About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Opening for business | Main | It was great until the users showed up »

Cheering on ID cards

By Dave Birch posted Nov 28 2008 at 7:47 PM

[Dave Birch] One my favourite recent identity stories was the one about the woman who assumed her daughter's identity to attend school so that she could fulfill her dream of graduating and being a cheerleader.

A 33-year-old woman stole her daughter's identity to attend high school and join the cheerleading squad, according to a criminal complaint filed against the woman.

[From The Associated Press: Mom allegedly uses daughter's ID to be cheerleader]

It's a shame that there won't be any more stories like this once ID cards are widespread. In the U.K., students are one of the target groups for the government's launch of its national identity card, so no more 16-18 year old "getting served in pubs" or "masquerading as a cheerleader" high jinks for them. But hold on a minute. If this woman could fool the school well enough to obtain a false identity as her own daughter, then wouldn't she be able to fool staff at the Identity & Passport Service (IPS) just as well? She'd sail through the rigorous interview (since she'd have no problem answering questions about her daughter's date of birth and such like) and then get a biometric ID card: cheerleader dreams still on. It's not as if it's impossible to fool government employees who, after all, are just people like us (except with better pensions).

The Home Office admits that nearly 5,400 fraudulent passports were probably issued last year alone. For the previous year the figure was 10,000. The DVLA admits that "tens of thousands" of its licences are suspect. The Guardian has been told that there may be around 100,000 "duplicate" driving licences in the system and nearly as many fictitious passports.

[From Up to 200,000 ID documents may be false | Money | The Guardian]

I wonder if the government will have to bring forward some kind of DNA testing in order to establish family relationships or to rule out this kind of personation. That set me to wondering just how close the woman's DNA would be to her daughter's, and then I remembered reading about a new DNA service that opens up the possibility of finding out.

If you've ever wanted to know just exactly how much DNA you share with your ridiculously tall brother or doppelganger best friend, you'll soon be able to find out. 23andMe, a personal genomics startup in Mountain View, CA, is about to unveil a new social-networking service that allows customers to compare their DNA. The company hopes that the new offering will encourage consumers to get DNA testing, potentially creating a novel research resource in the process.

[From Technology Review: Social Networking Hits the Genome]

I love the idea of social networking that includes sharing genetic information as well as fave pop bands (perhaps the power of the Internet will reveal a connection -- sorry, I just don't have a Robbie Williams gene), a sort of Facebook meets Dr. Moreau.

DNA tomfoolery aside, a general problem with identity schemes is that once someone has obtained a valid identity, then they are "inside the wire". In other words, once the woman has fooled the school or IPS to obtain some form of identity then that identity is never re-verified. If she goes to the cheerleader clothing store and presents her cheerleading club card, she gets the discount. The store has no way of verifying the circumstances under which the card was issued even if they are able to verify the validity of the card (which they can't). The only way to get round this is to make it possible for the shop, school or general public to verify the credential that is being put forward and the practical way of doing this, as far as I can see, is to use the only half-way secure device that members of the public have with them as a matter of course, which means in practice the SIM card in a mobile phone. Then, if the credential has been securely verified, the legal liability is transferred from the "relying party" back to the credential issuer. In these circumstances, the credential issuer would find that high value credentials would be worth re-checking whereas low value credentials would be insured away.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]


TrackBack URL for this entry:

Listed below are links to weblogs that reference Cheering on ID cards:


The comments to this entry are closed.