![Sample our Law journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5942/TOC-Subject-Sample-2021-Law.jpg"})
Abstract
This paper examines the legal nature of identity and identification in the context of transactions, considering recent developments in the United Kingdom and Australia. Identity and identification have not previously been analysed in this context, from a legal perspective. The composition and legal function of identity are considered, having regard to legislative changes in both countries. In particular, the concept of identity under the United Kingdom Identity Cards Act 2005 c 15 (UK) is compared to the concept of identity developing under Australian legislation. The distinction between that concept of identity and identification of an individual is considered and the legal nature and role of identity for transactional purposes is analysed. Overall, the paper challenges the assumption that the United Kingdom and Australian legislation are merely establishing an evidentiary standard for identification of individuals for transactional purposes, and asserts that identity is emerging as a distinct, new legal concept. A framework is presented for conceptualising identity in this context from a legal perspective, and the major ramifications of the new concept are outlined.
Notes
1 As one commentator observes, ‘much legal doctrine obscures the salience of identity qua identity, though when confronted directly with the issue, the law does give substance to the importance of identity.’ See R R W Brookes ‘Incorporating race’, 106 Columbia Law Review 2023, 2097, 2006.
2 A bundle of information, which usually comprises name, account or card number with an expiry date and a handwritten signature has been used for credit and debit card transactions, and for electronic banking for many years.
3 In this paper ‘transaction’ and ‘dealing’ are used in their widest sense, to describe any dealing, whether in person (i.e. face to face) or using remote communication (such as a telephone, the Internet or a computer network), for which an individual is required to identify himself/herself. A transaction or dealing may be between an individual and a government department or agency or with a private sector entity, and can range from an enquiry to a contract. In this paper a transaction/dealing does not include transactions and dealings of a non-business nature such as domestic and social interaction.
4 Although not framed in terms of identity, the Human Services (Enhanced Service Delivery) Bill (Cth) 2007 contains provisions that are very similar to those in the United Kingdom Identity Cards Act. The customer identification procedures under the new Federal Anti-Money Laundering/Counter-Terrorism Financing Act 2006 (Cth) (‘AML/CTF Act’) enacted on 12 December 2006, also contain similar concepts of identity to those in the Identity Cards Act.
5 Although a new single database was originally planned, the government has since announced that existing databases will be used for the NIS. Reportedly, the data and information will be held on three existing separate databases. See British Broadcasting Corporation ‘Q &A: identity card plans’, British Broadcasting News 19 December 2006, http://newsvote.bbc.co.uk/mpapps/pagetools/print/news.bbc.co.uk/1/hi/uk_politics/31276. Reportedly, ‘the Department of Work and Pensions database will contain biographical information’, the Home Office database will contain biometric data, and ‘the remaining information’ will be stored on the Identity and Passport Service database. See L Sherriff ‘UK ditches single ID database’, The Register (London) 19 December 2006, http//:/:www.theregister.co.uk/2006/12/19/bigbro_cubed/print/html (accessed 29 March 2007). At the time of writing, however, the Prime Minister has again raised the possibility of a single database and plans to make it easier to share information across government departments. See N Morris ‘Big brother: what it really means in Britain today’, Independent (London) 15 January 2007, http//:/:www.news:theindependent.co.uk/uk/politics/article2154844.ece (accessed 29 March 2007). For ease of reference, in this paper NIR is used to refer to all the databases comprising the NIS.
6 The NIR is the basis of the Scheme, not the ID card as the title of the Act suggests. Note that the Act is enabling legislation that sets up the framework for the scheme. Much of the detail will be specified in regulations that are yet to be drafted. However, intended operation of the Scheme can be discerned from publications of the Identity and Passport Service.
7 ‘Data’ is often defined in legislation as including ‘information’ as in section 1 of the Data Protection Act 1988 c 29 (UK) (‘Data Protection Act’), for example. However, the Identity Cards Act uses both terms. ‘Information’ is defined to include ‘documents and records’. ‘Document’ is defined to include ‘a stamp or label’ but ‘record’ is not defined and neither is ‘data’. Although, ‘information’ is used in relation to the NIR, ‘data’ is used in referring to biometrics and the chip on the ID card. For example, ‘biometric information’ is defined to mean ‘data about an individual's physical characteristics’ (see section 42). For that reason I also make the general and scientific distinction between ‘data’ and ‘information’, i.e. that data is the raw material, from which information is derived. I use ‘data’ to cover both singular and plural. However, because the distinction is not always crucial, for ease of reference I use ‘information’ as including ‘data’, unless otherwise indicated.
8 As set out in section 1(3), the purpose of the NIR is to set up a ‘secure and reliable record of registrable facts about individuals in the United Kingdom’. The information in the NIR is to be used for a wide range of purposes including provision of public services, crime prevention and detection and national security. See section 1(4). The government wants to make the NIS the ‘gold standard of identity verification’. See report by the United Kingdom Information Commissioner ‘The Identity Cards Bill: the Information Commissioner's concerns’ June 2005, p 1, http://www.ico.gov.uk/eventual.html (accessed 10 May 2006).
9 Practical considerations support this interpretation. Use of one, two or even several of these components would not usually identify an individual with sufficient precision and would at best, make the section ineffective, and at worst, a nonsense. For example, there are undoubtedly a large number of individuals named or known as Lee Smith in the United Kingdom. More than one may have the same birth date. Lee is not a gender specific name, so adding gender narrows the field, as does birth place. Of course, the addition of biometrics and a handwritten signature not only further narrows the field, they provide a link to the physical embodiment of the individual, assuming of course, that the biometrics and signature are authentic and are correctly matched to the individual. It is not until all this information is considered as a whole, that it can be said to identify an individual with any acceptable degree of precision.
10 The ‘external identifying characteristics’ referred to in this section are specified in Schedule 1 which sets out the categories of data and information that may be included in the NIR under section 3.
11 ‘Signature’ is not defined but it is apparently intended that a handwritten signature be used. An individual's signature is included in the list of ‘identifying information’ implying that a handwritten signature is considered a distinguishing physical feature, though it is not mentioned at all in the definition of ‘registrable facts’, nor in relation to ‘identity’ in s 1. See also T Geoghegan ‘I've got a biometric ID card’, British Broadcasting News 12 August 2004, http://news.bbc.co.uk/go/pr/fr/1/hi/uk/3556720.stm (accessed 29 March 2007). Georghean reports that when he obtained his ID card as part of the pilot scheme being conducted by the IPS, he ‘had to give a copy of my signature which they store electronically’.
12 It now appears that only fingerprints and a face scan will be used initially, though iris scanning may be used in the future. Iris scans will not be used initially, reportedly because of the high costs of the process and because most countries use fingerprints and face scans. See P Johnstone ‘Iris scans dropped from ID card plans’, Telegraph 12 January 2007, http://telegraph.co.uk/core/Content/displayPrintable.jhtml;jsessionid=DWNA31GV (accessed 29 March 2007).
13 Identity and Passport Service ‘Corporate and business plans 2006–2016’, p 42, http//:www.identitycards.gov.uk/scheme.html (accessed 10 May 2006).
14 Section 1(5) states that:
-
[I]n this Act ‘registrable fact,’ in relation to an individual means:
-
(a) his identity;
-
(b) the address of his principal place of residence in the United Kingdom;
-
(c) the address of every other place in the United Kingdom or elsewhere where he has a place of residence;
-
(d) where in the United Kingdom and elsewhere he has previously been resident;
-
(e) the times at which he was resident at different places in the United Kingdom or elsewhere;
-
(f) his current residential status;
-
(g) residential statuses previously held by him;
-
(h) information about numbers allocated to him for identification purposes and about the documents to which they relate;
-
(i) information about occasions on which information recorded about him in the Register has been provided to any person;
-
(j) information recorded in the Register at his request. (Emphasis added)
-
15. The precise nature of the identification process is not clear from the Act because the Act establishes the framework for the NIS. Much of the detail regarding the operation of the NIS will be in subsequent legislation.
16 ‘Authentication of identity’ and ‘verification of identity’ are used interchangeably (and therefore incorrectly) by many commentators. Under the NIS they are separate and distinct processes.
17 Exceptions are clearly contemplated in the case of incapacity and infirmity. See Home Office ‘Regulatory impact assessment, Identity Cards Bill introduced to House of Commons on 25 May 2005’ (UK), http//:www.homeoffice.gsi.gov.uk.html (accessed 16 May 2006). This regulatory assessment is an updated version of the one published alongside the Bill, which was introduced into the House of Commons on 29 November 2004.
18 Identity and Passport Service ‘What is the National Identity Scheme?’, http//:www.identitycards.gov.uk/scheme.html (accessed 10 May 2006).
19 ‘Your biographical footprint is simply the basic facts about your life, for example: name, date of birth and address’ (ibid).
20 Ibid.
21 ‘Identifying information’ is confined to an individual's external characteristics that under section 1(7) ‘are capable of identifying him’ and is therefore narrower than token identity. In Schedule 1 ‘identifying information’ includes a photograph of head and shoulders, fingerprints and ‘other biometric information’ as well as the individual's signature. ‘Identifying information’ is more limited than ‘identity’ under s 1(7).
22 Identity and Passport Service ‘Biometrics’, http//:www.identitycards.gov.uk/scheme.html (accessed 10 May 2006).
23 Usually used for off-line verification. The ID card will be a smart card, which is ‘essentially a stand alone computer’, which can operate independently of the on-line system. See J Wadham, C Gallagher and N Chrolavicius The Identity Cards Act 2006, Oxford University Press, UK, 2006, p 5. Subsections (1) and (2) of section 6 explain that the ID card will contain two sets of information: registrable facts as recorded on the NIR and data enabling the card to access the individual's record on the NIR. As an example of the latter, the Explanatory Notes specifically mention a personal identification number (‘PIN’).
24 Including updating, to reflect any subsequent changes and to correct any errors. The information recorded in the chip is also recorded in the NIR.
25 Presentation may be by personal attendance at which time the information is provided by a person and/or the ID card is presented or the required information may be provided by telephone or using the Internet. Under s 6(3) the ID card ‘must record only the prescribed information’ and ‘must record prescribed parts of it in an encrypted form’.
26 My analogy.
27 Public and private sector organisations accredited to use the NIS will be able to choose the verification method considered most suitable for the transaction. There are basically three levels of verification contemplated by the NIS. The lowest level will be a check using the photo on the ID card. The next level will involve the use of a PIN and/or answers to designated questions. The highest level check will include biometrics. See Identity and Passport Service ‘What kind of organizations will use the scheme?’, http://www.identitycards.gov.uk/scheme.html (accessed 10 May 2006).
28 Including, for example, a question about residential address. Residential address is not part of the section 1(7) information.
29 Name is the most likely piece of information to change but parts (a) and (b) of section 1(7) link the name given to a baby to other names, whether as a result of a name change by marriage, deed poll, or through usage.
30 Particularly in relation to gender. See United Kingdom, Parliamentary Debates, House of Lords, 30 January 2006, col 79 (Baroness Scotland of Asthal).
31 Perhaps the most famous example is the celebrity Oprah Winfrey who was actually named Opah. Opah was incorrectly stated on the birth certificate as ‘Oprah’. The birth certificate is a primary identity document in most common law countries and it is the most enduring identity document.
32 Much like a token represents money.
33 It enables the automated system and the human operators using that system, to transact with the individual who presents that token identity.
34 See Schedule 1 of the Act.
35 Although a new single database was originally planned, the government has now announced that existing databases will be used for the NIS, though the data and information they currently contain will be augmented.
36 ‘Data’ is defined to include ‘information’ under section 1(1) of the Data Protection Act. ‘Personal data’ is defined in section 1(1) to mean:
-
data which relate to a living individual who can be identified—
-
(a) from those data, or
-
(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,
-
-
Under section 1(1) ‘data controller’ means, ‘subject to subsection (4), a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.’ Some of the personal information may also be ‘sensitive personal data’ which is subject to special protection under the Data Protection Act. ‘Sensitive personal data’ is defined in the Act as information relating to racial or ethic origin, political opinion, religious or similar beliefs, trade union membership, physical or mental health or condition, sexual life, commission or alleged commission of any offence by the individual and/or proceedings for an offence committed or alleged to have been committed by the individual. See section 2.
37 Date of death is included in the information in section 1(7) of the Identity Cards Act.
38 See the definition of ‘personal data’ in section 1(1) of the Data Protection Act.
39 This other information includes historical information but database identity is also dynamic and will change as the NIR and other accessible databases are updated to reflect changes, transactions and access information.
40 With the possible exception of ‘Records of Provision of Information’ in Schedule 1, the other information in the NIR, even information like a PIN and password, can be broadly described is biographical in that it is information about the individual.
41 Data and information entered in the NIR may not be adequately tested for authenticity, nor will it necessarily be completely up to date and accurate. The Act provides that once entered in the NIR, information may continue to be recorded in the Register ‘only if and for so long as it is consistent with the statutory purposes for it to be recorded’, see section 3. However, any errors and inaccuracies, including those resulting from ‘gaps’ in the personal information recorded and abbreviated data entries, can become ‘facts’.
42 D Solove The Digital Person, 2004, New York University Press, New York p 1.
43 Ibid. Solove refers to an ‘electronic collage that covers much of a person's life—a life captured in records, a digital person composed in the collective computer networks of the world’, p. 1.
44 The Act is enabling legislation. Enactment of further legislation is necessary to fully implement the scheme.
45 In Australia, ‘identity’ is mentioned in a wide range of federal and state legislation. However, identity is rarely defined. When identity is defined, the definition is usually coloured by the nature of the legislation For example, see for example, section 4 of the Equal Opportunity Act 1995 (Vic) which defines ‘gender identity’.
46 See the Enforcement and National Security (Assumed Identities) Act 1998 (NSW) (the ‘NSW Assumed Identities Act’). The Act provides ‘for the acquisition and use of assumed identities by officers of certain law enforcement and national security agencies for the purposes of their official duties’, as stated in the long title of the Act. Identity may be assumed temporarily or permanently. Identity is defined to mean ‘name, address or date of birth, or such other aspects of a person's identity as may be prescribed by the regulations for the purposes of this definition.’ See section 3. The regulations have not prescribed other aspects. At first sight this combination of information may seem unremarkable. Name and address may be dismissed is an expected, frequently used combination. However, date of birth is not commonly used, other than in establishing identity. Other state legislation also defines identity as name, address and date of birth. See for example section 7.1.2 of the Gambling Regulation Act 2003 (Vic), which defines ‘identity’ in relation to a person to mean ‘name, address, date of birth or a prescribed aspect of the person's identity’.
47 Token identity was initially evident to an extent in federal legislation, in the Migration Act 1958 (Cth). The Act does not define ‘Identity’, ‘authenticate’, ‘identify’ and ‘identification’ but ‘identification test’ means ‘a test carried out in order to obtain a personal identifier’. A person who is suspected of being a ‘non- citizen’ may be required to provide a ‘personal identifier’. Section 5 defines ‘non-citizen’ to mean ‘a person who is not an Australian citizen’. Section 188(4A) states that under subsections (1) and (4) a person may be required to present or provide (including in digital form):
-
(a) a photograph or other image of the person's face and shoulders;
-
(b) the person's signature;
-
(c) any other personal identifier contained in the person's passport or other travel document;
-
(d) any other personal identifier of a type prescribed for the purposes of this paragraph.
-
Note: Division 13AB sets out further restrictions on the personal identifiers that minors and incapable persons can be required to provide.
-
Ssubsection (5) states that subsection (4) does not limit the officer's power under subsection (1) to require the person to show the officer evidence (which might include a personal identifier) of the person's identity or evidence of the person being a lawful non-citizen.
-
Section 5A defines ‘personal identifier’ to mean:
-
any of the following (including any of the following in digital form):
-
(a) fingerprints or handprints of a person (including those taken using paper and ink or digital live scanning technologies);
-
(b) a measurement of a person's height and weight;
-
(c) a photograph or other image of a person's face and shoulders;
-
(d) an audio or a video recording of a person (other than a video recording under section 261AJ);
-
(e) an iris scan;
-
(f) a person's signature;
-
(g) any other identifier prescribed the regulations, other than an identifier the obtaining of which would involve the carrying out of an intimate forensic procedure within the meaning of section 23WA of the Crimes Act 1914.
-
48 Section 5 defines ‘reporting entity’ as ‘a person who provides a designated service’. ‘Designated service’ is as set out in section 6. Section 6 sets out 70 different banking and finance services, bullion dealings and gambling services, which are defined as ‘designated services’ under the AML/CTF Act.
49 The approach adopted by the AML/CTF legislation in identifying customers is similar to the approach of the Identity Cards Act. Despite being designed for different specific purposes, the AML/CTF legislation, like the Identity Cards Act, establishes two tiers of identity. The first tier is the ‘minimum Know Your Customer information’ (‘KYC information’). Part 4.2 of the AML/CTF Rules which commence on 12 December 2007, particularly rule 4.2.3 requires that a reporting entity must collect, at a minimum, the following KYC information from a customer at the relevant time:
-
(1) the customer's full name;
-
(2) the customer's date of birth; and
-
(3) the customer's residential address.
50 On 15 March 2007 the original Bill was delayed following a Senate Inquiry. Like the Identity Cards Act in the United Kingdom, the original Bill established the framework for the new scheme. Operational details including security and privacy aspects were to be covered in subsequent legislation. The Senate Inquiry recommended that the entire legislative package be presented in one Bill. The government agreed and an Exposure Draft of the new Bill was released on 21 June 2007. The clauses in the current Bill augment those in the original Bill. The key provisions have not changed substantially. References in this article are to clauses in the Exposure Draft released on 21 June 2007. Where appropriate, references to both the Explanatory Memorandum tabled in Parliament with the original Bill which sets out broad objectives of the legislation and/or the Explanatory Material dated 21 June 2007 which explains the clauses of the Exposure Draft of the new Bill, are included. See Australian Broadcasting Corporation, ‘Govt stands by smart card despite Senate concerns’, http//:www.abc.net.au/newsitems/200703s1873093.html (accessed 16 March 2007) and Office of Access Card ‘Access Card’, http//:www.accesscard.gov.au.html (accessed 27 June 2007).
51 Commonly referred to in Australia as ‘the smart card’.
52 The card contains a chip, which is a microprocessor capable of storing information and performing intelligent functions off-line.
53 Like the NIS, the basis of the new scheme is the Register, not the card.
54 Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Memorandum, 2. A new chip and Personal Identification Number (‘PIN’) card will replace the existing Medicare Card which does not have a PIN or an embedded chip, and which specifies only the individual's name, Medicare number and card expiry date. The new card will replace ‘up to 17 existing Australian Government benefits cards and vouchers’. See Australian Government Submission to the Senate Enquiry on the Human Services (Enhanced Service Delivery) Bill 2007, 1.
55 The government has stated that:
-
[I]t is the intent of the Australian Government that access card registrations meet the Gold Standard Enrolment Framework of the National Identity Strategy to the greatest possible extent. This will ensure that the risks of identity fraud are managed and appropriate protections to Australian Government outlays are provided.
-
See Australian Government Submission to the Senate Enquiry on the Human Services (Enhanced Service Delivery) Bill 2007, 24. See also Office of Access Card ‘Fact sheet: information security’, http//:www.accesscard.gov.au.html (accessed 27 June 2007).
56 The Medicare card is a key proof of identity document under the 100 points of proof of identity under the Financial Transction Reports Act 1988 (Cth).
57 As is the case under the Identity Cards Act, the Bill only prohibits a person from requiring production of the card. See clause 131 and note clause 81 of the Bill and section 16 of the Identity Cards Act.
58 Attempts to present it otherwise can be explained by political expediency. A national identity card is still a political hot potato in Australia. The federal government is obviously trying to avoid controversy and the debate that has followed each attempt to introduce a national identity card in Australia. The Australia Card legislation introduced into federal Parliament in the 1980s proved to be extremely controversial and did not proceed in the face of the public outcry. In 2006 the Prime Minister floated the idea of a national identity card, again sparking public debate, which subsided when it became apparent that the legislation was not imminent. Indeed, the introduction of the Bill has been a surprise to many observers who assumed that the Access Card legislation would not be introduced into Parliament until after the next federal election in 2007.
59 ‘Fraud’ not ‘identity fraud’ is used. See clause 7.
60 Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Memorandum, 2. See also clause 7 of the Bill.
61 Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Memorandum, 3 and Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Material, 28.
62 See, however, clauses 41 and 42, which refer to the Secretary of the Department being ‘satisfied of the individual's identity’.
63 See, however, clause 184, which refers to ‘Administration Rules—identification of individuals’.
64 Like the United Kingdom scheme, the basis of the Australian scheme is registration, not the Access Card. Strictly speaking, the Access Card is not compulsory.
65 ‘Chip’ means ‘a microchip or any other device that stores or processes information’. See clause 4 and Part 4 Division 8 Subdivision C.
66 The individual must request that some of this information may be stated on the surface of the card. See clause 72 and Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Material, 59. The categories of disability and entitlements are specified in clause 71.
67 According to the Explanatory Memorandum and the Explanatory Material, stating date of birth on the surface of the card will be at the individual's discretion. See Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Memorandum, 34, Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Material, 59; and clauses 71 and 72.
68 Clause 71, Item 5. Note that there is some uncertainty about whether the signature will also be stored in the chip on the card. The Explanatory Material states that ‘[A] digitized copy of a cardholder's signature will appear on the surface of the card and in the chip.’ However, clause 74 does not specify the signature in the information which must be on the card. See Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Material, 58. See also Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Memorandum, 34.
69 The major differences are that a facial scan is the only biometric (other than the digitised signature which is sometimes classified as a biometric) and, in addition to proving identity using documents like a passport or driver's licence; there is mention that ‘evidence of use of the identity in the community’ will need to be shown. See Australian Government, Submission to the Senate Enquiry on the Human Services (Enhanced Service Delivery) Bill 2007, 61. The fact sheet ‘Registering for an Access Card’ provides some guidance on this point. It states that ‘[P]eople will also be asked to provide two Use of Identity documents …’ These documents are then stated to include, but are not limited to, a driver's licence, tertiary identification card, Department of Veterans Affairs Gold Card, an account statement from a financial institution, rates notice detailing person's name and current address, proof of age card or firearms licence. These requirements and the procedures established to cater for people who cannot produce these documents, essentially restate proof of identity requirements that have been in place for decades. See Office of Access Card ‘Fact sheet: registering for an Access Card’, http//:www.accesscard.gov.au.html (accessed 27 June 2007). See also Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Material, 28.
70 Iris scans and fingerprints are included in the NIS. Under the Australian scheme, sex and date of death are recorded in the Register. Clause 24 requires that the Secretary cancel registration where the Secretary is satisfied that the individual has died.
71 Under the Access Card legislation date of birth is included on the surface of the card and in the chip on the card, if requested by the individual. However, it must be included in the Register, unless it is excluded under clause 36. Clause 36 empowers the Secretary of the Department to exclude particular information, for example, when an individual is under the National Witness Protection Programme or if including it would be inconsistent with Commonwealth law. Under section 1(7) of the Identity Cards Act, the other personal information included in ‘identity’ is place of birth and gender as well as date of death.
72 Although a face scan will be done at the time of registration, unlike the NIS, the photo on the surface of the Access Card will not contain biometrics. Biometrics will only be recorded in the Register. The photo appearing on the card and ‘a numerical template of [the individual] derived from that photograph’ will be recorded in the Register. See clause 35. The reason given for this approach is a pragmatic one. The card readers presently used by service providers (particularly medical, dental and other health services practitioners and pharmacists) for point of sale for credit and debit card transactions, will be used for the Access Card. Use of biometrics for routine identity verification for transactional purposes will require upgrading of the card readers presently used, which would add to the costs of establishing and operating the scheme. See Australian Government, Submission to the Senate Enquiry on the Human Services (Enhanced Service Delivery) Bill 2007, 33 and 36. See also Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Material, 57 and Office of Access Card ‘Fact sheet: biometrics and the Access Card’, http//:www.accesscard.gov.au.html (accessed 27 June 2007).
73 Recall the distinction between identification under the NIS. Under the Identity Cards Act, a face scan and signature of an individual are ‘external characteristics of his that are capable of being used for identifying him’. See section 1(7). The NIS also includes other biometrics—fingerprints and iris prints.
74 The information can be provided by presenting the Access Card or by providing the required information in person, by telephone, by Internet or by providing a paper document.
75 The original Bill specified that the chip would have two areas, the Commonwealth area and the Individual's area. The latter was to contain next of kin details, organ donor status and medical alerts, but this distinction has now been abandoned. However, the chip still contains all the information specified on the surface of the card which includes the information that constitutes token identity, as well as additional information including inter alia, contact details, sex, information about benefit cards, whether proof of identity is ‘full’ or ‘interim’ and an emergency payment number. See clause 35.
76 The Register contains all the information on the surface of and in the chip on the Access Card as well as additional information. See clause 35. Like the Identity Cards Act, the basis of the Australian scheme is registration, not the Access Card. The Bill does not require an individual to apply for an Access Card after registration and there is no requirement to carry the card once it is issued. See Part 3 Division 3, Part 4 Division 3 and clause 82 of the Bill. Card not present verification is clearly contemplated. See also Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Memorandum, 26 and 42. Clause 20 authorises the Secretary to allocate an Access Card number to an individual from the time the individual applies for registration. An individual ‘need not actually have an access card in order to have an access card number’. See Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Material, 28.
77 The card contains a microprocessor and memory so information can be stored and processed using only the card, independently of an on-line system. The chip is like a mini-computer minus keyboard and screen. The card is placed in a card reader like those in use at point of sale for credit and debit card transactions in many retail stores and other businesses.
78 Under the original Bill the chip had two areas—a government area and an individual area. Information in the government area of the chip was used to verify identity. Privacy concerns about the information in the individual's area of the chip and third party access resulted in the two areas of the chip as set out in the original Bill being abondoned in the second Bill. Under the new Bill the chip has only one area.
79 Clause 77 provides that the function of the PIN is to protect information in the chip, specifically name, birth date and whether proof of identity is stated to be ‘full’ or ‘interim’. See also clause 74.
80 See Australian Government Submission to the Senate Enquiry on the Human Services (Enhanced Service Delivery) Bill 2007, 25. See also Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Material, 58. Clause 20 authorises the Secretary to allocate an Access Card number to an individual from the time the individual applies for registration. An individual ‘need not actually have an access card in order to have an access card number’.
81 Australian Government Submission to the Senate Enquiry on the Human Services (Enhanced Service Delivery) Bill 2007, 32. See Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Material, 58.
82 Part 5A.
83 Queensland enacted similar legislation in March 2007. See section 408D of the Criminal Code. The other states and the federal government consider that ‘identity theft’ and ‘identity fraud’ are adequately covered by existing law. Nevertheless amendments have been made to cover specific activities. See for example, Part 10.8 ‘Financial Information Offences’ of the Criminal Code Act (Cth) 1995. Although that legislation is not generally of particular relevance to this discussion, the definition of ‘personal financial information’ is interesting. It is defined in section 480.1(1) to mean ‘information relating to a person that may be used (whether alone or in conjunction with other information) to access funds, credit or other financial benefits’. Part 10.8 also extends to personal information of both living and deceased persons. See section 480.1(3).
84 ‘Serious criminal offence’ is defined in section 144A as an indictable offence or ‘an offence prescribed by regulation for the purposes of this definition’.
85 ‘Prohibited material’ is defined in section 144A as ‘anything (including personal identification information) that enables a person to assume a false identity or to exercise a right of ownership that belongs to someone else to funds, credit, information or any other financial or non-financial benefit’.
86 Voice print is defined in section 144A to mean ‘any computer data recording the unique characteristics of a person's voice’.
87 Digital signature is defined in section 144A to mean ‘encrypted electronic or computer data intended for the exclusive use of a particular person as a means of identifying himself or herself as the sender of the electronic communication’. ‘Electronic communication’ means ‘a communication transmitted in the form of electronic or computer data’. See section 144A.
88 See section 144A. Under section 144C it is an offence to use another person's personal identification information intending, by doing so, to commit or facilitate the commission of, a serious criminal offence …'
89 Section 144A. ‘Identity’ is not defined. Under section 144B it is an offence to assume a false identity ‘intending, by doing so, to commit, or facilitate the commission of, a serious criminal offence.’
90 Section 144A.
91 When the individual is physically present, these aspects are usually obvious.
92 Unlike the NIS, date of death and sex are not part of the core identity information. See section 1(7) of the Identity Cards Act.
93 And indigenous status in the case of Aborigines. See clause 35.
94 Benefit cards. See clause 35.
95 Presumably this information will also include access information. The Office of Access Card states that ‘[A]ll access to customer records, including card transactions, will be logged and audited.’ See Office of Access Card ‘Fact sheet: viewing information on the Access Card’, http//:www.accesscard.gov.au.html (accessed 27 June 2007).
96 The Privacy Act is modelled on the United Kingdom Data Protection Act. ‘Personal information’ is defined under section 5 as:
-
[I]nformation or an opinion (including information or an opinion forming part of a data base) whether true or not, and whether recorded in material form or not, about an individual whose identity is apparent, or can reasonably be ascertained from the information or opinion. (Emphasis added)
-
This definition clearly contemplates that identity can be ascertained from information or opinion. The Act does not apply to personal information collected, used or disclosed for personal, family or household purposes. See section 7B(1) and section 16E.
97 ‘Sensitive information’ is health information about an individual as defined in section 6, or personal information or opinion about an individual's racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices and criminal record. See section 6(1).
98 The Privacy Act does not apply to private sector businesses with an annual turnover of $AUS3 million or less, though those that hold health information, provide health services or trade in personal information are covered by the Act. See section 6D(4).
99 State contractors are exempt under section 7B(5). State and territory public sector bodies are also not within the definition of ‘agency’ and are specifically excluded from the definition of ‘organisation’ in the Privacy Act, though by request of the State or Territory, they may be brought into the regime by regulation.
100 This point has been highlighted by the Australian Privacy Commissioner. See Office of Australian Privacy Commissioner, Getting in on the Act. The Review of Private Sector Provisions of the Privacy Act 1988, March 2005, 21. Section 6(1) of the Privacy Act defines ‘individual’ as ‘a natural person’. The meaning of ‘natural person’ is not defined in the Privacy Act or in the Acts Interpretation Act 1901 (Cth), nor has it been the subject of judicial consideration. However, ‘natural person’ is generally considered to be a living person. See Office of Australian Privacy Commissioner Getting in on the Act. The Review of Private Sector Provisions of the Privacy Act 1988', March 2005, 281. Roth also points out that:
-
[I]t is normally accepted that in law, deceased persons have no privacy interests. This is presumably on the basis of the reason d'etre for privacy protection no longer exists, since dead people can feel no shame or humiliation. The underlying common law principle here is much the same as in the law of defamation, which in most jurisdictions does not countenance civil actions that seek to vindicate the reputation of the dead.
-
See P Roth ‘Privacy proceedings and the dead’ 11 Privacy Law and Policy Reporter 50, 2004.
101 Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Memorandum, 3. The objectives of the NIS are to reduce illegal immigration and illegal working, enhance the United Kingdom's ability to counter terrorism and serious and organised crime and reduce identity theft. See Home Office ‘Regulatory impact assessment, Identity Cards Bill introduced to House of Commons on 25 May 2005’, p 1, http//:www.homeoffice.gsi.gov.uk.html (accessed 16 May 2006).
102 ‘The Net’, 1995 Columbia Pictures Industries Inc. Dialogue of the character Angela Bennett played by the actress Sandra Bullock.
103 K McCullagh ‘Identity information: the tension between privacy and the societal benefits associated with biometric database surveillance’, paper presented at the 20th British and Irish Law, Education and Technology Association Conference, Queen's University, Belfast, April 2005, p 4, http//:www.biletapapers/brombyness.html (accessed 27 April 2006).
104 Ibid. Note, however, that the NIS will use iris scans, not retina scans. Garfinkel also maintains that the danger of mutilation will increase as society increases its reliance on biometrics. See S Garfinkel Database Nation: The Death of Privacy in the 21st Century, O'Reilly & Associates Inc, California, 2000, p 66. The latest biometric readers also detect blood flow as a measure to counteract the use of biometrics from dead bodies and severed body parts.
105 Paramount Pictures (1997). An undercover agent assumes the physical appearance of a major criminal in order to infiltrate a crime organisation. The catch phrase for the movie is ‘[I]n order to catch him, he must become him.’
106 Fingerprints and facial features can be reproduced using latex, silicon and other like materials used for theatrical makeup and prostheses. Iris prints can be reproduced using contact lenses or even grafts. A replica can be attached almost invisibly so as to verify identity when using a biometric reader. If the biometric is verified remotely using the Internet, deception can be even easier
107 50 million is the estimated number of individuals who will eventually be registered under the NIS. See Identity and Passport Service ‘Biometrics’, op cit, note 22. 16.7 million are expected to be registered under the Australian scheme. Australian Government, Submission to the Senate Enquiry on the Human Services (Enhanced Service Delivery) Bill 2007, x.
108 Identity and Passport Service ‘Biometrics’, op cit, note 22.
109 Home Secretary ‘IPPR speech’, 18 November 2004, http//:www.identitycards.gov.uk.html (accessed 16 May 2006).
110 Ibid.
111 Identity and Passport Service ‘Biometrics’, op cit, note 22.
112 See M Ballard ‘UK govt says broken passport system justifies ID cards’, The Register (London), 20 March 2007, http//:/:www.theregister.co.uk/200703/20/passport_fraud/print.html (accessed 29 March 2007).
113 Note that the term ‘reliable’ has deliberately not been used in framing this question. A result may be reliable in the scientific sense so that when the measurement procedure is repeated, the same result is consistently produced. Reliability in this sense is applicable to verification of identity using the NIR but not to authentication of identity. The fact that a result is reliable does not necessarily mean it is valid. See S Zabell ‘Fingerprint evidence’, 13 Journal of Law and Policy 143, 2005, for an excellent discussion of recent issues regarding fingerprint evidence from a scientific and mathematical perspective.
114 One report states the error rate at 31% for ‘photographs’, though the conditions under which this rate was obtained are not specified. See Johnstone, op cit, note 12.
115 McCullagh, op cit, note 103. Reportedly, an error rate of 2% was achieved in trialing Smartgate at Sydney airport using Qantas crew. However, lighting conditions in the building were modified to improve facial recognition, users were given special training, the system was used daily to scan a relatively small group of (recurring) faces, and templates stored by the system and used for comparison were updated daily. London School of Economics and Political Science and the Enterprise Privacy Group The Identity Project. An Assessment of the UK Identity Cards Bill and Its Implications, Interim Report, March 2005, p 49.
116 T Mansfield and M Rejman-Green Feasibility Study on the Use of Biometrics in an Entitlement Scheme, Centre for Mathematics and Scientific Computing, National Physical Laboratory, Middlesex, 2003, p 6.
117 16.7 million adults will be registered over two years. See Australian Government Submission to the Senate Enquiry on the Human Services (Enhanced Service Delivery) Bill 2007, x.
118 As may occur if some of his/her token identity information has been used to construct a false identity or, if an individual is wrongly accused of assuming a false identity because the token identity presented does not match the information on record in the chip or Register.
119 As the Identity and Passport Service states: ‘[A]nyone trying to make a major financial transaction, for example, would have their biometrics data checked against those held in the NIR. If they were not the registered cardholder this check would fail.’ See Identity and Passport Service ‘Using the scheme in daily life, transferring money’, http//:/www.identitycards.gov.uk/scheme.html (accessed 10 May 2006).
120 Australian Government Submission to the Senate Enquiry on the Human Services (Enhanced Service Delivery) Bill 2007, 33 and 36. See also Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Material, 57.
121 This approach is also used to compare a signature. A signature is on the surface of the Access Card. The photo and signature are the only links with the physical person.
122 Interestingly, colour photography (video footage in the study) of itself does not improve identification. When the target was unknown to the identifier, colour increased the number of false alarms in the identification task. M Bromby and H Ness ‘Over-observed? What is the quality of this new digital world?’, paper presented at the 20th Annual Conference of British and Irish Law, Education and Technology Association, Queen's University, Belfast, April 2005, p 7, http//:www.biletapapers/brombyness.html (accessed 27 April 2006). See also G Davies and S Thasen ‘Closed circuit television: how effective an identification aid?’, British Journal of Psychology Vol 91, No 3, p 411, 2000.
123 R Kemp, N Towell and G Pike ‘When seeing should not be believing: photographs, credit cards and fraud’, Applied Cognitive Psychology Vol 11, No 3, p 211, 1997.
124 An error rate of 30% was found when participants were asked to match for view and expression an unknown target with an array of video stills. A difference in viewing angle of the video still and target further decreased the accuracy of identification. Research also shows that the face is the most significant feature for recognition if the individual is known to the identifier. Although gait, body shape and clothes play a role, facial information is primarily used to make the identification. V Bruce, Z Henderson and K Greenwood ‘Verification of face identities from images captured on video’, Journal of Experimental Psychology: Applied Vol 5, No 4, p 339, 1999. Even when only two images were presented, accurate identification of the target from an array of video stills was still low if the target was unknown to the identifier. V Bruce and A Young ‘Understanding face recognition’, British Journal of Psychology Vol 77, No 3, p 305, 1986. See also V Bruce, Z Henderson and C Newman ‘Matching identities of familiar and unfamiliar faces caught on CCTV images’, Journal of Experimental Psychology: Applied Vol 7, No 3, p 207, 2001.
125 Bromby and Ness, op cit, note 22.
126 A M Burton, S Wilson, M Cowan and V Bruce ‘Face recognition in poor quality video: evidence from security surveillance’, Psychological Science Vol 10, No 3, p 243, 1999.
127 S Kershaw ‘Spain and US at odds on mistaken terror arrest’, New York Times 5 June 2004, p A1. Perception and ‘seeing’ what one expects or hopes to see can also lead to distortion of reality. See also S Zabell ‘Fingerprint evidence’, 13 Journal of Law and Policy 143, 2005, p 155, where the implications of justifications and explanations in relation to fingerprint evidence are discussed.
128 See Wadham et al., op cit, note 23, p 127. Identity should not be confused with the ID card. In some circumstances two ID cards may be issued to the same individual. The examples discussed in Parliamentary debate included transsexuals and Irish nationals. Transsexuals may be issued with two ID cards to reflect each gender and Irish nationals may be issued with two ID cards, one of which will only specify his/her UK citizenship. See United Kingdom Parliamentary Debates, House of Lords, 30 January 2006, col 79 (Baroness Scotland of Asthal).
129 See, for example, the ‘minimum KYC information’ under the AML/CTF legislation. See rule 4.2.3 of the AML/CTF Rules.
130 The data and information in the Register can be used for broader purposes. The Identity Cards Act includes national security and policing powers. See, for example, section 18. Private sector organizations will be able to access at least some information on the NIR. For a recent report on plans to charge private sector organizations including banks and financial institutions for this information see J Slack and S Reid ‘Your ID card details will be sold to banks’, Daily Mail 11 March 2007, http://dailymail.co.uk/pages/text/print.html?/in_article_id=441586&in_page_id=1770 (accessed 29 March 2007). Although nothing in the Access Card legislation authorises access by the law enforcement or security agencies, disclosure can be authorised by the Privacy Act and by warrant. The Australian government has stated that:
-
‘It is the policy intent that the Australian Federal Police (AFP) should have the ability to obtain and use information from the Register and the chip of the card under the Privacy Act to respond to threat-to-life or threat-of-injury situations, disaster victim identification and emergency responses and investigation of missing persons.’ See Australian Government Submission to the Senate Enquiry on the Human Services (Enhanced Service Delivery) Bill 2007, 59. See also Part 5 Division 4 particularly clause 116 of the Bill.
131 See section 16 of the Identity Cards Act and clause 81 of the Bill. See also Australian Government Submission to the Senate Enquiry on the Human Services (Enhanced Service Delivery) Bill 2007, 44 and Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Material, 72.
132 This is true for registration too because the individual will still establish his/her identity for registration purposes by producing documents such as birth certificate, driver's licence and other government issued documents. The information in these documents is cross checked to see if it matches and where possible, it will also be checked against the database of the relevant department/agency. See Part 5 Division 4 of the Bill, particularly clause 106 and Human Services (Enhanced Service Delivery) Bill 2007, Explanatory Material, 84.
133 This is more obvious in the Identity Cards Act. See, for example, section 1(3). The presumption is implicit in the Access Card legislation.