Embed Size (px)
Citation preview
1
The Access Card
Barbara FlettAssistant Secretary, Office of Access Card
Department of Human Services
Roger ClarkeChair, Australian Privacy Foundation
also Xamax Consultancy Pty Ltd andVisiting Professor, ANU, UNSW, HKU
U3A, 17 July 2007, Hughes ACT
2
The Howard Government’sProposed National ID Scheme
Roger Clarke, Chair, APFXamax Consultancy Pty Ltd
Visiting Professor, ANU, UNSW, HKU
U3A, 17 July 2007, Hughes ACT
http://www.privacy.org.au/Papers/AccessCard-070717.ppt
3
The Need for Social Control
• Government Services and Welfare Programs must be conceived and managed in order to:
– achieve their economic and social aims – control waste– control abuse
• Each service necessarily involves personal data• A limited amount of inter-organisational data comparison
is needed to achieve the aims
4
The Need(s)for Privacy
• Philosophical• Psychological• Sociological• Economic• Political
5
The Need(s)for Privacy
• Philosophical• Psychological• Sociological• Economic• Political
Privacy ...• of the Person• of Personal Behaviour• of Personal Communications• of Personal Data
The Dimensionsof Privacy
6
The Scope of an Identification Scheme
Specific-Purpose for individual organisations or programmes
cf. Medicare, AusStudy, AbStudy
7
The Scope of an Identification Scheme
Specific-Purpose for individual organisations or programmes
cf. Medicare, AusStudy, AbStudy
Bounded Multi-Purposee.g. European Inhabitant Registration schemes
limited to tax, social welfare and health insurance(cf. the TFN – but can Australian politicians be trusted?)
8
The Scope of an Identification Scheme
Specific-Purpose for individual organisations or programmes
cf. Medicare, AusStudy, AbStudy
Bounded Multi-Purposee.g. European Inhabitant Registration schemes
limited to tax, social welfare and health insurance(cf. the TFN – but can Australian politicians be trusted?)
General-Purpose National Identification Schemese.g. USSR, ZA under Apartheid,
Malaysia, Singapore, Denmark, Finland
9
National Identification Schemes – Features
1. A Database
– centralised or hub ('virtually centralised')
– merged or new
2. A Unique Signifierfor Every Individual
– A 'Unique Identifier'
Or A Biometric Entifier
3. An (Id)entification Token such as an ID Card,whether 'smart' or not
http://www.anu.edu.au/Roger.Clarke/DV/NatIDSchemeElms.html
10
National Identification Schemes – Features
4. QA Mechanisms for:– (Id)entity Authentication– (Id)entification
5. Obligations Imposed on:– Every Individual– Many Organisations
6. Widespread:– Data Flows including
the (Id)entifier– Use of the (Id)entifier– Use of the Database
7. Sanctions for Non-Compliance
http://www.anu.edu.au/Roger.Clarke/DV/NatIDSchemeElms.html
11
Genuinely Bad Guys(Terrorists, Money-Launderers, SIM-Providers to Terrorists,
Organised Criminals, Illegal Immigrants, ...)
• Mere assertions of benefits, no explanation: ‘it’s obvious’, ‘it’s intuitive’, ‘of course it will work’,and other simplistic notions like ‘Zero-Tolerance’and ‘we'll sacrifice absolutely anything thatmight help us wage the war on terrorism’
• Analyses undermine the assertions• Proponents avoid discussing the analyses• Easily avoided or subverted by serious opponents
The Benefits Are Illusory
12
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Leahy in The Brisbane Courier-Mail, 19 July 2005
13
Miscreants (Benefits Cheats, Fine-Avoiders, Visa-Overstayers. ...)
• Lack of detail on systems design
• Continual drift in features
• Double-counting of benefits from many programs
• Analyses undermine the assertions
• Proponents avoid discussing the analyses
• Social complexity and constructive 'looseness' aredemanded, hence persistent cheats to prosper
Benefits May Arise, But Are Seriously Exaggerated
14
Origins of the 'Access Card'
• Lobbying of the Howard Governmentby a Small Coterie of Businessmen
• Support for a National ID Scheme Projectfrom national security and law enforcement
• Failed Medicare Card Replacement Project• Opportunity provided by Qld Premier Beattie• Hockey's Ambitions• Ruddock dropped the overt National ID scheme
in favour of Hockey's covert 'Access Card'
15
A National ID Scheme
1. A Database
– centralised or hub ('virtually centralised')
– merged or new
2. A Unique Signifier for Every Individual
– A 'Unique Identifier'
Or A Biometric Entifier
3. An (Id)entification Token such as an ID Card,whether 'smart' or not
1. A Register:– a lot of data– several identifiers– id auth. documents
2. Unique Signifiers– a 'Unique Number'
& an 'official name'
& a biometric
3. A Single Card– a 'smartcard'– one data-storage zone– visible data
The ‘Access Card’
16
A National ID Scheme
4. QA Mechanisms for:– (Id)entity Authentication– (Id)entification
5. Obligations Imposed on:– Every Individual– Many Organisations
6. Widespread:– Data Flows including
the (Id)entifier– Use of the (Id)entifier– Use of the Database
7. Sanctions for Non-Compliance
4. Registration, Onerous and Costly, with all powerin the Government's Hands
5. Obligations– To Provide the Card– To Demand the Card
6. Many Agencies with:– Access to the Data– Use of the Card– Use of the Identifier
7. Denial of Services
The ‘Access Card’
17
The ‘Access Card’ is a National ID Scheme
A National Identification Scheme is a general-purpose scheme,
designed to achieve consistent and reliable identification of humans,
throughout a country, particularly in their dealings with
governments and government agencies, but also with private sector organisations
Its purpose is to entrench the power of the State over individuals
http://www.privacy.org.au/Campaigns/ID_cards/HSAC-FAQ9.html
18
Reasons for Opposing the National ID Scheme
• Privacy-Invasiveness• Onerousness• Intentional Lack of Protections• A 'Honey-Pot' Inviting Abuse• High Costs• Low Benefits• Vast Extension of the Power of the State
through a Single, Consolidated ID
19
How can I help prevent the introduction of a national identification scheme?
• Inform Yourself• Inform Others• Contribute to the Work of Appropriate Organisations• Influence Change• Conduct Research• Conduct Research and Advocacy with the A.P.F.
http://www.privacy.org.au/Campaigns/ID_cards/HSAC-FAQ14.html
http://www.privacy.org.au/WhatToDo.html
20
The Howard Government’sProposed National ID Scheme
Roger Clarke, Chair, APFXamax Consultancy Pty Ltd
Visiting Professor, ANU, UNSW, HKU
U3A, 17 July 2007, Hughes ACT
http://www.privacy.org.au/Papers/AccessCard-070717.ppt
21
The Access Card
Barbara FlettAssistant Secretary, Office of Access Card
Department of Human Services
Roger ClarkeChair, Australian Privacy Foundation
also Xamax Consultancy Pty Ltd andVisiting Professor, ANU, UNSW, HKU
U3A, 17 July 2007, Hughes ACT
22
23
The '17 Cards'
Medicare (6 cards in 4 programs):
1. Medicare card
2. Organ Donor Registration Card
3. Reciprocal Health Care Agmt Card
4. PBS Safety Net Entitlement Card
5. PBS Concession Card (no info)
6. Cleft Lip and Palate Card
Dept of Veterans' Affairs(4 cards, 3 programs):
1. DVA Gold Repat Health Card
2. DVA White Repat Health Card
3. DVA Pharm. Benefits Card (The Orange Card)
4. War Widow's Tpt Concession Card
Centrelink(6 cards, several programs):
1. Pensioner Concession Card
2. Health Care Card
3. Foster Child Care Card
4. Low Income Healthcare Card
5. Commonwealth Seniors Card
6. Electronic Benefit Transfer (single-use)
Australian Hearing Services(single-use voucher)
24
The '17 Cards' Myth
The 17 Cards are mostly mutually-exclusive
Few people have more than one or two of them
So very little 'wallet-bulge' / 'purse-clutter' will be saved
Few of the 17 Cards have to be produced very often at all
The primary circumstances appear to be:
• a new relationship with a health care professional or organisation
• when seeking a concession using the card as evidence, esp. for public transport, in council offices and in theatres and cinemas
But many concessions will cease to be visually obvious
And every organisation has to install a card-reader
And every organisatio has to handle and machine-read every card
The Access Card will seriously harm pensioners' interests
25
'Access Card' Politics• Refusal to publish the Cost-Benefit Analysis,
subsequent partial release, currently denied under FoI• Sleight of hand used in talking about financial benefits• Refusal to publish the original PIA• Resignation of the original Task Force Heads
because their Recommendations were ignored• Hockey's "pilots are for aircraft"• Use of the Fels 'Privacy Task Force' as a shield,
avoiding any form of engagement with the public,yet with the Minister declining its Recommendations
• DHS Secretary blunders before the Senate C'tee• Senate C'tee, incl. Govt members, rubbishes the Project• Replacement of the DHS Secretary• Failure to reflect submissions (or even read them?)• Attempt to let tenders without Parliamentary approval
26
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Moir, The Sydney Morning Herald, on 28 April 2006
27
Privacy Impact Assessment (PIA)
• A Process whereby the potential impacts and implications of proposals that involve potential privacy-invasiveness are surfaced and examined
• Involves identifying stakeholders, publishing information, seeking comment, and reflecting that comment
• Starts early, and continues throughout the project• Ensures aims can be achieved, benefits realised,
and negative aspects avoided or ameliorated• Ensures public confidence• Ensures public acceptance and adoption• Pre-empts negative coverage by the media• Avoids unnecessary intervention by legislatures
28
'Access Card' Project Management• Vast Scale ("largest IT project in the world")• Arbitrary and Ridiculously Tight Deadlines• Untested Technologies• Unclear Req uirements• Rapidly Changing Requirements• Hockey's "pilots are for aircraft"• Huge Media Scepticism • Huge Risk of Public Rejection• Total Failure to Engage with the Public Interest• Seriously Annoyed Tenderers, left in limbo• Low Staff Morale, Staff Turnover, Loss of Corporate Memory
In Summary: The Archetypal IT Project Disaster
http://www.privacy.org.au/Campaigns/ID_cards/HSAC-Media-07.html
29
Reasons for Opposing the National ID Scheme• Extraordinarily privacy-invasive and
onerous Registration Requirements• The Bill's Safeguards are (designed
to be) full of holes, and fall far below basic OECD norms of the 1970s
• Creates a 'honey-pot' of ID data • Costs greatly outweigh savings• Impacts on the Disadvantaged defeat
the nominal aim of improved access to health and social service benefits
• Details of the design have not been disclosed (or even specified?)
• The Cost-Benefit Analysis has been suppressed from the outset
• Parliament should never be forced to consider a Bill without project details
• The haste to implement the scheme is unjustified because more effective alternatives have not been explored
The Proposal consolidates the many identities each person has with many different agencies into a single Government-approved identity.
If a person transgresses, then:• their benefits can be denied• access to services can be denied• external travel can be denied• internal travel can be denied• their identity can be denied
Internal passports were used in South Africa under apartheid, and in Soviet Russia. They are feared in Singapore and Malaysia.
Similar measures have been emergent in the US and Australia for some time, e.g. air travel, toll-roads, passports, now the Access Card.
30
Organisations Expressing Serious Concern
• Australian Privacy Foundation• Councils for Civil Liberties• Public Interest Advocacy Centre
(PIAC)• 'Access Card No Way' Campaign• UNSW Cyberspace Law & Policy
Centre (CLPC)• Electronic Frontiers Australia (EFA)• Melbourne Indymedia• ...• Australian Democrats• The Greens• Labor Party
• Consumers' Health Forum of Australia (CHF)
• Australian Medical Association (AMA)
• ...• Privacy Commissioner (Cth)• Privacy Commissioner (Vic)• Information Commissioner (NT)• The ACT Government• ...• National Party Senators• Liberal Party backbenchers• ...
31
Does the Public Support the Proposal?
20 July 2005: 62% agreed / 6% undecided / 32 % opposed
"introduction of a national ID card with a photograph"?
Gary Morgan: "Australians are clearly in favour ... This is driven by the fear of terrorist attacks and illegal immigration ... many people would like to see the identification card replace other forms of identification, but there are still some concerns regarding privacy and the effectiveness of the card in combating terrorism"
30 April 2006: Yes - 32% No - 68%
After terrorism was withdrawn as a justification
"Should Australia introduce a compulsory ID card?
28 Feb 2007: Yes - 28% No - 72%2,385 people voted in a poll in 'The Age'
As the details become known, the low levels of support will plummet further
In July 1985, 68% in favour, 7% undecided, 25% opposed
In July 1987, there was massive opposition and the Australia Card collapsed
32
Does the APF Have Something Positive To Say?
• The APF supports specific, balanced proposals to meet important objectives re welfare benefits administration and, separately, health benefits administration
• The APF supports the appropriate use of smartcard technology to achieve those objectives
• Features of an appropriate scheme are:– No multi-purpose identifier; Retain multiple single-
purpose identifiers for each agency and program– 1 card with 17 zones; Each zone, identity and
data-set to be securely separated from the others– No bureaucratically-imposed 'official name'– No Central Register of personal data
33
'If I’ve got nothing to hide, why should I be afraid of a National Identification Scheme?'
• 'Everybody has something to hide'– your bank balance and your bank account PIN– the reason for your last visit to the doctor– whether you have ever seen a psychiatrist– how you and yours voted at the last election– the contents of the files that spam put on your computer
• Some people have lots to hide, incl. criminals, but also 'persons at risk' ... domestic violence, protected witnesses
• A Single Controlled Identity is a Weapon of Political Power
• You're not just trusting this Government; You're forcing your descendants to trust every Government ever
http://www.privacy.org.au/Campaigns/ID_cards/HSAC-FAQ10.html
34
Alternatives to 'Everybody has something to hide'
• People need to 'be less visible'
• People need to 'be harder to find'
• People need to protect some 'personal space' around themselves
• People need to be able to sustain 'social distance' from other people, especially from large, impersonal institutions
• People need a front door that they can close and lock
• People need to be able to 'draw the curtains', around their lives as well as their living room
• People need to be able to avoid going forth naked into the world
• People need to avoid having to deal on an unequal basis with organisations that have a lot of information about them
• People need to sustain their ability to make their own decisions and determine their own lives, rather than have powerful institutions do it for them
35
Glib Retorts to 'If you've got nothing to hide, you've got nothing to fear'
• If I'm not doing anything wrong, you have no cause to watch me
• The government gets to define what's wrong, and they keep changing the definition
• You might do something wrong with my information
• Quis custodiet custodes ipsos? (Who watches the watchers?)
• Absolute power corrupts absolutely
• The Jews in the Polish ghettoes had nothing to hide. The Jews in The Netherlands didn't either. Nor the educated people in Cambodia. And they all died in their hundreds of thousands
• There will always be another bigotry
