Identity revisited

I have long had it in for the name change approach favoured by many of our largest and supposedly most respected organisations. Not just because it is discriminatory toward specific groups – of which women are far and away the largest: but because the approach does not make sense in terms of any form of security.

In fact, as a once-upon-a-time IT consultant, it’s the latter that irritates the most: banks, building societies and the rest pompously declaring that we MUST conform to their procedures because “its da law”, or even, “its to protect you”…when in fact it is not the first and does not remotely achieve the second.

Finally, though, a breakthrough may be happening.

Before we get to that, let’s look at some of the ways we check personal identity – by which i mean: “prove” that the person i am dealing with is the same person, irrespective of the name they want to be known by.

Personal assertion

First up is personal assertion. The law is straightforward: there is no such thing as a “legal name” (not according to Home Office lawyers i spoke to a couple of years back).
My name is Smith. Or Jones. Or Cholmondley-Featherstonehaugh! And when i change my name, i just tell you. No law is broken unless i am doing this for the express purpose of obtaining some sort of “pecuniary advantage”.

Not a brilliant strategy in today’s online/call-centre dominated world…but perfectly sensible in any environment where you are personally known to the individuals you are dealing with. Also a reason why demanding documentation of a name change in, say, the workplace, is often both daft and offensive.

(Its also pretty daft when about the only thing someone wishes to do is to pay a bill, or maintain an account for a non-essential service).

Here i am: this is my name. And unless you think i just got cloned, to deny that is just disrespectful.

Assertion by document

Of course, the gold standard for many organisations is to demand a document. The favoured four are marriage or divorce certificates, deed poll or statutory declaration. A fifth candidate, of which more later, is the Statement of Truth, accepted by a few organisations, including the Land Registry.

On the surface, our FF have the advantage of being underwritten at some level by a third party.

Except the first two are, officially, NOT supposed to be used to confirm identity (many marriage certs even say that in big bold letters): deed poll can be run off any pc and witnessed by someone you have never met in your life before. And a stat dec is little better: it merely requires the payment of money to a lawyer of some stripe to confirm what you are asserting.

A Statement of Truth** is assertion, pure and simple, in accordance with a particular form of words. On the surface, it is less useful than the FF. However, it is accepted by the Land Registry and, in conjunction with a decent process, is worth more than a second look.

Data continuity

A much better way of demonstrating consistent identity following a name change, is to show documents which contain unchanging detail matched to changed name. National Insurance number is a good candidate although lawyers seem muddled on this one. Certainly, i have found some legal bods claiming this use of NI No is not permitted.

Though by whom, i am unsure. Perhaps it is another of those data protection myths.
Other obvious candidates for demonstrating name change in this way include tax reference and tax UTR’s (apologies for getting a tad techy).

Also, i guess, a signature: banks and other major organisations still, happily, accept the transfer of major amounts of money on the back of a simple signature which, if you think about it, is one of the easiest things in the world to forge.

Which also raises questions about how genuine is their commitment to security.

Biological identity

Finger prints, ear lobe prints, retinal scans. You name it, there is scarcely a part of our bodies that cannot be called into service to prove you are today the same person you were yesterday. This is a good way of confirming continuing identity. Except it is expensive, not perfect, and in our Big Brother aware society not likely to be universally welcomed.
Problems? Not every method is equally good. Iris scanning, briefly favoured by the last government, turned out to be very poor with older persons.

Then there are all manner of ways to spoof the scanner. Let’s ignore, for now, the Dan Brown nonsense that involves cutting out an individual’s eyeball and presenting it to a scanner (would that actually work?): there are, as every spy nerd knows, ways of copying fingerprints from coffee cups. For enough benefit, it seems likely that someone somewhere will find ways to spoof bio identity systems.

Password and confirmation processes

All of which brings us back to where most organisations are already. If we want to remove large sums of money from existing bank accounts, all we need is to apply the security details (password, memorable information and so on) that we hold on that account.

Following a recent house sale, Lloyds bank happily allowed me to transfer a significant five-figure sum from an old mortgage account still maintained in an old name into an account held at another bank in my “proper” name. (For those wondering…the old name remained, because the hassle and expense of shifting a mortgage i knew i was going to clear into a new name for a short period of time totally outweighed the benefit of so doing).

Where is the logic in this? I can happily move large sums of money around the interweb by using my existing security details, but i can’t amend my name or address details (making the likelihood of identity fraud significantly greater) unless i present them with documents that assert a name change, yet are essentially insecure.

The other alternative, taking me back to the Statement of Truth, is to simply assert the new name. Insecure? Not exactly: because what the Land Registry then did, on receipt of the Statement of Truth, was to write to me in my OLD name at my registered address asking old me to confirm that they were now new me. On that basis, they amended ownership of a property worth significantly more than five figures.

Of course there are ways round such a process: but cheats exist for EVERY process. And anyone who thinks this approach is easier to fool than falsifying a deed poll is not thinking with their brain.

The bottom line

Organisations continue to demand the FF because it provides them with a comfort blanket and arse-cover. When challenged about the discriminatory nature of their approach, they mouth “security”. The time really has come for us to stop accepting such mythologising.

Current practice is not secure. It is disrespectful and in some cases has caused genuine grief. So its gauntlet time. I am happy to argue the toss on security in any court with any organisation. I cannot believe that any judge could any longer seriously agree that existing processes are “necessary” because security.

jane

** There is a link in this document to a form of Statement of Truth used by myself with the Land Registry. I am offering no legal advice and suggest if you are interested in this approach, you take independent advice. The key point is that such a form of words could easily be adopted by most major organisations: the thing that matters is the process used to substantiate the assertion. Not the form of the assertion.

About janefae

On my way from here to there
This entry was posted in Uncategorized and tagged , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s