Thursday, April 13, 2023

COPYING IDENTITY DOCUMENTS IS NOT A VERIFICATION PROCESS

I have an issue with the general copying and collecting of identity data passed off as an identity verification process, by all businesses (eg. Paypal, banks, Certsy), and especially government departments such as the Australian Tax Office (ATO), and Centrelink. The reference to its a tax office requirement could also be considered and coercion or abusive use of power. The ATO is potentially responsible for all data breaches such as the Optus breach.

Centrelink Identity Check

After an heart attack in 2018 I was advised to seek a health concession card, centrelink required my identity documents be submitted, this could be done via MyGov. I reluctantly and unwillingly submitted via MyGov, I submitted "everything but the kitchen sink", the response was not enough information. It currently indicates there is no history of my ever submitting documents. I don't trust them. As far as my memory goes, sometime back in the 1980/1990's the DSS/CES introduced A3 colour photocopiers with collation memory, that collation memory was used by corrupt employees, after hours, to produce passable replica's. This copying activity should have stopped back in the 1990's, instead it seems to have increased.

Traditional Copying

My understanding is that attempting to copy official documents issued by the government whilst not itself illegal the potential use of the documents in a fraudulent manner is illegal. The original A4 black and white (B&W) copies taken by DSS/CES, stamped in red ink with the word "COPY" , dated and signed by the representative of the DSS/CES who witnessed the original, was acceptable, as originals need be sighted and the B&W copy was not passable as an original. The copy, basically being taken because employees not trusted and the copy is token evidence of having seen something resembling an identity document.

Copying Technology

However, once copying technology had reached the stage of being able to produce passable replica's the copying of identity documents should have ceased, that is some time around the 1990's. Instead today pristine digital copies, which can be used to produce passable replica's, are being littered all over the place. {AI technology detecting fakes is irrelevant}

Paypal

Around 2 years prior to the ATO introducing MyGovID, Paypal requested digital copies of my identity documents, indicating it was a tax office requirement. I refused to provide, and provided them with explanation why and informing about the traditional B&W copies. I also explained they had already verified my account through my linked bank account, which already required a 100 point ID check in person, to get. They indicated they would verify my identity by other means. I still have two Paypal accounts, though the business account I'm not certain is fully operational, but I have little use for it, so not overly concerned at the moment. {I did have a few dollars seemingly trapped in the account, but I have recently transferred.}

ATO Secure Access

The ATO introduced MyGovID and discarded Auskey. As the application is not compatible with my phone, and to me a mobile phone is a useless piece of electronic junk running poorly written bloated software, its only purpose is spoken conversation, I have no intention of updating it simply to use as a security key. Consequently I lost access to the ATO business portal and processes became inefficient as now I need to operate via an accountant. Apparently accountants, financial advisers and tax agents are not very responsible as they appear to have mindlessly complied and verified their identities with MyGovID. Needing to use a smart phone as an over priced security key, is irritating but something I could ignore and detour around.

Though lost faith in accountants ability to act in the best interests of their clients. On an accountants forum all the accountants seemed to  be concerned about was updating the phone, the cost of the phone, and the security features of the phone, no thought of how the phone is used. It seems anything on a mobile phone is seen as "cool!" and convenient, rather than stupid and irresponsible.

Smart Phones and Software

The need to use a mobile phone in conjunction with a computer is getting to be annoying. Quite frankly I have little use for a phone, and consider it an unnecessary expense and have little intention of replacing when my current phone stops working. It spends the majority of the time switched off. I like computers, but I hate phones of all descriptions. When I got a smart phone, I thought it had potential as a portable computing device, it has however never demonstrated any value as a computer. Not the least of which there is generally only one way to get software onto the device. The constraints imposed by Google and Apple are unacceptable. A smart phone should be a personal computing device, and not require software from a public repository, nor require software be placed in such public repository.

The constraints on the public repositories operated by Google and Apple is the one major reason why the ATO MyGovID application is not acceptable, since if it is not compatible with your phone and cannot be installed then google play will not permit comment. But MyGovID is an imposed piece of software by a government department and its very concept and nature is flawed and needs to be discussed, criticised and interrogated, and has little to do with whether the software does or does not work. To a certain extent the ATO covertly introduced this infringement of rights: theft of data from other departments which they would otherwise not be granted access to. Copying documents is not verification.

There are other means of multifactor authentication with out need of a smart phone: such as googles backup code numbers and symantec vip access, and usb security keys.

ATO Directors ID

Then the ATO introduced the Directors ID, this requires MyGovID to "verify" identity. Now I cannot avoid  the issue. There was a voice phone option, so I was willing but reluctant to go along. I tried the phone option, and got an extension of time as phones busy. There's a telling clue. I eventually get through, and over the phone they failed to verify my identity, But they did collect data from my citizenship certificate: suspicious. Which all seems likely an highly defective process, since it suggests only need data from the document, which could come from anywhere. As failed to confirm over the phone I was sent letters requesting I send certified copies.

Copying Identity Documents & Exchange of Data

I am not placing my identity documents anywhere near a photocopier, scanner, or camera. The only scanner acceptable to me is that operated by the department which issued the documents, and only with respect to the purpose for which the document was issued. The only exchange of data acceptable to me is with the department which issued the document.

Legitimate Access to Data

The various government departments do not share data,. If the ATO had a legitimate reason for such data then they would have it already. They do not have legitimate reason for the data, and they are not getting it from me.

Verification Process

This verification of identity process is total nonsense. They are copying identities they are not confirming or verifying anything. They are simply building repositories of identity data ripe for harvesting and thus contributing to the theft of identity. {eg. Optus breach}

The 100 point ID check does not require copying or sighting any of the specified documents. Furthermore possessing the documents is not proof of anything useful. Whilst sighting of the documents by persons not involved with the intended purpose of such documents is also not proof of anything useful.

AI Technology

Customs and immigration using AI technology to detect fake passports at border crossings is a reasonable use of AI technology. This is because fake passports along with corrupt employees diminishes the value of the passport and interferes with its proper purpose. The department/s which issued and otherwise employ the document are doing the checks to fulfill the proper purpose of the document. Consequently their activity does not interfere with the proper use of the document.

Furthermore given the number of people processed daily, it is unlikely they would waste resources storing the scans long term, and have little need to do so, as they already hold the information which is on the passports they issued. They really only need to keep a check on arrivals and departures, in each direction, and keep for a short time afterwards, and only data about suspicious persons retained for longer periods.

Other organisations scanning the document is not acceptable.We have no control over their use of the digital image generated, and they do not otherwise hold the data on the document, and have no "right" to such data. The digital image generated has potential for use in producing fake documents and therefore interferes with, and hinders, the proper use of the document.

The proper use of a drivers licence is traffic control, the police scanning it for such purpose is acceptable, anyone else scanning it is unacceptable as hinders the proper use of the document. It is also to be noted that data cannot be public facing and private at the same time. During an accident the required exchange of information is likely to occur via the use of a drivers licence, the information is therefore public facing. As the data on a drivers licence is public facing it is no value for confirmation of identity over the telephone. Copying the licence with a smart phones camera is not a transient observation and is not acceptable.

Identity Cards

 If other organisations have issues with identity then they should issue their own identity cards, and security keys, to suit their purposes, not hinder the proper use of those cards issued by others.

Tax Office

If the ATO is not happy with tax file numbers (TFN) attached to just about everything, and wants a photographic identity card then it should issue one. Or simply issue a card similar to the Medicare card, with TFN on it.. Instead of useless piece of scrap paper with TFN on it.

Identity Checking

So the ATO is not in the business of identity checking. In which case why was it permitted to introduce MyGovID? Other businesses for which the 100 point identity check has been imposed are also not in the business of identity checking.

National Identity Cards

As I recollect back in the 1970's the population opposed the introduction of national identity numbers and photographic identity cards. The government got around this by having the TFN assocaited with various customer accounts with coercion of increased tax if do not do so. The state governments introduced photographic drivers licences, with explicit disclaimer on them that for traffic control purposes.

Smart Phones

It was clearly apparent with the introduction of mobile phones, that an alternative national and international ID number had been introduced (the phones number), followed by GPS tracking and audio/video surveillance of a person becoming possible. But this is not simply an invasion of privacy, it places the security and uniqueness of a persons identity at risk. All this abstraction of identity is not the person. {Biometrics is just another abstraction, and 3D printers are liable to make that unreliable.}

Secure Identity

So we need secure identity and we need an organisation to trust to create and secure such identity. But at the same time we do not want national identity cards. The issue is that certain information should be private and confidential to certain organisations and should not be shared by anyone. Only name and address are public facing: with an hopeful expectation we can find a person with the given name at the associated address inside the main dwelling.

So the 100 point ID check, and MyGovID are all hazards to the security of individuals unique identity, rather than safeguarding identity, the processes currently employed are defective and contributing to the theft of identity and these defective processes need to be stopped. That includes terminating the use of MyGovID for identity checking, its use as a security key is another matter. Similarly it is unacceptable for justices of the peace to provide certified copies. Copying is not acceptable.



Related Posts

Revisions:
[(13/04/2023)] : Original