The organisation and management of a country’s identity infrastructure requires the continuous attention of the government. The changes in types of fraud and the availability of new technological facilities demand a constant alertness and investment in order to improve the identity infrastructure. Experience shows that it is vitally important to regularly assess the various elements of the identity infrastructure for their effectiveness as independent units, but also their effectiveness as a whole in the identity chain. However, in practice it appears that governments have not embedded this essential assessment in their work processes, as the authors explain here.
Identity management requires a carefully considered policy, good direction and a robust identity infrastructure in which registrations, documents, processes and expertise can function in good harmony. Although it is crucial to regularly assess the various elements of the identity infrastructure, in practice it appears that governments often ignore this essential assessment in their work processes.
Workshop identity management
In order to invest in identity management of African governments, in February 2013 the International Organization for Migration (IOM) organised a workshop in Tanzania about identity management, in which government authorities from Malawi, Mozambique, Tanzania and Zambia took part. The 40 participants were directors of immigration services, IT managers, legislators, directors of educational institutions, managers of bodies issuing travel documents, specialists from IOM and observers from various embassies based in Tanzania.
In conducting the workshop IOM worked together with the Portuguese Serviço de Estrangeiros e Fronteiras (SEF) and the Dutch ID.academy. The three-day workshop, funded by the European Union’s border management capacity building programme, was led by Isabel Baltazar, Fons Knopjes and Tom Kinneging who all are international experts with extensive knowledge and experience in the field of identity management and fraud.
The objective of the workshop was to make the participants become aware of the importance of identity management. Professionalisation of identity management enables governments to improve the quality and integrity of registrations, documents and processes and consequently facilitates the compliance with international standards.
The presence of a sound identity infrastructure will help to combat identity theft and identity-related crime. During the opening of the workshop, the Tanzanian Deputy Minister for Home Affairs, Pereira Silima, explicitly drew attention to internationally operating criminal groups who, with the help of false identities, commit crimes such as human trafficking, money laundering, weapon smuggling and drugs criminality. We need to vigorously fight these forms of crime by a combined effort, Mr Silima said.
Contents of the workshop
The workshop began with an introduction about identity management. Then the subjects that together form the identity infrastructure were discussed: registrations, documents, processes and expertise. Furthermore, a model for the purpose of improving and modernising existing identity management was introduced. Finally, attention was given to current developments in fraud and the developments in the field of electronic identification. During the workshop, all subjects necessary to bring about a professional identity management were discussed from a strategic and tactical angle.
Introduction to identity management
The right to an identity and nationality is established in the Universal Declaration of Human Rights and the Convention on the Rights of the Child. It is the responsibility of governments to secure these rights, as to have an identity is a precondition for full citizenship.
The workshop introduction gave an insight into the elements of the identity infrastructure and their mutually dependant relationships. It is necessary for governments to give permanent attention to these elements and to see to it that identity management as a whole is embedded in the policy of the government. The identity infrastructure consists of the whole array of registrations, documents, processes and expertise necessary for the establishment, registration, management and verification of identities by the government1. The ‘Identity Life Cycle’, which includes the origin, the use, the control and the end of the identity, is also part of the identity infrastructure.
Identity infrastructure subjects
The subjects that together form the identity infrastructure are registration, documents, processes and expertise.
A Registry of Births, Deaths and Marriages forms the basis of the identity infrastructure, and is used to draw up certificates of important events in a person’s life, such as birth, marriage and death. Information from UNICEF reveals that 50% of the children born in developing countries under the age of 6 are not recorded in a Registry of Births, Deaths and Marriages2.
The workshop participants recognised this situation. It appears to be very complicated to motivate young parents, who are sometimes unmarried, to register the birth of their child in the Registry of Births, Deaths and Marriages.
Many countries have a population register that has been supplied with identity information by the Registry of Births, Deaths and Marriages. But obviously, an inadequate Registry of Births, Deaths and Marriages all too often means an unreliable population register. Having a trustworthy population register is of great importance to a government to be able to generate statistical information about the size and structure of the population.
Integrity and uptodate information are important quality criteria for a registration. The reporting of errors to registrars by the users of identity information, the periodic performance of audits, simple definitions, standardisation of processes and the availability of the proper expertise are important quality instruments and conditions for a reliable registration.
Source documents are documents that are used to prepare certificates. As there are no international standards that apply to the layout, protection, contents and issuance of source documents3, verifying an identity by checking a document becomes very difficult. The lack of international standards also increases certain risks, such as the risk of fraud committed during identification and registration.
Only one out of the four countries participating in the workshop issues source documents that contain security features. The other three countries issue source documents without any security features.
During the workshop attention was also given to the many components involved in the development of travel and identity documents (see table 1)4. The components are relevant to both documents that are used in a digital environment and in a physical environment. Although ICAO Doc 9303 is an important guideline for document development, governments still have to make a large number of decisions themselves. These are influenced by, for example, the political ambitions of a country, available funding, the availability of reliable identity information and international developments.
Clear process descriptions are required in order to record and maintain a registration. Who is permitted to be registered, which conditions must be complied with, who can record the registration, who can make changes in the registrations; these are all questions that need to be answered in the process descriptions. The same applies to documents that contain information which can be used for verification. The process descriptions must, for example, hold details about the way in which the identity of a person is verified, which documents are used for this, which tools have to be available to someone inspecting the documents, and what exactly is recorded. It goes without saying that the officers who work in the identity chain are fully aware of the processes, know the procedures very well, and also apply these stringently.
Although a government wants to provide services to its citizens, it also wants to give sufficient attention to security. This may cause officers to be in two minds, so that they do not completely follow the compulsory process. This could result in either dissatisfied citizens or a lack of security. Processes are not only important to front office staff but they also affect the work of the managers.
During the workshop it appeared that processes in the participating countries are sometimes organised in a very bureaucratic way, which has an impact on speed and clarity. At times nobody knows why certain steps in the process are taken or understands who benefits from them. In one of the participating countries, for instance, information is collected and stored during the travel document application and issuance process, which subsequently is never used again. In such case, the process obviously needs to be modified.
Technology is being used increasingly in the identity infrastructure. It sometimes seems that technology offers limitless opportunities, but it is vital that people who work in this field are able to apply the technology properly. The use of equipment is only successful when the persons involved have the required expertise5. Expertise consists of:
• knowledge (of rules and fraud threats)
• skills (how to operate the equipment)
• attitude (how to take fingerprints)
• integrity (not to be open to bribery or backhanders).
These matters are important to everyone working in the identity chain, regardless of the level of their work. Knowledge has to be introduced to all organisational levels separately. When the front office has a problem, the back office must be able to take over the problem and solve it. The back office has a crucial role to fulfil because on the one hand it supports the front office, and on the other it solves complicated cases and discusses these with the management (see figure 1).
In order to maintain the required level of expertise, it is important to frequently organise training and refresher courses. Training often requires a customised approach. In a situation where highly specialised knowledge has to be taught to a small group of people, the training officer might choose a model based on classroom training. However, if it is established that large groups of people are not properly executing their assigned verification task, a classroom approach is not feasible and, for instance, e-Learning could be considered. It is not realistic to teach refresher courses to large groups in a classroomtype situation either; this simply takes up too much time.
Modern media, such as the use of apps, can contribute towards improving expertise. Inspectors often carry a device like a mobile phone and they can, for example, use an app to retrieve information or to look up an inspection method.
In the countries participating in the workshop, a number of steps need to be taken regarding expertise for officers. IOM plays an important role in this, and training facilities have already been set up in various countries in Africa. Both experts from IOM and professionals contracted by IOM make an important contribution to the development of expertise within the identity infrastructure of various countries.
Modernising and improving
To think that the modernisation and improvement of identity management will be a one-off activity, is far too idealistic. The proper functioning of the identity infrastructure requires daytoday management by the government. The dynamics within the identity chain are huge and although they create opportunities, they also incur risks. The model in figure 2 facilitates the process of evaluation and maintenance. The dynamics of identity management require a periodic and frequent application of the model.
Current developments in fraud
As criminals constantly adapt their method of working, the types of fraud are also changing. Table 2 shows the various stages of development in fraud and measures taken over the last 50 years.
Fraud is not restricted to the documents themselves. The ‘look-alike’ fraud still continues to develop, and it proves very difficult to identify imposters. Obviously, training courses have been designed to help recognise people committing this type of fraud, but it is difficult to establish how effective these are. Also, there are only a small number of training courses available, while the problems are huge.
An emerging trend involves fraud committed during the registration and application process, whereby criminals succeed in acquiring an authentic document. Fraudsters calculate that the chances of discovering this type of fraud are very small, which makes it a very attractive fraud to commit. It is very difficult to recognise whether a document has been obtained on fraudulent grounds. The core group of experts on identityrelated crime of the United Nations is working hard to produce a checklist, which governments can use to recognise the risks of fraud and to take measures against.
Development in the field of electronic identification
Although the availability of electronic identification offers great opportunities, it simultaneously increases dependency. It is a challenge for governments to find the right balance between the opportunities electronic identification has to offer and the technical complexities that accompany it.
During the workshop, a number of questions regarding this topic were raised, such as: what is electronic identification, and what does it involve for a government and its citizens? When should electronic identification be introduced, what are the benefits, and for whom? Also the similarities and differences between physical and electronic documents were reviewed. The workshop introduced the participants to types of fraud in the electronic domain and to the principles of cryptography as a means to prevent fraud. It became clear to the participants that the introduction of an electronic document is a complex operation which will not automatically lead to success.
Current status in the participating countries
After discussing a subject of the identity infrastructure, the workshop participants gave an insight into the current status of that particular part of the identity infrastructure in their own country. It became clear that there are many governmental parties in the participating countries with as many different roles, and that processes are sometimes centralised, regional or local in structure. This often hinders the introduction of new measures, since each party has its own interest. Neither the Registry of Births, Deaths and Marriages nor the population register in the participating countries have been digitalised. It is clear that although technology is available in those countries, it is not an immediate option to develop electronic services and documents.
In some countries, the infrastructure (or a part of it) is missing, there are no organised processes and there is a lack of expertise. In such a situation, a migration from a physical to a digital identity infrastructure would not be the obvious thing to do and could even lead to the destruction of capital.
After completing the workshop the participants stated that the knowledge they had gained will be of good use to them in their own working environment. They can see the coherence in the identity infrastructure and endorse the importance of coordination and cooperation with other partners in the identity chain. The participants said they were pleased with the workshop, but would have preferred to participate at an earlier stage.
1 Ruiter, I. ID Governance, complexity demands coordination. Annual Report Identity Management 2010-2011. Amsterdam: Keesing, 2010, Vol. 20102011, pp. 1519.
2 UN High Commissioner for Refugees. Birth Registration: A Topic Proposed for an Executive Committee Conclusion on International Protection, 9 February 2010, EC/61/SC/CRP.5.
3 Knopjes, F. Identity Fraud puts principle of trust under pressure. What can be done about it? Annual Report Identity Management 20122013. Amsterdam: Keesing, 2012, Vol. 20122013, pp. 1013.
4 Knopjes, F. & Ombelli, D. Documents: The Developer’s Toolkit. Lissabon: IOM and Via Occidentalis Editoria Lda., 2008.
5 Knopjes, F. Safe and Efficient Border Management in 2020. The Hague: ID.academy, 2012.