One of my all time favourite television shows is “Greg the Bunny”, which ran for only one season in the Unites States many years ago. One of my favourite jokes is when a female character called Dottie tells the eponymous lead that she has been caught on camera in an adult situation. “Sexual situation?” he asks. “No," she replies sarcastically, “it’s a picture of me voting”.
You’ll see why I started with that joke a little later on, but first I must tell you why my home town of Woking is in the news. It is at the forefront of the UK’s non-existent identity non-strategy to not introduce digital identity, because it is one of the five areas in England where voters will be asked to take identification to polling stations at local elections next year as part of a pilot scheme. The BBC report on the pilot scheme that I saw didn't mention just how the entitlement to vote is to be established but we already know what array of high technology machine-learning AI super-robot world-brain systems are to be deployed since, when the pilot was originally announced, we were told that local authorities would be invited to apply to trial different types of identification, including forms of photo ID such as driving licences and passports, or formal correspondence such as a utilities bill
Wait, what? A utilities bill? It’s pointless enough showing a trivially counterfeitable physical identity document like a driving license to someone who can’t verify it anyway, such as a volunteer at a polling station, but come on… a utilities bill? That’s where we are in 2017 in the fifth richest country in the world? Shouldn’t we be just a little more ambitious and set the bar just a little bit higher?
In Scott Corfe’s recent report for the Social Market Foundation (called A Verifiable Success—The future of identity in the UK) he highlights what he calls the “democratic opportunity” for electronic identity verification to facilitate internet voting thereby increasing civic engagement. I am very much in favour of electronic voting of some kind, although I must say that I’m very much against internet voting, because I think that in a functioning democracy voting must remain a public act. If voting is allowed in certain remote conditions then we cannot be sure that a voter’s ballot is either secret or uncoerced. I think it is possible to imagine services where trusted third parties or electoral observers of some kind use mobile phones to go out and allow the infirm or otherwise housebound to vote, but that’s not the same thing as just allowing people to vote using mobile phones.
While I think internet voting is therefore a bad idea, I take Scott’s point about the need for electronic identity. However, since we don’t have one and I don’t see any prospect of Government producing a robust one in the foreseeable future, we’re stuck with gas bills until someone gets to grip with issue. I should explain here for any baffled overseas readers that the United Kingdom has no national identification scheme or identity card or any other such symbol of continental tyranny, so our gold standard identity document is the gas bill. The gas bill is a uniquely trusted document, and the obvious choice for a government concerned about fraud. As an aside, if for some reason you do not have a gas bill to attest to your suitability for some purpose or other, you can buy one here for theatrical or novelty use only.
Why is it that the government never ask me about this sort of thing? Since they don’t have an identity infrastructure (local authorities were invited to use the national “Gov.UK Verify” scheme but didn’t) why don’t they use other people’s? I would have thought that for a great majority of the population, especially the more transient and younger portion of the electorate (e.g., my sons) social media would provide a far better means to manage this entitlement. I judge it to be far harder to forge a plausible Facebook profile than a plausible gas bill so if I turn up at the polling station and log in to the Facebook profile for David Birch (if there is a Facebook profile for a David Birch, incidentally, I can assure you that it isn’t me) then they may as well let me vote.
None of this will make the slightest different to the central problem, of course, because the main source of electoral fraud in the UK is not personation at the polling station but fraudulently-completed postal ballots, a situation that led one British judge to call it “a system that would disgrace a banana republic”. Indeed, this is precisely what has been going on in my own dear Woking, where four people were jailed recently for electoral fraud. As far as I can understand it from reading the various reports, including the source reports on electoral fraud in the UK, the main problem is that postal votes are being completed by third parties, sometimes in bulk. No proof of identity is going to make any difference to this and so long as we allow people to continue voting by post I can’t see how the situation will improve because while it is not beyond the wit of man to come up with alternatives to the postal vote, that’s not what is being proposed in the pilot schemes. The government is not currently proposing an app or any other kind of electronic voting here, it is merely proposing to add a rudimentary test of entitlement at the polling station.
When this scheme was originally announced, the minister in charge of voting (Chris Skidmore) was quoted by the BBC as saying that “in many transactions you need a proof of ID” which is not, strictly speaking, true. In almost all transactions that we take part in on a daily basis we are not proving our identity, we are proving that we are authorised to do something whether it is to charge money to a line of credit in a shop, ride a bus or open the door to an office. In these cases we are using ID as a proxy because we don’t have a proper infrastructure in place for allowing us to keep our identities safely under lock and key while we go about our business by presenting credentials where necessary.
What you should really be presenting at the polling station is an anonymised entitlement to vote that you can authenticate to demonstrate your right to use it. It is nobody at the polling station’s business who you are and, in common with many other circumstances, if you are required to present your identity to enable a transaction then we have created another place where identity can be stolen from. So: you turn up in the polling polling station with your smartphone and scan a QR code, an app pops up and asks you for your fingerprint, PIN, face or whatever. Sorted. A list of candidates appears on your screen and you choose and hit “Vote Now”. Your vote is then cast in a cryptographically secure form and you go home happy. You can come back and vote again later on if you change your mind, by the way, because only the last choice will count.
The real solution is not about using gas bills or indeed special-purpose election ID cards, but about introducing a general-purpose National Entitlement Scheme (NES), which I wrote about before (“A Better Class of ID Card” in Prospect, 17th March 2005), but that requires some knowledge of technology and some vision for the future, both of which seem in short supply. We need to obtain some parasitic vitality for such a vital improvement to our national infrastructure and I don’t think voting (or doing taxes, the other usual case study) will cut it. What we need to do is to find some mass market, everyday application of credentials and use that to get the NES underway.
We need to find something that people want to do, where privacy is important, where we need good authentication of individuals, where people will willingly sign up for something that we can then use for other purposes (such as improving the quality of our democracy). The answer is staring us in the face, hence the joke at the beginning: adult services. If we can fix the identity problem for adult services we are simultaneously fixing it for voting and many other things. Now is the time, because the government has passed a law requiring age verification for access to adult services (which I’m sure we would all agree is a good idea) without any idea of how this might happen.
Ofcom’s guidance on age checks for online video content suggest a range of options including from confirmation of credit card ownership and cross-checking a user’s details with information on the electoral register, both of which a terrible ideas that will inevitably lead to disaster because both of them require the adult service provider to know who you are. This means that when they get hacked, as they inevitably will be, the personal details of the customers will be available to all. And, as actually happened in the case of the Ashley Madison hack, people will die. It’s not funny. Whether it is adult web sites, or counselling services, or gay dating, or drug addiction helplines or whatever, where I go online is my business. We need a better solution than some dumb mandate to accelerate identity theft and foist its consequences on everybody.
Now, we already know what to do (that is, to have a functional identity privacy-enhancing infrastructure implemented as a NES) but as yet there’s no sign of it coming into being. Therefore in the shorter term we have to come up with some workable alternative. It seems to me that a rather obvious way forward would be for banks, who have invested zillions in tokenisation services, to issue “John Doe" tokens to customers over 18. So, I can load my Barclays debit card into my Apple / Samsung / Android (* delete where applicable) wallet for free, but for £5 per annum I get an additional Privacy-Enhancing Token (a PET name). This stealth token would have the name of “John Barleycorn” and the address (for AVS purposes) of “Nowhere”.
Now, I can go online to the UK Adult Gateway Service or whatever it ends up being called and use the PET name to obtain an adult passport and pay for services. Suppose I can use this adult passport to go and log in to Lovelies in Leather Trousers (which I only read for the gardening tips). Now:
- Lovelies in Leather Trousers know that I am adult passport “John Barleycorn" and that they can charge to that passport (when they do, Apple Pay pops up on my phone and asks for authorisation).
- When Lovelies in Leather Trousers gets hacked, the hackers find the adult passport John Barleycorn but they can’t use it to find out who I am. Even if they could log in to the Adult Gateway Service, it only knows that I am John Barleycorn and that the token comes from Barclays. Since there are tens of thousands of Barclays PETs with the name John Barleycorn, who cares.
- If the hackers get into Barclays and discover that the particular PET name belongs to me, then Barclays have a far more to worry about than the £100,000 compensation they will be paying me for breaching my privacy.
- Meanwhile, if the adult passport John Barleycorn is used in some criminal activity, the police can simply go to Barclays with a warrant and Barclays will tell them it is me.
Simple. Incidentally, there’s another aspect to all which means that the networks and the banks might want to invest in this kind of infrastructure. Since adult payments are lucrative, and since an effective privacy-enhancing age check would increase the use of such services, and since a tokenised approach would also reduce fraud and chargebacks, there are real incentives for the stakeholders to get out their and put something in place.
I really don’t like the idea of using the payment system as a policeman, but it makes sense as an interim solution until such time as we actually have a working identity infrastructure with pseudonymous virtual identities that can be used for adult transactions, just as they will be used for all other transactions. Once there are a few million people using the NES for adult services, then it becomes much easier to being using the NES for other purposes, such as voting. I can go to the UK Adult Gateway to obtain a porn identity, a gambling identity, a Dungeons & Dragons identity, a comments in the MaiL Online identity and, of course, a voting identity.