11 March 2011

Digital Identities

Reading Clare Sullivan's 181 page ebook Digital identity: an emerging legal concept, a discussion of "digital identity in a transactional context under a national identity scheme", contrasting the right to identity to the right to privacy in the context of a national identity scheme, and defining identity theft and its consequences. Sullivan suggests that
Under a national identity scheme, being asked to provide 'ID' will become as commonplace as being asked one’s name, and the concept of identity will become embedded in processes essential to the national economic and social order.

The analysis reveals the emergence of a new legal concept of identity. This emergent concept and the associated individual rights, including the right to identity, potentially change the legal and commercial landscape.
Possibly not.

Sullivan's preface states that -
From the outset, the United Kingdom Identity Cards Bill was controversial. The Bill was defeated on five occasions in the House of Lords before a compromise was reached which enabled the Bill to be passed two years after its introduction. The Conservatives and Liberal Democrats still opposed the Cards Act 2006 (UK) ('Identity Cards Act') and the National Identity Scheme ('NIS') it established, and the Conservatives announced that they would repeal the legislation if they won the 2010 election.

The intention expressed at the time the legislation was enacted was that the NIS would eventually be compulsory for all United Kingdom residents over 16 years of age. Former Home Secretary Charles Clarke reportedly said the scheme could be made compulsory when around 80 percent of the population was registered. The scheme was to be used by both the public and private sectors for transactions.

From 30 November 2009, the scheme was phased-in on a voluntary basis for British citizens, with full roll-out planned for 2012. From 2011/12 registration on the National Identity Register (‘NIR’) was to be compulsory for all British citizens over the age of 16 years applying for a passport, with a view to registration becoming general in 2017. As part of their 2010 election campaign, the Liberal Democrats promised to discontinue the NIS. Consequently, following the formation of the Conservative-Liberal Democrat Coalition government later that year, the Identity Documents Bill 2010 (UK) (‘Identity Documents Bill’) was introduced into Parliament on 26 May 2010. The Bill cancels the national ID card for British residents and the Identification Card for European Economic Area nationals, and provides for destruction of the NIR. The identity card for foreign nationals will remain.

Significantly, clause 7 of the Identity Documents Bill also defines 'identity document' as including a passport and a driving license and re-enacts the data-sharing provisions in the Identity Cards Act to verify information provided in connection with passport applications. At the time of writing, the Bill has not been enacted so the NIS still exists but scheme operations and the national roll out are suspended pending consideration of the Bill by the British Parliament. Although it is likely that the Bill will be enacted, the essential features of the NIS and its objectives are typical of a modern national identity scheme. For that reason the NIS is used as the basis for discussion in this book. Digital identity schemes around the world have the same basic features as the NIS. The NIS is the model for the new national identity scheme being introduced into India for example, and the scheme proposed for Australia in 2007 was also based on the United Kingdom scheme. Developments in Australia have followed a similar path to those in the United Kingdom. In 2007, a Bill modelled on the Identity Cards Act was introduced by the federal Liberal and National Party Coalition government in Australia. The Human Services (Enhanced Service Delivery) Bill 2007 (Cth) (‘Access Card Bill’) closely followed the United Kingdom legislation, though its purposes were expressed less broadly, to ‘reduce fraud’ and improve efficiency in delivery of health and social services benefits. The Access Card Bill clearly established a system of national identity registration and attempts by the then government to present it otherwise can be explained on the basis of political expediency, considering the debate caused by the Australia Card decades earlier.

A national identity card has long been a controversial issue in Australia. The proposed Australia Card legislation introduced into Federal Parliament in the 1980s proved to be extremely controversial and did not proceed in the face of public outcry. Similarly, when the then Prime Minister again floated the idea of a national identity card in 2006, it sparked public debate which subsided when it became apparent that legislation was not imminent.

Consequently, the introduction of the Access Card Bill in 2007 surprised many observers who assumed that it would not be introduced into Parliament until after the federal election. The Bill was introduced with comparatively little publicity, and after a very short period of public consultation. Its passage was not smooth, largely because of the Bill’s rushed introduction into Parliament, its obvious similarities to the failed Australia Card proposal, and concerns that the government was attempting to bring in a national identity card by stealth. On 15 March 2007, the Bill was delayed following a Senate Inquiry which recommended that the legislation be amended to include all details of the proposed scheme.

Like the Identity Cards Act in the United Kingdom, the Access Card Bill established the framework for the new Access Card Scheme ('ACS'), and operational details including security and privacy aspects were to be covered in subsequent legislation. The Senate Inquiry recommended that the full legislative package be presented in one Bill, so that the entire scheme and all its consequences could be assessed. The government agreed, and the new Bill was to be introduced into Parliament in 2007, with a view to beginning the scheme in April 2008 but the Federal election late in 2007 intervened. The subsequent change of government led to the Access Card Bill being shelved, as the new Labour government pursued different policy and funding objectives.

However, this does not necessarily mean that plans for a national identity scheme have been abandoned by either of the major political parties in Australia. In August 2010, Joe Hockey, the Minister for Human Services in 2007, said that failure to get the access card introduced was his biggest regret in politics. When asked if he would try to re-introduce it, Mr Hockey replied ‘absolutely,’ providing that the IT systems across government agencies could be consolidated.

In Australia, an identity scheme can be established by linking government databases and through sharing of information between federal and State governments, and that is now well underway.

Eventually, however, there will be a need to rationalise that information and to authenticate it; and that can only be done though a scheme of national identity registration. That may be done by introducing a scheme like the NIS. Alternatively, it may be done with less fanfare, on a gradual, incremental basis. A new scheme is likely to be established incrementally and more subtly than was the case with the ACS (and the NIS) and there are indications that the foundations are being laid. In June 2010, for example, the Coalition supported the Labour government's proposal to compulsorily assign (with some minor exceptions) a 16 digit individual identifier to every Australian resident on the Medicare database on 1 July 2010.

The tenor of this book therefore is that a national identity scheme will be fully established in coming years in Australia and indeed in most other countries, including the United Kingdom. As automated transactions become the norm, transactional identity must be established using a referent standard and that referent standard must necessarily be a database, preferably, an official national identity database. The official record may be a central register or one or more government databases. In the future, it may take the form of secure linked data from official sources on the Semantic Web.

Irrespective of how it is packaged, systematic identity registration must be done on a national basis. The information which is recorded as a result of that process will then be regarded as an individual's identity. It is that consequence, and its inevitability, which prompted this book.