0

There is talk of the UK state requiring users to upload government-issued ID such as a passport to create or update an account on social media or pornographic web sites. This is not a particularly new idea, and was tried by parler with the predictable result that hackers got access to the data resulting in potentially negative results for those who provided accurate data.

It would seem that a sensible precaution one could take would be to submit a fake identification document, either editing to remove PII or taken from the web (perhaps even the parler hack). While the government could change the law when requiring such identification, what is the current situation regarding such a request? If a social media or pornographic web site started requesting government-issued identification documents today is there any law giving such a request legal standing? Would it be legal to present them with an image that was not of your actual document, however generated? Would it be different if an image of a real document that does not relate to the submitter, an edited document that did relate to the submitter or a completely artificial image of something that never existed?

User65535
  • 10,342
  • 5
  • 40
  • 88

1 Answers1

3

The Identity Documents Act 2010 forbids having a fake passport or driver's licence in order to mislead somebody else about your identity (including your date of birth, name, etc.), or using somebody else's document as your own. There are further offences about making such a document in the Criminal Justice Act 1925 s.36 (passports), and the Road Traffic Act 1988 s. 173 (licences). It is similarly not allowed to lie to the government to induce them to issue you with an inaccurate-but-official document.

Forgery of some other documents used in proof of age, like birth certificates and credit cards, is covered instead by the Forgery and Counterfeiting Act 1981.

Any of the above might also constitute a criminal fraud, which is currently covered under the Fraud Act 2006 in England, Wales, and Northern Ireland; and under a variety of common-law names in Scotland, in particular "uttering" in the case of false documents. The Act also prohibits possession of articles for use in frauds.

The Computer Misuse Act 1990 might also be relevant in terms of gaining unauthorized access to data, but this is not often prosecuted.

In identity theft cases in general, the Fraud Act is the most commonly used, becuase it is so general and applicable to a wide range of circumstances, but there are still hundreds of prosecutions annually under the more specific statutes.

It is not a crime to give somebody a redacted copy of your passport - for example, blurring out some of the information - as long as you're clear that that is what you are doing. Replacing it with false information is not allowed. You also cannot claim that the altered document is the original one as issued. Of course, the redacted version might not be acceptable to your counterparty, but at least you are no longer trying to deceive them.

As to the service provider's power to request proof of age or identity, they are broadly free to do what they want, subject to laws on data protection, discrimination, consumer protection, and so on. That is, if they are gathering information about their customers, they'd better do so in compliance with the GDPR, make sure customers understand the requirements to access the service, and all other normal matters to do with the conduct of business.

Og8219
  • 806
  • 5
  • 5