I have a few ideas about
identity management. The mobile money laundering
article begins with a premise about Brittany a 'personal entertainer' (my description), who uses electronic payments to collect fees from her clients and to make her purchases because they are allegedly more anonymous than cash.
Well I'm not too sure about that. I would have thought Brittany would be a strictly cash sort of girl, or otherwise have a legitimate front like most professionals. Some simple ID procedures would make it more difficult do otherwise.
Money laundering is however common, and illegal and I'm not going to begin to suggest how to fix it all, although I'd suggest any payment provider made sure they had a good handle on the issue. It is often in the realm of fraud and some fraud prevention
mechanisms help to stifle such practices.
The Real Problem - IDENTITY
The weakness which enables so much fraud and criminality is in the way we carry out identity verification and management. We are all worse off because of it.
The 'know your customer' obligation on FI's is supposed to reduce fraud, and after all, money-laundering is usually defrauding someone, perhaps the tax man for instance, and this goes part of the way to make it harder.
Sure we could use our mobile and transfer some money by SMS, a protocol which flies around in open text and right through the
CALEA machine hooked into the phone system and already available to everyone from the local UK council to the FBI. There has been much comment on the viability of searching and sifting these sorts of records continuously to detect criminal or undesired
behaviour. Originally available after gaining a warrant targeting an individual or group, it is now used to chase terrorists, child pornographers and drug dealers with limited success. Mostly this is like trying to cure the symptom rather than the disease.
Do we really need to squander resources sifting endless information trying to spot a crime?
I suppose a call or message could be 'encrypted'. That wouldn't attract attention either, would it? Just like those guys with their scrambler phones, they may as well put flashing lights and targets on their foreheads. Its a simple matter to 'quiz' the phone
system to look for that sort of thing.
Many countries require a mobile phone subscriber to identify themself when they activate a SIM. That process is currently flawed. A slightly different approach would see more effective accountability.
The right approach would link your identity to your life in real-time but include the controls to empower you to decide when, and to whom, that information is provided. Anywhere it is unnecessary by law, and the objective can be achieved without revealing
your data, it would become a matter of your personal choice as to what you reveal and to whom.
Individuals want to protect their identity and governments have a responsibility to empower them to do it.
Back to the mobile, simply.
I can call Harry and ask him pick up some money from Bob. I am using a mobile, but Bob has a land-line and although Harry has a phone, he lives next to Bob, so he'll just pop over. It's all too confusing. Am I laundering money?
Imagine 'monitoring' and trying to understand the nature of every call and communication. Ridiculous. I can send messages to anyone using my mobile without law enforcement ever knowing and make it impossible to understand my communication even if they did,
even with CALEA.
There are a multitude of ways to launder money, probably many a lot easier than using mobile money. Most countries now have laws requiring transaction reporting, and limits on transactions and even running totals. I can't imagine any sensible transaction
provider designing their system without taking these and potential future legal obligations into account.
Do we have to stop everyone using new technology is case they work out a way to incorporate it into a crime?
A better approach might be to make everyone use their mobile in any process where they want to protect their identity. Let them prove they have an identity, without always revealing the details. A mobile system need not rely on both parties having a mobile.
Stopping the rest of us using mobile transactions just because someone might use one in the commission of a crime is absurd.
IDENTITY - if 'fixed', it will help fix it.
Only a carefully designed mobile system enabling a broad range of interactions founded on identity will reduce fraud, money laundering and ID theft.
Governments are stuck in the 1950's with paper and cards when it comes to interacting with citizens. Banks and merchants hamstring their own security and waste millions of man-hours clinging to numbers and personal data.
Current practice makes it easy for the criminals to steal your money, your peace and your rights - along with your ID and your credit rating.
It also gives them the opportunity to defraud plenty of money to launder. Why would we go back to paper and cards? Will we all suddenly start writing letters on paper and posting them again? Unlikely, even ridiculous. We are in the 21st century and we must
go forward with the times.
Governments need to act to provide tangible benefits to citizens, empowering individuals and giving them rights, privileges, safety and security, even anonymity - in exchange for their willing participation in a better, more fair and effective global identity
management system.
I believe an authenticator 'beyond governments' but equally open to all, is the only solution which can empower citizens to protect themselves and their rights to peace and privacy. It would also give the governments the mechanism to more easily and efficiently
protect their citizens.
The key issue is trust.
In the recent historic election in the US, almost half of the voters (a quarter of the people) voted against the incoming President. That is their right. They may be Republicans and not trust Democrats. In some countries a religious majority control government
while a large minority might have many opposing views and not trust that government.
I am, therefore I have a right to my identity.
If we have an identity, it cannot be taken away at the whim of any government. Even wrongdoers have their identity, and we need them to have ID to make our system work, and be fair.
We need an international non-aligned independent identity provider with no other purpose than to enable trust between identities, no matter where they are and for any purpose.
A central identity authentication provider with no identity details of any person, yet able to provide two parties interacting with the guarantee that there exists a 'pointer' to a real identity, somewhere, and that pointer must belong to the real identity
of the person interacting.
Banks can play a part, but it is not core business for a bank, however ID is essential infrastructure for everyone, not just banks and existing identity management can be incorporated into a new solution and strengthened by it.
ID can also help improve the web experience, preserve anonymity and enable many new services, even revolutionise the way we interact.
If you had to leave a 'pointer' to your identity when you began your web journey it would be easier to manage who went where, like letting kids into chat-rooms rather than fake-kid predators. If when you logged on to a site, there was a 'pointer' to your
real identity (which even the site could not 'translate') to ensure that you are accountable for your actions, and law enforcement could, if you do something bad, track you down quickly - but only after following mandated legal procedures.
Who is the Stig?
On a micro scale, Driver Stig is stopped at a police licensing checkpoint. He has done nothing wrong, it is merely a random stop and they're stopping everyone in the street. Policeman Bobby needs to know if Driver Stig is licensed.
Who knows? The 'Licensing Authority' knows, (at least some licensing authority knows), they also know Stig's real name and address, date of birth, driver's license number and even when his license expires.
Does Policeman Bobby need to know Driver Stig's name? Of course not. Unless you cling to something that can be stolen, borrowed, forged, cloned, or otherwise mis-used. Using cards and paper and plastic licenses, then Policeman Bobby will waste valuable
time sifting through paperwork and trying to match Stig to his identity (Stig's time too).
Surely Policeman Bobby only needs to know that the driver he is checking is actually licensed to drive (in this case the Stig).
If Stig can signal the Licensing Authority to confirm to Policeman Bobby that he is licensed, all that is left for Bobby to do is to wish the Stig a nice day.
The same principle applies when Stig signs on to his driving blog. All he has to do is get someone he trusts to signal to the site that he's the Stig.
Similarly when the Stig stops at the petrol station and fills up, the 'petrolier' doesn't need to know the Stig's real name, he just has to be confident that someone somewhere is going to (happily) pay for the Stig's purchases. Ditto when the Stig goes into
a shop and makes a purchase, the merchant really only requires confidence that they are going to be paid.
ID is Empowerment
Identity is something we own for our lifetime and we have a right to control it, share it, or 'privatise' it and secure it. Most humans live longer than governments or political movements and identity outlasts Democrats, Republicans, Conservatives, Liberals,
Communists and Dictators. It is time we acted like it.
If any system is designed to be open to mis-use , it will be mis-used.
There are countless occasions we can recall where information has been unnecessarily used, recorded, stolen or lost and been misused. There are occasions where persons have mis-used information gained in their official capacity. Accountability is a great
deterent, and the right mechanism can make everyone accountable and safer with more anonymity, yet leave an indelible trail of our interactions. There would be a record of the Stig and Bobby's interaction, but no-one will ever even know he was stopped, unless
of course he goes missing immediately after, then we can check with Bobby in an instant.
Law enforcement is in the same position as everyone else and if they aren't up to speed, they need to be engaging technologists before the fact rather than complaining afterwards, because there is no going backwards. Adaptation is a continuous imperative.
There is one reason cards will not do - it is un-equal.
If you don't have the reader or access to the ID database, then you'll likely become a victim of the person in control of your ID.
A mobile solution can provide equality in identity, and as such - it will be.
How much is it worth to us to fix ID?
In the race to 'protect' us, some have lost sight of the real goal, and actually undermined our welfare with the 'solution' meant to protect us.
We've wasted resources and time and just made the risk worse. We deserve it to be easy, and we deserve something that works, for everyone. If the answer also means wasting less of Policeman Bobby's and the Stig's time then we are all likely to be better
off for it.
The savings we could make will dwarf the bail-outs.The productivity gains will reduce gross domestic costs and improve GDP for every nation. It is essential infrastructure for the 21st century.
QUALITY OF LIFE WILL BE BETTER.
Now is the time to do it.
The 21st century would be a good time to start reclaiming our identity, being proud of our individual identities and claiming the rights we deserved to have cemented to that identity.
It will require a little give and take, I envision a way where there'll be plenty of added benefits and fewer risks.
One thing is for sure, the process must be transparent and equal, exposed to debate and review, and when it is in place
there'll only be one you.
How much would it cost and how long would it take?
Just like HSBC have found by investing in updating their information systems, ID too, can pay for itself as the roll-out progresses.
How long? 2-3 years to see the world covered if the G20 were committed.
We are in the 21st century and there's no going back. ID can empower us to catch up and to go forward. It's time.