We hardly notice identity fraud any more. Every day the wires bring more tales of fraud, theft, mischief and mayhem. Our antediluvian identity infrastructure, still based on the pre-industrial infrastructure of paper and signatures, has shifted from being a business irritant to a fundamental barrier to progress.
To my horror, I discovered my savings were nearly wiped out. Over the previous two business days, a woman claiming to be me had used a fake photo ID to make five large, in-person cash withdrawals from different branches of my bank in two faraway states. The largest withdrawal was $4,800; the smallest was $2,400.
Now, you might think that this is a little odd. Surely, you would imagine, if someone walks into a bank to draw out a few thousand dollars in cash then the bank would take their identity document and authenticate it — let’s say take their secure microchip on a plastic card and get them to enter a PIN, or take their e-passport and verify via digital signature and online lookup — before doling out the dosh. But apparently not.
Why was it so easy for a petty criminal to get away with so much cash? It doesn’t take many brains to understand that data breaches have created a thriving market for confidential financial information. And modern technology apparently provides the means to create authentic-looking fake IDs… In many of today’s bank branches, it seems in-person transactions still rely heavily on paper and trust. “If the teller feels that the person standing in front of them is indeed the customer, they’ll give out the cash,” several bank employees explained to me. Am I really to believe that with more tools available than ever to detect crime, a major bank relies on employees’ “feelings” to verify customers’ identities?
This is indeed puzzling. Not that anyone should be using driver’s licenses as identity documents anyway, since bank tellers and bar bouncers are not anti-terrorist geniuses capable for spotting fake IDs from around the world in an instant — note that if they actually did want to verify these documents properly, they could always use technology to do it (e.g., Au10tix) — when everyone that walks into the bank or the bar is carrying a piece of technology that can easily provide the combination of identification and strong authentication that is more than adequate for business.
Mobile financial services can’t expand fast enough, in my opinion. Though nothing is foolproof, a mobile phone seems like a good starting point for verifying a customer’s identity and immediate physical location
If I walk into a branch of Barclays (I can’t off the top of my head imagine why I might do this, but let’s just say) then the Barclays mobile app is more than capable of telling the branch who I am. It seems like an obvious way forward. But there is another reason why a mobile app might be a better basis for establishing identity than a scrawled signature or a trivially-counterfeitable utility bill or whatever, is the principle of identity symmetry. When the bank asks your mobile app to authenticate you, your mobile app can simultaneously verify the digital signature on the requests so that it knows it is dealing with your real bank. The Secure Enclave that hosts my tokens could also validate other peoples’ tokens to close the security loop. Ah, you might think, that might apply online but why would you need that in a physical branch? Well,
A Chinese man made thousands of dollar by opening a fake branch of one of the world’s largest banks. The man, whose surname is Zhang, equipped the fraudulent China Construction Bank outlet with card readers, passbooks and three teenage girls at the teller counter. One of the girls posing at the branch near Linyi, Shandong province, was the man’s 15-year-old daughter.
Brilliant. I love this story. No-one spotted that this entire bank branch was fake, not until a woman who deposited $6,200 at the fake branch could not withdraw it from a real branch a month later. The managers there spotted the fake deposit and contacted the police!
We can use mobile phones to prevent this kind of thing. But who will do so? Why don’t we all have working mobile ID already given that the idea has been around for years? The key question is: will the banks and the mobile operators and the handset manufacturers and the platform providers the government be able to work together to deliver a mobile ID infrastructure just as they did not work together to deliver a mobile payments infrastructure? Assuming the answer is no, then we are relying on Apple to once again perform its sheepdog role of corralling the banks so that the next time I access my bank online, use an ATM, walk into a bank branch or phone the bank from home, I will expect my bank app to pop open on my iPhone and ask for authentication. Once I’ve used TouchID or entered my PIN then I will know that I’m dealing with my real bank web site, ATM, call centre or branch and I’ll be able to get my banking service with a minimum of fuss.
The ability to recognise each other (as I’ve written many times before) is the fundamental precursor to relationships (and therefore transactions). If there were a cost-effective and convenient mechanism to do this that could be used for governments and citizens to recognise each other, for businesses and consumers to recognise each other and for banks and their customers to recognise each other, we would see an inevitable growth in transactions and open up the virtual world to even more innovation and entrepreneurship. If my “Apple ID” provides a convenient mechanism for mutual recognition in person and on line, it will be indispensable in short order. I am heartily sick of usernames and passwords, account numbers and one-time codes, call centres and secret words and I can’t wait for my mobile to do away with them.
Well, it’s General Election day today in the UK so I’ll be off down to the local polling station to cast my vote later on. This may be the action of a dying breed. Something like a sixth of the votes cast at this election will be postal votes and there are calls to allow people to vote at home using their PCs or smartphones just like they do for “Britain’s Got The X-Factor On Ice” or whatever it is that the general public watch on their televisions now. I’m not a fan of this kind of electronic voting.
A hacked election, or worse still, an election in which online voters buy and sell votes, would be a disaster for democratic legitimacy.
Well, a hacked election would be a problem, or a least an election that is hacked more than it is through postal votes right now. But buying and selling? I’m not so sure. I don’t see the ethical difference between “vote for us and we’ll give you free childcare” or “vote for us and we’ll ring-fence your pension” or “vote for us and we’ll push up your house price” and “vote for us and we’ll give you £10”. But that’s not my point. My point is that equating electronic voting with a lazy alternative to the polling booth is the wrong way to look it at.
You argue that allowing online voting in Britain would increase the number of youngsters who participate in elections (“Apathetic fallacy”, April 18th). But where is the proof? Actually, the evidence is that internet voting does not increase voter participation.
Frankly, if someone can’t be bothered to get off the couch and go round the corner to vote, I’m not sure I should care what they think about the way that the country is going to be governed for the next five years. That’s not what electronic voting should be about. Electronic voting should be about process re-design, modernisation and re-implementing democracy for the post-industrial age.
Is there a way to use technology to improve democracy — not only by changing the medium but by rethinking the whole interface? Well, there might be. And it is a brand new idea — in humans, at any rate.
This is where electronic voting can help. Not to deliver voting by text message or WhatsApp but to deliver a new and better voting system. Now, I’m not qualified to say what that system should be, although I can see that there are many interesting alternatives to our “one man, one vote (if he can be arsed)” system.
Under Quadratic Voting (QV), by contrast, individuals have a vote budget that they can spread around different issues that matter to them in proportion to the value those issues hold for them.
In an industrial age, a simple cross on a ballot paper made sense. Today, however, it should be possible to implement more sophisticated democratic systems to deliver a more accurate mandate but with simple user interfaces for everyone to use. QV on paper while standing in a polling booth might be daunting, but if you can download the smartphone app and then spend as long as you like messing around allocating your vote budget before taking the phone down to the polling booth to deliver your secure and cryptographically-protected votes via Bluetooth Low Energy (BLE) from your Trusted Execution Environment (TEE) is a different matter. Just as I always thought about eCash in the only days, Bitcoin might be more useful for voting than for paying.
Well, technology can make it easier to vote. But if there’s an app for that, we should still make people vote in public.
And to finish, one of those songs you saw on “Top of the Pops” as a kid that blew you away. I still have this album on my iPhone and I still listen to it around once every month. The best song about democracy EVAH.
I had the great good fortune to be asked by the GSMA to chair the Mobile Identity session at this year’s Mobile World Congress in Barcelona. During the absolutely excellent session, which featured input from Telesign, Payfone, Early Warning, Telenor, the UK Cabinet Office and Nok Nok, I happened to mention in passing that I thought that a global mobile-centric authentication push (perhaps using FIDO) was possible and that it would make life easier for many people, but that it wasn’t clear to me at all that a global identification platform was getting any closer.
A couple of people asked me about this afterwards, and so I thought it would make an interesting blog topic to look at real-world, population-scale identification as discussed in the session. I’ll use Pakistan as an example. Pakistan has very strong identification laws around mobile and rigorously-enforced mandatory SIM registration.
This will help to stop criminals and terrorists from obtain mobile phones and operating with impunity in Pakistan because it depends on the integrity of the national identity register. Oh, wait…
The famous green-eyed ‘Afghan girl’ immortalised by the National Geographic magazine on its 1985 cover has been living in Pakistan on fake documents, prompting authorities to launch a probe. Four officials were suspended on Wednesday for allegedly issuing fake Computerised National Identity Card (CNIC) to Sharbat Gula and her two ‘sons’.
National identity registers are a single source of failure and a natural honeypot for crime and corruption, as Pakistan has discovered.
The National Database and Registration Authority [NADRA] reports that it has deployed a state-of-the-art facial matching system with the capabilities to stop fraud and forgery in identity documents, yet people are still able to obtain forged identity cards. This was very puzzling to understand given the supposed surety, accuracy and privacy of NADRA database that such a scam was still happening even after the introduction of new chip-based identity cards.
It’s not “puzzling” as at all as far as I am concerned.
Identity theft is more common in single reference systems such as centralised national population registers, as they create a single point of failure, and centralisation increases rather than reduces the potential for fraud. Doppelganger matches also become more likely in large scale databases.
So while it makes sense for service providers to rely on biometric authentication to digital identities that they themselves will bind to virtual identities (with attributes), it is not so clear that it makes sense for service providers to rely on biometric identities established by third parties. In fact, when it comes to mobile phones, in this case I might go even further and say that it is not at all clear to me that we should be attempting to stop the bad guys from using mobile identities at all!
Surely it would be better to have criminals running around with iPhones, sending money to each other using mobile networks and generally becoming data points in the internet of things than to set rigorous, quite pointless identity barriers to keep them hidden.
There’s a further point to make here, away from the exigencies of national security and the war on terror and in the world of business. As the banks have long understood, the issue of identification is inextricably linked to liability. There’s a world of difference between me as an operator saying to a service provider that “this is subscriber XYZ and it’s the same person who logged in last time and it’s still the same handset and SIM” and saying to a service provider that “this is Dave Birch”. I know I sound like a broken record on this, but it the overwhelmingly majority of interactions, who you are is not the point. The point is whether you are allowed to do something, whether you have credit, whether you are a subscriber or whatever. Trying to work out who someone “really” is means a world of legal pain.
According to the Post, “…sources say Instagram, owned by Facebook, ran into “serious legal problems” over its verification process and has been forced to pause it. Some suspect Twitter, which also has a verification system, had an issue with Instagram’s.”
Therefore it seems to me that in business terms, it makes sense for service providers to rely on bank identification since banks already have to comply with know-your-customer regulation. For this work, however, there must be a kind of identity “safe harbour” (i.e., if the person turns out to be using a false identity that the liability rests with the bank but if the bank has followed KYC procedures then it has no liabilty) from zealous prosecutors otherwise the wheels of commerce will become gummed up with identity junk.
I just had to quickly log in to my online banking service to transfer some money to someone who doesn’t have PingIt, yawn. So I had to enter my sort code, account number and name and then use my bank’s 2FA dongle with my chip and PIN card to get a security code to enter in to the web site to log in to create a new payee and then send the money. I have to say that it all worked OK, but in an age of touchID it’s beginning to feel a little tired. While I was doing it, I started to think about the way that I could log in to my USAA account just by looking at my phone.
Biometric log-on is the latest effort by USAA to offer novel solutions to its members. The app is designed to heighten security as well as to improve the overall member experience.
Logging in by looking at your phone is, just as touchID is, about convenience before it is about security but it certainly does enhance the latter. The way in which different biometrics are combining with the smartphone to create a new security landscape is starting to shape the mass market and it is really interesting to be working with our clients on bringing the technology to market and exploiting it effectively in different sectors.
Voice biometrics, fingerprints, iris scans, and other authentication options are beginning to replace passwords as a means to verify a user’s identity and simplify the login process when banking online or via a mobile device. The key is to provide enhanced security against hackers while improving the overall user experience.
If you are interested in this sort of thing, there’s a terrific lunchtime roundtable on biometrics in banking coming up. It’s organised by the Centre for the Study of Financial Innovation at SWIFT in the City on 11th May. The panelists will be:
Rick Swenson, the USAA Executive responsible for Fraud Operational Excellence and Strategic Initiative who will share USAA’s experiences with biometrics and explain why their approach has been so successful.
Oran Cummings from MasterCard, who will give an international perspective on the use of biometrics in the financial sector.
Keith Gold, formerly with IBM Banking and Financial Services Europe, who has been helping the CSFI to understand the requirements of an ageing population, will talk about the importance of biometrics in the useability toolkit needed to this key segment of bank customers (or, why looking at a mobile phone is easier than remember a PIN for most of us!).
The usual well-informed and wide-ranging discussion will ensue, with wine and sandwiches for all. Don’t miss this opportunity to learn from Rick while he is visiting the UK. There may be a few places left at this free event, so if you’re interested in seeing how the biometric state of the art is advancing in banking, contact email@example.com for further details and to reserve your place.
There is a good way to fix the problems with voting, and it’s not with photocopies of gas bills or Railcards. Time for a National Entitlement Scheme.
Something must be done.
At Consult Hyperion, we are interested in electronic voting for three main reasons:
We are thought leaders in the digital identity space and electronic voting is a key “stress” application for digital identity;
We advise public sector clients on national identity and identity-related schemes (eg, the Irish Government’s Public Services Entitlement Card);
While people think about electronic voting in national and other political elections, there are a great many other applications of interest to our clients. A good example is the use of electronic voting for corporate purposes to replace postal voting at shareholder meetings, where the techniques developed for political elections could be used to reduce costs.
The practical deployment of, and experiences learned from the use of, new electronic voting systems are invaluable input into the wider question of identity infrastructure for a modern society, which is why we were delighted to be able to sponsor the 4th International Conference on e-Voting and Identity at the University of Surrey last year. This turned out to be an excellent event and we learned a lot about the different approaches to the problem, constraints, potential solutions and so on. As it happens, there are a great many practical problems around voting, and the solutions are complicated. But there are real social needs that must be addressed, and one of them has just reappeared in the British media.
Voters should be required to show photo ID at polling stations in Great Britain to lessen the risk of fraud, the Electoral Commission has said.
Personally, I’m in favour of voter IQ laws as well as voter ID laws, but there you go. While electoral fraud is not rampant in the UK, it is certainly not non-existent. The Electoral Commission in fact identified 16 out of the 400 local authority areas in the UK as being at risk, one of these being my own dear Woking, where we have a long and proud traditional of electoral fraud and only last year one of the candidates in local elections was found guilty of electoral fraud. The Electoral Commission highlighted the major problems that have been identified around postal voting (which I do not think should be allowed, but that’s another issue). Foreign readers might be surprised to learn that when you go to vote in the UK you simply give your name and it is crossed off of a list of eligible voters, much as it was when the first Viscount Watkinson was returned as Woking’s MP in 1950 when the constituency was created, or for that matter when Sir Talbot Buxomley was first elected MP for Dunny-on-the-Wold in the reign of George III. This arrangement is no longer immune from the suspicion of personation, so the Commission has recommended the use of photographic ID.
The research revealed that some people were concerned that a requirement for photographic identification would discriminate against certain groups of electors, who would not necessarily have any form of photographic documentation, such as a passport or driving licence.
Similar issues are to the fore across the pond where the US voter ID situation is in a bit of a mess. If I understand the current situation properly, one of the problems with the just-introduced Voting Rights Amendment Act 2014, which is a response to the Supreme Court striking down part of the Voting Rights Act last year, is that there is potential for discrimination against people who are not able to obtain a “Voter ID” card. You can see their point. In other countries, this isn’t a problem, because everyone has some form of ID card. But in the US which, like the UK, has no identity infrastructure, then “systems” developed for other purposes will have to be sub-optimally commandeered. This is the sort of thing that is going to be proposed in, to pick a random example, Nevada.
The new voting system also would link with Department of Motorized Vehicle’s license database, allowing poll workers to visually verify the identity of the person attempting to vote.
Since the British government recently announced that it was going to put driving licence details online anyway, then I imagine there would be some pressure to use this database, despite its being known to be notoriously inaccurate. But what else do British subjects have to hand with a photograph on it, if not a passport or driving licence? My son could use his student ID card, I suppose (although I am rather against allowing students to vote, on principle) although I’ve no idea how it might be verified on the day. Perhaps they could ask us to sign to vote?
On a recent expedition to New York I was asked for photo ID as condition of entrance to a well-known landmark. I produced the (expired) building pass for our Madison Avenue office as was waved through. Which illustrates what is to me a central problem: if I am required to produce a photo ID at a polling station, it will do nothing to prevent fraud. The polling stations are manned by local volunteers doing their civic duty, not by expertly-trained anti-fraud personnel who are skilled in the inspection and detection of counterfeit identity documents. If I show up to vote and present a driving licence, a Portugese fishing licence or an England football club supporter’s card, the polling station staff will have no means to verify it. As it happens, some UK pressure groups are against photo ID in principle anyway, because it discriminates against people who don’t have a photo ID. Consequently,
the idea of voters being requested to provide a non-photographic form of identification at the polling station was welcomed in principle by both the public and electoral administrators.
This seems utterly stupid to me but it is certainly in the great British tradition of pointless activity! It follows the tried and tested political theory of “something must be done, this is something, therefore it must be done”. So the Mother of Parliaments will rest on a franchise that is protected by photocopies of gas bills, since as we all know, electoral terrorists dedicated to subverting democracy will be unable to forge those. Not that I can produce one anyway, because my gas bill is electronic.
Compared to this, the TSA’s decision to accept Facebook profiles as valid identity for boarding flights in the US seems sound. On balance, I judge it to be far harder to forge a plausible Facebook profile than a plausible gas bill, so if I turn up at the polling station and log in to the Facebook profile for David Birch (if there is a Facebook profile for a David Birch, incidentally, I can assure you it isn’t me) then they may as well let me vote.
The USA’s Transport Security Administration is accepting sight of a traveller’s Facebook profile as a form of ID, it has emerged.
So all we need to do is equip the polling clerks with Google Glass and job done? I don’t think so. I think we should think about what infrastructure is needed here and then work out the best to way implement it. There are a great many circumstances in which I would certainly imagine a Facebook profile to be a much better form of identification than a photocopy of my gas bill, but voting isn’t one of them, especially if there are already concerns about fraud.
But Electoral Commission chairwoman Jenny Watson said most voters could use passports, driving licences or even public transport photocards to prove who they are at polling stations. Those without any of these documents could request a free elections ID card, she added.
I am not making this up. Gas bills, Facebook profiles and railcards. That is where our democracy is in 2014. What a joke.
This is something.
The real solution is, of course, not using Railcards or football supporter’s cards, or indeed special-purpose election ID cards, but a general-purpose National Entitlement Scheme (NES). Few readers will remember this, but some time before the UK government’s last attempts to introduce a national identity card, there were consultations around a much better idea, which was a national entitlement card. As my colleague Neil McEvoy and I pointed out in Consult Hyperion’s response to this consultation, the “card” is only one mechanism for storing and transporting entitlements and in the modern age there might be better ones, such as mobile phones for example, that can not only present credentials but also validate them.
It is time to revisit that proposal to try and get the British government out of its muddle about identity infrastructure. A future administration will certainly have to introduce something, not only because of the issue of voting fraud but due to continuing concerns about illegal immigration, health tourism, benefit fraud and so forth. Suppose that the vision for national identity (based on the concepts of social graph, mobile authentication, pseudonyms and so on) focused on the entitlement rather than on the transport mechanism or biographical details? Then, as a user of the scheme, I might have an entitlement (ie, a public key certificate) on my purpose-built national entitlement card (so that’s some of the population taken care of), I might have a entitlement certificates on my bank card (so that’s the overwhelming majority of the population taken care of) and I might have certificates in my mobile phone (so that’s 99.9% of the population taken care of). Remember, these certificates would attest to my ability to do something: they would prove that I am entitled to do something (access the NHS, open my office door, buy things in Waitrose), not who I am. They are about entitlement, not identity as a proxy for entitlement. The government could give out free smart card readers (as they do in Spain) or leave it to the banks to distribute them.
In practice, I think the example set by a modern countries such as Turkey and Estonia are most attractive: I log in to the whatever with some pseudonym, the service provider sends a message to my mobile phone (over-the-air or via NFC or BLE in the future), the PKI in my SIM decodes the challenge and signs the response, and I’m connected. Securely and simply. And if other service providers want me to log on in the same way, they can issue their own certificates as well. There’s a similar approach to this in Norway except there the IDs are issued by the banks and used by the government and other private sector organisations. Imagine a national entitlement scheme that used this technology: it would be efficient and cost-effective, since it would use the phones that people already have to deliver services that they definitely want.
And, best of all, my phone would be able to check the entitlement presented by your phone, so none of us would need special equipment. I show up with my phone and claim that I am entitled to vote: my phone presents a meaningless but unique number, this is entered manually or automatically into the polling clerk’s phone which flashes up my picture if I am entitled to vote or a red cross if I am not. I show up with my entitlement card and the polling clerk reads it using their NFC interface, and so on. Instead of postal votes, the polling clerk can go to the old folk’s home and let them vote individually, certain that they are not being threatened or cajoled.
Should people be allowed to go one step further and simply log in to vote from home? For political elections, I think not. Voting must be in public in order to dispel any suspicion of coercion. Maybe it won’t have to be a polling booth any more (you could have general elections that last a week during which people can vote at Post Offices or bank branches or whatever), but it has to be somewhere public.
Therefore it must be done.
It seems to me that a national plan to finally do something useful about identity might obtain “parasitic vitality” (to use one of my favourite ID phrases) from the specific issue of voter ID. In the UK and in the US, this might be a way to both improve security around the act of voting as well as vector for deployment. Maybe electronic voting can be a focus to get the Cabinet Office’s Identity Assurance (IDA) scheme a flagship and get the public and private sector working together to deliver an infrastructure that will be of benefit to all. I should mention in passing that we have been working with the Cabinet Office on one of their “Alpha Projects” in the North of England which, as it happened, included photo ID for authentication as one of the use cases.
I’ll be talking about the idea of National Entitlement Scheme (NES) in my keynote at the 17th annual Consult Hyperion Tomorrow’s Transactions Forum in London on 19th and 20th March 2014. Unfortunately, mine will only be the second most interesting keynote at the event, because the kick-off keynote will be by Felix Martin, the author of “Money: The Unauthorised Biography”. As always the Forum — thanks to the fantastic support from our platinum sponsors Visa Europe & VocaLink, and our sponsors Fiserv & Olswang — is limited to 100 places. Oh, and did I mention that all delegates will be getting a complementary copy of Felix Martin’s excellent book, by the way?