Social Concerns and Worries about Smart Cards and Invasion of Privacy
"Big Brother Dataveillance Scenario"
Will Smart Cards Create an Infringement of Civil Liberties?
Dataveillance is the systematic use of personal data systems in the investigation or monitoring of the actions or communications of one or more persons.
Government agencies are frequently in a position to legally impose on individuals the condition that they identify themselves when performing particular kinds of transactions. National identification schemes concentrate information, and hence power; and because it is simply inevitable that, at some stage, even in the most apparently stable and free nations, power will be exercised against the interests of individuals, and of the public generally.
Whenever a smart card is discussed, alarm bells usually sound for critics and protectors of privacy. Harry Hammitt a senior fellow with the Electronic Privacy Information Center in the U.S. is among the leaders in privacy concerns.
Although the use of biometrics is being imposed on citizens around the world for travel and immigration schemes, many citizens fear that biometrics could be used to compile dossiers about them, their habits and their lives. For example, information such as health, race, age and behavioural characteristics can be garnered from some sorts of biometrics identifiers, leading to concerns that specific groups could be targeted.
Organisations also acquire power over individuals through the accumulation of data about them and corporations may use a combination of inducements and market power to achieve the same end.
Legal issues include the purpose to which information about individuals is collected and how it can then be used, the ability to access information and redress inaccuracies, and providing robust enough security so that persons cannot have their information compromised, especially during enrolment in biometric schemes and during transmission of data over public networks.
Individuals are currently required to confirm their identity for many diverse purposes, such as verifying eligibility within a health care system, accessing a secure network or facility, or validating their authority to travel. In almost every discussion about implementing personal identification (ID) systems to improve identity verification processes, concerns about privacy and the protection of personal information quickly emerge as key issues.
Government agencies and private businesses that are implementing ID systems to improve the security of physical or logical access must factor these issues into their system designs. While technologies are available that can provide a higher level of security and privacy than ever before, ID system complexity coupled with increasing public awareness of the risks of privacy intrusion require that organizations focus on privacy and personal information protection throughout the entire ID system design.
Even if Canada were to issue national ID smart cards, it wouldn't necessarily be a success, warned Peter Öhman, business manager of Finland-based smart card vendor Miotec Oy. Finland, he said, embarked on a smart card project three years ago and has so far issued fewer than 20,000 smart cards in a country of five million. Even in a small country with a good infrastructure, he added, it was a tough sell. "It's not much of a success story," he said. "I think one thing is that there were no examples. We were the first country in the world to do a project like this and it wasn't that easy, but I think we have learned quite a lot from the mistakes that were made."
According to Roger Clarke the first cluster of requirements related to the avoidance of dangerously privacy-invasive multi-purpose identification:
The second cluster of requirements relates to the provision of individuals with a significant degree of control over processes involving chip-based ID cards:
These design features create additional challenges for organisations planning the use of chips as a basis for an identification scheme. But they provide a basis whereby organisations can achieve their legitimate aims, yet individuals can be assured that the schemes are not unduly privacy-invasive.
Smart cards have potential to become Big Brother's little helper, says inventor
Privacy Concerns Related to Smart Card Implementation
Privacy advocates say that the use of smart cards could have far reaching implications for privacy of personal information, access to government services and integration of previously separated databases.
The government's aim is to reduce fraud and increase cost-efficiency in the application for and delivery of public services, all while protecting personal privacy in a seamlessly integrated 'electronic government.' Possible applications include a smart card for health government funded OHIP, the Ontario Drug Benefits Program, driver's licenses, proof of age, organ donation instructions and social assistance.
It is said that it will cost Ontario over $500 million just to launch the basic infrastructure of cards, readers, connections and related systems, yet there are, as yet, no clear or overwhelming benefits to justify such an investment.
The government knows it has to visibly address the obvious privacy concerns surrounding this initiative. But once the pricey infrastructure is in place the need to demonstrate its cost-effectiveness will create relentless pressure to expand the range of applications into increasingly sensitive areas of personal information.
What starts out as a limited access card could be gradually transformed into a general access card that needs to be shown at virtually all points of contact between government and citizens. Along the way, the fine line between secure authentication and personal identification is easily crossed. Taking the fingerprints of all it's citizens is a distinct possibility and a worry to some.
Some other concerns relate to the id card holding "all your information", the concept of surveillance and tracking of our movements, and the linkages of our personal information into one central "big brother" computer. Using biometrics to identify us is seen as tantamount to having our DNA and fingerprints on file with every government agency.
While there are some indications that the Ontario government is backing way from biometrics, they refuse to rule it out. As long as the initial card has the processor power and memory capacity to support biometric authentication, there will remain a risk that this controversial feature will be later sneaked in quietly as appears to be happening in other Canadian jurisdictions.
Legislators, engineers and citizens alike must acknowledge the fact that when computers are used to regulate social interaction, they become an effective form of legislation.
A wise decision-maker in the public sector must therefore ensure that the proposal genuinely fulfills the public good purposes without introducing any harmful side effects that might have escaped scrutiny.
01/05 - Replying to a consultation by the French Government, the National Commission for Informatics and Liberty (CNIL) – the official data protection watchdog – said that storing fingerprints in a chip would not raise problems “as long as adequate security measures are taken”.
However, the CNIL voiced some concerns concerning the central database. Among other things, the commission said that the biometric data of applicants that are denied a visa should not be kept in the database as this would not be justified by any border control purpose. Indeed, the CNIL pointed out that the absence of a record in the database would be sufficient to determine that an individual was not granted a visa.
Practice by Tracking Those Who Track Others
03/05 - The Department of Homeland Security
Access Card RFID chip and its Bluetooth-enabled holder could make it a target for hackers and spies with wireless readers, who could be lurking in commissaries, coffee shops, bars and subway stations around the Capitol.
03/05 - In an interview with Computer Weekly, Bruce Schneier, security author and chief technology officer of internet security group Counterpane, said the programme could do more harm than good.
11/06- CONCERNED about privacy fears, the Australian Federal Government plans to introduce laws to prevent its new health and welfare smartcard becoming an identity card. The laws will stop private businesses such as hotels and banks, as well as state governments, from being able to demand the card as a form of identity.
And in a move hoped to give consumers more control over the card's use, the legislation will also make individual holders — not the Government — the owners of the card. This is highly unusual given that credit cards, driver's licences and even gym memberships remain the property of issuers such as credit card companies and governments.
Australians will also have the option of storing any personal information they want on up to one-third of the storage space on the federal Government's proposed human services smartcard.
11/06 - (CBC) A Winnipeg dentist has adopted a system that allows patients to announce their arrival with a touch of their fingers — which has raised the eyebrows of some privacy experts.
Tim Dumore started fingerprinting his orthodontic patients about six months ago.
He has installed a biometrics system that allows his patients, most of whom are children, to sign in without telling a receptionist. On arriving, they touch their finger to a pad at the front desk and a computer sends a message to staff workstations.
While Dumore says most of his patients and their parents have willingly co-operated, he admits some have been reluctant.
"It can seem Big Brotherish," he said. "But we can reassure them that we're using proper security protocols."
The University of Manitoba's faculty of dentistry also fingerprints its patients.
Michael Lasko, registrar of the Manitoba Dental Association, thinks it could be the way of the future for identifying patients in dentistry and medicine.
"It's probably the easiest and most secure method of maintaining patient privacy," said Lasko.
He said fingerprints help patients maintain their anonymity by eliminating the need for conversations about personal health information at the reception desk.
Biometrics are being used to identify patients in medical and dental practices around the world.
But for Winnipeg privacy lawyer Brian Bowman, it raises all sorts of red flags. He worries that fingerprints, especially those of children, are being used simply for convenience.
"I think a lot of people are going to be asking the question: 'Why do you need to be collecting such sensitive data, and is it really necessary?' " he said.
Bowman says the practice could run afoul of privacy laws and there's the potential that those who refuse to provide their fingerprints might not receive treatment.
Dumore says his fingerprinting program is strictly optional.
But given the initial response, he expects he will soon have almost all his patients' fingerprints on file.
11/06 (Excerpt) A study commissioned by the office of the UK Information Commissioner Richard Thomas to assess the level of government intrusion into the lives of British citizens and present a forecast of future developments has come up with the stark conclusion that within ten years surveillance in this country will be “all-pervasive,” the development and implementation of technologies for data-gathering and governmental snooping given extra momentum by the government’s increasingly transparent claims of its unquestionable necessity in the “War on Terrorism.” The authors of the 140-page report express concerns that the balance between individual privacy and the necessity of combating terrorism and crime has already been tipped too far against the individual, and warn that the oft-bleated apologia for state-mandated meddling in the lives of its citizens (“if you have nothing to hide then you have nothing to fear”) is “fallacious and dangerous.”
According to the report, published ahead of an international privacy conference held in London last week, “the combination of CCTV, biometrics, databases and tracking technologies can be seen as part of a much broader exploration, often funded with support from the US/UK ‘war on terror,’ of the use of interconnected ‘smart’ systems to track movements and behaviours of millions of people in both time and space.” The publication of the report prompted Mr Thomas himself to comment that the concerns he raised two years ago that “we are sleepwalking into a surveillance society” are rapidly becoming a reality, adding “today I fear that we are in fact waking up to a surveillance society that is already all around us.”
It is a well-documented fact that Britain has long had a truly astounding number of CCTV cameras – more than any other country in the world. With an estimated 4.2 million cameras across the country, 1 camera for every 14 people, Britain is officially the most watched nation on planet earth. To put it another way, 20% of the entire world’s CCTV cameras are in Britain, with the result that if you live in a town or city in this country your face is likely to be caught on more than 300 cameras each day.
During the 1990s the Home Office reportedly spent 78% of its entire crime prevention budget on installing these cameras, equating to well over £500 million. In spite of this, a recent Home Office study concluded that “CCTV schemes have had little overall effect on crime levels,” and that “improved street lighting would have been a better investment.”
On Campaigns of Opposition to ID Card Schemes - Excellent and easy to read article on public revolts to national ID cards.
Privacy and Secure Identification Systems - white paper by Smart Card Alliance.
Surveillance and Society - Dataveillance Issues and Concerns - promotes understanding of surveillance in society.
Critics Wary of Biometric Smart Cards - article
Biometric Watch Links to Privacy Issues - articles and links
Parents protest radio ID tags for students - CNN article
Privacy advocates warn about the new Australian Medicare Smartcard, describing it as an insecure and technologically inept implementation. article 02/05