[jarrett]

Depending on the implementation, it would be possible to limit the government's collection of data to the following:

1) The underlying identity info such as SSN, photo, name, birthdate, etc. Which most governments already have even without this system.

2) A record of each request from a third party to authenticate a user. E.g. if I user my government ID to sign up for Facebook, that signup event will be logged.

Again, it depends on the implementation. The above two would almost certainly be collected in even the most privacy-respecting implementation. But, it's certainly possible to devise an implementation that enables the government to collect far more.