To start with full identity is embodied in your flesh and blood, and cloning you would not be considered acceptable. Therefore if your identity is abstracted to a pile of scrap paper, it should be considered unacceptable to copy such documents, and unacceptable for information to be retrieved from those documents and stored.
The only acceptable copy and store of such information is the original register of record when the documents were created.
Documents may need to be sighted, but they should never leave your sight or be touched or handled by others. You want to be certain that the document you walk away with is the exact same document you arrived with. You should not want any kind of document swapping, copying or scanning to take place.
Mobile Phone Apps
You should not view mobile phone apps as convenient and cool. Just point phone camera at drivers licence and get identity verified is not cool, it is irresponsible and foolish. The drivers licence is not an identity card its only purpose is traffic control, if not dealing with a traffic control issue then no one has a right to see your drivers licence or record your licence number.
National Identity Number and ID Card
During the 1970's the Australian population voted against national identity numbers, and the introduction of a national photographic identity card. I'm not sure whether it was an actual referendum or preliminary survey which indicated no point to a referendum: but the dominate view reported on the news was against the idea.
So tax file numbers became attached to just about everything financial, and identity cards covertly introduced by way of the states introducing photographic drivers licences. And whilst the drivers licence explicitly states for no other purpose other than traffic control it is increasingly being used as a general identity card. Those without a drivers licence then find themselves at a disadvantage. Though the vast majority of the identification requirements are unnecessary.
 |
| Back of Drivers Licence |
PAYPAL
A few years back Paypal requested I send them digital copies of my identity documents to verify identity, as it was a requirement imposed by the tax office. I refused, I still have my paypal accounts (personal and business). Amongst other things I pointed out that they had already verified my bank account, credit card, and I had already done the identity check in person at the bank, and therefore why does such linked facility require additional identity check. I also declared that they did not have a right to a digital copy of my identity documents and that receipt of a digital copy was not confirmation of identity.
TAX OFFICE AND MYGOVID
Then a few years later the tax office introduces this MyGovID garbage. This mobile phone app, is apparently defective, and people are complaining that their documents are not getting verified, and the response is typicallly that they need to submit pristine copies of the identity documents. The MyGovID app is not compatible with all phones, so to use people would need to get a new mobile phone.
At the time I checked out an accountants forum, expecting that this app to be criticised as a seriously defective concept. Instead these idiot accountants were arguing about looking after clients best interests and updating mobile phone to get latest and greatest security fixes. If these imbeciles were truly concerned about their clients privacy and security, they wouldn't be jumping on the bandwagon of the latest piece of mobile phone junk. Instead they would put brain in gear and avoid using mobile phone junk. Software which is updated, daily, weekly, monthly and yearly is poorly written junk, it is not minimum viable product (MVP), and the security updates are a joke. The software is typically written using bloated libraries, and that bloat of unnecessary features makes it both a privacy and security hazard.
MYGOVID : DEFECTIVE IN CONCEPT
But putting the defective software aside, the MyGOVID concept itself is defective. First it is only available on google play, where only people who are able to download and use can comment. So no opportunity to criticise the concept: this is completely unacceptable for software imposed by the government. This is not optional software, there is no alternative.
No one, absolutely no one, should be providing a digital copy or even paper copy of their identify documents to any organisation, not even under the coercive cloud of tax office powers. Using your mobile phone may be convenient, but it is not proof of identity.
All the digital copies uploaded elsewhere can be stolen and used to create false identities, as only digital copies are being used for verification. I should imagine a criminal organisation would only need to hack one mobile phone, to create a device which bypasses the camera, and injects a digital image into camera memory. The sim cards are used to identify the caller, and these can be replaced as needed to create as many identities are desired from the one phone.
PAST PROOF OF IDENTITY
In the past, identity documents were photocopied using A4 black and white (B&W) photocopiers, the DSS/CES for example took such copies and then stamped in red ink with the word "COPY" and the current date, these were then signed by the agent processing the information. It seemed innocent and acceptable, but why did they need the copy? Well the past indicates that such employees can be corrupted, and so the B&W copy was token evidence that something resembling an identity document had been seen.
PHOTOCOPIERS AND MEMORY
However, sometime during the 1980/1990's colour A3 photocopiers with collation memory were introduced. Few people understood the advanced collation features of the copiers and also little actual need for such features. Corruptible employees used the collation memory to store copies of identity documents then after hours printed off replica documents. The situation became worst when, the photocopiers became combined, copiers, printers and scanners attached to computer networks and desktop publishing software. Now they went beyond cloning to more fully forging documents. Then came wireless networking.
So by the 1990's it was no longer sensible to trust identity documents anywhere near a photocopier. Problem is that the number of organisations required to conduct identity checks increased, and the number of people wanting to copy identity documents increased, and everyone seems to have nonchalantly and compliantly fallen into line, allowing such copying. Yet we should have opposed from the beginning.
VERIFYING VERSUS COPYING IDENTITY
Not one of these organisations has any reason or need to hold a copy or record information from your identity documents. There should be no copies of the documents or copies of the information floating around anywhere.
Verification of identity is a process, and is transient. It basically requires checking transient data against a read only database. A database which cannot be copied. So search data can be passed to the database, be checked and discarded. The only data stored being the response from the register which has been checked. The register keeping track of all enquiries made and the source of such enquiry. So the only data being permitted to be recorded is with the original register of such information.
The only information any organisation should need to store is your name and address and the unique client number they assign to you. Most organisations don't even need this information, they just need to check one piece of data to make a decision. For example check age to allow into a venue, who you are is irrelevant. For other situations, the organisation simply assigns an identity number to you, and again who you are is irrelevant. So no name, rank and serial number requirements : all that is relevant is the serial number. Think about that, we are being imposed on to provide more information than a soldier would be required to supply during war.
Now take the directors ID, what value is it? I didn't need one last year, and I doubt it will be any use next year or any time in the future. I'm also fairly certain that the tax office will be held accountable in a few years time for making it easier to masquerade as a director, as they have turned complex identity into a simple number which can be easily stolen. But not to worry because the tax office puts the burden of protecting this worthless and dangerous number on the people they assign the number too. Ok! So have a responsibility to protect identity, no problem. So Dear Tax Office you are not getting copies of my identity documents: verify identity yes, receive a copy of my identity, no #$@!% way.
EXAMPLE SITUATIONS
So you go to the bank to open a new bank account or to the post office to organise a passport. So what happens? You need the 100 point identity check. Two major identity documents are Australian birth certificate or Australian citizenship certificate. Obviously if taking out Australian citizenship don't have such certificate nor Australian birth certificate, however expect department responsible for this to be capable of processing foreign birth certificates.
Now the bank should not need a copy of your identity document, nor need to record information from it. Your account is opened based on a name and current address. There are thus two bits of data to verify: the name and the current address. The address can be verified by visiting the address and talking to the person inside the house, not someone in the garden. The name is part verified by sighting identity documents: such as birth certificate and citizenship certificates. However additionally a collection of documents with their name and address also gives some evidence to their use of such name and address: a problem if they have recently moved however. Changing address seems to be a problem. But again address can be verified by visiting the address.
Now passports are a problem because the Australian Post Office doesn't do anything other than take a photo, collect copies and pass onto the appropriate government department. So it maybe seems reasonable to provide copies, however it is not. Again the primary issue is to verify use of name and address.
The Tax office doesn't trust email, or paper post, but seems to believe telephones are secure, and that the piece of electronic junk that is a mobile phone is exceptionally secure.
I recollect during the 1970's the government indicated it would decentralise and make services more local, instead it centralised everything at the end of a telephone in another state, and for all we know these days it could be outsourced to another country entirely. The car, telephones and internet are putting services more and more distant, and thus generating a need for remote identification.
BUYING MOBILE PHONES
To buy a mobile phone in Australia you need to provide a name and address, for the most part this is for on going billing purposes. Not everyone has a personal mobile phone, nor do they have a desire for one, it is therefore unacceptable to create systems dependent on such electronic junk. Further more I don't recollect a requirement for a 100 point ID check to buy a phone, so a mobile phone number is not a verified identity. I do recollect opposition to the idea that retailers should become responsible for such identity checks, before selling phones. So I believe no such system has been implemented.
Secondly if buying a phone with prepaid credit, why do you need to provide name and address? There is no on going billing, and simply a number on the network. Do we care who is using the number? For the most part the answer should be no, there is no public telephone directory for mobile phones as there is with landlines. Mobile phone numbers seem to be more private than private landlines: though doesn't stop unwanted phone calls from salespeople and scammers on either.
Also whilst some people do not have mobile phones, others have more than one mobile phone. Further whilst some people seem to think they need 24 hour access to the world and always have their phone on, others switch their phones off and do not consider it acceptable for others to have 24 hour access to their life. Needing to switch a mobile phone on for two factor authentication is annoying.
However using a mobile phone is probably more convenient than a separate device for identity checks. But if the mobile phone is to be used for identity check, then the identity of the user needs to be verified and that is a problem.
THE OPTUS BREACH
Just back tracking. As I indicated earlier, the population voted against national identity number and identity card. This same population has adopted mobile phones for just about everything. They have essentially accepted a national and international identity number. The phones have camera's and gps tracking. People plaster their faces and activities all over social networks. Someone asks for identity check and they go cool phone app and give their identity away.
The most concerning issue with the Optus data breach isn't that the servers were hacked and that data was stolen, the real issue is the number of people who were so willing to give data to organisations in the first place. To organisations which had no need or right to collect or store such data. The only organisation which needs to know your drivers license number is the government department which issued the licence and responsible for traffic control. The only organisations which need to know your Medicare number is the government department which issued the number and the organisations providing health services. These organisations have an on going use for the number.
Other organisations do not need to record these numbers or store them, all they need do is use to confirm your name. In the main this can be achieved by sighting the document. Taking a photo with phone camera is not sighting the document. Giving the number over the phone is not sighting the document.
If all that is required is to give numbers over the phone, then anyone who has collected the information, is able to masquerade and use the identities they have collected. Which is why it is acceptable for them to sight the document but not copy or record information from the document.
IN PERSON
So want to do things remotely over the phone or the internet or maybe even in person. Say change bank details. So go into a bank to change details of existing bank account. To do that need details of the bank account, which could be stolen from a letter box. The real owner therefore won't have the most recent communications from the bank, but they should have plenty of previous communications. Changing the name of the account would require 100 point ID check on new identity, changing the address would require verifying the new address. Again visiting the address is preferable, but admittedly they may not want to travel 150km to do so.
Now a change of address likely results in a change of landline, whilst email addresses and mobile phone numbers are likely to remain unchanged. Addresses, email addresses and phone numbers are for the purposes of communication, so passing these onto people wish to communicate with is not a major issue. Using these numbers and addresses for security purposes is thus not sensible. However there is potential to use communication channels to check that the person seeking the change is actually present in the office or is actually elsewhere.
If the request to make a change is by post, email or phone, then a response can be to check other channels of communication and request visit the office. Again travelling 150km is not desirable for either client or supplier. Therefore need to rely on the channels of communication.
CHANNELS OF COMMUNICATION
Now the channels of communication are a problem because they can be intercepted or redirected, on the other hand websites and email can be provided with some protection, via SSL. In the main however websites are protected by SSL, and I hazard a guess if SSL is used for email it is only on one side of the communication namely the supplier. So websites and browsers the preferred approach.
GOVID CONCEPT
So MyGov versus MyGovID. So MyGov is not considered secure. But why not? So anyone can create an account with any organisation, using any unique name. So say we have website GOVID, we create an account user name disenchanted2023. We now have a user name and a password to connect to an account, the account has no information attached to it. We provide a phone number for 2 factor authentication. We further make use of something like Symantec VIP access to go from 2 factor to multifactor authentication. So hopefully only the person who created the account has access to the account.
But as far as the computer system is concerned we are a nonentity, a nobody a nothing. But this nobody would find it difficult to exist within the nation without having interacted with some government department. So birth certificates, citizenship certificates, immigration visas and passports just to name a few documents at entry to the nation, and then there are tax file numbers.
So want to link tax account to the nobody account, so all really need is the tax file number as the tax file has all the associated information. But anyone could have the tax file number. On the other hand we don't want to waste time keep typing the same information into the system. So we setup the account with relevant information: name and address. To link to the tax account, the tax file number is provided to access and check, but not saved, and the other information is also checked against the tax account. If verified then the tax account has the potential to be linked to the nobody account but such is not automatic. Additional questions can be generated from the tax accounts which the user maybe able to check using their past communications with the tax office, such as returns. After this verification still not connected, it is simply pending.
The user goes through this process with various other state and federal government departments, with all the accounts left pending. All these accounts being verified against the same name and address details registered in the nobody account, that is they weren't changed between linking accounts. With 3 or more pending accounts all the accounts are checked once again in one batch to confirm all are based on the same name and address details. As each is verified, identification progresses, when all are verified then each accounts accepts verification of identity and all accounts are connected.
The basic accounts being, concerned with register of births and deaths, register of migration and citizenship, tax office, electoral register and Medicare. No information from these registers is stored in the nobody account, but all the registers have a record of the nobody account accessing and searching the register. Once the accounts are verified and linked, then the nobody account is a somebody account. From this point on other accounts can be added based on the already verified identity: which may include checking all existing and new accounts as a batch.
TAX OFFICE AND COMPUTERS
For the tax office to scrap the computer based Auskey and replace solely with a piece of junk which only works on a mobile phone is not acceptable. Mobile phones are poor computing devices, whilst they can run accounting software, it is unlikely to be acceptable for book-keepers and accountants to spend all day working on a mobile phone: they will do their real work with a computer having a decent sized screen and keyboard. Whilst the phone is only being used for registration and log in purposes, it is questionable as to why the system is not also available via computer. If computers lack security then that suggests we should be doing the work on the phone, and I've already suggested that mobile phones are an unsuitable piece of junk. {NB: May have noticed I hate phones and I really hate mobile phones. Mobile phones are not personal computers and are barely programmable to suit the users needs, and the operating system is generally a hindrance to accessing the phones content. The software on phones is typically bloated and poorly written: junk.}
As for hi-tech nonsense: biometrics, such as facial recognition, finger prints, voice prints. So your face has to be scanned and compared against something right. The something is stored data. Is it sensible to allow such data to be stored everywhere and anywhere? I suggest not. However, assuming that the data is stored on the mobile phone and only your face can unlock the phone, then maybe the data is secure, if you exclude future access to the data from concept of security. Personally if I can't access my own data then its not secure, and anything which poses an hindrance to such future access is not acceptable.
Any case the security features are used to access the phone, and then the phone is used to access other services. The other services are only concerned with their own access codes, do not make use of biometrics of store any other unnecessary and unacceptable data on their systems.
So newer phones have enhanced security features and encryption, whilst anyone can potentially access a computer at work as not all businesses create user accounts. But not all phone users enable available protections on their mobile phone. So phones are no more secure than computers. So use a computer to access the government services, but log on identity verified by the users mobile phone. Seems reasonable but why does the initial identity verification need to occur using a mobile phone, with a piece of junk software which only operates on the newest phones? I will hazard a guess it does not have anything to do with security. It is purely do do with incompetents using bloated software libraries which only operate on the newest phones. The bloat is a security hazard. If they, the developers, could actually program then the bloat would disappear, and the software would operate on vastly more systems, would be faster and likely more secure. {NB: Consider security updates are mainly patches to block things which shouldn't be there in the first place. With real security update software would get smaller and smaller until it only comprises of the code for the task at hand, no surplus code for capability not apparent to the user.}
There is thus need to verify identity without copying or recording of such identity information. It should also be possible to do so without something as expensive as a mobile phone and also without the on going expense of operating such mobile phone. The tax office believes MYGOVID acceptable because cheap mobile phones available for the purpose. So business can get new phones for the purpose. But this neglects the cost of operating the phone solely for the purpose of tax office needs. People have no need to update their mobile phones. Sure new phones have more features, supposedly improved capability and improved security, with increasingly different user interfaces (UI) which serve no benefit over the UI that you already have and likely provide a more irritating user experience (UX). Also people are not buying new phones because they want new phones, but because their current phone made inoperable by the software developers keep automatically pushing increasingly bloated updates. Create addiction, dependency, make a product like water which your life depends on, keep them hooked into buying again and again.
So cheap mobile phone and service, which solely has the purpose of a security device is not cheap enough. Whilst replacement for actual phone, is too expensive. Further why is my phone suitable for 2 factor authentication with every other organisation, but not the tax office? I'd want my bank account more secure than dealings with the tax office. To me the annual tax returns are a waste of time for employees: either you paid the right tax during the year or you didn't. If didn't then adjust and bring into alignment next year. For business, either do tax annually or more frequently, with computers it is potentially possible daily. Tax office systems seem obsolete immediately they are implemented.
PRIVACY AND SECURITY
The government and society have now had some thirty years to find a way of verifying identity with out the need to copy identity.
As indicated above in the past it was apparent that people assessing identities, may lie about the validity of identity information or having sighted identity documents. So taking a black and white photocopy of identity documents providing token evidence of having sighted a document resembling an identity document was adopted. So the person doing the assessment gets a defence, but such copying poses a hazard to the owner of the identity. This hazard was realised when colour photocopiers with collation memory introduced, and started being used to copy identity documents. Copying identity documents should have stopped.
But simply preventing copying documents is not enough. No information should be collected from identity documents and stored. If identity is to be abstracted to a pile of scrap paper, then that scrap paper needs to be protected. If identity is to be abstracted to a chunk of data, then that chunk of data needs to be protected. We need to retain sovereignty over our identities.
Now identity cards were opposed in the first instance because it gave impressions of a police state and restrictions on doing anything. The current problem is that there are already restrictions and identity is becoming increasingly easy to steal.
But a major part of the problem is that the 100 point identity check involves organisations across the country collecting and storing identities, when there is no need to. These identity stores provide a source of identity information which can be stolen. No need to steal from the owners address, can steal from any organisation.
The legal requirement is to verify your identity not take a copy of your identity. Verification does not require a copy of your identity. However the next problem is that the organisations need evidence that they have verified identities.
ORGANISATIONS NEED EVIDENCE OF IDENTITY CHECKS
It is imposed on various organisations that they conduct identity checks on customers, and further that they have proof of identity checks. They transform this need for proof into a need to copy identities. This copying of identities poses a hazard to the legitimate use of such identity.
So lets do this with paper. Fill a form in with information to search a given register. No carbon copy or other copy is taken of this form. It has a tear off strips which identifies the unique number of the form, these tear off strips are sent to various people, the purported owner of the identity gets one, the organisation keeps one.
One is sent to the government department with the register, the register is checked. Another tear off strip is returned with the response: reject or accept. The government department keeps the form, which only contains information the department already has. The other organisation has token evidence of having made an identity check. Every receipt can be verified with the associated government department. The transmission slip could be faked, but not interested in transmission, only that the transmitted data was verified or rejected. With paper this is likely to take a few weeks. With a computer a few seconds to minutes.
Now the problem is who filled the form in? It would be preferable that only the person needing their identity verified fill the form in and posts them off to the departments with the appropriate registers. So the organisation with need to verify identity never sees the identity information. They just receive slips with the accept or rejection of the register check.
So essentially a person requests the keepers of the registers to send verification tokens to the organisations seeking verification of their identity. The keepers of the records keep a record of the requests. So information is only passed to organisations which already have such information. As it is paper based, all postage is by registered mail and secure courier. Special envelopes can be used for the purpose, resulting in the mail being handled by a more secure system than normal post.
This can all be made faster with computer systems and encrypted data, and no other person ever needs to see any of the data.
PEOPLE IN UNIFORMS, WITH LICENCES OR ID CARDS
The vast majority of us have no need to carry out identity checks on anyone, our primary concern isn't who someone is, but if they genuinely represent the organisation they purport to represent.
Say a person with a builders licence for example. So you are expecting to employ a licensed builder, they give you their business card and it has a licence number on in. In the past if you had a phone and knew who to phone you could check the licence number and who it was assigned to. But how do you know the person before you is that person. For the most part probably don't care, because if anything goes wrong, the only issue of matter is the person before you. That is the person you need to find, the person you need to track, the person to be made accountable. For the most part that would just involve visiting their business premises, confirming others in the business are aware of your project, and contract. If they work from home, then may be need to confirm their home address. If they are a mobile service and have a vehicle then can get their vehicle registration number. Information as necessary to track the person, if there is a possibility they take your money and not provide the goods and services. Since contract should be based on work done and progress payments, there shouldn't be a problem. So don't care if they have a licence or not, and if concerned about the quality of their work, then split project into small steps with low cost, and put them on probation, and increase the size of the steps when satisfied they are capable. {NB: As I've said else where licences are worthless and make false claims}
Now people in uniform. Generally we trust people in uniforms: police, fire brigade, ambulance personnel, soldiers, other defence force personnel, nurses. But our trust is really with the uniform and the authority of the organisation they represent, not the person. So again don't really care who they are, but that they genuinely represent the organisation they purport to represent.
Problem is most likely we will buckle at the knees and our spines turn to jelly, when confronted by a person in authority. Depending on how they exercise their power and authority. If they annoy and irritate us, then our knees will straighten and spines turn to steel. Authority becomes irrelevant and only power matters. The distinct between power and authority is important, in most organisations it is the informal power structures which determine decisions and actions, not the formal authority. For example a person may have the authority to sack someone, but they don't have the power to do so. A person or group may not have the authority to dismiss someone, but they may have the power to force them out. So not only does responsibility have to be backed by the authority to complete required actions, but also the real power to do so. It's where a lot of promotions go wrong, because the person promoted doesn't have any real power. Authority comes from the organisation, power is with the person.
So a member of the police turns up. The first thing is not to be scared of questioning them, they're just ordinary people in uniform. For the most part you will not have the power to keep them out off your home, if required they will have turned up with all the resources necessary to force entry. If they are criminals they will also have the power to force entry. If they are genuine then they won't mind the delay and won't mind the questions, and no power will need to be exercised by anyone.
The police have a uniform and a number on that uniform. All of which can be faked. Plains clothes may have a warrant card, badge or something, again it can be faked. However they supposedly come from a police station. So you can phone and check with that police station, which requires you know the number of the police station.
Of course uniforms, numbers and warrant cards can be stolen and telephone calls can be intercepted. For most of us no one is going to go to that much trouble. Secondly your local police station may only have one person, or one person who is changed on a regular basis. In such situation need to know the police station responsible for assignments to the local station. Or better hopefully there is a transition period where the old and new do the rounds of the local area and the new is introduced. This doesn't require introduction to everyone, mostly just businesses in the area. So then have an independent check on who the local police constable is. So there are some people we expect to be known locally and to have local knowledge. Which is a problem because the typical Australian police constable on the beat is sat in a car and is known to no one.
So do photographic identity cards help? Lots of organisations seem to issue identity cards to their employees, especially those doing door to door sales, or have need to visit your home. So the people who check you gas, electricity and water meters, these days are likely to have photographic identity cards. Though given that for the most part you never really see them, it doesn't really matter. But if there is a situation where they do need to go into your house to read meters, you can view the card of who is supposedly visiting. I believe that builders licensing these days also involves photographic identity cards.
Now information on an identity card should be public, therefore should not allow employer to place unnecessary information on such card. You have to show such card, and the person viewing the card should be permitted to record the information. The card therefore has to be relevant to the task at hand. A photographic drivers licence is not acceptable form of identification for water meter readers, as not concerned with traffic control issues and therefore the parties to a transaction have no need to know the drivers licence number or any other information which may be on a drivers licence. The identity card should just be relevant to the task, the name and/or employee number of the employee and the organisation they represent with contact details for the organisation (including a physical address).
Having matched a face to the identity card that is not proof of anything. It doesn't work for international passports, so why would it work for anything else. An organisation having received a pristine digital copy of your identity document, for example drivers licence, how difficult would it be to replace your photo with theirs, and otherwise forge a drivers licence in your name? There would be no point stealing all this identity information, if there wasn't a market for fake identities and if it was impossible to produce a reasonable forgery of identity documents.
CONCLUSION
On the one hand identity data is nothing, on the other hand a large number of useless organisations with useless people turn this useless data into something. Think about it: a loan is taken out in your name with out your consent: how? The only time the bank turns up at your address is to throw you out. I would suggest the bank is negligent if it didn't visit your address in the first place, before granting you the loan {refer above}. May consider the bank doesn't care as its your house they are going to get and it is probably worth more than the loan. Then again when they turn up to take your house, they have to prove you are the one who took out the loan, that you gained the benefit of the loan. Chances are they cannot so prove. Therefore it should be important for them to properly check that they can recover the money from the person they are actually conducting a transaction with: not some useless name, but the actual flesh and blood individual.
Our faces are already plastered all over security camera's in supermarkets, so may be should permit our photo's to be used for identity purposes. In other words, we don't care what your name is, just that this face entered this store and conducted business. For most businesses, this is routine, and the record and facial recognition is in human memory, as flawed as that may be. For other situations, like the bank, this face has this customer number, and this customer purports this address. Go check if the face is at the address.
It may not help with online transactions, but which transactions should be permitted online without person to person interaction. It should be noted that telephone transactions are also flawed and should be limited in scope.
As for photo's well you don't want your photo used on an identity card, which isn't yours, but then what use is such? More important that you identity card is not modified and and the photo replaced by someone else's. Real issue for photos, is don't want your photo attached to activity which is not your activity. So plastering your photo all over the internet is not a good idea: and that includes putting you photo on LinkedIn: a foreign website, subject to foreign laws.
Putting your photo on a resume is also not a good idea: the business can take a photo once you are an employee, they have no need for one before hand. Whilst it may help for them to know who you are when you turn up for an interview the majority of the time you won't get an interview, nor will you know what the employer looks like.
Another issue is employers increasing requests for police checks in their job advertisements. If the employer doesn't trust you, don't trust the employer or any of their employees. If you have to provide a police check to them, then they should provide their police checks to you. This isn't about situation where there is a legal requirement for police checks. If there is a legal requirement, then assumption is that all employees and the people you are dealing with have had a police check: and therefore assumption is they can be trusted. No! I'm referring to foolish employers demanding police checks when no legal requirement for such, and no real value in such.
This is not a police state. People are innocent until proven guilty. People are trusted until proven untrustworthy.
Notes:
- As far as I remember here in Australia, in grade 7, it was the British English we were taught. But if search the internet it seems South Australian business and government either doesn't know how to spell or simply adopted: licence, licencing, licenced.
- Licence vs. License—Spelling Rules
- What Is the Difference between "Licence" and "License"?
References & Further Reading
- Identity crime and misuse in Australia
- What is identity crime?
- IDENTITY THEFT AUSTRALIA LAWS AND PENALTIES
- Identity theft
- IS LYING ON YOUR TAX RETURNS A CRIME?
- The Most Unbelievable Identity Theft Stories of All Time
- Verify your identity
- Director identification number
- “Bring on the fine”: Business leaders see red over Director ID application bugs
- Brisbane man jailed for identity theft and income tax fraud
- ‘Reasonable expectation’: ATO explains myGovID change
- ATO slammed over ‘soul-destroying’ fraud allegations
Related Posts
Revisions:
[4/2/2023] : Original/Draft
[5/2/2023] : described more situations, and added references
