Voter ID the British way

The Prime Minister, Alexander Boris de Pfeffel Johnson, once wrote about ID cards that if he were ever asked to produce one as “evidence that I am who I say I am” that would take it out of his wallet and “physically eat it”. Now, however, he has announced that he intends to introduce mandatory voter ID for elections. Since Britain doesn’t have an ID card, or a functioning digital identity infrastructure, he will thankfully be spared the indignity of eating an ID card (or, presumably, his phone) at the polling station. What’s more, since Britain doesn’t have a problem with voters being impersonated at the polling station in the first place*, it doesn’t matter.

If you are wondering why it is that Britain is about to demand an ID that people do not have in order to solve a problem that does not exist.. well, it’s security theatre that will keep everyone happy. A rigorous ID requirement would be problematic, because a quarter of the British electorate lack either of the principal photo ID documents, a passport or a driving licence. Hence when you go to vote you will produce either some photo ID document (eg, a Portuguese fishing licence or a British passport) that the chap at the polling station cannot conceivable verify (in Britain polling stations are manned by cheerful local volunteers, not ex-Israeli airport security counterfeit document detection experts) or some random non-photo ID document from a peculiarly English assortment of possibilities including your local library card (these are notoriously difficult to forge, of course)

To me this represents a wonderful, pragmatic British compromise — a countermeasure that doesn’t work to a problem that doesn’t exist— that avoids dealing with the real problem: the electoral fraud that does not happen at the polling booth. The main source of such fraud in the UK is not personation at the polling station but fraudulently-completed postal ballots, a situation that led one British judge to call it “a system that would disgrace a banana republic”. As far as I can understand it from reading the various reports, including the source reports on electoral fraud in the UK, the main problem is that postal votes are being completed by third parties, sometimes in bulk. No proof of identity is going to make any difference to this and so long as we allow people to continue voting by post I can’t see how the situation will improve. It is not beyond the wit of man to come up with alternatives to the postal vote. But that’s not what is being proposed. The UK government is not currently proposing an app or any other kind of electronic voting here, it is merely proposing to add a basic test of identity at the ballot box.

(This is a subject of some interest to me. My home town of Woking, one of the few places in England where people have been jailed recently for electoral fraud, was part of the government’s original voter ID pilot scheme which trialled different types of identification, including formal correspondence such as a utilities bill. I should explain here for foreign readers that in the UK we see the British Gas quarterly bill as a uniquely trusted document.)

The real way forward is, of course, not about using gas bills or indeed special-purpose election ID cards only for the purposes of voting, or a national identity scheme that Mr. Johnson dreads, but a general-purpose National Entitlement Scheme (NES). This sort of thing has been put forward for decades by informed industry observers (eg, me) but I think it now has added momentum because of the combination of technological evolution in the field of identification, authentication and (in particular) authorisation as well as the pandemic pressure to manage vaccination certificates and test results. Much as a person should be able to demonstrate that they have been vaccinated without giving away personal details so should be allowed to vote without disclosing their identity.

The key technology enabler here is that of the “verifiable credential” (VC) and the ability to create and present credentials that demonstrate proofs rather than data. This is often explained through the canonical example of proving to a bar that you are over 21 without providing a date of birth or age. As The Economist explained recently, individuals can be identified to (for example) a smartphone app much in the same way as for online banking, authenticated against their smartphone using biometrics and then when seeking entrance to a “COVID-secure” venue the app can respond to the venue’s requests for credentials (such as a valid test certificate) with a simple “yes” or “no” and nothing else. The individual’s name, age, address, the date of their vaccination and the like would not be transmitted from the app.

It seems a pretty small step to present the credential ENTITLED_TO_VOTE using a similar mechanism at the polling station. Or, indeed, anywhere else.

* There was precisely one conviction for “personation” fraud in the UK in 2019.

Signatures, Sergio and standardising the payment experience

According to The Daily Telegraph, “written signatures are dying out amid a digital revolution”. I’m going to miss them. Of course I know that when it comes to making a retail transaction, my signature is utterly unimportant. This is why transactions work perfectly well when I either do not give a signature (for contactless transactions up to £30 in the UK, for example, or for no-signature swipe transactions in the US) or give a completely pointless signature as I do for almost all US transactions.

“Fears are growing that this is potentially leaving people open to the risk of identity theft and fraud as their signatures are more easily imitated.”

From “Traditional signatures are dying out amid digital revolution”.

If I do have to provide a signature, then for security purposes I never give my own signature and for many years have always signed in the name of my favourite South American footballer who plays for Manchester City. Now it turns out that this is sound legal advice, since according to Gary Rycroft, a solicitor at  Joseph A. Jones & Co. it is an increasing problem that people people order things online but sometimes they do not show up so to acknowledge receiving something “I always sign my initials, for example, so I could prove if it wasn’t me” (because, presumably, a criminal would try to fake Gary’s signature).

Untitled

Now the issue of signatures and the general use of them to authenticate customers for credit card transactions in the US has long been a source of amusement and anecdote. I am as guilty as everybody else is using the US retail purchasing experience to poke fun at the infrastructure there (with some justification, since as everybody knows the US is responsible for about a quarter of the world’s card transactions but half of the world’s card fraud) but I’ve also used it to illustrate some more general points about identity and authentication. My old friend Brett King wrote a great piece about signatures a few years ago in which he also made a more general point about authentication mechanisms for the 21st-century, referring to a UN/ICAO commissioned survey on the use of signatures in passports. A number of countries (including the UK) recommended phasing out theme-honoured practice because it was no longer deemed of practical use.

Well, signatures have gone the way of all things. In April, the US schemes stopped requiring signatures.

They were sort of defunct anyway. According to the New York Times, Walmart considers signatures “worthless” and has already stopped recording them on most transactions. Target has stopped using them too. I completely understand why, but to be honest I think I’ll miss signing for purchases in America.

Money 2020 Signature

No more signing Sergio Aquero for US credit card transactions, hello to signing Sergio Aquero for the Amazon lady who calls at my house with monotonous regularity.

If you are interested in the topic of signatures at all, there was a brilliant NPR Planet Money Podcast (Episode number 564) on the topic of signatures for payment card transactions a couple of years ago, in which the presenters asked why were we still using this pointless authentication technique.

Ronald Mann (the Colombia law professor interviewed for the show) noted that card signatures are not really about security at all but about distributing liabilities for fraudulent transactions and called signatures “eccentric relics”, a phrase I love. His point was that the system doesn’t really care whether I sign my transaction Dave Birch or Sergio Aquero: all it cares is that it can send the chargeback the right way (bank or merchant, essentially) when it comes in.

In addition to the law professor, NPR also asked a Talmudic scholar about signatures.

(The Talmud is the written version of the Jewish oral law and the rabbinic commentary on it that was completed in its current form some time in the fifth century. There are two parts to it: the oral law itself, which is known as the Mishnah, and the record of the rabbis arguing about it and what it meant, which is known as the Gemara.)

The scholar made a very interesting point about the use of these eccentric relics when he was talking about the signatures that are attached to the Jewish marriage contract, the Ketubah. He pointed out that it is the signatures of the witnesses that have the critical function, not the signatures of the participants, because of their role in dispute resolution. In the event of dispute, the signatures were used to track down the witnesses so that they can attest as to the ceremony taking place and as to who the participants were. This is echoed in that Telegraph article, where it notes that the use of signatures will continue for important documents such as wills, where a witness is required.

(The NPR show narrator made a good point about this, which is that it might make more sense for the coffee shop to get the signature of the person behind you in the line than yours, since yours is essentially ceremonial whereas the one of the person behind you has that Talmudic forensic function.)

The Talmudic scholar also mentioned in passing that according to the commentaries on the text, the wise men from 20 centuries ago also decided that all transactions deserved the same protection. It doesn’t matter whether it’s a penny or £1000, the transaction should still be witnessed in such a way as to provide the appropriate levels of protection to the participants. Predating PSD2 by some time, the Talmud says that every purchase is important and requires strong authentication.

So, my interpretation of the Talmud is that it is goodbye to contactless and goodbye to stripe and goodbye to chip and PIN and hello to strong authentication (which may be passive or active) and secure elements: we have the prospect of a common payment experience in store, on the web and in-app: you click “pay” and if it’s for a couple of quid the phone will just figure hey it’s you and authenticate, if it’s for a few quid your phone will ask you to confirm and can use your finger or your face and then if it’s for a few million quid you’ll get a callback for voice recognition and a retinal scan. The same purchase experience for everything: the cup of coffee and the pair of shoes and the plane ticket. It turns out that once again we can go back to the future in the design of our next retail payments system.