Secure ID & Banking

Chapter 17 makes numerous references to “qualified bank accounts with secure biometric identity verification.” This is covered in Chapter 16, “Looking Ahead,” but that chapter isn’t ready for review quite yet, so this is a quick description of what I’m talking about when I refer to secure ID, secure bank accounts, etc.

A “secure bank account” is one that is tied to a single individual’s biometrics – height, eye color, fingerprints, facial recognition, iris scan, genetics, footprint (for infants), etc. It is also, for the purposes of this set of policy proposals, a unique bank account for each person – no person can have more than one. This is enforced by comparison of the biometrics for any newly created accounts with the biometrics for all existing accounts in an anonymous clearinghouse, the purpose of which is to prevent a single person from claiming to be multiple people.

The entire tax and welfare reform package in Chapter 17 depends on bank accounts that are both secure and unique. As we have seen with the rising tide of identity theft and fraud in the last twenty years, without a secure ID system it is much too easy to defraud Americans of their tax refunds and other benefits, as well as whatever other funds they keep in their accounts. Without uniqueness, the government is too easily defrauded by individuals claiming the government benefits of others. Biometric identification solves both issues – it effectively prevents identity theft by keeping thieves from gaining access to other people’s accounts, and it drastically reduces the opportunity to defraud the government.

These secure identities will be established by private firms, banks, and “fintech” companies that have demonstrated the technological and organizational ability to create accurate identities and keep them secure. Americans have a deep distrust of a universal government ID system, even though we have been edging in that direction with driver’s licenses and the Social Security number for some time. Under this system, the police or FBI investigating a crime can determine the person corresponding to fingerprints or other such evidence only after going to court and getting a warrant. It is essential to keep the databases of biometric information behind the secure identity system in private hands.

The technology for establishing secure biometric IDs exists, as does the technology for securely logging into accounts and “signing” documents online with such IDs. The normal formula requires three components, based on “something you have, something you know, and something you are.” For example, “something you have” could be your phone or watch, or a physical ID card; “something you know” would be a pass-phrase or PIN; and “something you are” would be a combination of facial/voice/iris recognition.

The reasoning for using bank accounts instead of the current system, where each government bureaucracy keeps track of an individual’s information on their own, is explored in detail in Chapter 17, but it boils down to ease of use and (again) security – secure bank accounts make it much simpler for the government to dispense funds to the intended recipients; they allow Americans and other legal residents to more easily manage where and how they make and receive payments; and they make it significantly harder for thieves to deprive people of those benefits. In the long run, they will also provide the basis for filtering out bogus emails and phishing attacks, making government and business computer systems throughout the country much more secure, and preventing voter fraud.

In this arrangement, firms that have qualified as secure ID providers will need a physical presence in local neighborhoods, so I anticipate a resurgence of community banking. (I refer to them in this proposal as “banks,” but it is important to remember that this may include firms we do not currently call banks.  I can definitely see large retailers and health care chains stepping up and becoming secure providers.)

These firms will:

  • Establish accounts and secure identities for citizens and legal residents when the new tax & welfare policy goes into effect
  • Establish accounts and secure identities for newborns and new legal immigrants going forward
  • Verify citizenship and immigration status and maintain copies of the documentation used to establish each person’s legal status
  • Maintain the security of the personal ID information
  • Twice a year, require an in-person visit to physically verify  that each person is alive (and notify the government if they are not) and update their photographs and biometric data
  • Record each account holder’s current residence for the purpose of directing the local and state governments’ portion of the GST to the appropriate government accounts
  • Transfer the account between banks, as requested by the account-holder, without duplicating it or losing track of it
  • Provide a secure means for identifying the person to government agencies, private organizations/corporations, and individuals (for example, an electronically-readable ID card with anti-counterfeiting measures, tied to other security features as described above)
  • Disburse payment to education, healthcare, and other service providers as appropriate
  • Do basic tax accounting for account holders and manage automatic payment of GST on income

The federal government will:

  • Certify firms as secure identity providers
  • Supervise those firms and verify that they a) continue to maintain the necessary security measures, b) properly verify that no individuals are in possession of multiple accounts, and c) respond quickly and efficiently to account-holder requests to transfer an account to another provider
  • Set limits on fees and ensure that providers of secure accounts don’t skim funds or otherwise defraud their customers
  • Distribute the appropriate funds (per Chapter 17, these are the CTC, CDA, and the local- and state-government portions of the GST) to the proper accounts

The federal government will also be responsible for supervising the clearinghouse I mentioned earlier. The secure identity providers (aka “banks”) will submit packets of biometric data to it as they register new accounts and update the biometrics on existing accounts. Each packet will then be compared automatically with the existing packets in the database, with duplicates or near-duplicates being flagged for investigation.

This arrangement serves two purposes:

  • It allows the secure identity providers and the government to anonymously compare biometrics of new and existing accounts without revealing the account holders’ identities.
  • It lets our society maintain a necessary degree of separation between the account holders and their biometrics.

That last point is crucial – governments at all levels should not have access to account holders’ biometrics without a warrant. Local, state, and federal law enforcement already have access to an incredible amount of personal information these days – asking Americans to trust the government with essentially every means of personally identifying them is unrealistic.

Having the secure identity providers provide a packet of biometric data without a name or bank account number attached allows the government to ensure that it isn’t being defrauded, while at the same time denying it the ability to gain access to an individuals’ data with any more ease than it already can.

Even identical twins have uniquely different fingerprints and iris patterns. False positives in the comparison process should be extremely rare and easily resolved. The Oppenheimer Fund, in a recent review of biometric technologies, wrote that “False IDs with two unrelated people using DNA analysis is about 1 in a billion (109). With iris scans, that probability is 1 in 1078, or the sum of all the atoms in the observable universe.” In other words, iris scans are almost inconceivably more secure than fingerprints.

Whenever two biometric packets are flagged as being possible duplicates, each individual can be required to come back to their bank (or other secure identity provider) at a set time in order to have their identity and biometrics verified and updated at the same time as the “other” person.

In the extremely unlikely event that two people do have biometrics so similar that they trigger a warning, requiring both individuals to show up in person at the same time will allow the two secure identity providers (and the government) to verify that both individuals are who they say they are, without worrying about fraud. On the other hand, a person attempting to register two accounts will be easily detected unless they have the ability to appear in two different places at the same time.

What’s needed to make this happen

There are a number of things that need to be in alignment for this setup to work:

  • The technology has to exist to reliably and reasonably inexpensively identify someone based on a set of biometrics.
  • Banks and other secure identity providers have to have incentive to provide these services to every American and legal resident.
  • The government needs to set up the needed regulations, guidelines, and watchdog bureaus before the first American enters their biometrics into the system.

We have the technology now. Biometric scanning and voice/facial recognition technology has advanced to the point where it is absolutely possible for every city and town to have banks with the capability to give every customer their own secure account.

Envisioning a New Role for Banks

Of necessity, banks have often been pioneers in finding ways to authenticate individuals and transactions, even at a distance. Through the ages, banks, bankers, and merchant traders have created many new technologies, including the autograph signature, hot wax seals, embossing, the engraved “chop” and seal, photo IDs, holograms, PINs, and many forms of cryptography. Modern digital methods are just a recent extension of that trend.

Clearly, what we are calling a “bank” could be based on an existing chain of community banks, but this also represents a new business opportunity that would also appeal to many other firms. For example, “fintech” firms and smartphone makers might be natural choices for developing the secure technology, while the task of verifying biometric information twice a year would fit naturally with a network of health clinics or a chain of pharmacies.

A “bank” (i.e., a secure identity provider) can therefore be any organization with the physical infrastructure and technological capability to log the biometric data, keep it secure, track account holders, and accept and distribute funds. Provided that the federal government is satisfied that it can do the job, that organization can serve as a bank and handle the CTC, CDA, and GST transfers. Think of what companies like Kroger, Walmart, or CVS would be willing to invest in order to build store traffic and increase customer loyalty.

Setting this up requires the government to plan and act ahead of time, creating oversight capabilities to ensure that neither the government nor individual Americans get defrauded. Technological infrastructure will also be necessary, and the details in that sphere – security issues in particular – can make or break this entire initiative.

I also expect that these secure banks will have an increased role in automating personal accounting and the handling of taxes. All that is needed is a universal set of tags for the nature of transactions.

For example, let’s say that your employer’s bank issues electronic payments to your account tagged “salary” and you make certain payments to others that you have tagged as “work expenses.” Given the tax system proposed in the next chapter, it is then trivially easy for the bank to calculate your taxes for the month, net that against your Citizen’s Tax Credit, and either credit or debit your account, whichever is appropriate. From the customer’s point of view, it becomes a transparent process that is simple, automatic, and understandable. There will be no need for people to save shoeboxes of receipts or spend long hours with tax forms, tax software, or an accountant. It is strictly pay as you go.

In conclusion

Establishing a secure identity and banking system can be done, and it needs to be done. Other countries like Estonia have pioneered similar efforts and have demonstrated the potential for great benefits. It will revolutionize the access to and security of banking for every American. It will also create the basis for a much more secure internet and email system.

In combination with the tax and welfare initiative in Chapter 17 and the education, criminal-justice, and immigration reform initiatives in Chapters 19, 20, and 21, it will provide a secure foundation for a radical new approach to resolving poverty, controlling government spending, and enhancing our ability to invest in our future.