164 Computer Law & Security Report Vol. 20 no. 3 2004 ISSN 0267 3649/04 © 2004 Elsevier Science Ltd. All rights reserved

Validating identity for the electronic environment1

Stephen Mason, barrister

Many politicians the world over consider that it ischeaper and more effective for governmentagencies to communicate with citizenselectronically, via the internet, in the future. Forexample, it will be compulsory for all businesses inthe United Kingdom to submit certain types ofEnd of Year Returns electronically by 2010.However, the fraudulent use of individual identityhas increased at an alarming rate. The use ofelectronic communications and reliance uponelectronic databases poses serious problemsrelating to the validation, verification andauthentication of identity in the electronicenvironment. This article will consider some ofthe implications surrounding the issues relating tothe identification of a person. It does not considerthe authentication of the computer application.

Until we began communicating by way of theinternet, validating the identity of an individual oran organization was not of primary importancefor the conduct of every-day affairs. That is not tosay that there were never circumstances wherethere was a need to establish identity. One exampleis where a third party, using the identity ofanother, perpetrates a criminal act. In suchcircumstances, it might be necessary to identify theperson or legal entity whose identity has beenmisused to commit the crime, and the identity ofthe perpetrator of the crime.

Governments have made great strides inmaking vast volumes of information available inelectronic format over the internet. However, therisks associated with providing information in thisway, and when communicating by way of theinternet, are now manifest. In wishing to extendthe methods of communicating with citizens,governments are beginning to require users toauthenticate themselves when communicating withdepartments over the internet. It is probable thatthis requirement will prevent most people fromusing the internet as a means of communicatingwith government. This is because the cost ofmaintaining a means of authenticating an identityelectronically is far more expensive andproblematic than civil servants and politiciansacknowledge. In addition, databases controlled bygovernments and private organizations, such as

credit checking agencies, are being increasinglyused to cross-reference the identity of individualswhen applying for a range of government services,from the application and renewal of a drivinglicence to claiming for benefits.

A. IdentityIt could be argued that the concept of identity hasbeen given a greater prominence with the advent ofthe internet, because of the theoretical possibilitythat a person may communicate with others intotal anonymity in this environment. The widertake-up of the internet has, however, served tobring to the fore the vast amount of personal dataheld electronically, by both governments andprivate organizations. Generally, the meaning ofidentity is that of personal identity, whichdescribes the condition or fact of continuity ofpersonal existence. However, even when weconsider the concept of personal identity, theprecise meaning may differ according to thecircumstances, such as: a unique name of anindividual; a name and an address; a name and adate of birth; or perhaps a name and anoccupation. An identity does not need to beabsolute, so much as the establishment of arelationship between one manifestation ofpersonal activity and another. An example is wherea patent is to be transferred from the personnamed in the register to a third party. The personacquiring the title requires to derive a satisfactorytitle to the patent. They need to establish a linkbetween the person named in the register and theperson they are dealing with, or with thepredecessor-in-title.

Alternatively, identity can be a condition ofbeing, identified for a purpose. An example of thisconcept is when an individual is prosecuted fordriving while disqualified. It might be necessary toprove that the person before the court is the sameperson as was previously disqualified. If this canbe proved, it does not matter whether they have thesame name, address or occupation as when theywere disqualified previously.

Equally, some individuals may wish to beknown under a nom de plume. There are perfectlygood reasons for this, such as where an author

Validating identity

CLSR 20 03.qxd 15/04/2004 16:19 Page 164

165

writes fiction, but does not wish to confuse theirreal life identity with their activities as creativewriter. Two English examples are that of C. L.Dodgson, who lectured in mathematics at OxfordUniversity during the nineteenth century and wroteunder the name of Lewis Carroll; and Mary AnnEvans, who wrote under the name of George Eliot.

For the purposes of this article, it will be takenthat “identity” means the personal identity of anindividual person that is linked to their existenceby means of their birth certificate. The reader willimmediately note that even this basis for discussingidentity does not include those women who, uponmarriage, take their husband’s family name. Wherea woman makes this decision, the root of heridentity remains with her birth certificate, and themarriage certificate provides the evidence that shehas adopted the name of her husband. Similarconsiderations will apply to those people thatchange their gender from that which is recorded atbirth, and when individuals decide to change theirname from that recorded on their birth certificate.

B. Risk in the electronicenvironmentThe risks of communicating over the internet arevaried. They include, but are not limited to:malicious attacks by an outsider or somebodyfrom within the organization or household; theaccidental disclosure of the electronic means ofidentity (including giving up passwords, orexposing passwords to being obtained easily, or theunauthorized use of a password); the deliberateuse of false details; the retention of secretinformation in an un-trusted terminal; and theintroduction of a computer virus or othermalicious software that enables a third party toobtain access to a computer remotely and use theidentity of the owner to commit unauthorizedacts. Although some of these types of attackrequire a third party to gain access to a computerwithout the knowledge or authority of the owner,there are alternative ways for third parties intenton committing illegal acts to obtain relevantinformation.

For instance, documents relating to companiesare open to public inspection in the UnitedKingdom. The Registrar of Companies maintainsan on-line register of every company registered inthe country. Any person can download basicinformation about a registered company from therelevant web site, and can obtain copies ofdocuments lodged with Companies House for a fee.

A report in 2002 illustrated how easy it was for aperson to use the identity of a company forfraudulent purposes.2 Thieves can obtain copies ofdocuments relating to a company from CompaniesHouse, which contain the signatures of thedirectors. A new director can then be appointed tothe board by submitting the relevant form toCompanies House, signed with a forged signature.Once this notification is received, the thieves can fileanother form with Companies House indicating achange of registered address. The thieves then tradeunder the company name for a number of monthswithout paying any invoices. The registeredcompany only discovers what has been happeningwhen members of the Serious Fraud Office attendedtheir premises, and it is for the company to resolvethe problems that occur in such an instance.Documents relating to registered companies in theUnited Kingdom must be made available to thepublic, but the Registrar of Companies is notresponsible for the accuracy of the information heldon the public record. This duty lies with theDirectors and Company Secretary.

The example set out above can be committedwithout recourse to the internet. The thievesmerely have to obtain the relevant papers bymaking a telephone call. In addition, they can usea suitably anonymous means to make theappropriate payment. More alarming reports ofidentity theft, especially in the United States ofAmerica, have begun to illustrate the problemsassociated with identity in the electronicenvironment.3 It is considered by some policeofficers that prosecutors and judges poorlyunderstand the repercussions suffered by a victimof identity theft.4 Any judicial failure to deal withidentity theft adequately or at all may well causepoliticians to take legislative action if publicconcerns become sufficiently vociferous to affectvoting intentions. Politicians in some countrieswhere identity cards are not a part of thelandscape, such as the United Kingdom andCanada, are considering the introduction ofidentity cards in an attempt to help resolve someof the concerns this problem is causing.5 This has,in turn, raised questions about the process of howan identity is properly established, if it is possibleto do so, for use in the electronic environment.

A number of factors have led governments inparticular to reconsider the issues relating to theauthentication of identity in the electronic setting.Some of the major influences that have causedpoliticians to consider taking action in relation to

It is considered by

some police

officers that

prosecutors and

judges poorly

understand the

repercussions

suffered by a

victim of identity

theft

Validating identity

CLSR 20 03.qxd 15/04/2004 16:19 Page 165

this issue include the development of electronicforms of communication, the techniques used bycriminals to pass money obtained by criminalmeans through legitimate businesses and banks,and the development of identity fraud as a meansof committing theft.6

The aim of authentication is to validate aperson’s identity. This is why the accuracy of theprocess of registration and the gathering ofinformation is so important when consideringidentity in the electronic environment. Assuming adatabase is accurate, the authentication of identityin the electronic setting should, (providing thesystem used is robust), be straight forward. Once aperson’s identity is validated by the process ofelectronic authentication, it follows that theidentity is considered genuine, and in turn, theperson will have established a title to credibilityand acceptance of their identity: certainly in theview of the person or organization undertakingthe authentication process. This can be a verydangerous where reliance is placed on the use ofdigital signatures in the open communicationssystem of the internet. Very few people are awareof the dangers of computer security, and wheregovernments decide to rely on digital signatures toauthenticate subjects without verifying theprovenance of the signature, the electronicauthentication of an individual is open to attack.

C. Proof of identityIn discussing the issues surrounding identity, auseful starting point might be to consider the wayin which identity was recognized at a time beforethe wide spread use of paper, and in particular,before births, deaths and marriages began to berecorded. Confirmation of identity in a worldwithout paper or records centred upon oralknowledge of the individual. In some societies, thename adopted by a person would reflect theirrelationship to a family member or geographicallocation, or both. Alternatively, it might reflect thephysical characteristics of the individual, the typeof work undertaken by a parent or a description ofa characteristic a parent endows on their new bornchild. This mechanism provided an associationbetween preceding generations and the individual,or between a physical observation and theindividual. Ties between members of the extendedfamily would, in turn, provide a suitable methodof verification between the person, theirgeographical home and their name, should theydecide to live a life beyond the confines of their

place of birth (that is, if they had the ability tomove about freely). Clearly, this did not prevent anindividual from assuming a new identity if theydecided to leave the familiar environment of theirhome and upbringing, and take a chance of livinga different life beyond their immediate horizons. Itcould be argued that establishing a new identity ina world without paper and records was an easytask, although the reliance on oral communicationand the strength of ties through different types ofrelationship (such as family relations, businessrelationships and political affiliations) may havemade it difficult to assume a new identityeffectively in any but the biggest metropolitanarea. In contrast, the electronic world has madeidentity more of an issue, because we have becomemore mobile. The methods by which wecommunicate have increased, as has the speed bywhich we communicate. More people canundertake transactions remotely and anonymously.As always, technology has brought additional risksand pressures into our daily lives.

The greater use of paper and the introductionof a permanent record enabled the governing eliteto more accurately record the life span of anindividual, and to document the principal events ina person’s life, such as birth, baptism (if born intoa Christian family), marriage and death. It shouldbe noted, however, that in evidential terms, theserecords merely chronicle various incidents in aperson’s life. Such records do not link the identityof the person to the event that is recorded,although it is generally accepted that a causal linkmust follow, unless there is sufficient evidence tothe contrary.7

The most basic of documents, the birthcertificate, does not provide evidence that theholder of the certificate is the person whose birthis recorded in the certificate. There is no nexusbetween the content of the birth certificate and theholder of the certificate, despite any legalpresumptions that might apply.8 Although a birthcertificate is a record of the birth of an individual,it does not follow that the person whose name isidentified on the certificate is same person as theindividual in whose possession the certificate rests.In the absence of proof of a link between theholder of a birth certificate and the content, theassertion of identity rests on the proposition that aperson’s identity is demonstrated by the record ofa birth, entered in a birth certificate, which initself is not capable of proving a link between theindividual and the certificate.

166

Validating identity

CLSR 20 03.qxd 15/04/2004 16:19 Page 166

167

D. Extrinsic evidence of identityIn any society that relies on the birth certificate (inthe absence of other data, such as a biometricmeasurement which is also recorded on the birthcertificate) as proof of identity, the identity of anindividual is predicated on the existence of therecord of their birth. This evidence can bedescribed as the foundation document that linksthe individual to their identity. Until recently, thisrecord was rarely used as evidence to corroboratethe identity of an individual when issuing otherdocuments, such as a passport or driving licence,or to open a bank account.

In contemporary society, more diverse types ofevidence are available that serve to corroborate theidentity of an individual. It might also beobserved, that the longer a person lives, the morefrequently they interact with agencies that createtheir own records. As a result, the link between theoriginal record of birth as evidence of identity maycease to be relevant because it is too remote, or nosuch link may have been made when furtherrecords are created. In many, if not most instances,a document that is also used to corroborateidentity is created without a direct reference to thecertificate of birth. In this respect, the independentrecognition of identity will also exist within acontext other than by evidence of birth. There area range of records, both public and private, thatdo not identify an individual, but form a pattern ofbehaviour or history of events, and are available asa means of reference, such as: government records(passport, driving licence, national insurancenumber); local authority records (records of thenames of the occupiers of a dwelling for thepurposes of collecting local taxes, registering theoccupants on the register of electors); bankaccounts; credit reference agencies; Inland Revenuetax notification; telephone and utility paymenthistory; credit card reference and other suchexamples.9 It is possible to help corroborate aperson’s identity by referring to such records,although it should be noted that these are recordsof daily activities or grants of permissions, ratherthan evidence of the identity of the individual.

It is possible to question the weight to be givento some records that are created that do not relyon the sight of a valid birth certificate. In manyinstances, the issuing agency may have relied onthe accuracy of the information provided by theindividual, perhaps corroborated by producing apassport or driving licence. Organizations dealingwith personal information, such as some credit

agencies, will undertake exercises to assess thebreadth, depth and quality of the information, anddifferent weightings may be attributed to thesource from which the information is obtained.This mechanism demonstrates the reliance societygenerally places on the various types ofdocumentary evidence that are available tocorroborate the identity of an individual. Itfollows that reliance is also placed on the accuracyof the information recorded in the document.However, most types of documentary evidence donot go to prove the identity of the subject matter:■ The birth certificate is a record of a historical

event, and lacks any evidence to link the holderto the birth.10

■ A passport, even with a photograph and anelectronic signature attached (in the form of ascanned manuscript signature), is a traveldocument.

■ A driving licence, even with a photograph andan electronic signature attached (in the form ofa scanned manuscript signature), providesproof that the person is permitted to drivecertain categories of vehicles.

■ The purpose of a national insurance number isto record national insurance contributions andincome tax, and for claiming benefits.

The strength of the biographical history actsto bind the identity of an individual to a historicalrecord of daily events. If such records are to haveany meaning, it is important that they are accurateif they are to be relied upon to corroborate aperson’s identity. Furthermore, unless the degree ofassurance is very high when collating evidence forissuing proof of identity, an identity card will notbe sufficient proof of identity.

E. Accuracy of the recordIf identity is to be accurately authenticated in theelectronic environment, the weaknesses in theprocess of recording information must be rectified,as demonstrated by the case of Mr Derek Bond in2003. Mr Bond, aged 76 at the time, was arrestedand held in prison in South Africa for a number ofweeks at the request of the Federal Bureau ofInvestigation, because the Bureau wrongly insistedthat he was a person named Derek Sykes, who waswanted in connection with a scheme thatdefrauded people of millions of dollars.

The process of recording information must beaccurate and easily altered if errors occur, which isinevitable, given the propensity of human beings tomake mistakes or be in a position of trust that

Validating identity

There are a range

of records, both

public and private,

that do not

identify an

individual, but

form a pattern of

behaviour or

history of events

CLSR 20 03.qxd 15/04/2004 16:19 Page 167

enables them to deliberately alter the record. Toensure documents are issued and records createdthat can be used to validate the identity of anindividual, care must be given to the process bywhich records are produced and corrected.Although the information contained in commercialdatabases is not subject to the legal presumptionsthat apply to government documents, neverthelessmany commercial databases are used in commerceand by governments as a means of checking thevalidity of a person’s identity. Such databases areinterrogated to provide secondary evidence of theindividual’s biographical history, which helps tocorroborate the primary documents that may existto support the assertion that the person is whothey claim to be. Government departments in theUnited Kingdom check the identity of anindividual against a number of sources ofinformation, such as:■ Government databases within the department

and across other departments where the lawpermits.

■ Private sector databases, such as Equifax andExperian.

■ The physical scrutiny of documents and thechecking of the information contained on thedocument, such as the number of a birthcertificate, against lists of stolen certificates.

■ The use of risk assessment and profiling toprevent potentially fraudulent applications.

■ The use of biometric measurements, such asfingerprints and forensic data (although this isrestricted to the Home Office) andphotographs.11

In the United States of America, where identitytheft has reached alarming proportions, particularattention has been given to the use of socialsecurity numbers. This issue is now high on thepolitical agenda, and a recent report from theGeneral Accounting Office relating to theverification of social security numbers against theissue of driving licence records, highlights theproblems that can occur where the database is notaccurate.12 If the authentication of an individualwere to rely on a single type of record, such as anidentity card, not only would the nature of therecord need to be accurate beyond reasonabledoubt, but also it would then become the target ofdetermined criminals as a result.

F. The registration processCorroborating identity accurately, therefore,requires validation (confirmation that a claimed

identity exists) and verification (confirmation thata person is whom they claim to be). In mostinstances, documents issued by governmentsunderpin the integrity of individual identity. Theregistration process, whatever the purpose, must besufficiently robust to be able to detect a fraudulentapplication or confirm the identity of theapplicant, especially if the individual has decidedto change their name, for instance. This willdepend on the nature of the goods or service theapplicant wishes to obtain. An application toobtain a ticket to withdraw books from a locallibrary will require less evidence than if anindividual wishes to obtain a key pair and acertifying certificate which, when combined, forma digital signature. It may be necessary for anindividual to attend in person and present certaindocuments to verify their identity, depending onthe nature of the risk.13

The British government requires those peoplethat choose to obtain access to on-line services toproperly identify themselves before being grantedaccess to the service.14 The government does notissue certificates linked to a key pair to form adigital signature, but relies on commercialregistration authorities and certificationauthorities to undertake this service within thecommercial environment, between the provider ofa certificate and the person subscribing to a digitalsignature. It is a requirement that the serviceprovider conforms to the requirements set out inthe relevant guidelines.15

A ‘registration level’ determines theregistration process that links to degrees ofconfidence in the evidence adduced to confirm theidentity of the individual applying for a digitalsignature. The levels are linked to the severity ofthe consequences that might occur if the identityof the individual is misappropriated. Level 0represents minimal damage, Level 1 minordamage, and Level 2 significant damage and Level3 substantial damage.16 The type and variety ofevidence that is required for each level is set out inHer Majesty’s Government’s (HMG) MinimumRequirements for the Verification of the Identity ofIndividuals.17 For each level, provision is made forregistration to take place where the individualappears before the registration or certificationauthority in person, or for remote registration.The forms of evidence cover:■ A personal statement made by the applicant

(such as name, address and date of birth forthe lowest level).

168

Validating identity

CLSR 20 03.qxd 15/04/2004 16:19 Page 168

169

■ The provision of documents to demonstrateidentity (such as passport, driving licence,firearms certificate, birth certificate) and anyactivities undertaken in the community (suchas local authority tax bill, utility bills, bankstatement).

■ Third party corroboration (such as informationknown about the applicant by a trustworthyorganization or individual).

Although the applicant is required to answer aseries of questions for whichever method ofregistration is used, the personal statement is notrelied upon as evidence of identity. The degree ofproof required is linked to the requirements ofLevels 1, 2 and 3. The verification of identity mustbe on the balance of probabilities for Level 1,while there must be substantial assurance to verifyidentity for Level 2. For Level 3, the identity of theapplicant must be beyond reasonable doubt.

The various types of evidence adduced tovalidate and verify identity has to be checked. Thisis usually undertaken by referring to the variouscommercial agencies that offer such services. It isnot clear whether commercial registration andcertification authorities are permitted to check thenature of their evidence against governmentdatabases, but in any event, significant problemsexist with the records that currently exist. Manydatabases contain more people on the databasethan the numbers in the population. This isbecause records continue to remain for people thatare deceased. Other problems include poorlymanaged databases because of duplicate entries asthe result of misspellings and errors when addingentries. Some duplicate entries will be intentionallyincluded because of a deliberate attempt at fraud,such as the inclusion of a person’s name against adriving licence, even though they have not passedthe test, for instance.18

G. Concluding remarksIt is perfectly possible to obtain a wholly fabricatedidentity or the identity of another person. Usingpaper documents, a fabricated identity can becreated overnight. Attempting to create a falseidentity with an electronic biographical trail,however, will take far longer. Documents can beobtained that attribute an identity to an individual,either by giving false information to obtain genuinedocuments, by using genuine documents that havebeen stolen, or by obtaining forged documents.19

The biographical history of identity in thecommunity is more difficult to acquire, but not

impossible, if somebody is determined to create ormisuse a false identity. It is thought by many thatan answer lies in the recording of biometric data toconfirm identity. However, the same principles thatapply to the creation of documents also apply tothe process of recording and issuing biometricdata. If the recording and issuing process isinsecure, or if the identity of an individual is notconfirmed, then a biometric measurement has novalue.20 There are many solutions to the problem.One is to encourage individuals to look after theiridentity more closely, by taking care to shred anyinformation relating to their daily life that is not ofrelevant to any third party. While the United Statesof America has made identity theft a criminaloffence, the problem is that no act of legislaturewill prevent a crime taking place. Individuals arenot always in a position to protect themselves, andmust rely on third parties to protect the personalinformation they hold, whether it is a governmentdepartment or private sector business. Creditagencies, banks and other issuers of credit mustalso take steps to take into account the risksrelating to identity theft.21

In the physical world, where a governmentdepartment takes care to assess the various sourcesof evidence before issuing documents, fraud can bedetected.22 However, where governments intendindividuals to communicate with them by way ofthe internet, or use their own and commercialdatabases to corroborate identity, the difficultiesonly begin at the registration stage. This paper hasonly considered the process of authenticatingpersonal identity where the individual maintains alink with their birth name (in many common lawjurisdictions, a person can legitimately changetheir name without recourse to any legal process).Even if a government, for instance, requires anindividual to use a digital signature tocommunicate with government departments, theuse of such a signature will not necessarily serve toauthenticate the individual when the signature isused, nor does its use necessarily assert that theindividual affixed the signature to the message.

Stephen Mason, Report Correspondent, is abarrister at St Paul’s Chambers(www.stpaulschambers.com)

© Stephen Mason, 2004

Validating identity

It is perfectly

possible to obtain

a wholly

fabricated identity

or the identity of

another person

FOOTNOTES

1 A shorter version of this article “Authenticatingidentity for the electronic environment” was translatedinto Russian and first published in Legal InformatizationJournal National Center of Legal Information, Republic of

CLSR 20 03.qxd 15/04/2004 16:19 Page 169

Belarus, Volume 6, 2003, 127-132. The author thanksNicholas Bohm, solicitor, electronic commerce consultantto Fox Williams and Professor Fred Piper, Department ofMathematics, Royal Holloway College, University ofLondon for their comments to the first version of thispaper, and for subsequent comments made by Jim Lound,Product Director-Trust Services, Experian Limited.

2 “Identity theft at Companies House”, [2002] 18Computer Law and Security Report 370.

3 Report: Federal Trade Commission Overview of theIdentity Theft Program September 2003 available inelectronic format from http://www.ftc.gov/os/2003/09/timelinereport.pdf; Federal Trade Commission -Identity Theft Survey Report, September 2003 available inelectronic format from http://www.ftc.gov/os/2003/09/synovatereport.pdf.

4 Jennette Gayer, Policing Privacy: Law Enforcement’sResponse to Identity Theft, CALPIRG Education Fund,May 2003, p14 available in electronic format fromhttp://calpirg.org/CA.asp?id2=9791&id3=CA&.

5 Identity Cards: The Next Steps, Home Office, November2003 (Cm 6020), available in electronic format fromhttp://www.homeoffice.gov.uk/comrace/identitycards/; Anational identity card for Canada? Report of theStanding Committee on Citizenship and ImmigrationOctober 2003 available in electronic format fromhttp://www.parl.gc.ca/InfocomDoc/Documents/37/2/parlbus/commbus/house/reports/cimmrp06/cimmrp06-e.pdf.

6 Identity fraud has been divided into three maincategories: “account takeover” where a thief obtainsaccess to a person’s accounts, “true name” where a thiefuses an item of personal information that serves toidentify the victim and “covering tracks” where acriminal commits crimes using the identity of an innocentperson. Jennette Gayer, Policing Privacy: LawEnforcement’s Response to Identity Theft, p. 8.

7 Under English law, non-parochial registers recordingbirths, marriages and deaths, which were previously notkept under public authority or in performance of a publicduty, were not receivable as public documents until thepassing of the Non-Parochial Registers Act 1840. This Actwas extended by the Births and Deaths Registration Act1858, ss 2-3 to records made before 1840.

8 Registers of births and deaths are kept under the Birthsand Deaths Registration Acts 1836 to 1953. A register isevidence of the particular transaction that it was theofficer’s duty to record, and must be made by or underthe direction of the person whose duty it is to make therecord at the time. Hence, the register of birth isevidence of both the fact and date of birth. See M NHoward ed Phipson on Evidence (Sweet & Maxwell, 15thedn, 2000) paragraphs 36-12 to 36-14; 36-20 to 36-23.

9 HMG’s Minimum Requirements for the Verification ofthe Identity of Individuals, Office of the e-Envoy, Version2.0 January 2003 paragraph 3.3.2 for an indicative list,available in electronic format from http://www.e-envoy.gov.uk/Resources/FrameworksAndPolicy/fs/en.

10 Paragraph 1.1.1 of Civil Registration: Delivering VitalChange, London: Office for National Statistics, 2003incorrectly asserts that the act of civil registration“provides the individual with a name and identity withinsociety.” This claim infers that the right to give a child aname is granted by the state. This assertion is bothincorrect and unacceptable. The consultation document isavailable in electronic format from http://www.statistics.gov.uk/registration/whitepaper/default.asp.

11 Identity Fraud: A Study, Cabinet Office, July 2002paragraph 3.16, available in electronic format fromhttp://www.homeoffice.gov.uk/docs/id_fraud_report.pdf.

12 The Federal Trade Commission issued When badthings happen to your good name in November 2003,

available in electronic format from http://www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm. See also UnitedStates General Accounting Office Report to CongressionalRequesters: Social Security Numbers Improved SSNVerification and Exchange of States’ Driver RecordsWould Enhance Identity Verification September 2003,available in electronic format fromhttp://www.gao.gov/atext/d03920.txt.

13 Registration and Authentication: e-GovernmentStrategy Framework Policy and Guidelines, Office of thee-Envoy, Version 3.0 September 2002 Chapter 4 for adiscussion of the levels of authentication, available inelectronic format from http://www.e-envoy.gov.uk/Resources/FrameworksAndPolicy/fs/en. Seealso the excellent discussion in Online Authentication: Aguide for government managers, National Office for theInformation Economy, 2002, available in electronicformat from http://www.noie.gov.au/projects/confidence/Improving/authentication.htm.

14 HMG’s Minimum Requirements for the Verification ofthe Identity of Individuals, Office of the e-Envoy, Version2.0 January 2003 paragraph 2.1.

15 Registration and Authentication: e-GovernmentStrategy Framework Policy and Guidelines, Office of thee-Envoy, Version 3.0 September 2002 and HMG’sMinimum Requirements for the Verification of theIdentity of Individuals, Office of the e-Envoy, Version 2.0January 2003. Similar considerations relating levels ofassurance are discussed in E-Authentication Policy forFederal Agencies: Request for Comments, Office ofElectronic Government and technology, GSA, available inelectronic format at http://www.estrategy.gov/eapolicydraft.cfm.

16 See generally: Registration and Authentication: e-Government Strategy Framework Policy and Guidelines,Office of the e-Envoy, Version 3.0 September 2002Chapter 3.

17 Chapter 4.

18 See generally: Identity Fraud: A Study, Cabinet Office,July 2002.

19 The most common sources of identity theft are: theft ofinformation sent by post; looking through discardedrubbish (the information can be found in the rubbish binof the individual, or the rubbish bin of an organizationthat discards volumes of papers for collection, rather thandestroying the information); employees that steal personalinformation; items that are either stolen or lost, such as adriving licence; burglary of a dwelling or office; obtaininginformation by sending out false e-mails to encourageindividuals to provide security passwords, or hacking intoinsecure web sites; scams by telephone, asking for personalinformation and shoulder surfing, amongst others.

20 Where a biometric measurement is used, such as afingerprint or iris scan, for instance, what happens whenthe measurement is stolen? What other form ofbiometric measurement will be used by the state toreplace the stolen measurement? The originalmeasurement must be protected, whether it is containedon a card or in a central database or both. A humanbeing only has a limited number of attributes that arecapable of being measured. What will the state do if anindividual no longer has a biometric measurement touse? How will individuals whose biometric measurementsare stolen prove that it was not they that committed acriminal or terrorist act?

21 Jennette Gayer, Policing Privacy: Law Enforcement’sResponse to Identity Theft, pp. 4 and 11.

22 Identity Fraud: A Study, Cabinet Office, July 2002,example at Box 2.2.

170

Validating identity

CLSR 20 03.qxd 15/04/2004 16:19 Page 170