by Orlan Lee*
“Identity Proofing” is a commercial database search product recently adopted by the US Department of Homeland Security (DHS), other government agencies, and commercial entities, paradoxically, to verify the identity of the holder of identity documents. Clearly, in the security world, tracking has greater appeal than hard copy credentials. No matter the photo IDs and documents with embossed seals, the system relies on confirming our knowledge of database entries: present and former home addresses, present and former employers, details of financial credit experience, names of personal associates, and what the latter say about the person the system has their eye on. If, when “quizzed” about these things, your answers match the contents of your file, you may convince the inquiring IdP client that you are the rightful holder of your ID docs. Without a warrant, even the police could not seize all your personal information in the United States. Of course, nothing can stop you from consenting to provide it. Presumably, you have also consented, sometime, somewhere, for all this to be already available in a commercial file.
Rarely do we see an industry leader—here a developer of prime “identity proofing” products—also admit that a hidden weakness may lie anywhere along the chain of data collection, entry, search, recovery, or solutions application:
Source data is sometimes reported or entered inaccurately, processed poorly or incorrectly, and is generally not free from defect. This product or service aggregates and reports data as provided by the public records and commercially available data sources, and is not the source of the data, nor is it a compilation of the data. Before relying on any data, it should be independently verified.1
The UK Equality Act signifies real advances toward the “Aim of Equality”. Whether or not reliable or useful statistics emerge from the “Duty to Monitor”, British HR practice now outdoes the Americans in their intrusive personal data tracking.