Latest News Legislation Technology

Using Digital ID to restrict the damaging impact of online stalkers

Loading the Elevenlabs Text to Speech AudioNative Player...


How do you stop someone stepping into your life, pretending to be you, contacting your friends and relatives? Digital identity technology can protect individuals from people like Matthew Hardy who tormented dozens of women and their family and friends, and is currently serving the longest sentence given to a stalker in the UK.

Imagine a friend messages to say they’ve got something to tell you, something secret, something about your partner. Except it’s not from your friend at all, it’s from a stalker, pretending to be someone you know, feeding you poisonous information that’s hurtful, damaging, and false. Hardy did this to 63 women, along with hundreds of people associated with them.

Building a watertight case

Hardy, 32, from Northwich, Cheshire, UK, initially targeted women he knew from childhood. He later selected women at random, often choosing people with a prominent social media profile. Bullied at school, he struggled to develop friendships and at the time of his trial was unemployed.

Over 11 years, more than 100 complaints were made to Cheshire police alone. Many women, however, found that police officers in Cheshire, Lincolnshire, Kent and elsewhere were slow to take them seriously.

Hardy was arrested 10 times but denied the allegations and police struggled to build a watertight case against him. Some of the women collected evidence, sending screenshots to the police – which Hardy was able to monitor, mocking them for their actions.

‘Can I tell you a secret?’

Eventually, Hardy was brought to trial through the diligent work of Cheshire police officer PC Kevin Anderson. PC Anderson later told reporters that, “The impact on those affected by his actions has been immense, causing some of them to change some of their daily habits, and live in constant fear that they were being watched.”

In January 2022, Hardy was convicted of five counts of stalking and sentenced to nine years in prison. “It’s the longest sentence we’ve ever heard of,” said Violet Alvarez of anti-stalking charity the Suzy Lamplugh Trust. For many of his victims, the impact of his actions still overshadows their lives.

In an appeal hearing, the defence team argued that Hardy’s autism prevented him understanding the true impact of his actions on his victims, and his sentence was reduced to eight years.

Hardy’s case was detailed in a seven-part podcast by Guardian journalist Sirin Kale, later developed into a two-part documentary for Netflix. Both productions used the title, ‘Can I tell you a secret?’, often Hardy’s opening line in his first message to unsuspecting victims. They believed it was from a friend, usually another woman, though in fact it was Hardy using accounts he’d created on social media in the names of other people.

Protecting users from harmful content

The UK’s new Online Safety Act, passed last autumn, aims to force platforms to better protect UK users from harmful content. Intended more as a skeleton framework than a fully fleshed-out package of measures, the 286 pages of the Act make no reference to stalking. The new law does however include an offence of ‘false communication’, committed if a message is sent by someone who intended it ‘to cause non-trivial psychological or physical harm to a likely audience.’ However enforcing the law won’t be easy, especially in an encrypted service like WhatsApp, as the government has assured tech firms they won’t be forced to scan encrypted texts indiscriminately.

Maintaining a balance between privacy and security is difficult. In the meantime, users remain vulnerable to someone hiding behind a false identity. How can you tell if a message is truly from the person who appears to have sent it? A solution lies in digital identity apps like Luciditi.

High-grade digital security

Digital identity can assure websites and platforms that a user is who they claim to be. The app verifies someone’s identity then holds this proof in a user’s ‘digital wallet’, protecting it behind high-grade digital security, of the kind used by banks.

The data is never shared with anyone unless the owner chooses to do so. Websites or other apps that accept Digital Identity are simply given assurance that someone is genuinely who they claim to be – which has obvious advantages for social media platforms.

Large Online Social Media companies who want to protect their users could easily allow them to provide a ‘proof’ of their identity. Again, no personal data would be released, there would simply be a digital yes/no. This would mean that a user’s friends and family need only trust a message confirmed as ‘yes, this genuinely comes from the person you know.’

Helping platforms to protect users

An early adopter would have first mover advantage. Rivals would be compelled to follow suit – or face losing people who were no longer willing to use a platform that still allowed a Wild West approach to identity.

A user joining a platform protected by Digital Identity would be asked to verify their identity through use of their chosen wallet app or by creating a new one using identity documents. The data is secured such that no-one other than the user could access.

The proof provided by the presented ID wallet would assure the platform that this person was genuine, they had been verified, they were not a bot or a fake account, their messages were approved. Unapproved messages apparently sent by the same person could then be easily identified and ignored.

Cheating the system

Luciditi’s Glassvault feature goes a step further in preventing genuine verified accounts being used for harm. Rather than solely relying on the proof from an ID wallet, certain elements of the underlying data used at the time of verification are parked in a digital ‘escrow’.

Police investigating online harm could be granted access to specific Glassvault data which would reveal the true identity of the user involved. Even if an account were deleted, including the ID wallet linked to it, the Glassvault data would stay out of reach and would remain available to investigators.

Unfounded fears

Protecting users by verifying identity doesn’t sit easy with everyone. Campaigners fear that identity data can be collected by the government, leading to a backdoor route to a national database. In this scenario, all UK citizens would be required to give their details to a database that would then become the primary way to access public and private sector services, similar to the system adopted by Denmark.

Worse, the data could be used for ‘big brother’-style control of the population, or sold to the highest bidder for profit, leading to a ‘surveillance state’ where you use your fingerprints for everything from buying milk to paying tax.

“The Government is introducing a giant digital identity system for all of us to access basic services”, claims campaign group Big Brother Watch, adding that “the Government is also cultivating a ‘digital identity market’ of private companies that can perform identity checks online.”

However, these claims are refuted by Open Identity Exchange (OIX), an umbrella organisation representing those involved in the digital ID sector, among them Arissian – developers of Luciditi.

OIX says that “digital ID will not be mandatory. There will always be choices…. There is focus on alternative proofing methods for those who either struggle to prove who they are or simply do not want a digital ID.”

For developers like Arissian, digital ID gives users an optional asset that primarily relies on trust. “Digital ID tech puts people front and centre”, says Ian Moody, Luciditi co-founder and CEO, “our user-centric approach is committed to a framework of trust that safeguards privacy, protects users, and is driven by the needs of individuals.”

For Moody, big brother conspiracies are “uninformed scare-mongering” that imply politicians are capable of spending billions of pounds on managing the identity details of more than 60 million people in a system that’s both hugely extensive and completely successful yet somehow entirely hidden from financial oversight and the media.

Robust standards for digital products

We as a society, campaigners included, face hard choices. We’re living in a digital age, it’s never been easier to connect with people. We can instantly buy products and services online; teenagers no longer need to take their passport to a gig to prove their age. However, our digital connections are vulnerable to criminal actions.

We as individuals need to protect ourselves and so do retailers and suppliers. Which is why sometimes we need to involve the police – as Hardy’s victims did. The police can only enforce the law, and so the law must keep up with technical developments.

It’s the government’s duty to protect our online safety, but this is not the same thing as pervasive big brother oversight.

The Department for Science, Innovation and Technology (DSIT) has expressly said, ‘The government is not making digital identities mandatory.’ DSIT is setting robust standards for digital ID products, and overseeing a list of “trust-marked” accreditation organisations. These are the first steps towards legislation that, rather than creating a giant database, will better protect individuals’ digital privacy.

Restricting others like Hardy

As is often the way with innovation, advances in digital identification sometimes outstrip public acceptance. It takes time for people to feel comfortable with developments, from digital ID assurance to live facial recognition in shops. Even so, big brother campaigners are out of step.

The government is working on new legislation that protects the privacy of individuals and incorporates national frameworks of trust as supported by the developers of products like Luciditi. The alternative is no legislation, where stalkers remain unrestricted.

People like Hardy are not fearful about new tech. He was able to investigate his victims’ lives, their social circles, and their actions in reporting him to the police, likely assisted via easily available tools. Others are just as capable. As a society, digital ID is our best weapon in restricting them.

Want to know more?

Luciditi’s Identity Proofing technology can help meet some of the challenges presented by the OSA. If you would like to know more, Contact us for a chat today.

Get in touch