you are a police officer on the street and encounter someone without a passport or ID. How would you verify their identity?

Most teams relied on facial recognition, fingerprint scanning, and centralised databases. We asked ourselves a different question:

The answer is yes. But first: why does this matter?

Why biometrics is a problem

Minister Yesilgöz wrote in early 2023, in response to parliamentary questions:

“There are no legal possibilities to compel someone to disclose their identity.”

You are required to show your ID when asked by the police. But you cannot be compelled to disclose your identity. A fundamental distinction.

Biometrics breaks that principle. You can say “no” to a question. You cannot say “no” to your own face. Ella Jakubowska of EDRi warned that the new AI Act “could become a blueprint for mass biometric surveillance.”

The question became: can you identify someone in a way they can actually refuse?

Blind identity verification as a lightweight and flexible solution

The principle mintBlue proposes is simple: use existing data from existing systems, and validate only that someone is telling the truth, without ever seeing the data itself.

Hashing makes this possible. Every value, every word, every name, every address, is translated into a unique code of 64 characters. Change one letter? Completely different code. And crucially, you cannot reverse-engineer the original value from the code.

In practice, this means you can verify that someone said “Niels” without ever seeing the word “Niels”. A computer matches codes; no heavy computing required.

This, for example, is the hash of ‘Niels’ using SHA-256:
3717208d4b067d2644265f24225337e69d72a71f78e4761045a507a7593c6607

Any computer in the world can independently verify mathematically that this is the hash of Niels! Pretty cool!

How blind identity verification works in practice

Imagine: a police officer stops someone who doesn’t have an ID card. Instead of biometrics, the person is given a device that prompts them with questions: first name, surname, postcode, pharmacy, GP, perhaps the name of a pet.

It resembles the security questions you use when you reset your password, but there is one fundamental difference. With Google, Google knows the answer; you are not the owner of that data. In this system, only you and the source see the answer.

The pharmacy knows your pharmacy. The municipality knows your address. But nobody has a central database with all that information combined.

The person provides what they choose to share voluntarily. Don’t want to share your pharmacy? Fine, skip it, provide something else. Each answer is hashed and matched against the existing sources. A match means “this is correct.” No match means “this is incorrect.” The police never see the actual values; only ticks or crosses.

With enough matches, you achieve probabilistic certainty. Just “Niels” alone is weak; many people share that name. But “Niels” plus “Van den Bergh” plus a specific pharmacy plus a specific postcode? That combination is virtually unique. With five correct answers, you typically reach over 99% certainty, comparable to fingerprint matching, but without the privacy intrusion.

The trade-off with this approach

We have to be honest about the limitations. This system doesn’t work for everyone. Homeless people don’t have a regular pharmacy. People who have just moved may have outdated data. Tourists aren’t in Dutch systems. There will always be situations where this isn’t the solution.

But that’s precisely the point. No system works for everyone. The question isn’t which system is perfect, but which system we want to build as the default.

An alternative to large-scale data scraping

This is about more than just identification. It’s about a fundamental choice we make as a society, often without realising it.

In the physical world, we have invested centuries in the separation of powers. Legislative, executive, and judicial branches; separated, balanced, and held in check.

Nobody holds absolute power. Enforcement operates reactively: first, something happens; then investigation follows; then a warrant; then, potentially, action.

In the digital world, systems are built on the premise of proactive enforcement. That collects everything, in case it might be useful someday. That predicts who might do what. Surveillance infrastructure is built under the banner of “digitalisation.”

We propose the opposite: digitalisation, premised on retroactive enforcement under the division of powers.

Whether we need digital identification is not the question. The question is: do we build it in a way that respects the same principles we have established in the physical world?

---

This proposal is now with the Dutch Ministry of Justice and Security. Whether there will be a pilot remains to be seen.

But the discussion extends beyond a single pilot. If you work on similar challenges in digital infrastructure and privacy, or if you know organisations that are seriously considering this, I’d love to hear from you. This is a conversation we need to have more broadly.