Tuesday, July 3, 2012

Biometrics "Fix" Identity

Even if there is fraud in the identification process, biometrics can be used to fix a single identity upon an individual.

An article in today's Canberra Times about people smuggling brings home the point.
Despite some unauthorised arrivals' lack of documents, biometric capability is critical. In a few cases, unauthorised boat arrivals will be identified from international databases, particularly through fingerprints. Even if people cannot be identified, the collection of biometric data on arrival provides a basis for anchoring the identity of an unauthorised arrival, so that the Australian community can be confident it is dealing with one person and that further identity-shifting is difficult. It also leaves open the possibility of identification in the future. [Emphasis mine]
One classic use of identity fraud among professional criminals is the use of multiple ID's so as to keep a clean identity and a dirty identity. If possible, all the documents involved are "real" in that even the ID card related to the fabricated identity is issued by the legitimate authority.

When the the professional criminal with his family in the car is pulled over for running a stop sign in his neighborhood by a police man who goes to the same church, he presents his "real" ID. When he's picked up in the course of his job, say 1,500 miles away, with a trunk full of weapons and narcotics, he gives the police the ID containing bogus information.

The arresting officers call the ID authority who created the false ID card. Sure enough, he's in the database. No criminal record. Light sentence for a first offence and he can still go back to his life, get another ID, and go back to work, too.

The same pattern works well with fraud.

Pretty simple, right?

Well, yes — until biometrics.

Once ID issuing authorities institute biometric checks before issuing new ID documents, even a person who lies on their original ID application is stuck with only the one ID.* Further attempts to obtain additional ID's can be detected and investigated. Later claims of a false identity (or lost ID) can be unraveled.

This is something that might have given pause to the person who supplied Mr. Coriander with fingerprints. If he thought the only time those fingerprints could be used for a UID number, he might not have found the joke as funny.

*This applies to discrete ID management system. If ID databases aren't linked, it may be possible to maintain different identities in different databases.