We've been watching the introduction of RealMe with some concern. While it appears that they have done some serious thinking around privacy, there are some real issues around unified online identities that have not been sufficiently discussed.
This introductory article talks about what RealMe is and then asks some questions about how it might be used.
What is RealMe?
RealMe is a government sponsored online identification service. In their own words: "RealMe lets you easily and securely prove your identity online, plus access lots of online services with a single username and password."
It's a renamed version of the iGovt scheme originally set up by the Department of Internal Affairs. it's now run by a combination of the Department of Internal Affairs and NZ Post (a state owned enterprise). The major enabling legislation for RealMe is the Electronic Identity Verification Act (2012).
The aim is that your verified RealMe identity will provide enough assurance that you are who you say you are that governments and commercial organisations will be able to provide products and services online that require the most stringent forms of identification such as passports, bank accounts, student loans and so on.
It's of particular appeal to financial institutions because of their new responsibilities to identify who they're dealing with after the passing of the Anti Money Laundering and Countering Financing of Terrorism Act. Both the BNZ and TSB Bank are now using RealMe with others expected to follow. Here's the full list of organisations using it.
At the end of February 2013 there were 853,100 iGovt logins (although some people had more than one).
We've heard that implementing RealMe within an organisation is both complex and expensive. There is a significant amount of software development that the organisation is required to do, plus RealMe does its own testing to ensure that standards have been met.
Ongoing costs are based on the number of transactions (typically new identifications, RealMe is not necessarily involved once the identity of the person is established the first time). RealMe refused to release details of the pricing, claiming it is commercially sensitive.
Privacy and data management.
There's no doubt that the people who created the system did it with the best of intentions and it seems they've taken privacy needs into account. One important point is that two organisations using RealMe can't share data about a person unless the person has explicitly giving them permission to do so.
However, we have to assume that this will not always be the case. It seems highly likely that at some point the IRD will get a law change to enforce access - we all want to make sure people aren't cheating the tax system, right? And it makes sense that companies might start insisting on you sharing information, in the same way that health insurance companies currently demand access to your health records. You can refuse but then they won't provide services to you.
It's also easy enough for the Police, SIS and GCSB to be able to use the powers granted by their respective laws to access any person's information across systems as well.
A digital identity card
It seems clear that RealMe is rapidly becoming a digital identity card. It's already not voluntary for a number of people who want to access some services such as Studylink. As more government departments and commercial organisations start requiring it, having a verified RealMe identity is rapidly going to become a requirement.
NZ and Australia both rejected the idea of a non-digital national identity card in the 1980s. There were significant public campaigns against them and the proposals were defeated. So far there's been no outcry against this new form of digital identity card.
Of course, there were different attitudes then. In those days the very idea of government departments sharing data about people was highly contentious due to fears that the government might snoop too much or would abuse its power. Now data sharing between govt departments is commonplace and expected. RealMe is going to enable more and better data sharing, with increased confidence about the identity of the people they're sharing information about.
But the bigger issue is - what does it mean to have one verified identity that's used for everything?
Do we actually want to use the same identity for dealing with the government, your bank, Trademe and a variety of social media sites? Will there be increasing pressure to use your 'official' identity everywhere? We see advantages in being able to present different faces to people - to the people you work with, your parents, your children, your friends, your community. Is this under threat?
We already know that the world has problems with governments over-surveilling people on the internet. We fear that this surveillance already has a chilling effect on democratic dissent. Will improving it by forcing use of a single identity and further enabling data matching be worth the gains?
What does robust and pervasive online identification enable? How will these services be used in 5, 10 or 20 years time?
For example, one of the big problems with law on the internet is proving just who did something. You can trace a downloaded file to an IP address but you don't know which person there actually did the copyright infringing download. Or maybe you want to find out who anonymously published the suppressed name of the accused in a trial.
A government of the future might look at these problems and decide that internet use should be keyed to your RealMe identity, thus undermining anonymity on the internet. It wouldn't be a trivial task but it's also not impossible and would enable the government of the day to track everything you do on the internet. We don't believe that the government needs this power and we see this level of mass surveillance as a threat to our privacy and our democracy.
RealMe has some real advantages - verified identities will make it easier for people to access government and commercial services online, helping us realise some of the promises of the internet revolution. But we're concerned about measures that increase government power over people and we fear that RealMe might be one of those measures.
Over the next few months we're planning to explore some of the issues around RealMe. In particular, we want to answer the following two questions:
- Is RealMe a threat to our liberty now or in the future?
- If so, how can we mitigate it so that we get the benefits without the costs?
Your ideas and contributions would be welcome.