We’ve been watching the introduction of RealMe with some concern. While it appears that they have done some serious thinking around privacy, there are some real issues around unified online identities that have not been sufficiently discussed.
This introductory article talks about what RealMe is and then asks some questions about how it might be used.
What is RealMe?
RealMe is a government sponsored online identification service. In their own words: “RealMe lets you easily and securely prove your identity online, plus access lots of online services with a single username and password.”
It’s a renamed version of the iGovt scheme originally set up by the Department of Internal Affairs. it’s now run by a combination of the Department of Internal Affairs and NZ Post (a state owned enterprise). The major enabling legislation for RealMe is the Electronic Identity Verification Act (2012).
The aim is that your verified RealMe identity will provide enough assurance that you are who you say you are that governments and commercial organisations will be able to provide products and services online that require the most stringent forms of identification such as passports, bank accounts, student loans and so on.
It’s of particular appeal to financial institutions because of their new responsibilities to identify who they’re dealing with after the passing of the Anti Money Laundering and Countering Financing of Terrorism Act. Both the BNZ and TSB Bank are now using RealMe with others expected to follow. Here’s the full list of organisations using it.
At the end of February 2013 there were 853,100 iGovt logins (although some people had more than one).
Implementing RealMe
We’ve heard that implementing RealMe within an organisation is both complex and expensive. There is a significant amount of software development that the organisation is required to do, plus RealMe does its own testing to ensure that standards have been met.
Ongoing costs are based on the number of transactions (typically new identifications, RealMe is not necessarily involved once the identity of the person is established the first time). RealMe refused to release details of the pricing, claiming it is commercially sensitive.
Privacy and data management.
There’s no doubt that the people who created the system did it with the best of intentions and it seems they’ve taken privacy needs into account. One important point is that two organisations using RealMe can’t share data about a person unless the person has explicitly giving them permission to do so.
However, we have to assume that this will not always be the case. It seems highly likely that at some point the IRD will get a law change to enforce access – we all want to make sure people aren’t cheating the tax system, right? And it makes sense that companies might start insisting on you sharing information, in the same way that health insurance companies currently demand access to your health records. You can refuse but then they won’t provide services to you.
It’s also easy enough for the Police, SIS and GCSB to be able to use the powers granted by their respective laws to access any person’s information across systems as well.
A digital identity card
It seems clear that RealMe is rapidly becoming a digital identity card. It’s already not voluntary for a number of people who want to access some services such as Studylink. As more government departments and commercial organisations start requiring it, having a verified RealMe identity is rapidly going to become a requirement.
NZ and Australia both rejected the idea of a non-digital national identity card in the 1980s. There were significant public campaigns against them and the proposals were defeated. So far there’s been no outcry against this new form of digital identity card.
Of course, there were different attitudes then. In those days the very idea of government departments sharing data about people was highly contentious due to fears that the government might snoop too much or would abuse its power. Now data sharing between govt departments is commonplace and expected. RealMe is going to enable more and better data sharing, with increased confidence about the identity of the people they’re sharing information about.
Unified identity
But the bigger issue is – what does it mean to have one verified identity that’s used for everything?
Do we actually want to use the same identity for dealing with the government, your bank, Trademe and a variety of social media sites? Will there be increasing pressure to use your ‘official’ identity everywhere? We see advantages in being able to present different faces to people – to the people you work with, your parents, your children, your friends, your community. Is this under threat?
We already know that the world has problems with governments over-surveilling people on the internet. We fear that this surveillance already has a chilling effect on democratic dissent. Will improving it by forcing use of a single identity and further enabling data matching be worth the gains?
The future
What does robust and pervasive online identification enable? How will these services be used in 5, 10 or 20 years time?
For example, one of the big problems with law on the internet is proving just who did something. You can trace a downloaded file to an IP address but you don’t know which person there actually did the copyright infringing download. Or maybe you want to find out who anonymously published the suppressed name of the accused in a trial.
A government of the future might look at these problems and decide that internet use should be keyed to your RealMe identity, thus undermining anonymity on the internet. It wouldn’t be a trivial task but it’s also not impossible and would enable the government of the day to track everything you do on the internet. We don’t believe that the government needs this power and we see this level of mass surveillance as a threat to our privacy and our democracy.
Conclusion
RealMe has some real advantages – verified identities will make it easier for people to access government and commercial services online, helping us realise some of the promises of the internet revolution. But we’re concerned about measures that increase government power over people and we fear that RealMe might be one of those measures.
Over the next few months we’re planning to explore some of the issues around RealMe. In particular, we want to answer the following two questions:
- Is RealMe a threat to our liberty now or in the future?
- If so, how can we mitigate it so that we get the benefits without the costs?
Your ideas and contributions would be welcome.
I had an interesting experience renewing my passport recently.
To renew my passport online, I had to create a RealMe — which I could also do online. 100% of the information I needed to complete this process was available on the first page of my passport. (my eye colour is not written on my passport, but they only asked me to -confirm- that! “Are your eyes still blue?”)
I feel that if you gave me the passport of someone who doesn’t yet have a RealMe (or just a photo of the information page!), then I could have their passport cancelled and a new one sent to my address. The only check they could do is to compare the photo I provide with the old one.
Maybe there’s some extra security I didn’t notice.. but it felt like they were erring on the side of convenience.
(once you have a RealMe it’s better, because they text you every time you log in, so the putative identity thief needs your cell phone too)
Realme is useless for anyone born in the United States as birthplace is one of the identifying “indicia”. The US FATCA law was implemented in New Zealand on July 1st which requires NZ banks and financial institutions to search for anyone who has a US birthplace and provide details of all their account information, including balances, to the IRD who will send the information on to the IRS for “processing”.
No one unfortunate enough to have a US birthplace would want to provide it to a bank, which is what Realme would do (I checked using the BNZ site, there is no option NOT to send birthplace).
Yet another reason why NZ citizens who were born in the US are now 2nd class citizens in their own country. If and when the use of Realme is mandatory there will be no hiding place for these people and the brand “property of USA” will be provided to everyone, even if that person has renounced US citizenship.
Hi Thomas, thanks so much for your post and for kicking off this discussion. It was great to meet you at Nethui the other day, and I really enjoyed participating in the enjoyed participating in the ‘Who are you online?’ session.
As general manager for Digital Transformation at the Department of Internal Affairs, it’s my team working on RealMe, so I’m in a good position to address some of your issues.
First and foremost, privacy is at the heart of everything RealMe does. We live and breathe it every day. RealMe is built using Privacy by Design principles. What we mean by that is besides the business agreements, privacy policies, business rules and intent to ensure privacy of the solution, these measures are underpinned by a number of technical privacy controls that form the foundation of the solution.
The way the RealMe login has been built, we’re not even able to identify who has one (or more than one), though I can tell you there are over 1.5 million RealMe logins, and 17,000 people with a RealMe Verified account. The RealMe system cannot release any information to other parties without your explicit consent – this is fundamental to the design along with people needing to opt-in to use their verified identity to access government services,
I know that RealMe isn’t a threat to anyone’s liberty, but of course I’d say that. The Electronic Identity Verification Act 2013 sets the rules for use of the service. Adherence to the legislation isn’t something we take lightly, and independent privacy impact assessments are completed on an ongoing basis to make sure things don’t go off the rails.
“RealMe is going to enable more and better data sharing, with increased confidence about the identity of the people they’re sharing information about”.
That’s exactly our purpose. We believe people will see having a verified identity (that only releases the information they choose to share) as a good thing, such as on serious dating sites or as age verification when purchasing alcohol online.
In regards to future uses of RealMe, I’m much more interested in ways that we can use it to improve people’s interactions with government as they move through various life events. I am also very focused on how everyone can benefit the most from it. I’ll be speaking about RealMe in more depth at this week at Nethui as well as the KANZ Technology Summit and Gather unconference in Auckland and would love to talk to anyone there about their concerns.