A recent Newspoll survey revealed that 53 per cent of survey participants supported a national identity card, while only 31 per cent were opposed. Any day now Attorney General Philip Ruddock is expected to announce the terms of an independent inquiry into a national identity card, citing national security and fraud prevention as key concerns. This article considers a range of practical and technical realities surrounding identification to provide basis for rational discussion of such a proposal.
How should identity be considered? The most useful view is that a person’s identity begins at the moment of birth and evolves throughout life until it freezes upon death and begins to lose relevance.
In all moderately advanced countries a birth certificate or equivalent is created contemporaneously with birth which records details of the date, time and location of the event and the presumed parents. This forms the first documentary link between the person and a paper trail, as well as creating a link back through the parents as far as records exist. Such a piece of paper can be the difference between life and death — and that in areas where births are not recorded and registered all sorts of problems emerge for the ‘un-documented’ individual — both immediately and in the future, and from health and social perspectives.
The potential problems with a birth registration and birth certificate system become obvious upon a moment’s reflection. First, the document can be destroyed or lost; and second, there is no tangible link between the person and the document. It is therefore possible for there to be no documentation associated with an individual or for that documentation not to actually belong to an individual other than the person that now carries it. Both of these problems highlight how easy it is for fraud and error to occur.
What sort of link am I talking of? Well, the only effective link is to have some invariant characteristic of the individual recorded on an original document in a form that can be confirmed and is both immutable and non-replicable. In practice, this means having a photo, a DNA sample, an iris scan, or a finger print as part of the document. Sadly — except for DNA — all these change as we age and so need to be periodically updated at least until adulthood is reached when fingerprints and iris scans become much more stable. Moreover such information needs to be stored in a form that is easily retrievable and impossible to ‘mix-up’ if it is to be relied upon. Where does this leave us? And especially all those who do not have their DNA profile linked already to their birth certificate — which is virtually all of us!
The fall back solution has been to use a combination of documents which are allocated a point score depending on how hard they are to obtain — for example a birth certificate is worth more than a credit card in the same name. If you can assemble enough points you are permitted to do things that require you to prove your identity (for example, obtain a passport, open a bank account, take out a mortgage, etc).The problem with this system is that the lack of a biometric link back to someone’s ‘actual identity’ makes fraud possible.
Thanks to Sean Leahy
An identity card could avoid some of these problems if it contained biometric data. However, two practical realities must be considered.
First, the government must explain what information would be contained on such an identity card? Would it be limited to information necessary to confirm identity? Or would it record a person’s medical, tax, criminal or credit history? This must be explained. The more information recorded on such a card the more important the need for reliable security. The government must also confront the ‘function creep’ argument — that the range of functions covered at the moment won’t expand until Big Brother knows everything about us.
Second, the costs of such a scheme must be addressed. Labour costs of setting up and maintaining such a system would be considerable — as would the associated with the portable identify verification device. Who will cover all of these costs? Business is already worried that it will bear the burden; last year the Australian Chamber of Commerce and Industry cited research from the London School of Economics suggesting it could cost as much as $15 billion over the first 10 years. This figure is probably at the extreme end but research into the costs in other countries certainly suggests establishment figures of $1-2 billion and operational cost of $500 million per annum.
The approach which is now being universally adopted is to use a smart card. A smartcard contains a tiny computer designed to store information in a secure encrypted form. The information is typically only made available, via a special card reader, when the card owner enters their PIN. It is designed to safe from tampering and change unless the user enters their PIN. A smartcard could be issued by a responsible entity who is satisfied with the authenticity of the original documents provided. It could hold biometric information, preferably two pieces (for example, a photo and a fingerprint) within the card. When it is required to confirm an identity the stored information can be retrieved with the individual’s knowledge and consent. .
This approach requires a number of things. First, the institution requiring confirmation of identity, say a bank, must trust and be confident in the verification efforts of the issuing agency — they must know the card is secure and can’t be faked. Second, the biometric information must be easy to access, preferably to allow visual verification. Finally, the technology that holds the biometric information must be safe from corruption in any technical way.
The cost of the system is difficult to predict. There are many variables, including the regularity with which such cards would be replaced and the technology required. Given the temptation down the track to include information about criminal, medical credit, or tax records, there may be a desire to embrace newer, more expensive technology.
If we do pursue this, what can we expect in the future?
There should be a reduction in various identity related financial frauds — although the introduction of the Tax File Number, integrated Centrelink Records and the National CashTrack system have these issues largely under control. We also expect fewer incidences in which Australian residents and citizens are wrongfully detained if they happen to be carrying their card when apprehended.
However, it is unlikely that the introduction of this system will significantly lower the probability of a terrorist attack — people committed to such an end will ensure they have fake identities and find ways to subvert the system.
If we are to gear up to proceed with this we should also prepare for the legitimate concerns of those people concerned with privacy, including people suffering from stigmatising illnesses such as AIDS or mental illness, and who, for valid reasons, find it necessary to have more than one identity.
It is also crucial to recognise that if a less reliable technology for identification is selected — as may be tempting, as a cost cutting measure, in areas like e-health and social services — the likelihood of identity mix-up rises, leading to all sorts of potential difficulties including bank system errors, corrupted medical records and so on.
The bottom line of all this is that the introduction of a national ID card is a technically complex, risky and expensive undertaking. The Government must be transparent about the costs associated with such a scheme as well as the risks. Only then can the debate around balancing legitimate privacy concerns, the role of such a card and its potential for ‘function creep’ be commenced. I suspect this will fall at the first hurdle.