Roger Clarke's Web-Site

 

© Xamax Consultancy Pty Ltd,  1995-2016


Roger Clarke's 'ID Scheme Technology, Feasibility, Security'

The National ID Scheme Proposal
Technology, Project Feasibility and Security Aspects

Roger Clarke **

Notes of 3 April 2007, prepared for a Roundtable on 'Does Australia need the Access Card?' at the Centre for Independent Studies, Sydney, on 4 April 2007

© Xamax Consultancy Pty Ltd, 2007

Available under an AEShareNet Free
for Education licence or a Creative Commons 'Some
Rights Reserved' licence.

This document is at http://www.rogerclarke.com/DV/AC-CIS-070404.html


The Australian Government, through its Human Services Minister (originally Hockey, briefly Campbell, now Ellison), is proposing to introduce a so-called 'Access Card'. The proposal is not just about a card, but encompasses all of the elements of a national identification scheme.

The key elements of the scheme are identified in the APF's FAQ 1. (Those details appeared to be correct at the beginning of 2007. The Government has refused to provide access to details about the design, and has made frequent changes on the run; so some details may require update).

These notes were prepared in my role as Chair of the Australian Privacy Foundation, and relate specifically to technology, project feasibility, and security aspects. Anna Johnston (as No ID Card Campaign Director) is addressing privacy and liberty aspects.


Technology

Smartcard Technology is proposed. A new plastic card will be issued. What personal data will appear on the surface of the card continues to change every few weeks.

A chip will be embedded in the plastic card. The chip will carry a significant amount of personal data. Smartcard technology provides the capability to have separate, secure segments for the storage of data relevant to different programs. But the Government proposes not to use that feature, and instead wants to put all data relating to all programs in one common area.

A new Identifier is to be created, and imposed on essentially all residents of the country. Although nominally a 'card number', the identifier is intended to be used to correlate all of a person's existing government identifiers, and probably to gradually replace them with a single identifier.

Distributed Database Technology is proposed. The 'Register' is to be set up in such a manner that it will perform several functions:

Biometric Technology is proposed. The current proposal appears to be that the chip will contain both a digital photo of the person and a 'biometric template' (a large number generated by processing the photo using a complex algorithm). The Government has been highly secretive about how this is to be used. It appears that it is supposed to be for several purposes:


Project Feasibility

There are well-known indicators of projects that are likely to fail. They include:

This scheme exhibits not merely some, but every single one of the indicators of a risky project. Based on the empirical evidence, the Access Card project is almost certain to fail.


Security

The many expensive and unworkable ideas embedded in the scheme bring with them many risks, not the least of which is security.

The personal data in the chip is all in one zone. Any organisation or individual that was authorised to have access, or contrived to gain access, would have access to all of the data. The data is to include multiple identifiers - which represents a security risk for systems; and residential address - which is highly sensitive for a significant number of people.

Because of the rich data-set it contains, the new repository would be a 'honey-pot'. It would guarantee function creep, as agency after agency would dip its hand into the pot. The Office has acknowledged that it has involved many agencies in the process, from the outset.

In particular, the new repository is to include scanned images of the card holder's 'evidence of identity' documents. The register would be the nation's first 'one-stop shop' for identity thieves - a magnet for organised crime.

The Minister and Secretary of Human Services claimed that national security agencies need a search warrant to get access to the honey-pot. Their claim is seriously erroneous. Even before the vast array of post September 2001 statutes that have seriously breached civil liberties, there were many circumstances in which national security and law enforcement agencies can demand personal data, or write their own 'extra-judicial warrants'. It appears that there may even be some service-delivery agencies that have demand powers sufficient to gain access to any data that they want from the register.


Conclusions

Privacy advocates support the design and deployment of a scheme that achieves efficient and effective management of human services while protecting privacy. But the Government's proposal doesn't do that. It is quite simply the national identification scheme that public servants want in order to exercise control over the population. It is completely incompatible with social, economic and political freedoms.

The APF has provided an outline of what an appropriate scheme would look like. A key feature would be smartcard technology, applied properly, with secure zones used to ensure that data and identifiers for different agencies and programs are kept well apart.


Elements of a National Identification Scheme (Clarke 2006)

  1. A Database
  2. A Unique Signifier for Every Individual
  3. An (Id)entification Token (such as an ID Card)
  4. Quality Assurance Mechanisms
  5. Widespread Use
  6. Obligations
  7. Sanctions for Non-Compliance

For an explanation of how the 'Access Card' matches this profile, see APF's FAQ 9.


References

APF (2005-) 'Campaigns: the National Identification Scheme' Australian Privacy Foundation, 2005-, at http://www.privacy.org.au/Campaigns/ID_cards/HSAC.html

Clarke R. (2006) 'National Identity Schemes - The Elements' Xamax Consultancy Pty Ltd, February 2006, at http://www.rogerclarke.com/DV/NatIDSchemeElms.html


Author Affiliations

Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., a Visiting Professor in the E-Commerce Programme at the University of Hong Kong, and a Visiting Professor in the Department of Computer Science at the Australian National University.

He is also Chair of the Australian Privacy Foundation.



xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.

Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 3 April 2007 - Last Amended: 3 April 2007 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/AC-CIS-070404.html
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2013   -    Privacy Policy