Going on a limb here, why not replace the national ID system with a bunch of decentralized CAs that sign certificates with a piece of data. For example, a user would have some cryptographic token. This could be a smartphone, a card, a USB keyfob, a SIM card, or something similar.
Then, the state would add a signed entry with the person's name and photo to the key as a certificate. The actual public key is not affected. It just gets a cert attached that can be deleted by the user just like a PGP/gpg cert.
With this in place, the state can add a series of certs if they are true:
User is a citizen.
User is 18+ years of age.
User is 21+ years of age.
etc.
This way, when a cardholder goes to a bar, the bar has a reader that shows a signed picture, perhaps the name of the user, and the signed fact that the user is of legal age. No other information needs to be shared. Not citizenship, not anything... just who the user is, and that they are legal (doesn't matter what their age is as long as it is above the drinking age). No cert, no booze.
Another example is a NGO use. A university signs a certificate that the key's owner has a diploma from them. When getting vetted for a job, this means that the employer knows that the applicant has a degree, but other info isn't given.
Done this way, here is what the criminals can attack:
1: The CA. If it is a distributed service, damage done can be minimized, as opposed to having everything in one basket.
2: The actual card or token. This is a solved problem. SIM card hacking on LTE networks is minimal, satellite piracy is nonexistant, and there isn't any such thing as pirated software on the XBox One. Even things like CAC/PIV cards are very rarely broken.
3: The user (yes, xkcd.com/538 applies.) However, this can be dealt with through means in place.
4: The PKI. Using different algorithms (so a document is signed by multiple keys of RSA, ECC, and something quantum-factoring resistant, and hashed with multiple algorithms) will bring some robustness.
So, there can be a national ID system, but if it is based on a PGP-like web of trust that is decentralized, it can be quite secure, but yet extremely protecting of privacy.