Mark of the Beast: Digital Identity and the Cashless Cartel

With the release of the iPhone X people have been asked to accept a new level of biometric intrusion so that their phone can identify them. But is this a simple security measure, or is there a global policy agenda at work?

Since the turn of the century the general public has been increasingly conditioned to interact digitally. From social media, to e-commerce and cashless payment systems such as Apple Pay and Android Pay, the "smartphone" is at the centre of the digital revolution.

The driver for this is not just corporate. There has been an accelerating transformation in the way that we interact with government agencies. As just one example, patients in England & Wales are now encouraged to pre-book doctor appointments. In order to register for Patient Access patients simply need to attend their doctor's surgery with their passport and driving licence after which they will be issued with a user ID and password.

Digital transformation of other government services is being driven by the Government Digital Service (GDS) which is part of the Cabinet Office. GOV.UK Verify is the new way to prove identity online. Government agencies now using GOV.UK Verify include DVLA, DWP, HMRC and DEFRA. Using GOV.UK Verify to access a government service requires "customers" to select from a list of companies certified to verify identities, including:

  • Barclays
  • CitizenSafe
  • Digidentity
  • Experian
  • Post Office
  • Royal Mail
  • SecureIdentity

According to the Government Transformation Strategy, 2017 - 2020, published by the Cabinet Office, "By harnessing digital to build and deliver services, the government can transform the relationship between citizen and state". 

Consideration is also being given to making the GOV.UK Verify system available to Local Authorities across the country. PublicTechnolgy.net reported on 29 August 2017 that "London mayor Sadiq Khan has appointed the capital’s first chief digital officer (CDO) ... Camden Councillor, Theo Blackwell ... will take the lead on work to digitally transform public services and turn London into the world’s smartest city”.

In his 2016 report UK Digital Strategy – local government and digital transformation Theo Blackwell emphasised that:

"Whitehall should empower local government to...lead the development of an interoperability framework that enables data sharing and end to end process automation across local and central government".

By this stage you will probably be wondering where all this transformation towards digitised Central and Local Government Services is leading us. To discover the answer to this question we need to examine the ongoing role being played by global financial institutions such as HSBC.

HSBC and HSBC Safeguard

HSBC's international network serves around 38 million customers in 67 countries and territories. Many of HSBC's customers have already received, or will soon receive, letters concerning HSBC SafeGuard. This is a global policy of this banking giant.

A copy of this letter has been examined by UK Column researchers. This letter is headed "HSBC Safeguard: Help Us detect fraudulent transactions and safeguard against financial crime". It states that:

At HSBC, we're committed to protecting all our customers' accounts, today and for the future. To do this we need a little help from you. Our global systems rely on having the most up-to-date customer information to detect fraudulent transactions and safeguard against financial crime.

The letter continues, "As part of HSBC safeguard, we're asking you to provide us with a document to prove your identity". The fact that customers already provide this information when opening the account now appears to be irrelevant.

How then can customer identity be proved to the satisfaction of HSBC?

We prefer to see government issued documents that include a photograph, such as a passport or driving licence.

The letter continued:

One of the quickest and most convenient ways to provide us with your documents is to use the new online JUMIO tool. To use this you'll need a computer equipped with a webcam.

There is no indication in the letter whether compliance with this request is voluntary or mandatory. However, it does clearly state that if you fail to provide up-to-date documentation "we may not be able to provide you with all of our services".

Reference to the frequently asked questions section indicates that if a bank customer "fails to respond within 30 days of receiving the letter a reminder will be sent". This implies that compliance is mandatory. HSBC were contacted by telephone to clarify the issue. HSBC indicated that this was not a mandatory requirement however we have anecdotal evidence to suggest that customers who fail to comply with the requirements of HSBC SafeGuard have received a further HSBC letter stating

We are sorry to advise you that we will no longer be able to provide you with banking services ... and ... we will not be revisiting this decision.

JUMIO

The HSBC website incorporates a Jumio documents upload page.

Further reference to the HSBC letter reveals that "Jumio is an external company specialising in verifying the authenticity of specific documentation". 

Jumio, which is based in Palo Alto, California, "uses computer vision technology to verify credentials issued by over 200 countries in real time web and mobile transactions. Jumio’s solutions are used by leading companies in the financial services, sharing economy, retail, travel and online gaming sectors".

 

One of Jumio's solutions is Netverify. This system "combines ID Verification, Identity Verification, and Document Verification for a complete solution to establish the real-world identity of consumers". This product "integrates into websites, iPhone, or Android applications". For ID verification the customer scans their ID document, the ID is authenticated against security features, the customer's facial image is compared with face in ID document, and biometric facial recognition ensures the person is actually present. Netverify utilises "advanced technology including biometric facial recognition and machine learning" in order that

outdated customer verification methods that require customers to email, fax, or physically drop off copies of ID documents at a branch office, can be avoided.

This explains perfectly why the HSBC customer identity check is best made using the Jumio tool via a computer equipped with a web-cam. It appears to us that HSBC customers with smartphone banking apps will soon benefit from Real-time ID Scanning and ID Authentication using their IOS and Android mobile device cameras.

Know Identity Conference 2017

Jumio were sponsors of the Know Identity Conference which took place in mid-May 2017. Amongst the other sponsors were: IBM; CapitalOne; Equifax; Experian; IDMe, and, LexisNexis Risk Solutions.

Details of the Know Identity Conference can be found on the website of One World Identity.

Daily Insights published by One World Identity provide a flavour of what the future could bring to the UK. This includes

Keynote and other speakers in May 2017 included:- Edward Snowden, Former Intelligence Officer & Whistleblower; Carmi Gillon, Former Head of the Israeli "Shin Bet" Security Service and a leading cyber-security expert; Serge Llorente, Director of Mobile Connect of Orange; Susan Joseph, Advisor at One World Identity; Anand Menon, Director, New Customers at Mastercard; Don Thibeau, Chairman and President of the Open Identity Exchange; Matt Miller, VP Conversational Commerce and Remote IoT at Mastercard; Matthew Thompson, Director of Business Development at Capital One; Laura Hunter, Principal Program Manager at Microsoft; Adam Madlin, Business Development Director at Symantec; Tom Purves, VP Digital Products - Visa Checkout at Visa Inc.; Toby Rush, CEO of EyeVerify; Alex Ketter, Head of US Compliance at Google Payment Corp; Greg Kidd, CEO at Global iD; Juan Llanos, Senior Advisor of One World Identity; Alka Gupta, Co-Founder global iD.

We also noted the presence of Niall McCann, Lead Electoral Advisor at UN Development Programme; Adam Cooper, Lead Technical Architect at UK Cabinet Office, and, Stephen Stuut, CEO of Jumio.

Examples of topics listed on the 2017 conference agenda included:-

  • Identity As A Pillar In The Global Development Agenda: Efforts To Date And Future Directions;
  • Identity and Democracy: A Look at Voter Registration;
  • The Personal Data Economy;
  • National Identity Schemes: Contrasting Different Approaches and Progress;
  • The Business Of Identity;
  • Who Owns Identity? A Conversation;
  • Facilitating e-Commerce in a World Where Everyone is a Merchant.

We get a clue where this mixture of corporate and government interests want to go from another session entitled Implementing Identity for All:

Over 1.5 billion people globally lack the ability to prove their identities. SDG 16.9 aims to provide legal identity to all, including birth registration, by 2030.

The ID2020 Alliance

According to the ID2020 website, Article 6 of the Universal Declaration on Human Rights "stipulates that 'Everyone has the right to recognition everywhere as a person before the law.' The Sustainable Development Goals (2015-2030) include target 16.9 which aims to "provide legal identity to all, including birth registration, by 2030.' Critically, this must include the >20M refugees worldwide."

This is now made technologically possible because "the rapid proliferation of smart devices globally, combined with ever-increasing computing power and rapidly expanding broadband coverage, enables new methods of registration and facilitates ongoing interaction between individuals and their identity data".

On June 19th, 2017, approximately 300 people gathered at the United Nations for the second annual ID2020 Summit. The ID2020 Alliance, a consortium of public and private organisations, was launched there. The summit was attended by representatives of UN organisations such as UNDP (United Nations Development Programme); UNECLAC (United Nations Economic Commission for Latin America and the Caribbean); UNHCR (United Nations High Commissioner for Refugees), and UN OICT (United Nations Office of Information and Communication Technologies).

Participating organsiations included: Accenture; Bill & Melinda Gates Foundation; Biometrics Institute; Gavi (the vaccine alliance); General Electric; IBM; IrisGuard; MasterCard; Microsoft; One World Identity; Open Society Foundation (George Soros); PwC; Rockefeller Foundation; Standard Chartered Bank; Unique Identity Authority of India; Verizon; the World Economic Forum, and HSBC bank.  

The ID 2020 Alliance is a "global partnership of governments, NGOs and the private sector". The benefit of such a partnership approach is that it "opens up opportunities to piggyback on the systems and processes that public and private organisations already have in place".

The ID2020 Alliance approach is supported by a grant from the Rockefeller Foundation and major financial support from Accenture (NYSE:ACN). By 2030, their goal is to

enable access to digital identity for every person on the planet.

Services giant Accenture in partnership with Microsoft are building an "unprecedented global digital ID program to provide legal identification to 1.1 billion people without documents around the world".

It is also worth noting that in August 2016, the World Economic Forum, in conjunction with Deloitte, published their 108-page document A Blueprint for Digital Identity: The Role of Financial Institutions in Building Digital Identity. Among the steering committee members we discovered John Flint, Chief Executive Officer, Retail Banking and Wealth Management, HSBC.

The Identification for Development (ID4D) Initiative

The Identification for Development (ID4D) initiative was originally launched by the World Bank, and they are proud to be working alongside the United Nations to get “legal identity” into the hands of all. The following comes from the official website of the World Bank:

Providing legal identity for all (including birth registration) by 2030 is a target shared by the international community as part of the Sustainable Development Goals (target 16.9). The World Bank Group (WBG) has launched the Identification for Development (ID4D) cross-practice initiative, with the participation of seven GP/CCSAs sharing the same vision and strategic objectives, to help our client countries achieve this goal and with the vision of making everyone count: ensure a unique legal identity and enable digital ID-based services to all.

A findbiometrics article published in 2015 revealed that

A report synopsis notes that about 1.8 billion adults around the world currently lack any kind of official documentation. That can exclude those individuals from access to essential services, and can also cause serious difficulties when it comes to trans-border identification.

That problem is one that Accenture has been tackling in collaboration with the United Nations High Commissioner for Refugees, which has been issuing Accenture-developed biometric identity cards to populations of displaced persons in refugee camps in Thailand, South Sudan, and elsewhere. The ID cards are important for helping to ensure that refugees can have access to services, and for keeping track of refugee populations.

Moreover, the nature of the deployments has required an economically feasible solution, and has demonstrated that reliable, biometric ID cards can affordably be used on a large scale. It offers hope for the UN’s Sustainable Development Goal of getting legal ID into the hands of everyone in the world by the year 2030 with its Identification for Development (ID4D) initiative.

In the (very) near future, the absence of a unique digital legal identity could mean that an individual becomes disqualified from seeking paid employment, is denied a bank or credit card account, is unable to arrange a mortgage, is denied access to healthcare, and is refused access to central or local government services.

On top of that, the governments, financial institutions, credit reference agencies and technology companies have demonstrated time and again that they are not to be trusted with the data they hold on us today. Should the idea of a unique digital identity make us feel safer?