recognition - Consult Hyperion

We hardly notice identity fraud any more. Every day the wires bring more tales of fraud, theft, mischief and mayhem. Our antediluvian identity infrastructure, still based on the pre-industrial infrastructure of paper and signatures, has shifted from being a business irritant to a fundamental barrier to progress.

To my horror, I discovered my savings were nearly wiped out. Over the previous two business days, a woman claiming to be me had used a fake photo ID to make five large, in-person cash withdrawals from different branches of my bank in two faraway states. The largest withdrawal was $4,800; the smallest was $2,400.
[From Blog: Fighting Fraud Starts with Common Sense on the Front Lines – Paybefore]

Now, you might think that this is a little odd. Surely, you would imagine, if someone walks into a bank to draw out a few thousand dollars in cash then the bank would take their identity document and authenticate it — let’s say take their secure microchip on a plastic card and get them to enter a PIN, or take their e-passport and verify via digital signature and online lookup — before doling out the dosh. But apparently not.

Why was it so easy for a petty criminal to get away with so much cash? It doesn’t take many brains to understand that data breaches have created a thriving market for confidential financial information. And modern technology apparently provides the means to create authentic-looking fake IDs… In many of today’s bank branches, it seems in-person transactions still rely heavily on paper and trust. “If the teller feels that the person standing in front of them is indeed the customer, they’ll give out the cash,” several bank employees explained to me. Am I really to believe that with more tools available than ever to detect crime, a major bank relies on employees’ “feelings” to verify customers’ identities?
[From Blog: Fighting Fraud Starts with Common Sense on the Front Lines – Paybefore]

This is indeed puzzling. Not that anyone should be using driver’s licenses as identity documents anyway, since bank tellers and bar bouncers are not anti-terrorist geniuses capable for spotting fake IDs from around the world in an instant — note that if they actually did want to verify these documents properly, they could always use technology to do it (e.g., Au10tix) — when everyone that walks into the bank or the bar is carrying a piece of technology that can easily provide the combination of identification and strong authentication that is more than adequate for business.

Mobile financial services can’t expand fast enough, in my opinion. Though nothing is foolproof, a mobile phone seems like a good starting point for verifying a customer’s identity and immediate physical location
[From Blog: Fighting Fraud Starts with Common Sense on the Front Lines – Paybefore]

If I walk into a branch of Barclays (I can’t off the top of my head imagine why I might do this, but let’s just say) then the Barclays mobile app is more than capable of telling the branch who I am. It seems like an obvious way forward. But there is another reason why a mobile app might be a better basis for establishing identity than a scrawled signature or a trivially-counterfeitable utility bill or whatever, is the principle of identity symmetry. When the bank asks your mobile app to authenticate you, your mobile app can simultaneously verify the digital signature on the requests so that it knows it is dealing with your real bank. The Secure Enclave that hosts my tokens could also validate other peoples’ tokens to close the security loop. Ah, you might think, that might apply online but why would you need that in a physical branch? Well,

A Chinese man made thousands of dollar by opening a fake branch of one of the world’s largest banks. The man, whose surname is Zhang, equipped the fraudulent China Construction Bank outlet with card readers, passbooks and three teenage girls at the teller counter. One of the girls posing at the branch near Linyi, Shandong province, was the man’s 15-year-old daughter.
[From Chinese farmer swindles thousands of dollars by opening fake BANK | Daily Mail Online]

Brilliant. I love this story. No-one spotted that this entire bank branch was fake, not until a woman who deposited $6,200 at the fake branch could not withdraw it from a real branch a month later. The managers there spotted the fake deposit and contacted the police!

We can use mobile phones to prevent this kind of thing. But who will do so? Why don’t we all have working mobile ID already given that the idea has been around for years? The key question is: will the banks and the mobile operators and the handset manufacturers and the platform providers the government be able to work together to deliver a mobile ID infrastructure just as they did not work together to deliver a mobile payments infrastructure? Assuming the answer is no, then we are relying on Apple to once again perform its sheepdog role of corralling the banks so that the next time I access my bank online, use an ATM, walk into a bank branch or phone the bank from home, I will expect my bank app to pop open on my iPhone and ask for authentication. Once I’ve used TouchID or entered my PIN then I will know that I’m dealing with my real bank web site, ATM, call centre or branch and I’ll be able to get my banking service with a minimum of fuss.

The ability to recognise each other (as I’ve written many times before) is the fundamental precursor to relationships (and therefore transactions). If there were a cost-effective and convenient mechanism to do this that could be used for governments and citizens to recognise each other, for businesses and consumers to recognise each other and for banks and their customers to recognise each other, we would see an inevitable growth in transactions and open up the virtual world to even more innovation and entrepreneurship. If my “Apple ID” provides a convenient mechanism for mutual recognition in person and on line, it will be indispensable in short order. I am heartily sick of usernames and passwords, account numbers and one-time codes, call centres and secret words and I can’t wait for my mobile to do away with them.

There is a good way to fix the problems with voting, and it’s not with photocopies of gas bills or Railcards. Time for a National Entitlement Scheme.

Something must be done.

At Consult Hyperion, we are interested in electronic voting for three main reasons:

We are thought leaders in the digital identity space and electronic voting is a key “stress” application for digital identity;
We advise public sector clients on national identity and identity-related schemes (eg, the Irish Government’s Public Services Entitlement Card);
While people think about electronic voting in national and other political elections, there are a great many other applications of interest to our clients. A good example is the use of electronic voting for corporate purposes to replace postal voting at shareholder meetings, where the techniques developed for political elections could be used to reduce costs.

The practical deployment of, and experiences learned from the use of, new electronic voting systems are invaluable input into the wider question of identity infrastructure for a modern society, which is why we were delighted to be able to sponsor the 4th International Conference on e-Voting and Identity at the University of Surrey last year. This turned out to be an excellent event and we learned a lot about the different approaches to the problem, constraints, potential solutions and so on. As it happens, there are a great many practical problems around voting, and the solutions are complicated. But there are real social needs that must be addressed, and one of them has just reappeared in the British media.

Voters should be required to show photo ID at polling stations in Great Britain to lessen the risk of fraud, the Electoral Commission has said.
[From BBC News – Voters ‘should be required to show photo ID at elections’, says watchdog]

Personally, I’m in favour of voter IQ laws as well as voter ID laws, but there you go. While electoral fraud is not rampant in the UK, it is certainly not non-existent. The Electoral Commission in fact identified 16 out of the 400 local authority areas in the UK as being at risk, one of these being my own dear Woking, where we have a long and proud traditional of electoral fraud and only last year one of the candidates in local elections was found guilty of electoral fraud. The Electoral Commission highlighted the major problems that have been identified around postal voting (which I do not think should be allowed, but that’s another issue). Foreign readers might be surprised to learn that when you go to vote in the UK you simply give your name and it is crossed off of a list of eligible voters, much as it was when the first Viscount Watkinson was returned as Woking’s MP in 1950 when the constituency was created, or for that matter when Sir Talbot Buxomley was first elected MP for Dunny-on-the-Wold in the reign of George III. This arrangement is no longer immune from the suspicion of personation, so the Commission has recommended the use of photographic ID.

The research revealed that some people were concerned that a requirement for photographic identification would discriminate against certain groups of electors, who would not necessarily have any form of photographic documentation, such as a passport or driving licence.
[From Security Document World]

Similar issues are to the fore across the pond where the US voter ID situation is in a bit of a mess. If I understand the current situation properly, one of the problems with the just-introduced Voting Rights Amendment Act 2014, which is a response to the Supreme Court striking down part of the Voting Rights Act last year, is that there is potential for discrimination against people who are not able to obtain a “Voter ID” card. You can see their point. In other countries, this isn’t a problem, because everyone has some form of ID card. But in the US which, like the UK, has no identity infrastructure, then “systems” developed for other purposes will have to be sub-optimally commandeered. This is the sort of thing that is going to be proposed in, to pick a random example, Nevada.

The new voting system also would link with Department of Motorized Vehicle’s license database, allowing poll workers to visually verify the identity of the person attempting to vote.
[From Nevada secretary of state gets mixed reaction to voter verification proposal – Las Vegas Sun News]

Since the British government recently announced that it was going to put driving licence details online anyway, then I imagine there would be some pressure to use this database, despite its being known to be notoriously inaccurate. But what else do British subjects have to hand with a photograph on it, if not a passport or driving licence? My son could use his student ID card, I suppose (although I am rather against allowing students to vote, on principle) although I’ve no idea how it might be verified on the day. Perhaps they could ask us to sign to vote?

On a recent expedition to New York I was asked for photo ID as condition of entrance to a well-known landmark. I produced the (expired) building pass for our Madison Avenue office as was waved through. Which illustrates what is to me a central problem: if I am required to produce a photo ID at a polling station, it will do nothing to prevent fraud. The polling stations are manned by local volunteers doing their civic duty, not by expertly-trained anti-fraud personnel who are skilled in the inspection and detection of counterfeit identity documents. If I show up to vote and present a driving licence, a Portugese fishing licence or an England football club supporter’s card, the polling station staff will have no means to verify it. As it happens, some UK pressure groups are against photo ID in principle anyway, because it discriminates against people who don’t have a photo ID. Consequently,

the idea of voters being requested to provide a non-photographic form of identification at the polling station was welcomed in principle by both the public and electoral administrators.
[From Security Document World]

This seems utterly stupid to me but it is certainly in the great British tradition of pointless activity! It follows the tried and tested political theory of “something must be done, this is something, therefore it must be done”. So the Mother of Parliaments will rest on a franchise that is protected by photocopies of gas bills, since as we all know, electoral terrorists dedicated to subverting democracy will be unable to forge those. Not that I can produce one anyway, because my gas bill is electronic.

Compared to this, the TSA’s decision to accept Facebook profiles as valid identity for boarding flights in the US seems sound. On balance, I judge it to be far harder to forge a plausible Facebook profile than a plausible gas bill, so if I turn up at the polling station and log in to the Facebook profile for David Birch (if there is a Facebook profile for a David Birch, incidentally, I can assure you it isn’t me) then they may as well let me vote.

The USA’s Transport Security Administration is accepting sight of a traveller’s Facebook profile as a form of ID, it has emerged.
[From Facebook profile accepted as ID at airport security | The Drum]

One can imagine that this approach might itself still be further secured by the addition of photo ID. There’s an app for that…

An upcoming app for Android, iOS, and Google Glass called NameTag will allow you to photograph strangers and find out who they are — complete with social networking and online dating profiles.
[From Facial recognition app matches strangers to online profiles | Crave – CNET]

So all we need to do is equip the polling clerks with Google Glass and job done? I don’t think so. I think we should think about what infrastructure is needed here and then work out the best to way implement it. There are a great many circumstances in which I would certainly imagine a Facebook profile to be a much better form of identification than a photocopy of my gas bill, but voting isn’t one of them, especially if there are already concerns about fraud.

But Electoral Commission chairwoman Jenny Watson said most voters could use passports, driving licences or even public transport photocards to prove who they are at polling stations. Those without any of these documents could request a free elections ID card, she added.
[From BBC News – Voters ‘should be required to show photo ID at elections’, says watchdog]

I am not making this up. Gas bills, Facebook profiles and railcards. That is where our democracy is in 2014. What a joke.

This is something.

The real solution is, of course, not using Railcards or football supporter’s cards, or indeed special-purpose election ID cards, but a general-purpose National Entitlement Scheme (NES). Few readers will remember this, but some time before the UK government’s last attempts to introduce a national identity card, there were consultations around a much better idea, which was a national entitlement card. As my colleague Neil McEvoy and I pointed out in Consult Hyperion’s response to this consultation, the “card” is only one mechanism for storing and transporting entitlements and in the modern age there might be better ones, such as mobile phones for example, that can not only present credentials but also validate them.

It is time to revisit that proposal to try and get the British government out of its muddle about identity infrastructure. A future administration will certainly have to introduce something, not only because of the issue of voting fraud but due to continuing concerns about illegal immigration, health tourism, benefit fraud and so forth. Suppose that the vision for national identity (based on the concepts of social graph, mobile authentication, pseudonyms and so on) focused on the entitlement rather than on the transport mechanism or biographical details? Then, as a user of the scheme, I might have an entitlement (ie, a public key certificate) on my purpose-built national entitlement card (so that’s some of the population taken care of), I might have a entitlement certificates on my bank card (so that’s the overwhelming majority of the population taken care of) and I might have certificates in my mobile phone (so that’s 99.9% of the population taken care of). Remember, these certificates would attest to my ability to do something: they would prove that I am entitled to do something (access the NHS, open my office door, buy things in Waitrose), not who I am. They are about entitlement, not identity as a proxy for entitlement. The government could give out free smart card readers (as they do in Spain) or leave it to the banks to distribute them.

In practice, I think the example set by a modern countries such as Turkey and Estonia are most attractive: I log in to the whatever with some pseudonym, the service provider sends a message to my mobile phone (over-the-air or via NFC or BLE in the future), the PKI in my SIM decodes the challenge and signs the response, and I’m connected. Securely and simply. And if other service providers want me to log on in the same way, they can issue their own certificates as well. There’s a similar approach to this in Norway except there the IDs are issued by the banks and used by the government and other private sector organisations. Imagine a national entitlement scheme that used this technology: it would be efficient and cost-effective, since it would use the phones that people already have to deliver services that they definitely want.

And, best of all, my phone would be able to check the entitlement presented by your phone, so none of us would need special equipment. I show up with my phone and claim that I am entitled to vote: my phone presents a meaningless but unique number, this is entered manually or automatically into the polling clerk’s phone which flashes up my picture if I am entitled to vote or a red cross if I am not. I show up with my entitlement card and the polling clerk reads it using their NFC interface, and so on. Instead of postal votes, the polling clerk can go to the old folk’s home and let them vote individually, certain that they are not being threatened or cajoled.

Should people be allowed to go one step further and simply log in to vote from home? For political elections, I think not. Voting must be in public in order to dispel any suspicion of coercion. Maybe it won’t have to be a polling booth any more (you could have general elections that last a week during which people can vote at Post Offices or bank branches or whatever), but it has to be somewhere public.

Therefore it must be done.

It seems to me that a national plan to finally do something useful about identity might obtain “parasitic vitality” (to use one of my favourite ID phrases) from the specific issue of voter ID. In the UK and in the US, this might be a way to both improve security around the act of voting as well as vector for deployment. Maybe electronic voting can be a focus to get the Cabinet Office’s Identity Assurance (IDA) scheme a flagship and get the public and private sector working together to deliver an infrastructure that will be of benefit to all. I should mention in passing that we have been working with the Cabinet Office on one of their “Alpha Projects” in the North of England which, as it happened, included photo ID for authentication as one of the use cases.

I’ll be talking about the idea of National Entitlement Scheme (NES) in my keynote at the 17th annual Consult Hyperion Tomorrow’s Transactions Forum in London on 19th and 20th March 2014. Unfortunately, mine will only be the second most interesting keynote at the event, because the kick-off keynote will be by Felix Martin, the author of “Money: The Unauthorised Biography”. As always the Forum — thanks to the fantastic support from our platinum sponsors Visa Europe & VocaLink, and our sponsors Fiserv & Olswang — is limited to 100 places. Oh, and did I mention that all delegates will be getting a complementary copy of Felix Martin’s excellent book, by the way?

See you at the America Square conference centre on 19th March at 9.30!