The (inter)-national Identity Tangle
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View The (inter)-national Identity Tangle as PDF for free.
More details
- Words: 2,190
- Pages: 4
THE (INTER-) NATIONAL
IDENTITY
BY RALPH ADAMS, FREE LANCE JOURNAliST
TANGLE
UK,
INFORMATION AND COMMUNICATIONS TECHNOLOGY.
" THE ENTIRETY OF OUR ECONOMIC LIVELIHOOD ••• IS GOING TO TURN ••• UPON OUR ABILITY TO VERIFY IDENTITY FOR
entertainment venues, businesses or even transport providers who are investing in a far greater level of security than is realistically required - in some cases excluding those who may have valid reasons to gain entry.
THOSE WHO WANT TO TRANSACT BUSINESS ••• OUR REPUTATION AND OUR PRIVACY DEPENDS ON OUR ABILITY TO CONTROL OUR IDENTITY. "
~ feature underlying the industry's rapid growth has been the complexity of its products and the necessary financial, staff and time investments involved in learning what is available in the market and the most appropriate
Thus, Michael Chertoff - until recently, US Homeland. Security Secretary. He promoted a plan, called the 3 Ds, for identity authentication - "description, device and digit" ('description' being "a piece of information known only to the individual", 'device' "would most likely be some type of card" and 'digit' representing
fingerprint biometrics).
In recent· decades, national governments have seen identity as an increasingly important issue: how can citizens' identities be monitored and accurately verified? How can documents and signatures be authenticated? Traditionally, personal identity has been a topic hotly debated by philosophers and social psychologists. Since the 1980s, and especially following the reaction to 9/11, it has moved into the public sphere, with much discussion of identity control. This has, in turn, spurred even further both the demand for national security documents and pressure to develop increasingly sophisticated technology. The result has been tremendous growth in the security industry during recent decades. The focus, now, is on electronic passports and national identity cards. The issues relating to passports and transnational movement are the most complicated to resolve. So, perhaps, one should start by looking at what is happening within individual countries. In this article I shall discuss identity management in several territories and look at barriers to the effective use of electronic documentation for border crossings.
Pick up a paper or listen to a news bulletin and you will soon find discussions of 'security' and personal safety, with many of the issues being driven by the fastdeveloping industry. Organisations, both public and private, are increasingly concerned about safety and security; often buying systems to 'keep up with the Joneses', rather than from an assessment of actual risks or the value of what is to be protected. It is easy to find
products for specific applications: it may be simpler just to take the salesman's advice! Much the same can be said for national identity cards. The volume of economic and other migration, coupled with real or imagined terrorism threats has, of course, increased the need for far-stricter border controls - with the changes for entry to the USA being particularly marked: the development of the Homeland Security roles for ID card standards is an example of a government moving with unexpected speed when under pressure to get things done. Home Security Presidential Directive 12 (HSPD-12), which requires government-wide interoperability, even has as part of its implementation strategy the requirement that "extremely aggressive milestones are needed to maintain focus and momentum".
There is no standard technique collected and used in conjunction
for the way data is with identity cards:
there has been a wide range of approaches to the way different governments have handled the introduction of electronic card schemes and very different reactions have resulted. In general, common-law countries have not, as yet, made cards mandatory. The line between 'compulsory' and 'voluntary' is very blurred: when and where individuals must identify themselves using a government-sponsored document varies greatly between countries. There are different cultural issues, too. For example, in Japan, where cards are issued on a voluntary basis, they are needed to access family records, open bank accounts and apply for passports or driving licences, while in France they are, again, voluntary, yet you cannot make a financial transaction (use a cheque in a supermarket or obtain a credit card, for example) without one. Elsewhere, an identity card must be shown before you can register a child at school, receive social security benefits, start work or even buy a season ticket.
Some governments do require compulsory ID cards but this',too, can mean very different things: Malaysiahas a smart card (with several biometrics) which must be carried at all times (there is a penalty for not showing it when requested). In Spain, a mandatory card with digital signatures is used for all public and many private transactions, while in Singapore the card must be held, but need not be carried. In other countries (such as Brazil, Finland and the US) documents such as driving licences can replace national ID cards. In the USA, however, social security cards (which until the 1980s were expressly stated not to be required for identification purposes) are now often considered as de facto identity cards. Perhaps the most sophisticated card to date is that of the United Arab Emirates (UAE) which recently issued a compulsory secure multi-function smart card, with public key infrastructure and fingerprint biometrics. It has an ID number that links every individual to his/her own 'personal and biological lifetime data'. The card, for which a range of fees are payable, is valid initially until early 2012. It holds much personal data, and will eventually enable the holder to use it as a driving licence, employment card, residence permit, investor's card and medical and health insurance card. It will also work as an ATM card, e-purse, provide an e-signature service for documents, e-mails and e-forms and serve as an epassport within the Gulf states. Without the card, absolutely no services can be obtained.
predecessor, was unpopular and led to mistrust and resentment of the authorities - especially the police. The first scheme had been put in place without a clear explanation as to its function; the second was much better explained and understood. Although it was compulsory to carry the card, there was no penalty for not doing so. According to the legislation: "A constable in uniform, or any person authorised for the purpose under the said regulations, may require a person who under the regulations is for the time being responsible for the custody of an identity card, to produce the card to him or, if the person so required fails to produce it when the requirement is made, to produce it within such time, to such person and at such place as may be prescribed." The scheme was forced to end when a motorist, stopped in connection with an offence, refused to produce his card. He was prosecuted and, eventually,the Lord Chief Justice condemned both police and government for the way the legislation was being followed: the card was intended for national security, not as a means of monitoring the population. Since 1989 there have been various attempts to introduce peacetime British identity cards - with both main parties changing sides on the issue. Finally,legislation was passed in 2006, requiring a minimum of fifty elements of personal information, including biometrics, to be held on a national identity register (NIR) which can be accessed, without consent, by a wide range of named public bodies and agencies. It also allows a record to be made of every occasion where information in the NIR is provided to anyone, so that a detailed record of the holder's movements, and which services they have accessed, can be collated.
3
n
Britain is an example of a territory where t:4eissue of identity r~rrlc has had a particularly confused history and where there has been a long-standing conflict with national culture. Compulsory cards have been introduced twice, between 1915-1919and 1939-1952:in each case war was the justification. Everybody was required to carry a folded card with limited information (the owner's name, sex, age, occupation, residence, marital status and profession, but no photo!) backed up by registers of further personal and administrative data, held locally or centrally,and processed by hand. During World War Two the system was tied-in with rationing (ration books could only be issued on production of a valid identity card) but, like its
a.. -<
,., ,,<1>
-'
~ 0 0
<0
IR&"lU1~4S67J«««««««< '6011 •••••••• aacou«««««<6 SARPLE«SYSANNA«««««««<
For all but foreign nationals, the date of introduction has been put back until after the 2010 general election. But, like the First World War scheme, there is little in the way of a coherent policy or clarity over aims. Rather than listing the reasons for introducing the identity card, the Government has emphasised the need to eliminate 'identity fraud' and that the service is "working for the benefit of everyone" The present official attitude is that the card (but not the NIR) will be voluntary. Nevertheless, even those who opt not to have ID cards will still have to pay the fee and, if they require passports, be entered on the NIR. However, evidence from other countries suggests that anyone refusing a 'voluntary' card will need to live without basic services: access to voting, utilities, banking, mortgages, employment, driving licences, travel cards, use of cheques, debit and credit cards and much more are likely to be dependant on showing the card. A similar ID card controversy has raged in Australia where there was a move in 1985 for a national system of identification (initiallywithout a photo). It aimed to cut tax evasion, avoid benefit fraud, .control illegal immigration and reduce organised crime through "higherquality information matching". The project was defeated in Parliament and it was not until the London bombings in 2005 that the idea was again raised and, once more, rejected. In 2006 a biometric Access Card with limited information, and the option to voluntarily store extra items (such as emergency contact details or organ donor status) was approved as a consolidation of health and social services cards. The plan was that from early 2010, residents would be able to obtain benefits only with an Access Card, while the private sector was encouraged to 'piggyback' applications on the card for secondary, consumer friendly" purposes. However, in late 2007, the new Labour government once more cancelled the project - claims that the biometrics might lead to enhanced chances of 'identity theft' being one objection. As of mid2009 yet another health card is planned! France has also had problems with identity cards. Originally issued in 1940 by the Vichy authorities, and revised in 1942 apparently so that Jews could be identified for deportation, they ceased to be mandatory in 1955. At the same time both the central records and fees were abandoned. It is still, however, compulsory to carry some form of identification (as well as at least €15 in cash!). Plans for a new French contactless card with strong authentication, to be introduced in 2006, appear to have been cancelled following concerted opposition. The original idea was for the card to contain basic personal data (name, date of birth, address, signature) as well as encrypted photo and fingerprints (with iris prints to be added later). It was intended also to hold a digital signature for signing official documents such as tax declarations or private correspondence, and even a private storage space in which cardholders could record their choice of other information.
While national identity cards have problems, the issues underlying international ones (passports) are even more complex. While procuring, producing and delivering advanced documents have become simpler, inspection raises more of a challenge, with very few borders making use of the 'e' in e-passports. The complexity of the equipment and the time needed to test it (and ensure every type of machine can read every passport), the necessary training (to read the data in the contactless chips, utilise the stored biometrics and implement the security elements built into the booklets) all take time. This is further complicated by stricter rules in many countries for accessing the personal data and biometrics stored in the chips. The EU has introduced the International CivilAviation Authority's Extended Access Control (EAC) to allow for more sensitive biometric content to be added to the next generation of European e-passports and protect them against unauthorised use. With EAC the e-passport issuer must decide who can access specific data groups. Otherwise anyone with the necessary technical skillscould •• read the whole passport! Other features of the new technology include Passive Authentication (to check the passport is genuine), Basic Access Control (to avoid 'skimming') and Active Authentication (as a protection for the uniqueness and authenticity of the chip).
Few countries are deploying effective inspection systems - not even the US which was the instigator of the e-passport regime. The more scanning devices that are installed, the longer will be delays at borders - and the more travellers will complain. With older systems, immigration staff need only swipe the machine-readable area of the passport and, if necessary, glance at the book and ask some questions. With e-passports it takes longer to scan the full document and access the data. Despite all this, Chertoff estimates that his 'three Ds' provide a 99% solution to identity control. Let us hope his guess is also 99% accurate.
IDENTITY
BY RALPH ADAMS, FREE LANCE JOURNAliST
TANGLE
UK,
INFORMATION AND COMMUNICATIONS TECHNOLOGY.
" THE ENTIRETY OF OUR ECONOMIC LIVELIHOOD ••• IS GOING TO TURN ••• UPON OUR ABILITY TO VERIFY IDENTITY FOR
entertainment venues, businesses or even transport providers who are investing in a far greater level of security than is realistically required - in some cases excluding those who may have valid reasons to gain entry.
THOSE WHO WANT TO TRANSACT BUSINESS ••• OUR REPUTATION AND OUR PRIVACY DEPENDS ON OUR ABILITY TO CONTROL OUR IDENTITY. "
~ feature underlying the industry's rapid growth has been the complexity of its products and the necessary financial, staff and time investments involved in learning what is available in the market and the most appropriate
Thus, Michael Chertoff - until recently, US Homeland. Security Secretary. He promoted a plan, called the 3 Ds, for identity authentication - "description, device and digit" ('description' being "a piece of information known only to the individual", 'device' "would most likely be some type of card" and 'digit' representing
fingerprint biometrics).
In recent· decades, national governments have seen identity as an increasingly important issue: how can citizens' identities be monitored and accurately verified? How can documents and signatures be authenticated? Traditionally, personal identity has been a topic hotly debated by philosophers and social psychologists. Since the 1980s, and especially following the reaction to 9/11, it has moved into the public sphere, with much discussion of identity control. This has, in turn, spurred even further both the demand for national security documents and pressure to develop increasingly sophisticated technology. The result has been tremendous growth in the security industry during recent decades. The focus, now, is on electronic passports and national identity cards. The issues relating to passports and transnational movement are the most complicated to resolve. So, perhaps, one should start by looking at what is happening within individual countries. In this article I shall discuss identity management in several territories and look at barriers to the effective use of electronic documentation for border crossings.
Pick up a paper or listen to a news bulletin and you will soon find discussions of 'security' and personal safety, with many of the issues being driven by the fastdeveloping industry. Organisations, both public and private, are increasingly concerned about safety and security; often buying systems to 'keep up with the Joneses', rather than from an assessment of actual risks or the value of what is to be protected. It is easy to find
products for specific applications: it may be simpler just to take the salesman's advice! Much the same can be said for national identity cards. The volume of economic and other migration, coupled with real or imagined terrorism threats has, of course, increased the need for far-stricter border controls - with the changes for entry to the USA being particularly marked: the development of the Homeland Security roles for ID card standards is an example of a government moving with unexpected speed when under pressure to get things done. Home Security Presidential Directive 12 (HSPD-12), which requires government-wide interoperability, even has as part of its implementation strategy the requirement that "extremely aggressive milestones are needed to maintain focus and momentum".
There is no standard technique collected and used in conjunction
for the way data is with identity cards:
there has been a wide range of approaches to the way different governments have handled the introduction of electronic card schemes and very different reactions have resulted. In general, common-law countries have not, as yet, made cards mandatory. The line between 'compulsory' and 'voluntary' is very blurred: when and where individuals must identify themselves using a government-sponsored document varies greatly between countries. There are different cultural issues, too. For example, in Japan, where cards are issued on a voluntary basis, they are needed to access family records, open bank accounts and apply for passports or driving licences, while in France they are, again, voluntary, yet you cannot make a financial transaction (use a cheque in a supermarket or obtain a credit card, for example) without one. Elsewhere, an identity card must be shown before you can register a child at school, receive social security benefits, start work or even buy a season ticket.
Some governments do require compulsory ID cards but this',too, can mean very different things: Malaysiahas a smart card (with several biometrics) which must be carried at all times (there is a penalty for not showing it when requested). In Spain, a mandatory card with digital signatures is used for all public and many private transactions, while in Singapore the card must be held, but need not be carried. In other countries (such as Brazil, Finland and the US) documents such as driving licences can replace national ID cards. In the USA, however, social security cards (which until the 1980s were expressly stated not to be required for identification purposes) are now often considered as de facto identity cards. Perhaps the most sophisticated card to date is that of the United Arab Emirates (UAE) which recently issued a compulsory secure multi-function smart card, with public key infrastructure and fingerprint biometrics. It has an ID number that links every individual to his/her own 'personal and biological lifetime data'. The card, for which a range of fees are payable, is valid initially until early 2012. It holds much personal data, and will eventually enable the holder to use it as a driving licence, employment card, residence permit, investor's card and medical and health insurance card. It will also work as an ATM card, e-purse, provide an e-signature service for documents, e-mails and e-forms and serve as an epassport within the Gulf states. Without the card, absolutely no services can be obtained.
predecessor, was unpopular and led to mistrust and resentment of the authorities - especially the police. The first scheme had been put in place without a clear explanation as to its function; the second was much better explained and understood. Although it was compulsory to carry the card, there was no penalty for not doing so. According to the legislation: "A constable in uniform, or any person authorised for the purpose under the said regulations, may require a person who under the regulations is for the time being responsible for the custody of an identity card, to produce the card to him or, if the person so required fails to produce it when the requirement is made, to produce it within such time, to such person and at such place as may be prescribed." The scheme was forced to end when a motorist, stopped in connection with an offence, refused to produce his card. He was prosecuted and, eventually,the Lord Chief Justice condemned both police and government for the way the legislation was being followed: the card was intended for national security, not as a means of monitoring the population. Since 1989 there have been various attempts to introduce peacetime British identity cards - with both main parties changing sides on the issue. Finally,legislation was passed in 2006, requiring a minimum of fifty elements of personal information, including biometrics, to be held on a national identity register (NIR) which can be accessed, without consent, by a wide range of named public bodies and agencies. It also allows a record to be made of every occasion where information in the NIR is provided to anyone, so that a detailed record of the holder's movements, and which services they have accessed, can be collated.
3
n
Britain is an example of a territory where t:4eissue of identity r~rrlc has had a particularly confused history and where there has been a long-standing conflict with national culture. Compulsory cards have been introduced twice, between 1915-1919and 1939-1952:in each case war was the justification. Everybody was required to carry a folded card with limited information (the owner's name, sex, age, occupation, residence, marital status and profession, but no photo!) backed up by registers of further personal and administrative data, held locally or centrally,and processed by hand. During World War Two the system was tied-in with rationing (ration books could only be issued on production of a valid identity card) but, like its
a.. -<
,., ,,<1>
-'
~ 0 0
<0
IR&"lU1~4S67J«««««««< '6011 •••••••• aacou«««««<6 SARPLE«SYSANNA«««««««<
For all but foreign nationals, the date of introduction has been put back until after the 2010 general election. But, like the First World War scheme, there is little in the way of a coherent policy or clarity over aims. Rather than listing the reasons for introducing the identity card, the Government has emphasised the need to eliminate 'identity fraud' and that the service is "working for the benefit of everyone" The present official attitude is that the card (but not the NIR) will be voluntary. Nevertheless, even those who opt not to have ID cards will still have to pay the fee and, if they require passports, be entered on the NIR. However, evidence from other countries suggests that anyone refusing a 'voluntary' card will need to live without basic services: access to voting, utilities, banking, mortgages, employment, driving licences, travel cards, use of cheques, debit and credit cards and much more are likely to be dependant on showing the card. A similar ID card controversy has raged in Australia where there was a move in 1985 for a national system of identification (initiallywithout a photo). It aimed to cut tax evasion, avoid benefit fraud, .control illegal immigration and reduce organised crime through "higherquality information matching". The project was defeated in Parliament and it was not until the London bombings in 2005 that the idea was again raised and, once more, rejected. In 2006 a biometric Access Card with limited information, and the option to voluntarily store extra items (such as emergency contact details or organ donor status) was approved as a consolidation of health and social services cards. The plan was that from early 2010, residents would be able to obtain benefits only with an Access Card, while the private sector was encouraged to 'piggyback' applications on the card for secondary, consumer friendly" purposes. However, in late 2007, the new Labour government once more cancelled the project - claims that the biometrics might lead to enhanced chances of 'identity theft' being one objection. As of mid2009 yet another health card is planned! France has also had problems with identity cards. Originally issued in 1940 by the Vichy authorities, and revised in 1942 apparently so that Jews could be identified for deportation, they ceased to be mandatory in 1955. At the same time both the central records and fees were abandoned. It is still, however, compulsory to carry some form of identification (as well as at least €15 in cash!). Plans for a new French contactless card with strong authentication, to be introduced in 2006, appear to have been cancelled following concerted opposition. The original idea was for the card to contain basic personal data (name, date of birth, address, signature) as well as encrypted photo and fingerprints (with iris prints to be added later). It was intended also to hold a digital signature for signing official documents such as tax declarations or private correspondence, and even a private storage space in which cardholders could record their choice of other information.
While national identity cards have problems, the issues underlying international ones (passports) are even more complex. While procuring, producing and delivering advanced documents have become simpler, inspection raises more of a challenge, with very few borders making use of the 'e' in e-passports. The complexity of the equipment and the time needed to test it (and ensure every type of machine can read every passport), the necessary training (to read the data in the contactless chips, utilise the stored biometrics and implement the security elements built into the booklets) all take time. This is further complicated by stricter rules in many countries for accessing the personal data and biometrics stored in the chips. The EU has introduced the International CivilAviation Authority's Extended Access Control (EAC) to allow for more sensitive biometric content to be added to the next generation of European e-passports and protect them against unauthorised use. With EAC the e-passport issuer must decide who can access specific data groups. Otherwise anyone with the necessary technical skillscould •• read the whole passport! Other features of the new technology include Passive Authentication (to check the passport is genuine), Basic Access Control (to avoid 'skimming') and Active Authentication (as a protection for the uniqueness and authenticity of the chip).
Few countries are deploying effective inspection systems - not even the US which was the instigator of the e-passport regime. The more scanning devices that are installed, the longer will be delays at borders - and the more travellers will complain. With older systems, immigration staff need only swipe the machine-readable area of the passport and, if necessary, glance at the book and ask some questions. With e-passports it takes longer to scan the full document and access the data. Despite all this, Chertoff estimates that his 'three Ds' provide a 99% solution to identity control. Let us hope his guess is also 99% accurate.
Related Documents
The (inter)-national Identity Tangle
June 2020 5
Identity
November 2019 52
Identity
June 2020 21
The Muslim Identity
November 2019 10
Identity Is The Platform
June 2020 4