Fraudsters, Outsiders and Avatars: Identifying Parties to Legal Transactions in the Digital AgePosted: 2nd May 2017
“Hah fren! U thot I was birb but was puggo all along! Heckin’ bamboozled!”
The picture shows the wrinkled face of a little pug dog poking out through the round yellow bird suit that the dog has been stuffed into. Those of you who don’t have teenage children may need an explanation that this is part of the puggo meme. The idea is to take pictures of your dog in costume and the joke is what my friend Ashley would call a single entendre: it would be completely impossible to mistake the bird-dressed dog for a real bird, but you have to pretend to be bamboozled.
Bizarrely enough this is what started me thinking about identity and the process of identification in the law.
Dictionary definitions of identity refer to a collection of characteristics that you use to give a name or category to a thing. For example:
Identity: condition or character as to who a person or what a thing is; the qualities, beliefs, etc., that distinguish or identify a person or thing (www.dictionary.com)
Or the same thing in the negative:
Identity: who a person is, or the qualities of a person or group that make them different from others. (The Cambridge Dictionary)
In either case the exercise is a tick-list one where you compare as many characteristics as possible to see if the thing fits into a group, or should be excluded from it, as if you were a Victorian entomologist poring over a newly-discovered moth or beetle. This doesn’t help us think about the process of identification in law. When a solicitor “identifies” a client, the aim is to legitimise the existence of the person involved in the transaction as the only one who is entitled to carry that identity, the sole embodiment of that legal personage.
The legal press has been preoccupied with this issue recently following the judgment of deputy High Court judge David Railton QC in a case brought against London solicitors Mishcon de Reya by their own clients, Dreamvar. Dreamvar had bought a £1.1 million property in Earl’s Court, but it turned out that the supposed seller was a fraudster who had faked the identity of the property owner using a forged driving licence and other documents and legged it with the £1.1 million, leaving Dreamvar with nothing. Dreamvar sued their own solicitors and won, not in negligence – because the judge agreed that the solicitors had done nothing wrong – but in breach of trust, because there was no one else who could pay for the loss except Mishcon’s insurers. The case is going to appeal, but in the meantime there has been outrage over the idea that solicitors are responsible for the identity not only of their own client, but of the other party to the transaction as well (although one contributor to the Law Society Gazette’s letters page expressed a more robust opinion, saying that
establishing identity is what solicitors are for and if someone sidles up to you in the carpark offering to sell you Blenheim Palace you should first of all make sure that you actually are talking to the Duke of Malborough before you start worrying about the Deed of Feoffment on which the title is based.)
The “identity” which a solicitor proves, usually by the low-tech means of the person being asked to produce two pieces of documentary ID, or comparable documentation for a company, is a sort of badge of entitlement to use that name or that personhood. With the identity when proved comes a personal history, credit for accomplishments, and access to the assets which are attached to the name. How will this understanding of identity be affected by the move to an online, virtual world, particularly in property and other transactions?
It is socially acceptable to have more than one identity online. Someone I know keeps a Facebook page under a name which is an anagram of his birth-certificate name, so that he can post pictures of himself naked and covered in mud (don’t ask) without this coming to the attention of his employers who are a government agency. Nowadays no one finds this sort of thing difficult to understand or to navigate (the alternative identity, I mean, not the mud fetish: that remains inexplicable). He might struggle to buy a house in the anagram identity though, at least by any legitimate means, because he doesn’t have any official documentation like a driving licence in that name. By habit and social instinct we accord higher status to some forms of record-keeping, such as the DVLA database, and recognise them as evidence – proof, even – of the facts and identities in the database.
The idea that your official online identity can be proved with reference to a database with a sufficient degree of clout is what is behind the Land Registry’s recent consultation about online conveyancing. The consultation is part of the Land Registry’s “digital transformation programme” and envisages that the physical signature and witnessing of a document will be superseded by electronic signatures on an electronic document, created via the Land Registry’s Business e-services. This by itself is sensible and modern. The structure for signature of documents electronically already exists and the Conveyancing Association tells us that digital signatures were used for the first time to exchange contracts for a residential property transaction, on 6th April of this year, via the e-signature system Bonafidee.
This is only the first step on the road to full digital conveyancing, because the signature on a contract doesn’t need to be witnessed. The next stage will be the digitising of documents which are at the moment required to be signed and witnessed. According to the Land Registry consultation, in the future the witnessing of signatures will no longer take place at all because:
“There is no need for e-signatures to be witnessed after the signing, because the identity assurance – which is what witnessing is for – effectively takes place before the e-signature can be used. Conveyancing transactions and registration of them will become more secure as parties using digital signatures will have their identity assured through the GOV.UK Verify system, or an equivalent online identity assurance service.”
Verify works by farming out the identification process to a number of authorised bodies such as Experian or Barclays Bank, who will ask ID questions to link the identity of the claimant to other information already held online. So for example, if you want to amend your child benefit claim online, you can expect to be asked to provide your passport details to confirm that you are the child benefit recipient. The claim is that the system is secure because the certified identity assurance
company doesn’t know which service the user is trying to access, and the government service doesn’t know what criteria the certified company use to establish the claimant’s identity.
The immediate practical response to this is to wonder whether Verify (or any other identity assurance system) will in fact be as secure as the Land Registry assumes. Government databases are vulnerable to hacking like any other. Scandals surface periodically when individuals’ data are compromised because a laptop has been stolen or left in a taxi. What will be the recourse of someone who suffers damage because their identity information is misrecorded or handled badly? In my child benefit example, if it did turn out to be possible to link the passport information to the benefit claim, you would think that the resulting concentration of information might be a ripe target for an identity thief.
The bigger picture, though, is that a person’s identity – their ability to engage in society, to access services, to carry out legal transactions, to vote – is increasingly going to be validated by referencing the transaction against the person’s record online. The online self is going to be the true identity, overriding the status and priority of a paper passport or driving licence, let alone the physical person.
Where does this leave individuals who don’t participate in the online world in the way which is now conventional? I already know someone who was turned down for a phone contract because, at the age of 47, he has never borrowed money, and therefore Experian doesn’t believe he exists. Is it possible that people in the future might be disadvantaged or even disenfranchised because of the kind of data error which nowadays results in a jokey paragraph in the local paper, when deceased people are sent council tax reminders or year-old babies recorded as terrorist risks? Who owns the data which makes up the person’s identity? And can we imagine according full identity status to people’s alternative online selves or avatars? These are all questions we don’t yet know the answer to.