Customer Due Diligence

Achieving Customer Due Diligence

“The AML/CTF Act covers the financial sector, gambling sector and bullion dealing and any other professionals or businesses that provide particular ‘designated services’. The AML/CTF Act imposes a number of obligations on businesses when they provide these designated services. These obligations include:

  • customer due diligence (identification, verification of identity and ongoing monitoring of transactions)
  • reporting (suspicious matters, threshold transactions and international funds transfer instructions)
  • record keeping and
  • establishing and maintaining AML/CTF program.”

Australian Government, Attorney General’s Department

http://www.ag.gov.au/www/agd/agd.nsf/Page/Anti-money_laundering

The introduction of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) has required that the gaming industry know its customers extremely well. The new risk-based approach has put the onus on gaming operators to determine the probability of “whether providing a designated service to a customer may facilitate money laundering or terrorism financing.”

Conformance to the legislation demands the adoption of a formal program for verification of a customer’s identity. Name, date of birth and/or residential address are stipulated as the minimum proofs required for every customer.

AusRegistrations

AusRegistrations is a Canberra-based service that provides organisations with a simple, low-cost solution to the problem of online identity verification.

AusRegistrations creates a data base of links to a person’s existing electronic associations (i.e. any instance where an individual has identified themselves to an organisation). These associations may include electronic relationships with government authorities, utilities, financial institutions, a local club or any other commercial interest. The common factor in all such associations is that each one involves instances whereby a person has had to prove their identity before the relationship could be acted upon.

Through AusRegistrations a person voluntarily allows specified organisations to access this already-verified identification data. The person may also choose to add biometric data to their records – such as registering their “face” by including an approved photo or recording their voice print. This image or print is then confirmed as belonging to that individual by someone in a position of authority, such as the person’s accountant, tax agent, lawyer, school teacher, lecturer, minister of religion etc.

At all times security measures ensure that the individual – and only the individual – controls access to their complete collection of associations.

The result is the individual’s ability to prove their identity over the telephone or while online.

The system is designed in such a way that a person can be represented in the database once and once only, removing the opportunity for identity fraud. Inbuilt security procedures make identity theft exceedingly difficult.

AusRegistrations conforms to all Australian privacy requirements. It is simple for people to use; it is inexpensive for organisations; and it provides a legally-accepted electronic proof of identity for an individual.

How the system operates

Most people already have some form of electronic identification. At present this identification is kept by the organisation with which the individual has a relationship – for example, the Australian Tax Office.

AusRegistrations provides the individual with a way that only they and the organisation involved can access the information. This then gives the person a means of accessing and sharing certain proven electronic data, such as identification information.

This is done by the person registering their relationship(s) with AusRegistrations, and requesting access to any information the organisation may hold about him or her. Using the ATO example, a person would prove to the ATO, via AusRegistrations, that they have the right of access by supplying information such as their name, address, how they can be contacted, their tax file number and a sequence number from their last tax assessment.
If this is the first time a person has used AusRegistrations to register an association with an organisation, then an “access” AusRegistrations electronic record is established which contains methods that the person can use to prove they have the right to access the information. Initially this might be a simple numeric pin, the person’s voice print, or the possession of a mobile phone, or a combination of all these items.

The person may now register additional associations with other organisations or people as required. For example, if a person has an electronic identity with an organisation such as a bank, then the person identifies themselves in the normal way to the bank and can request that their association with the bank be registered. That is, they log on to the bank system, prove they have access to their other records and prove that the information held about them by other organisations matches the information held by the bank.
For greater versatility, the person may then add and have verified a photograph and/or voice print. This allows the individual to prove their identity regardless of whether transacting online, over the telephone or in person.

Ultimately all associations that a person has with all organisations can be recorded in AusRegistrations, creating a secure, private register. This register is controlled by the individual and holds none of the actual data about the person. Instead it is simply a central record of the right-of-access to a multitude of associations.

AusRegistrations for Organisations who need to conform to the AML/CTF legislation

AusRegistrations can be used to achieve any level of electronic identity verification required by any organisation. For illustration we use online gaming. For gaming organisers AusRegistrations can establish a customer’s identity to an agreed level of authenticity for each type of customer, giving added surety to telephone or online transactions. Every time a customer electronically “signed” to deposit or withdraw money from their account, for example, AusRegistrations would confirm their voice print or online identity.

New customers to online gaming agencies could be referred to AusRegistrations for initial identity verification and registration. Existing customers would also be invited to register, enabling easy electronic signing of all their ongoing transactions.

Using AusRegistrations, every customer’s identity would be confirmed via three separate verified sources:

· address data to be verified using two separate data sources, plus

· proof of date of birth and/or name and address to be provided by a third association.

The last verification can be made using AusRegistrations’ associations where the customer has had a transaction history with the data source for at least three years.

While three separate verifications exceeds the legal requirement, they can be conducted quickly and simply without inconveniencing the customer and will provide additional assurance to the gaming operator.

There are numerous ways in which these verifications can be made once a customer registers with AusRegistrations. Examples include:

  • Name, address and age verification through the Australian Electoral Commission. The customer claims they have a name, an address and are registered to vote. They put this up on AusRegistrations, attaching their voice print to the assertion. AusRegistrations checks the data against the electoral database. Given voting requires a person to be over 18, this process provides confirmation that the individual is of age to participate in gaming.
  • Name and address verification and phone number through the phone book. The customer claims they have a name, and address and a phone number. They put this up on AusRegistrations, attaching their voice print to the assertion. AusRegistrations checks the data against the online white pages.
  • Name, address and age verification through a credit card. The customer asserts their name and address, claiming they have a credit card in that name. They sign the claim with their voice print. With their permission, AusRegistrations takes a random amount of money from their claimed credit card and the customer reports how much money as been taken. Once again, proof of credit card ownership again confirms the customer is over 18 years of age. The money taken can be later credited against another transaction.
  • Name and address confirmation through a bank account. The customer claims to have a bank account. AusRegistrations deposits a small amount of money into the account along with a code that appears on the statement. The person reports the amount, the code and signs with their voice print.
  • Passport verification. A customer asserts they have a passport, discloses certain details from it and signs the assertion with their voice print. They then ask a person who knows them to sign that the details are correct and they have seen the passport. The person who verifies must be known to AusRegistrations, already having been through the verification process.
  • Employer confirmation. The customer asserts they are employed by an employer in a particular role. They ask the employer to sign that they are indeed employed. The person signing for the employer must be verified via AusRegistrations.
  • Educational details. The customer asserts they are enrolled at a tertiary institution and asks the institution through AusRegistrations to verify that they are enrolled or that they have received an award.
  • Other online betting account. The customer states that they have a verified betting account with an online betting agency. They sign the assertion and AusRegistrations checks with the betting agency.

Identity verification through LinkedIn

LinkedIn provides a method for an individual to identify themselves through their associations with others. The individual asserts they have associations registered with LinkedIn. They supply their LinkedIn URL and register it with their voice. AusRegistrations checks these associations and contacts one or more of the associates of the individual independently to verify the identity of the person.

A system to significantly reduce fraud

As stated earlier, a critical factor in reducing fraud is AusRegistrations ability to ensure that there are no duplicate registrations and that a person may only be represented in the database once.

This is achieved using biometrics such as voice prints and photographs when establishing a person’s identity. Whenever such data is included in an AusRegistrations record, it is cross-checked against all others in the system to ensure no duplication. Similarly, when a person registers with an organisation that requires photo identification, the photograph can be cross-matched against all other photos held by the organisation and an automatic alert raised if any two photos appear to be the same. Voice prints may be used in the same way as photographs, bringing even greater security to telephone gaming transactions.
Biometrics aside, the complexity of recording multiple associations means that it is extremely difficult for one person to hold more than one AusRegistrations record. If a person had two distinct sets of registration records then they would need to have the collaboration of many other people in multiple organisations.

Why it is difficult to steal an electronic registration?

For a person to steal an electronic registration requires that they take over all the associations and alert all parties to an association change.

For example, if one person managed to somehow access to another’s registrations, gaining control would still require changing the photo-image and all the different associations. If a photo image is changed, each person or organisation with whom an association has been established is asked to verify that the change is still the same person. Such measures are necessary because as people get older, their images will change or their image may be altered through an accident.

When a person dies, an association is established with the Death Certificate Registry and becomes impossible for the person to change the various associations or act on those associations within AusRegistrations.

With AusRegistrations we establish that the same person, as evidenced by their voice print, has verified relationships with three independent organisations. We also know that this person is highly unlikely to have another identity in AusRegistrations because we check all information and the voice prints to check that this person is unique.
If this person is suspected of laundering money then the surveillance authorities are alerted. Authorities will locate the person using the information established through AusRegistrations; through one or more of the one or more of the relationships established through AusRegistrations; or through one or more of the transactions they perform.
The critical element is that it is one person with a number of relationships and that from those relationships they can be located. They cannot hide or establish other relationships under a different identity.

Privacy-friendly

AusRegistrations conforms to all Australian privacy legislation. A full copy of our Privacy Impact Assessment can be obtained on request, or viewed at http://www.edentiti.com/privacy_policy


rewards for specific social purposes

A Social and Economic role for Special Purpose Currencies

Over the past decade the success of limited or special purpose currencies has been well documented, with frequent flyer and buyer rewards programs proving to be powerful economic tools when used to achieve special purposes such as customer loyalty. A similar, more recent example can be seen in the growth of virtual online gaming currencies such as the QQ coin in China. This article proposes a new, broader role for limited currencies –as a means of encouraging desired behaviours to achieve both social and economic aims.

 

The common factor in all special purpose currencies is that they are created as a means of allowing their users to earn a bonus in return for a desired outcome (such as reaching a certain level of expenditure). They are structured so that they may only be spent in designated ways that encourage loyalty (or repeat business), further benefiting the sponsoring company. Because they are seen to offer additional value, loyalty programs are popular with consumers and can be a very effective marketing tool.

 

With such wide acceptance it is now time to consider adapting the idea, to invent other currencies to encourage and reward behaviours and actions which society believes are worth achieving. By creating these limited use “Rewards” currencies we can ensure that the most economically efficient technologies will be used for the public good. Because the Rewards are currencies rather than commodities they remain easier to control and easier to ensure that the community of users complies with the rules.

Rewards

Rewards are created by depositing regular currency into a backing account and receiving Rewards vouchers or tokens in return. As they are limited, there can be any number of programs offering Rewards at any one time with each program having its own specified social or economic aims, along with its own set of rules relating to earning, distributing and spending the Rewards.

 

All Rewards however will have limitations in that they may only be converted into regular currencies through activities that have been approved as contributing to that currency’s specific aims. The intention is to ensure that all money raised through the program remains dedicated to the program aims and that it cannot be siphoned off into general revenues, or seen as an indirect tax.

Creating Markets with Rewards

Markets can be thought of as a form of evolution. Evolution occurs when we have lots of individuals competing within an environment so the best “solution” to the problem is likely to continue. It’s an example of the survival of the fittest.

When we create a market it requires a variety of things from which we can choose (sellers) so that we as buyers can select the option that best fits our needs. Each buyer may have different needs but the sellers that best satisfy the needs of the most buyers will be most successful.

 

Often the reason we choose one seller over another is not because of price but because of what economists call “externalities” – things that are not measured by price. As an example, the production of energy creates externalities that are difficult to measure by price. One externality would be greenhouse gases but it could also be the changing of the scenery, caused by chopping down a tree or the digging up of some ground. These externalities are difficult to measure using price because they have no readily available value.

The traditional economic solution to these problems is to create a commodity to represent the externality and to set up a mechanism so that it will have a price attached to it. We thus invent water rights or carbon credits and we create a scarcity and rules so that a price is established for the commodity. This price now represents the price of the externality.

 

Unfortunately this approach has problems. The first is that the definition of the commodity tends to be one dimensional, such as carbon credits which represent carbon emissions but not other factors such as the change to scenery or the look and sound of a windmill. Moreover, the commodity we create – because it is an invention – is subject to misuse and manipulation such as over-allocation of water rights or the generation of carbon credits through planting trees then burning them down.

The mechanism that we suggest for Rewards currencies is to create a market in technologies that can reduce the externalities that we are concerned about. At the same time we do not attempt to define a price on the externality because that is almost impossible to achieve. Instead, we create a market by giving people a currency that allows them to make their own choice amongst an artificially limited market. In setting the rules for each special purpose Rewards program, we can narrow the ways in which the currency may be used for, excluding activities or services that are unrelated to the externalities we are trying to address


Thus we do not put a price on an externality but we simply judge whether this technology will influence the externality. We then allow the market free choice in determining which one survives. This is different to the creation of an artificial commodity approach. What we do is to restrict choice to those things that help but we do not define what the solution must be.

 

It is also important to recognise that the artificial commodity market and Rewards market approaches are not exclusive. They will readily co-exist, with Rewards even amplifying the effect of the commodity market if we stipulate that the currency for trading in artificial commodities is the Rewards currency.

Example 1: Greenhouse Gas Reduction

To reduce greenhouse gases in the atmosphere and keep economies working three things are required:


  1. The invention and development of technologies that will save emissions,

  2. A reduction in emissions and

  3. The extraction of greenhouse gases from the atmosphere.


At present technologies for the production of energy but with reduced emissions are more expensive than technologies that produce energy through burning fossil fuels. One approach by governments to overcome this economic disadvantage has been to create a market for carbon emissions by placing a price on carbon, putting a cap on emissions and requiring that organisations pay for their emissions.


Governments have created carbon credit markets by inventing a commodity that measures emissions and then calling the commodity “carbon credits”. Each carbon credit scheme has a set of invented rules governing the generation of carbon credits, the calculation of credits and the policing of the system – all of which are difficult, but not impossible to establish.


The resulting markets restrict the total amount of emissions allowed and make it possible to have activities that create “negative emissions” – activities that either save or reduce emissions, or that remove greenhouse gases from the atmosphere. Any activities creating emissions are required to have permits in the form of carbon credits.

Carbon trading and emissions control are first steps in addressing the problem of greenhouse gases in our atmosphere. It is believed that they will also provide a flow-on benefit by indirectly influencing the development of a market for low-emission technologies.


Now, imagine if we were to magnify the effect of carbon credits through the introduction of a new special purpose currency called Greenhouse Rewards. Thus when an organisation wishes to purchase carbon credits they would first have to deposit money into the Rewards backing account before receiving their Rewards, which they may then use to pay for the carbon credits.


As well as all trade in carbon credits being in Rewards, buyers who purchase goods that create emissions could be required to issue Rewards to themselves. The amount will be set by the government. For example, when a person purchases electricity there will be a surcharge on the price, with the surcharge issued to the purchaser as Greenhouse Rewards. The Rewards have the effect of a tax on carbon but without the political or economic disadvantages of a general tax.

Organisations or individuals receiving Greenhouse Rewards could then convert the Rewards into regular currencies by spending them on activities or items that have been approved as contributing to a reduction in greenhouse gases. These activities could be many things including behavioural changes on the part of citizens, or research into technologies that have the potential to reduce greenhouse gases.


 

The result would be a program that supports the original aims of placing a price and cap on emissions, at the same time as creating a mechanism to direct expenditure into a limited range of activities that extend the benefits of simple carbon trading. Greenhouse Rewards ensure that all revenue through the program is spent on greenhouse-related research, technologies or activities.


In addition, Greenhouse Rewards will create a direct market for greenhouse reduction technologies. There will be many buyers with Rewards just as there will be many sellers of technologies. The buyers will choose the best investment to maximise their economic return from all the available approved technologies. For example, they may choose to invest in research activities that have a low probability of success but a high payout if they do succeed. They may invest in ways to reduce their own production of greenhouse gases through the installation of solar hot water units, through using public transport instead of cars, taking fewer hot showers, or they may invest in a Wind Farm.

Greenhouse Rewards do not reduce the utility of carbon credits or emissions caps but they multiply their effect and will reduce greenhouse emissions by creating a market for greenhouse gas reduction technologies.

 

Example 2: Water Sustainability

People invented the idea of water rights as a tradeable commodity as a way of rationing water. This in turn has raised two main issues: determining how many water rights to issue and who receives them.

 

If we extend the water rights invention a little further to the invention of a new special purpose currency called Water Rewards which is used for transactions related to water rights then we have a way of guaranteeing an increase in the availability of water. It works as follows.

 

When a person buys water rights they pay for it with Water Rewards. Within urban water systems, high consumers would pay more for water and this money would be distributed to low water consumers as Water Rewards2.

 

Water Rewards can be used like a normal currency to buy and sell things but they can only be converted back to real currency after the purchase of approved goods or services such as desalination plants, recycling systems, ways of reducing water wastage, research into better ways to utilise water, systems for better measuring water consumption, reclamation of waterways to slow runoff, ways of reducing evaporation etc.

 

Water Rewards will create a market in water sustainability technologies and their application requires minimal legislative changes. Again, a defining characteristic of the Rewards is that they ensure that any funds assigned for the purpose of increasing sustainability of water supplies will be used for that purpose.

.
A currency of choice

 

The more ways that each program allows Rewards to be spent, the better the market will operate. The more people participating as buyers in the market, the more likely the market will operate efficiently. Because end consumers will attempt to get the best value for themselves from their Rewards it can be expected that the expenditure will be efficient. Rewards in the hands of suppliers are the same as regular currency and so suppliers will treat Rewards as cash.

Unlike rebates and special purpose grants, Rewards will not distort a market because people will always have choice as to where they spend their Rewards.

Rewards offer communities and governments with a way of building on consumers’ existing familiarity with limited currencies to promote and attain social and economic benefits. Using a carrot rather than stick approach, programs can be designed to focus, encourage and reward a target market for achieving desired outcomes. And perhaps most importantly, Rewards address the difficulty of externalities with unknown costs by enabling the currency users themselves to determine the outcome, through their own spending decisions.

2 See http://www.waterrewards.org for a detailed explanation or have your say on the idea at http://www.surveymonkey.com/s.asp?u=799553573429

Broadband Letter to the Editor

Broadband Letter to the Editor

Tony Warren of Telstra (CB Times 5th April) says that the regulator will not let Telstra get a proper price from others to use its copper wire to my home. When my block of land was developed the developer and Telstra put in the copper wire to my home. This cost them a certain amount of money and much of that was included in the price of my block of land. If Telstra does not want the wire then I am happy to buy it back from them at their cost. If we allowed people to buy the copper wires to their homes then Telstra would get money to invest in other things and they would be able to dispose of an asset that they do not think they can get a return on. Once I own the wires then I will sell the right to access my home to the highest bidder. I now own the telephone wires in my own home so it seems reasonable to allow me to own the wires that service my home but are outside the house. If government required Telstra to allow me to buy the wires to my home for the cost to Telstra then perhaps the last mile access problem would be quickly resolved.

Australian Access Card Submission

An inexpensive, privacy friendly, robust, secure system for the production of the proposed Access Cards

Section 1.2 of the draft exposure bill states

1.2 The objective of the access card is to cut the red tape involved in obtaining health and social service benefits, while providing a more convenient, efficient and secure system for delivering such benefits to the Australian community. The card will also be a key mechanism in preventing fraud in the social welfare system.

To achieve this objective every person in Australia who needs a card must be able to easily obtain one. A person must only be able to obtain one valid card and must not be able to obtain multiple cards with different information so that they can purport to have different identities.

The critical factor is to establish a data base of identification information in such a way that a person can be represented in the database once and once only. If a database exists with this property then the production and distribution of tamper-proof cards is a relatively straightforward process.

This proposal presents a method of creating such a data base in a privacy friendly, simple and inexpensive way that builds on existing associations that individuals already have in the community. These associations may include government authorities, utilities, financial institutions, associations or any other commercial interests. Associations are any where an individual identifies themselves to an organisation. Typical examples are becoming a member of a club, opening a bank account, paying income tax.

The approach is not to build a single centralised database but to build a system that allows an individual to be able to link existing records in existing databases in such a way that the individual – and only the individual – controls access to his/her complete collection of associations. If the individual holds control over access and can produce this information as required there is no need to establish a new, separate database for the production of an Access Card. The Access card can be produced from these existing associations as and when required by the individual.

How the system operates

Most people already have many forms of electronic identification. At present this identification is kept with organisations – for example, the ATO. The system envisaged provides an individual with a way that only they and the authority involved can access the information.

This is done by the person registering to be given access to the information held by the organisation. They prove they have the right of access by supplying information to the ATO such as their name, address, how they can be contacted, their tax file number and a sequence number from their last tax assessment.

If this is the first time a person has registered a association with an organisation, then an “access” electronic record is established which contains methods that the person can use to prove they have the right to access the information. Initially this might be a simple numeric pin, or the person’s voice print, or the possession of a mobile phone, or a combination of all these items.

The person may now register additional associations with other organisations or people as required. For example, the person asserts that they have a birth certificate with certain information on it that was registered with a Birth Deaths and Marriages agency. If the birth certificate has not been registered before, it will now be marked as being registered with a notation as to where the registration is held. A person can also assert that they have an association with another person and if the other person agrees with the assertion then it is verified.

If a person has an electronic identity with an organisation like a bank then the person identifies themselves in the normal way to the bank and can request that their association with the bank be registered. That is, they log on to the bank system, prove they have access to their other records and prove that the information held about them by other organisations matches the information held by the bank.

This same process can be carried out by the person for all organisations with whom the person has associations. Once a certain number of associations are established new associations can be automated and may be initiated by the organisations holding records on people.

Ultimately all associations that a person has with all organisations can be recorded in a private place. This “private place” holds none of the data about the person, but it becomes a central record of the right-of-access to a multitude of associations. In effect the record is an electronic access card and it is controlled by the person.

It should be noted that the system gives a practical way for the existing law on privacy to be implemented. The privacy law states that organisations must provide access to information held by them about a person to the person if requested.

Who controls the database of associations

A critical issue for public confidence in the system is the control and operation of the database of associations. If the government controlled it then it would be a defacto Australia Card and so would be unacceptable. If it is controlled by a private organisation then it would suffer the same problem and the public might see it as worse than a government controlled database.

It is suggested that at least one database of associations be run by a not for profit organisation controlled by the individuals who have their electronic identities in the database. This is achieved by the board of the organisation being elected by the verified individuals represented in the database. Electronic Elections would be cheap and inexpensive because of the nature of the system.

There could be many databases run by different organisations and an individual can opt to join whichever databases they wish. The organisaitons running the databases would have to cooperate and an individual could have an identity in each provided the identities were linked. The only other rule to keep the system integrity is that an association can only be recorded once.

Participating organisations would have to agree to a set of conditions on the operation of their systems and would be subject to ongoing independent audits. Non complying organisations and individuals would be subject to criminal charges.

A system to significantly reduce fraud

As stated earlier, a critical factor in reducing fraud will be to establish a data base of identification information in such a way that a person can be represented in the database once and once only.

The complexity of recording multiple associations means that it will be extremely difficult for one person to hold more than one electronic access record. For an individual to have two distinct sets of registration records would require the collaboration of many other people. It would also demand comprehensive physical disguise to ensure any biometric details (e.g. voice recording or photographs) on separate registrations did not cross-match.

If a person had two distinct sets of registration records then they would need to have the collaboration of many other people and they would need to be able to disguise their face so that the two faces in their records are unmatched.

Births and Marriages registrations for example not only register an individual but also the association between parties. Thus when a person is married and the marriage is registered, both parties are registered as married and there is also an association implied between the two parties. When a birth is registered there is an implied association between all members of the family and the extended family. For example if someone tried to register themselves as a person who had died, all the other members of the family would be sent an email that the registration had been made.

When a person registers with an organisation that requires photo identification, the photograph can be cross-matched against all other photos held by the organisation and an automatic alert raised if any two photos appear to be the same. Thus, if a new immigrant tried to create a new identity for study purposes with false but valid documents (for example she uses one foreign passport to enter the country but use a fake one to establish a driver’s license) then the photographs of the person could be matched. Voice prints could also be used in the same way as photographs. This is likely to reveal attempts to create a new identity.

A person can register their “face” by putting in a face into their records, which could then be verified as belonging to that individual by someone such as the person’s accountant, tax agent, lawyer, school teacher, lecturer, minister of religion etc.

If a person records their voice print for verification purposes, matches can be made against suspicious people and if any similarities are found, authorities can be alerted.

Why it is difficult to steal an electronic registration.

For a person to steal an electronic registration they will have to take over all the associations and alert all parties to a association change.
For example if a person managed to somehow gain access to a person’s registrations, to gain control would require changing the photo-image and all the different associations. If a photo-image is changed, each person or organisation with whom a association has been established would be asked to verify that the change is still the same person. This is necessary because as people get older their images will change or their image may be altered through an accident.

When a person dies, an association is established with the Death Certificate Registry and it will be impossible to then change the various associations or act on those associations.

A replacement for up to 17 cards

The proposed system thus meets the primary aim of the Access Card by replacing all existing government services cards. Furthermore, it makes it a simple matter to add new associations with government departments, facilitating an individual’s access to the range of government services that will be required over his or her lifetime. It provides the Government with immense flexibility, allowing the establishment and recording of associations for new, as yet unimagined services simply and easily whenever required.

Not an identity card

As this system builds on existing associations, there is no need for the government to establish a separate database of information. Each person becomes the “owner” of his or her complete collection of access to data. Each government department has access only to the information relating to its specific interactions with the person. No other individual, organisation or authority is authorised, or has the ability, to access a complete individual’s data.

With no single database behind it, the proposed system can not be used as an identity card, thus removing many of the privacy concerns currently surrounding the introduction of an Access Card. An additional benefit to this approach is that it removes the need for a new parliamentary bill.

Are there people who do not have electronic registrations

There are some people in society who do not have existing electronic associations or who have difficulty establishing associations. These people can be accommodated by having others maintain and create electronic associations on their behalf, in just the same way that a power of attorney or guardian currently manages the affairs of someone in their charge.

For example, a person may have Alzheimer’s and have no relatives. In this case a caregiver such as an administrator in a nursing home can take responsibility for the person and act on their behalf. associations can be established with the nursing home, with the Department of Social Security, with other inmates and with old acquaintances.

Similarly children will have associations but a parent or guardian will act on their behalf.

What happens when people act in roles?

Organisations require recognition of roles rather than individuals, such as the positions of director, secretary, bookkeeper, salesperson etc. The approach suggested enables an organisation to give responsibility to individuals to take on those roles and to act for the organisation. A person may also assign someone else to act on their behalf, such as when the person is unavailable for a period of time but wants their affairs to continue.

Why is the system privacy friendly?

The system is privacy friendly because associations are established with a person and not with a number. There is no concept of a universal identifier as suggested for a general purpose ID card.

All associations require the approval of both parties and each association will have a different code typically assigned by the organisation. Thus a person is known by their tax file number to the tax department and by their account number to a financial institution. Other people are known by their name or by their email address. In many cases in the broader market there is no need to identify people by an identifier but by their characteristics. When making a purchase, the purchaser only needs to be able to prove they have the funds. When gambling the person only needs to identify they are over 18 years of age – not who they are.

How can the system help the idea of general purpose Access Card?

A person requiring an Access Card may simply register an association with the Access Card. Following verification of their identity including photo ID or voice print, and verification of their right to be issued with one, the card can be printed and sent to the person through the mail. The card may can then be authorised and activated by the owner the first time it is used.

What will it cost?

The recording of associations will not cost the government any funds except for associations between citizens and different departments. The cost is likely to be of the order of $1 per year per association. As this is much less than the cost of existing methods of recording associations the government will save money.

The only cost will be the cost to produce and distribute cards. The cards can be produced to be usable in ATM machines and other point of sale devices and so the cost of use could be covered by existing systems. The cost of cards will be low because distribution costs will be minimal, as will the activation of cards.

Is it practical and can it be done?

Currently our company is working with a large Telco to produce a demonstration to show how a large government department can get its clients to register and to record their voice prints. Once the voice print has been recorded the client can use it in future interactions with the department (and with any other department that wishes to let the client register with them). The voice print can be used over the phone to prove that a person is who they say they are. The first application is for Call Centre operations. Instead of a person having to identify themselves by providing their birth date, address, secret pin or an answer to a secret question, they simply state their name. There are many other applications of the technology including signing consent forms, signing forms submitted electronically to the department and telling the department of changes of address.

A large bank may also be involved in the demonstration and the demonstration will show how the voice print recorded for one organisation can be used with another organisation, without either organisation being aware that the other is involved – unless the client approves.

The system can operate through phone access only. That is, an individual will be able to prove their identity if they have access to a touch telephone.

The system can be implemented incrementally with government departments joining when they are ready.

The system ensures control of an individual’s information remains with the individual, no matter how many associations are registered. In addition, the use of the voice print as an identifier facilitates the individual’s ability to request that the department or bank supply all information currently held on the individual. This requirement is built into the Privacy Act yet is rarely operated on because the logistics of proving identity are too great.