Identity Cards and Identity Theft

(and how to rig an opinion poll)

(Click to jump forward to #Identity Theft - the new high-value crime )

Further details of rfid chips that may be embedded into hi-tech identity cards are given on the smart card page together with details of a UK government consultation exercise on microchipped car number plates. Looking further into the future, ULIN technology may soon replace both identity cards and 'smart' numberplates.

Previous pages have highlighted some salient facts about the proposed introduction of identity cards. These will inevitably be made to contain more and more data once they become 'accepted' and one of the purported reasons for their introduction is the prevention of so-called Identity Theft, now rated as one of the top consumer complaints in the USA.

However, as has been shown, government staff in the UK cannot be relied upon either to give data protection the attention it deserves or to respond professionally when shortcomings in their systems are highlighted. This seems especially true at a local level (District and County Councils). Attitudes within the Office of the Information Commissioner likewise do not inspire confidence, despite that the present Commissioner has warned of the dangers of introducing 'benign' Identity Cards and later adding more and more information to them.

Within government, the whole culture of data protection and respect for privacy is sloppy and may remain so despite routine assurances to the contrary. Like most of government, the Departments involved are more geared to ignoring or dismissing criticism than to any desire to improve performance.

In any case, even if local and central government had demonstrated a good record in this area, there are fundamental objections to both name and date of birth appearing on an identity card - simply because these pieces of information are both private and can be used to obtain further information via various computer systems, many of which will continue to exist. Although having an 'identity number' on a card is often seen as somehow repulsive, it offers one route to combine security with privacy, since for all local purposes (banking, electoral registers, library uses, etc) only a number would be needed and there would be no access to the databanks containing links from this anonymous number to 'personal' information. These would be strictly controlled and available for national purposes only.

Anyone seeing an identity number on a library computer screen (for example) would be none the wiser as to any personal details (name, address, date of birth, marital status) of the 'target subject' and would have no means to find out, certainly not via a friend in the local council offices. However, a single piece of data cannot provide the necessary security for a full ID card - see below for problems in the USA. For maximum security you need to be asked many pieces of information about yourself (to prove who you really are) but for protection of privacy few if any should be answered. This conflict is at the heart of why the Data Protection Act has been blamed for helping to facilitate some types of fraud.

There are many websites devoted to identity cards - some are listed below. Few seem to have recognised that even putting the minimum personal information on a card that may need to be 'produced' at a library or supermarket might in itself carry risk of disclosure of personal data in the manner as has been described for credit cards and many types of  library tickets.

It may be noted that the high percentage of people who often say they would have no objection to their name or date of birth on an Identity Card are asked the question in the context of a terrorist attack or some other event where the 'knee-jerk reaction' is to profess agreement with any measure that is purported to help prevent a reoccurrence. Thus, a MORI survey undertaken for the UK newspaper News of the World a few weeks after the 9/11 events in the USA that found a 90%+ acceptance of Identity Cards. If the same people had been asked if they would be in favour of a system that might put personal information into the public domain and that would be useful to third parties in accessing their bank accounts and other personal details, probably about 99% would have objected.

Much of the 'behind the scenes' pressure to introduce ID cards is said to come from the major companies involved in the smart card industry such as Schlumberger Sema and Northrop Grumman, both of which were cited as potential contractors for the UK scheme. In a survey undertaken in September 2003 most people in the UK thought ID cards a 'good idea' but baulked both at paying for them -  a figure of £40 (about $US 65) had been suggested but industry experts consider this too low, and for being compelled to carry them at all times! Publicity in November 2003 suggest that the UK government is planning a softly-softly introduction of cards over maybe a decade, and with several Ministers opposed to the whole idea on grounds of cost, civil liberties and/or practicality and workability. There were major conflicts in early 2006 as the government repeatedly tried to get its ID card bill through the House of Lords.

A new growth industry is fake ID cards - see for example http://www.phidentity.com. However, to order a fake ID card on-line you need a genuine credit card, and they come with the disclaimer that they give the bearer no rights or privileges, and that misuse may be illegal. One of the latest offering is a UK Proof of Age card, for "Just £10!!!" (If you are too young to have a credit card but want a proof of age card, they will take cash or cheque). Because of the ease with which many types of cards can be faked, only the most secure designs would ever be of real use. Both the cards themselves and the central computer systems would be expensive - 2003 estimates for iris scan cards were £40 each, later estimates (of which there were many) ranged to over £100.

Amongst the myths about identity cards (believed by between 60 and 86% of people in the News of the World poll) are that their introduction would

Myth one: identity cards would help to tackle crime.

The vast bulk of crime is not detected or prosecuted because of lack of time, lack of will or lack of resources. Some estimates put the fraction of successfully prosecuted crime as low as 5 or 10%. Often the police have a good idea 'who done it' but they can't be bothered to pursue the matter because the tedious process of collecting evidence and with the prospect of an uncertain conviction simply is not worth the time. In cases of domestic burglary and car crime, fingerprint or DNA evidence is sought only for the serious cases. Scenes of crime staff are simply too busy to bother with the thousands of minor crimes. Should every petty thief be ordered to carry his identity card to the scene of every 'job' and leave it there for the hapless householder to find? Perhaps the punishment for failing to do so would be an extra hour of community service or £5 as an additional fine (a sizeable fraction of fines are never paid anyway and there is insufficient manpower to chase them all up!). How would having ID cards help prosecute either major criminals or 'serial minor offenders' when the Police know full well who they are but can't prove guilt?

There are already in existence vast government databases (such as for National Insurance) and that are supposed to help tackle crimes such as Benefit Fraud. The number of prosecutions is so laughably low and the computer data bases are so leaky, incomplete and/or incorrect that fraudsters know they are unlikely ever to be caught and even if they are, are unlikely to be punished in any meaningful way.

It is known that a vast amount of money is paid out incorrectly in Working Families Tax Credits, and that the system as a whole is open to employer abuse. It is an example of one of Gordon Brown's failings - he cannot resist making systems complicated. The inevitable result, given that proper resources for the implementation of the systems is never provided (for example the computer systems do not work properly) is chaos and fraud.

The UK budget for Social Security in all its forms is around £110 billion (£110,000 million), coincidentally about the same as all the money collected annually in income tax. Fraud is thought to be between 2 and 8%. Despite all the present computer systems, very little is done about this. How would yet another national and inept computer system help? Would it be magically better than all the rest? Or maybe the pressure for implementation comes more from the computer industry, ever eager to sell systems to befuddled Ministers who seek an easy answer to deflect attention from the mess that has resulted from the abject failure of successive governments to address a large and growing problem?

Identity cards would be useless if they were easily forged and only the most secure types would be worth considering. The cost of a basic but 'secure' system based on encoded iris patterns for example has been estimated at between £1.6 billion and £3 billion - cheap when compared with Benefit Fraud but unfortunately unlikely to stem the illicit flow of funds. After all, there is no mystery about the identity of most 'rogue' claimants, they are just people who either claim they are ill when they are not or (for a large number) disabled when they could work if they put their mind to it. Of course, many people claim benefits whilst working. Identity cards would offer no help - the answer lies in vastly better vetting of applicants and stricter penalties enforced in maybe 1000 times as many cases as hitherto. 

Myth two: identity cards would help to prevent terrorist attacks.

The idea here is that aspiring terrorists would be unable to obtain false cards and would therefore be able to be identified and arrested at will. They would (of course) be unable to disappear from view, unlike the vastly more devious and numerous 'vanished' asylum seekers who have failed to evade detection for decades. Many of these have false NI numbers. (A report publicised a few years ago apparently highlighted that the people in charge of NI numbers knew there were perhaps a million 'incorrect or false' numbers in existence. If anyone has a reference to this report, please let me know.) The DVLA database seems equally robust. A recent article in the Daily Telegraph (30 Nov 2002) highlighted the growing problem of people driving while disqualified. It was suggested that one in five vehicle records might be inaccurate, one in 20 cars might not be taxed and up to 10 million vehicles are registered that may no longer exist.

Only when you realise how totally out of control are the present systems, can you begin to question the idea that yet one more ID system will somehow not be able to be circumvented by the very people most able to do so.

Myth three: identity cards would help identify those who were in the country illegally.

If there was any competence being displayed in keeping out the hoards of aspiring immigrants now descending upon UK shores, this idea might have some credibility - except of course until you realise how easily any system can be defeated if there is sufficient money at stake. The trade in migrants world-wide might one day be worth more than the trade in illegal drugs - who knows? If the introduction of hi-tech identity cards had been technically feasible before the drugs trade became wholly out of control they would probably have been suggested as a solution for that too.

In summary, there are only three things wrong with the idea of a universal identity card.

Another point worth making is that professionals in government (and in the media) know exactly how to 'fix' the results of opinion polls. Results produced by any government department or media outlet must therefore always be regarded as suspect. Those produced by some local councils (and councillors) are laughable. Details will be included on this website in due course. Anyone interested in statistics should visit www.statistics.gov.uk. This official site deals primarily with facts about the UK economy and its people. For an independent and non-political view of immigration and associated issues visit www.migrationwatch.co.uk

Other websites on identity cards:

A direct link to the Privacy International page on identity cards is www.privacyinternational.org/issues/idcard/index.html This site has a number of discussion pages that set out the case against identity cards - including that their introduction would be an expensive and probably futile exercise.

An early MORI poll undertaken for the News of the World and showing a huge majority in favour of Identity cards is at http://www.mori.com/polls/2001/notw-id.shtml

A central government (Cabinet Office) site that discusses privacy and data sharing, a report dated 26 Nov 2002: www.cabinet-office.gov.uk/innovation/2002/privacy/report/annex-g.htm gives a useful bibliography whilst the Executive Summary acknowledges the public's distrust of data being too freely available. This is at www.cabinet-office.gov.uk/innovation/2002/privacy/report/01.htm


Identity Theft - the new high-value crime 

Identity theft, where a fraudster takes on the identity of another person usually for financial gain, has become the number one area for consumer complaints about fraud in the USA. A decade ago it was unknown. The problem has arisen in part (or in the main) because of easy availability of personal information on the Internet - details of private lives, credit history, criminal history and much else has been available either free or for sale. The problem now affects an estimated 750,000 people annually and some are forced to change their names and 'make a fresh start' to escape the consequences. Even in the UK it is acknowledged in banking circles that "if someone really sets out to find information on you to steal your identity it is very difficult to stop them". However, most people make it all too easy.

Identity Theft is now the fastest growing form of fraud in the UK - around 40,000 cases a year are reported. This form of crime - stealing the identity of a living person - is becoming more popular because the alternative of using a dead person is becoming more difficult. Also, it is apparently not a crime to steal someone's identity. Only when a fraud is committed is there an arrestable offence.

A recent Experian survey in Nottingham undertaken with the co-operation of the Police and Local Authority has been publicised on the Internet to highlight the most important reasons why you should try and ensure that no-one can find out too much about you. And the richer you are, the more you need to be concerned. Full details may still be available within the FRAUD section of http://www.experian.co.uk  (which is an interesting site in itself).

Experian is one of the largest credit reference agencies, yet has been criticised in the pages of "Times Money" for sending out credit histories of several people to one enquirer - which proves once again the complete faith we can have in computer systems run by humans.

Creating false identities, often to claim State Benefits for dozens of non-existent people is now a growth area of organised crime. The profits are substantial and the risks low. In the USA, where a Social Security Number is for all intents and purposes an Identity Number, identity theft is facilitated by having this one number as an all purpose identifier. If you manage to obtain that, you have most of the information you need to falsify papers. A huge problem has arisen because of sale of numbers via the Internet. In the UK, the equivalent National Insurance Number is not seen as particularly significant item of data (because so many numbers are thought to be false) and NCIS (National Criminal Intelligence Service) have been quoted as arguing that having a single ID number to which people attach credibility makes identity theft easier - which rather defeats one of the arguments for an all purpose ID card.

As usual, governments will muddle through. Civil servants will be kept in work no matter how inept they are or how many years they take to undertake a task that an intelligent person could complete inside a week. Huge computer systems will be paid for even if they do not work properly. We will carry on regardless, not knowing the scale of benefit fraud, not knowing the numbers of illegal immigrants and all the time pretending to ourselves that someone, somewhere, must be in control. It might even be a good thing if they were!

As an indication of the scale of the problem in the USA, a search on Google for "Identity theft" returned 502,000 results. Amongst the best US sites is   the following: http://www.marketingdegree.net/resources/understanding-identity-theft/

A campaigning organisation based originally in San Francisco and active from 1971 is Consumer Action. They produce guide books including one on on-line encryption and use of anonymous remailers. For details see www.consumer-action.org/English/library/privacy_rights/index.php. Not to be outdone, the Christian Science Monitor issues advice also at www.csmonitor.com.

Such is the scale of the billion dollar industry of identity theft that there are literally hundreds of advice lines and websites. All of this nonsense, and all of the crime wave now sweeping the UK could have been prevented by ensuring far tighter guidelines for release of personal data.

For the victims, the cost of restoring (regaining) one's identity can be two years of trouble and £5000 in costs. Victims receive no help from government, as you might expect.

To end on a positive note, the UK Information Commissioner Richard Thomas suggested in 2003 that there needs to be a national debate on retention of personal data. There is increasing unease about the amount that is now collected and the degree with which it is shared between various computer systems. However, according to the Privacy International website, the previous Information Commissioner, Elizabeth France, left saying that "the government had intentionally weakened her office in a manner that is inconsistent both with the principles of open government and with the UK's data protection obligations under European law" (quote taken from Privacy International website). The Controller of another UK 'watchdog' body, the Audit Commission, also expressed concern about the amount of 'pressure' that can be brought to bear by government to influence the work of the Commission. Both these incidents illustrate the degree of 'control freakery' at the heart of the previous labour government under Tony Blair.

In June 2005 a UK company was offering £50 for personal experiences of ID theft. Their website has some further useful information. Try this link: Identity Theft - Earn £50

An update on MSN also appeared on the internet in June 2005. It is reproduced below. The central point is that the security of data is only as good as the integrity of the people who are employed to handle it - no matter what politicians may claim.


ID fraud: UK identities for sale

By Ellen Cresswell:  updated June 23 2005

Personal account details of thousands of UK consumers are on sale by unscrupulous call centre workers in India, potentially leading to serious ID fraud crime.

City of London police have started an investigation after an undercover reporter bought account details of more than 1,000 UK consumers from an Indian call centre worker.

The Sun claimed one of its journalists bought the personal details from an IT worker in Delhi for £3 each. The details included account holders' secret passwords, addresses, phone numbers and passport details.

The centre worker reportedly told the Sun he could sell up to 200,000 account details each month. The paper had a security expert examine the details and they were found to be genuine.

The information could have been used to raid the accounts of victims or to clone credit cards. More than one bank is thought to be affected by the fraud.

ID theft

On average, it takes 500 days – almost 18 months – for an individual to discover their identity has been stolen, according to Experian, the UK's largest credit reference agency.

Identity fraud can seriously damage consumers’ credit records, preventing them from accessing credit they would normally be granted.

Victims of identity fraud can take up to 300 hours to clear their name and put the record straight.

Credit monitoring

Experts recommend keeping regular tabs on your credit report to make sure you don’t become a victim of identity theft.

Your credit report is used by lenders when deciding whether to lend you money, offer a mortgage or issue you with a credit card.

An easy way to check your credit report is to sign up for a free 30-day trial of CreditExpert, an online credit monitoring service from Experian. This service allows you to check your credit report at any time and members are also warned by a weekly e-mail or text message when a significant change, such as a new credit check, is registered on your report.


And still the politicians will say there is no risk to personal data and NHS medical records when all these are computerised!


next page

back to top of section

back to home page