In the aftermath of the terrorist attacks in New York and Washington on September 11 2001, politicians around the world started proposing the introduction of official identity cards for their citizens.
Previously, countries like USA, Britain and Australia have never swallowed the line that such a scheme was necessary for public safety. Despite the hard sell by interest groups, they believed that it represented an infringement of civil liberties. For example, the Australia Card proposal in the 1980s would have created a universal number for Australian citizens and permanent residents. However, that proposal was abandoned in 1987 due to political pressure.
The world changed after the 9/11 terrorist attacks. The "War on Terror" produced strange political situations. In the USA, the Homeland Security Department was created and with it very strict conditions on people entering the country. The Real ID Act of 2005 was an Act of Congress that modified U.S. federal law in relation to security and authentication. New procedures were adopted for issuing state driver's licenses, ID cards and immigration cards. In Britain, the Blair Labour government introduced an identity card in 2005. The National Identity Card is a personal identification document and European Union travel document.
The Australian Prime Minister announced on 26 April 2006 that the "Australian Government has decided to proceed in principle with a new access card for health and welfare services".
The Access Card system however, was actually a proposal for a new national identity card system, similar to the Australia card of the 1980s. The Access Card project was abandoned by the Labor Government in December 2007.
Currently, there is no universal identifying number for Australian citizens. The closest thing we have to a universal identity card is:
The Medicare card for health services;
Tax File Number for tax matters; and
The state issued Driver's License.
Australian tax law expressly prevents government agencies from using the Tax File Number as an identifier. However, both Medicare cards and driver's licenses are used widely in Australia as de-facto identity cards.
In this chapter, I will explain why the Australian government was right in rejecting the concept of the national identification card. Further, I will also argue that using Medicare cards and driver's licenses as de-facto identity cards is a very bad idea that actually leads to more identity theft.
You only have to look at how the Social Security Number (SSN) in the USA became the default national identity card… And to see how it has been misused. Finally, I will argue that the best identity checking system you have is one that uses multiple forms of identity. An example of this approach is the "100 Point ID Check" used by Australian banks to create customer accounts.
The Australian government was right in rejecting the national identity cards.
"Any government that wants to issue a unique identification number to most of the population and then to compile and link information about them using increasingly powerful technology bears a heavy onus to justify its case...
'Nothing to hide, nothing to fear', directed at each member of the public, should be turned around and directed at government as: 'No legitimate reason to know, no legitimate reason to ask'."
Paul Chadwick, Victorian Privacy Commissioner, "The Value of Privacy", 23rd May 2006.
This alleged Access Card/system is an even greater threat to people's privacy and security than the 1980s Australia Card. This is due to the intended use of an all-purpose "smart card", linked to a centralised national identity database.
There are three grounds for opposition to the introduction of national identity cards:
They provide a false sense of security and are often misused;
Centralized databases become easy targets for hackers; and
They cost a huge amount of money to introduce and maintain.
Firstly, national identity cards provide a false sense of security.
Identity checks may make us feel safer but identification has very little to do with security. Since 9/11, there has been an increased use of identification checks as a security measure. Airlines demand photo identity cards and hotels increasingly do so. Identity cards are required for admittance into government buildings and even hospitals. Everywhere, someone is checking your identification.
In the ideal world the goal is to identify the few bad guys among the multitude of good guys… and have an ID system that denotes a person's intention. We'd want all terrorists to carry a card that said, "I am a Bad Guy" and everyone else to carry a card that said, "I am a Good Guy".
Then security would be so easy. We would just look at people's IDs… and if they were "bad guys" we wouldn't let them on the aeroplane or go into a building. On the other hand, good guys could come and go… and do anything they pleased!
Unfortunately, this security concept is a myth.
First, checking that someone has a photo identity card is a completely useless security measure. All the Sept. 11 terrorists had photo identification. In fact, some of the September 11 terrorists had genuine identity cards and passports… they were travelling under their own identities. How would an identity card stop them from travelling? Further, Spain has had identity cards for 10 years but that didn't stop the Madrid bombing of 2004.
Identity cards really only affect the lifestyles of law-abiding citizens… not the criminals! Unfortunately, it places restrictions on the "good guys" but allows "bad guys" the ability to move freely using several fake identities. This could never be done in a country that requires multiple forms of identity.
Second, identification cards can be easily forged. Some of the 9/11 terrorist's identification cards were "fake". The terrorists used the details of real people with false names. The details were purchased from a crooked government employee in Virginia for $1,000 each.
A former officer of the Israeli spy agency Mossad has alleged that the spy agency has its own "passport factory" used to create false passports for use in intelligence operations.
In January 2010, Mossad agents killed the top Hamas leader Mahmoud Al Mabhouh in Dubai. The agents allegedly used false passports of Australian, British, Canadian, German and French citizens.
As I write this book, relations between Australia and Israel are under severe strain. A former Mossad employee, Victor Ostrovsky, says he has no doubt Australian passports have been forged or fraudulently used for similar operations in the past.
"They need passports because you can't go around with an Israeli passport, not even a forged one, and get away or get involved with people from the Arab world," he said. "If they can obtain blank passports, which they have in the past from Canada, from England, they do. If not, they just manufacture them."
Fake driver's licenses for all 50 U.S. states are available for sale on the Internet… and they're good enough to fool anyone who isn't paying close attention. So, if identity criminals can easily make false passports and driver's licenses, why wouldn't they make false identity cards?
Third, the intent of profiling is to divide people into two categories: people who may be "bad guys" and need to be screened more carefully, and people who are "good guys" and can be screened less carefully.
The problem is that there are "bad guys" that look like "good guys" and don't get screened when they should. For example, the Sept. 11 hijackers went out of their way to establish a normal-looking profile. They had frequent-flier numbers, a history of first-class travel and so on. "Bad Guys" can also engage in identity theft by stealing the identity and the profile of a "Good Guy". Profiling gives the "Bad Guys" an easy way to get around security.
Another problem is that there are "Good Guys" that look like "Bad Guys" who end up getting harassed, when they shouldn't. They could be something as simple as "driving while black" or "flying while Arab ". Alternatively, it could be something more complicated like protesting against the government. Profiling harms society because it causes us all to live in fear... not from the "Bad Guys", but from the police!
Secondly, identity cards are bad because of centralized databases, which become a target of identity thieves and hackers.
The Access Card was a national identity card. The card's introduction would have multiplied and boosted fraud, as well as identity theft and identity fraud. Why is this so?
The Access card was a bad idea because it centralised personal information of 18 million Australian citizens onto one database. A single form of identification would have replaced the existing Medicare and Centerlink cards. Citizens would have used the card to prove their identity to obtain government benefits and services.
This plan is inherently flawed, as it generates a "honey pot effect". The centralised database provides a very attractive and highly rewarding target for identity thieves. Instead of several databases with identity information to be accessed, there is one single target. If the criminals could hack the database, they could reproduce counterfeit identity documents. Such centralization would increase identity theft and fraud.
"There have been recent suggestions in the media that the Government is going to introduce a national identity card. I can assure you that this is not the case. We do not support the approach where all personal information is centralized on one database, and a single form of identification is issued. This could increase the risk of fraud because only one document would need to be counterfeited to establish identity. Instead, we support the use of a range of acceptable documents, with the ability to verify those documents quickly and simply. This approach strengthens our proof of identity process and mitigates the risk of identity fraud." (Philip Ruddock, Attorney-General, Opening Keynote Address to Australian Smart Cards Summit 2005, 29 June 2005)
There is nothing wrong with government agencies issuing smartcards, but they should not be based on a centralized database. Decentralized databases are fine because criminals would need to hack a number of restricted databases to get the required information.
The cost of establishing and maintaining centralized registers is huge
Think of the opportunity cost. Money spent on the Access card could pay for many hospitals, schools, nurses and police. The money could be used to pay down the national debt. It's irresponsible to pass on escalating debt to our children and grandchildren. If terrorism is the problem, then spend the money on more police and Special Forces. That would make more sense.
Identity cards represent an infringement of civil liberties.
The argument for national identity cards skews the relationship between citizen and state and destroys personal freedom and privacy. When every citizen is obliged to surrender DNA and a finger or retina print to a national database, the state has rights over your personal information and identity.
The information stored in identity cards is personal data such as gender, race, age, residential status and a photograph. The government could compile a dossier on each person in the country. This isn't scaremongering… it's the explicitly declared proposal of the government.
You should be treated as an innocent person until a good reason emerges to suspect you. Under a national identity card, every time a crime is committed, your DNA and/or fingerprints will be checked against those found. In principle, you are a suspect for every crime until discounted.
The identity card permits the linking of information between all government departments. Your information will allow the government to share information about you. Do we want government to have that power? Even if you believe that your government will never do anything wrong, why should we have the scheme? It has no security benefit and is open to abuse. The only safe method of identification is not to have national identity cards in the first place.
History shows us that de-facto national identity cards can be misused.
Currently, there is no universal identifying number for Australian citizens. The closest thing we have to a universal identity card is:
The Medicare card for health services; and
The state issued Driver's License.
What is wrong with using Medicare cards or driver's licenses as de-facto national identity cards?
The experience of the SSN illustrates why our Australian driver's license or Medicare card should never become a de-facto identity card. It is a poor practice, which is open to abuse AND it encourages identity theft!
Consider the Social Security Number (SSN) in the USA. The SSN is a nine-digit number, which was inaugurated in 1936 with the intention of matching citizens to the retirement money.
However, over time the SSN became essential for getting credit and for employment background checks. Now it has become so deeply linked to personal data throughout the U.S.A economy that it is the de-facto national identifier for all USA citizens.
Unfortunately, there have been many instances where the SSN has been used for identity theft purposes. Social security numbers are one of the most powerful pieces of personal information an identity thief can possess.
"For identity thieves, it's their magic key . . . that gets into every door," said Daniel J. Solove, a George Washington University law school professor who specializes in privacy law.
"Getting a number can make it possible for criminals to access bank or credit card accounts, establish credit to make purchases, or find someone they wish to harm."
Data brokers undertake scant checks to verify whether a request is legitimate… or not. In fact, there are several websites that sell full Social Security numbers!
The commercial sale of social security numbers has contributed to the epidemic of identity theft or fraud that has touched about 10 million Americans in 2009. There were a series of privacy breaches involving large information brokers. Unfortunately, they were tricked by identity thieves who posed as legitimate businessmen, into selling personal data on 175,000 people. So far, these revelations have not stopped the practice of selling and re-selling personal data.
A simple Internet search on Google yields more than a dozen web sites offering the SSN for sale. Some are run by small data brokers and others by re-sellers. Others are run by private investigators.
Some insurance companies still use the SSN as an individual's account number. They print it on identification cards, leaving people vulnerable if wallets are stolen or lost. Medical offices routinely request SSN, often when initial appointments are made. Many universities use it as a student identification number.
A number of states in the USA like Alaska have printed the driver's SSN on the actual driver's license. Can you imagine what would happen if the driver's wallet was stolen, which included the driver's license, the person's date of birth, address and SSN?
Secondly, the SSN number can be easily guessed.
Research has shown the possibility of guessing several of the nine digits in a person's Social Security number by simply using readily available information.
"Many numbers could be guessed at by simply knowing a person's birth data", the researchers from Carnegie Mellon University said. "You can easily get that from Facebook or MySpace".
"Our work shows that Social Security numbers are compromised as authentication devices, because if they are predictable from public data, then they cannot be considered sensitive," said Alessandro Acquisti, assistant professor of information technology and public policy at Carnegie Mellon University and a co-author of the study.
"We can't pretend anymore that SSN's can be kept secret," said Peter Swire, a law professor at Ohio State University and chief counsellor for privacy during the Clinton administration. "This report puts a nail in that coffin. We'll need new approaches, and it will cost money for the government and the private sector to build the new approaches."
The Australia Card
The story about the Australia Card has been a war between two opposing camps…the privacy advocates vs technology groups. The narrative took on the form of the David vs Goliath battle, where a small group of privacy advocates battled and defeated the more powerful forces of the government, bureaucrats and technology vendors who were lined up against them.
The story is all about the rise of an unprecedented peril, called the Australia card. A small band of activists gained the attention of the Australian media and the community and successfully stigmatized their opposition as being people who placed a low-value on people's privacy. In the eyes of privacy advocates, the evil Australia Card concept was defeated but the danger always remains and they need to be ever vigilant about protection from this threat.
The other camp paints the Australia card as being akin to a miracle-worker or hero. Proponents of the Australia card argued that it was just an essential part of keeping up with technology advancements…taking Australia out of a technology backwater. The Australia card would address the evils of tax evasion, welfare fraud and usher in a new era of improved health service delivery. The card would also bring other benefits such as reducing identity fraud.
The Australia card was introduced in the 1980s and was defeated by suspicion… even hysteria. The concept of the card was reintroduced in 2006 by the conservative Howard government and again did not gain traction with the Australian electorate. It was formally destroyed by the new Labour government in 2007 when the government dropped it completely from its policy platform and the government department was disbanded.
Proponents of the Australia card concept still claim that the concept of the Australia card is sound. They believe that it has strong technology backing and will eventually become part of sound public policy. They claim that the cards eventual adoption will be incremental not revolutionary. They point to evidence of the growing community acceptance of other identifiers such as Tax File Number (TFN) identification, driver licenses and medicare cards which currently address Australia's security needs.
From an international perspective, the Australia Card issue is of interest. This is an excellent example of successful opposition to a national identity card.
Vendors, activists, journalists, politicians & government officials, have listened to different accounts of the same events and have adopted different interpretations.
The versions from the privacy group include:
Australia shows that other countries should not establish a national identity card;
The defeat of the Australia Card was about the citizen's unease with government intrusiveness;
The defeat of the Australian card was a sign of the vitality of government. The citizens perceived that they can influence public policy and politicians responding appropriately to their calls.
The technology based groups provide totally different assessments like:
The abandonment of the Australia Card is insignificant. The Australian government has achieved many of the objectives through other means like the 2006 government services 'access card';
The defeat of the Australia Card was akin to the defeat of referendum held in Australia e.g. a referendum for the republic;
The Australia card was a victim of poor marketing, unlucky timing and "political payback". The card would have succeeded if it was wrapped in the flag and linked to the 'war against terror' e.g. the Bali Bombing
Does Australia need a national identity card?
The Howard government emphasized that the government services Access Card would not be a national identity card. This argument is correct if national identity card is the equivalent of an internal passport. For example, if it was a proof of identity document that issued to all citizens and must be carried by all citizens and produced on demand.
However, most Australians would have been enrolled in the national card register. The card would have replaced state-issued drivers' licences as being the de facto national standard for proof of identity. There would not be a single, central and comprehensive database covering all aspects of an individual's interaction with government. Such a database is not necessary and would likely be hijacked by competing bureaucratic empires in Canberra.
In the 1980s, the debate about the Australia Card was inhibited by self-interest groups promoting their own agenda. Sadly, there was much more informed and reasoned debate in 2007.
The technologists pushed technology project development while the Government Ministers and their advisers looked for political advantage'. Community advocates waved the privacy version of the red flag while journalists are quoting sound bites without much understanding. Yet again, the debate fixated on the bit of plastic rather than the boxes.
In December 2007, the Rudd Labor government announced that it would abandon the Access Card project. The government closed the Office of the Access Card and shut down its website.
The 100-Point Identity Check using multiple forms of identity is the best method.
When opening new financial accounts across Australia, such as a bank account or betting account, people have to comply with the points system.
The 100-point check resulted from the Australian Commonwealth Government's aim at restricting individuals and companies from hiding financial transaction fraud. This was enacted by the Financial Transactions Reports Act (1988) (FTR Act), and the Australian Transaction Reports and Analysis Centre (AUSTRAC) was established.
It also established mandatory reporting by a wide range of financial services providers (including banks, bullion dealers and solicitors) and the gambling industry.
In 2009, a law was passed stating that buyers for Subscriber Identity Modules (SIMS) require the 100 point check. A purchase of a mobile phone now requires the 100 point check.
The system is used to fight against welfare fraud, tax evasion, money laundering and other offences. It is provided to a range of federal and state/territory law enforcement and revenue agencies. This system is now widely used in organizations keeping official records, such as the driver's license system.
Financial reporting involves customer identification. A person's identity is being verified through the documentation provided by the person. Each document is given a points value and the total points scored must equal hundred points. A 'primary' document e.g. passport features a photograph, is tamper-resistant and is obtained through a process that already includes significant checking. Primary documents such as passports and birth certificates are worth 70 points.
Click here for the complete requirements and explanations of the Australian 100 point Identity check. Click here for Financial Transactions Reports Act 1988 which provides detailed regulations about the identification procedures.
The 100 point identification system is not foolproof
Australian consumer perceptions of 100 Points identity verification schemes appear to vary widely. Financial institutions have complained that the scheme is too inflexible or too costly. Some consumer advocates have claimed that the scheme has placed an undue burden on disadvantaged members of society.
For example, the 100 point check excludes blind people and quadriplegics who do have basic documents like a driver's licence. Officials have responded to this complaint by issuing administrative guidelines. Disabled people and recipients of income support should not be disadvantaged by fees.
Security analysts argue that policymakers and consumers may have placed undue trust in 100 point schemes. They claim that these schemes can be easily subverted. The 100 point total is essentially arbitrary and might just as easily have been 110, 150 or 200 points. If you can achieve 100 points, it is accepted that you are who you say you are.
However, that simple acceptance of achieving 100 points is misleading because:
Legitimate documents have been improperly obtained;
Documents have been altered or are entirely false; and
Ineffective mechanisms for scrutinising documents and checking information.
The 2004 AGIMO Options to combat e-fraud in Australia paper commented:
"Although a driving licence is routinely used as proof of identity, it is only a proof of driving ability, and not of identity. The supporting documents used by transport departments in the various states and territories of Australia to establish identity, for the purpose of issuing Driver's Licences, may themselves have been obtained fraudulently. The holograms that distinguish cards such as a drivers licence are not hard to copy and produce in vast numbers."
A 2000 submission (PDF) by the National Crime Authority commented
"A wide variety of false identification has been detected in NCA Task Force investigations, including false birth certificates, passports, drivers' licences and learner's permits. Some false documents and/or complete identities have been created in Australia, whilst others have originated overseas and been used in Australia.
Whilst an individual obtaining one of these false documents may not seem of great importance, a major issue is the cumulative effect once the first item of false identification is obtained. In particular, development of a chain of identity may be used to frustrate the financial sector's '100 points' identification system. For example, a fake birth certificate (70 points) may be used to obtain a false drivers' licence (40 points), thus enabling the 100 points to be met and bank accounts opened. The establishment of bank accounts in false names and the use of false sender details for offshore remittances (IFTIs) has enabled criminals to circumvent financial transaction monitoring and reporting regimes and successfully remit millions of dollars in proceeds of crime."
Few people sighting documents have formal forensic skills. Their scrutiny is based on the fact that it looks right and its context. Further verification can be made with reference to government and private sector databases. Unfortunately, they all have varying degrees of accuracy.
A 2005 submission to the Federal Privacy Commissioner (PDF) by a commercial identity reference service lamented
"The right to privacy should not be something that can be hidden behind so as to afford protection to fraudsters and identity thieves. Financial institutions are bound by the current 100 points identity check. However, the following examples show that verifying the documentation required to achieve the 100 points is virtually impossible:
1. The Road Traffic Authority in NSW will not confirm/deny that John Thomas Brown born on 20/5/1950 is indeed the holder of driver's license number 7571XX issued on 12th June 2004 on card number 444444.
2. Energy Australia will not/confirm deny that the same person is the registered consumer of their product.
3. The Department of Immigration will not confirm/deny passport information.
The list is endless and they all cite Privacy Legislation or Privacy concerns as the reason."
Are 100 point schemes likely to evolve and be adapted in future?
Arguably these types of schemes are attractive because they are perceived to work in the finance sector. They are also endorsed by government and are not threatening. It is not surprising that various groups have argued the use the 100 point identity verification in other areas.
For example, in 2003 a federal parliamentary committee received suggestions that anyone wishing to create an internet account the internet service provider (ISP) with 100 points of identification. People who suggest this option do not understand the nature of the internet. Many Australians use overseas ISPs whose only requirement is a valid credit card. How could the Australian authorities police that requirement?
In 2003 the AUSTRAC chief executive commented
When the FTR Act was first thought of, this was quite revolutionary stuff. And in many ways it still is. The approach is still revolutionary, but the financial system that we leverage off is changing. The question is how we realign ourselves to deal with proprietary systems that banks give their customers to use so that in some cases they bypass the Australian operations of the banks, so we have some jurisdictional issues. How do we make sure that banks and other cash dealers under our legislation are still able to identify unusual transactions, the suspicious ones? If things are happening electronically, is there a person there who sees a transaction or a pattern of transactions and says, 'I think this is odd. I want to report it as suspicious'?
For the early development of the FTR the 1993 Checking the Cash report by the Senate Standing Committee on Legal & Constitutional Affairs is of particular value.
Summary
In this chapter, I have explained why the Australian government was right in rejecting the concept of the national identification card. I have also put a case against using Medicare cards and driver's licenses as de-facto identity cards.
The Social Security Number (SSN) in the USA has become the default national identity card and has been misused. Australians should never allow our driver's licenses or Medicare cards be used this way.
Finally, the Australian "100-Point ID Check" using multiple forms of identity that add up to 100 points represents the best method of identity checking. Even then there are issues about using forged documents to build an identity.
What's next?
In this book, we have examined a number of victims' stories and have concluded that everyone is a target of identity theft.
If you act carelessly like Victor in chapter 3, you will make yourself a larger target and become a higher risk of identity theft. However, some victims Frank illustrate that ordinary people going about their business can also become victims.
Businesses you deal with can leak your personal information. It's often just a matter of being in the wrong place at the wrong time to become a victim. Gillian, Therese & Mary were all victims of Jodie Harris, the "Catch-me-if-you-can" thief. Innocent victims can have their identities stolen by other family members, close associates and neighbours!
It would be all doom and gloom, if that were the end of the story. This book is here to educate you that you can protect yourself from identity theft!
Golden Rule: You must make yourself a very small target…
Chapter 8 examines how you can make yourself a very small target for identity thieves.
