[LINK] Access your areas

[Roger Clarke]

[My comments on the article, as sent to Mark Metherell, are below]


G'day Mark

>Access your areas
>March 9, 2007
>SMH
>http://www.smh.com.au/news/national/access-your-areas/2007/03/08/1173166897988.html?page=fullpage#contentSwap1

There's lots of great stuff in your article, and it's good to have 
some in-depth coverage at long last.

But there are some problematical aspects, which I've commented on below.

Regards  ...  Roger


>  ...  Its most controversial feature is a photograph of the
>cardholder that will appear on the card, and be stored both in an
>electronic chip on the card and on a central databank.

Not correct.  The problems are legion, and the photo is just one of 
them, and far from the most serious one.

Mason is attempting to deflect the debate onto one minor problem, so 
that he can magically solve that (by writing a report recommending 
that the photo be taken off the card), which he hopes will then 
enable the Government to spirit the Bill through the Senate.

Mason's fellow Committee-members need to force him to consider the 
rest of the legion of problems that have been drawn to attention.

Sorry I was on the move yesterday, and couldn't get info about 
photo-matching to you in time.  The idea of identifying people based 
on their photos is a total myth.  Facial recognition is a 
very-low-quality authentication mechanism;  but it is an *impossibly* 
low-quality *identification* mechanism.  (Just because senior 
bureaucrats and politicians are unable to understand the explanations 
that they are given doesn't make the explanations wrong).  The 
Cornelia Rau scenario is a complete furphy.  The photo is a minor 
issue in the scheme.


>Biometric technology will enable the photograph to be instantly matched
>with the image stored on the smart card's national database. The
>biometric photograph would "dramatically improve" the ability of
>authorities to respond to cases like Rau's, says Patricia Scott, the
>secretary of the Department of Human Services, which is responsible for
>the $1.1 billion access card scheme to be implemented next year.
>
>"We are confident that if Cornelia had been registered and had a card,
>we would have been able to find her in our system," Scott says.

Scott is talking utter rubbish.  It's embarrassing that a very senior 
government executive could declare such twaddle, least of all to a 
Senate Committee.

If people in Australia with expertise in the area are for some reason 
regarded as being untrustworthy, please contact overseas experts like 
Bruce Schneier, and ask *them* to provide their reaction to Scott's 
proposition.


>She told a Senate estimates committee hearing last month that such uses
>of the access card would be in life-or-death situations, consistent with
>a central aim to protect privacy.

Scott is again talking rubbish.

1.  The Privacy Act contains multiple bases for disclosure of 
personal data, and emergencies is just one of them.

2.  There are vast numbers of legally authorities for disclosure 
external to the Privacy Act, including demand powers and 
extra-judicial (i.e. agency-created) warrants.

Scott might be displaying embarrassing ignorance in relation to the 
relevance of a photo-database to the Rau affair.  But if the way 
you've reported her statement is accurate, then she is simply 
misleading the Senate, and should be called to account for it.


>Mason's views can be expected to carry added weight among his
>colleagues. A former barrister and criminologist, he wrote a book on the
>subject: Privacy Without Principle - the Use and Abuse of Privacy in
>Australian Law and Public Policy. It concludes: "In the politics of our
>age 'security' eclipses 'privacy'. The personal is political Š privacy
>is political."

Do you understand what Mason means by that?  I don't.

Is he saying that the APF as an advocacy organisation is 
participating in politics?  Fair enough.

(Although I thought he would have regarded that as an honourable 
occupation.  But perhaps he means that only people who get themselves 
pre-selection in a safe slot on a ticket have the right to 
participate in the political process?).

Alternatively, is he saying that rational analysis of the privacy 
impact of government proposals is an impossibility?

Is he saying that the legal and systems analyses of people like Anna 
Johnston, Graham Greenleaf and Roger Clarke are inevitably partisan, 
and should therefore be ignored?

And/or that political judgements by people like him are appropriate, 
but judgements by people outside Parliament, even if based on careful 
analysis of the available information, are irrelevant to the 
political process?


>Photographs of 16.5 million adult Australians expected to sign up for
>the card will enable use of ultra-sensitive facial biometric technology.
>This measures and analyses physical characteristics - such as the exact
>distance between the eyes - so minutely that even the subtle facial
>differences between identical twins can be detected.

The statement that so-called 'facial recognition' technology 
"measures and analyses physical characteristics" is very probably 
false.  All that the technology actually does is apply some 
statistical methods to an image of the person's face.

The statement about the distance between the eyes being part of 
'analysis' is also very probably false.  That distance is only used 
as part of what's called the 'registration' and 'normalisation' 
processes.  These ensure that the face is oriented the same way each 
time, and that the image occupies about the same percentage of the 
image each time a photo is taken and the statistical procedures are 
run.  That distance plays no part in the statistical mashing itself.

(I would like to say "certainly false", but the Government refuses to 
publish information about the technology and the application, and the 
suppliers of the technology also do not publish any reliable 
information about the mechanics.  So it's necessary to interpolate 
from available information).

Put briefly, so-called 'facial recognition' technology does not 
'recognise' *anything*.

Moreover, its quality is appalling.  Contrary to what someone unknown 
has told you (my statements are *on* the record, unlike the 
presumably unattributable source you're drawing on), the technology 
would almost certainly fail to reliably distinguish between identical 
twins.  (In the masquerade perpetrated by IATA committee-members 
against the Smartgate system, it became clear that the Australian 
scheme can't even tell the difference between two unrelated Japanese 
gentlemen).

Whoever provided you with the information in that paragraph is either 
a charlatan, or was provided with the information by a charlatan. 
(Perhaps I should moderate my language slightly, and refer to a 
'vacuum-cleaner salesman' rather than a 'charlatan').

Once again, if local people who know about biometrics are regarded as 
partisan because they keep saying things that upset Ministers and 
their minders, please ask some experts somewhere else.


>The Government has been at pains to counter suggestions the card will
>inevitably become a national identity card, saying there would be heavy
>fines and even imprisonment imposed on companies or individuals
>demanding the card for identification purposes against the wishes of the
>cardholder. Cardholders would not be required to carry it at all times
>and it would be "voluntary" - provided that citizens were prepared to
>forgo government payments, such as pensions and Medicare benefits.

The submissions of the APF and other organisations have explained 
that the Bill does *not* provide the protections that the Government 
pretends are in there.


>The Government supports its case with a KPMG report that says the new
>card might prevent fraud of up to $3 billion over 10 years, "a very
>conservative" estimate.

It's become clear that KPMG did *not* undertake a study of the 
benefits.  KPMG merely quoted a statement made to them *by the 
Government*, to the effect that the *potential* existed for such 
amounts to be saved, i.e. fraud of something like those levels 
appears to take place.

The Government has steadfastly refused to publish the document.  They 
clearly have something to hide.  The most likely thing they are 
hiding is that there is no explanation as to how the 'potential' 
would be realised - just a pious hope that technology would somehow 
make a difference.


>The Fels taskforce has acknowledged the photograph would be a "major
>factor" in preventing fraudulent health and social service activities.

The Fels taskforce has been discredited.  Despite the evidence 
provided to it, it made the gentlest possible recommendations, and 
some of *them* were rejected by the Minister (Hockey, two Ministers 
ago).

The previous Task Force comprised honourable people who resigned when 
their recommendations were ignored.  Fels and his colleagues failed 
to take the honourable course and resign.  They have thereby become 
part of the problem - a shield to protect the Minister - rather than 
part of the solution.


>Campbell suggested privacy safeguards satisfied public concern: "The
>classic answer in the vox pops I have read is, 'If you have got nothing
>to hide what have you got to be afraid of?' Most Aussies want to do the
>right thing."

For the response to that piece of simplistic nonsense, see:

     Frequently Asked Question No. 10
     If I've got nothing to hide, why should I be afraid of a National 
Identification Scheme?
     http://www.privacy.org.au/Campaigns/ID_cards/HSAC-FAQ10.html


>BOTH SIDES OF THE CARD
>
>FOR
>
>* It streamlines claims for benefits from Medicare, Centrelink, Veterans
>Affairs and 14 other agencies, all using separate cards, making it
>faster and simpler for claimants.

The Government's '17 cards' argument is mythical.  See:
     Frequently Asked Question No. 3
     How many of your cards will be replaced?
     http://www.privacy.org.au/Campaigns/ID_cards/HSAC-FAQ3.html


>* Biometric photograph on the surface, in the card chip and on a central
>register makes fraud, at present costing $1.4 billion to $2 billion a
>year, much harder.

The Government has failed to publish any evidence to support that assertion.


>* Cardholders have option of including medical emergency details, organ
>donor status and contact details, which can be accessed by hospitals, on
>the card chip.

This is an extraordinarily difficult undertaking, has been considered 
in many countries many times over the last 10-20 years, but has not 
been successfully implemented anywhere.

And, if a design can be produced that will work, then it's worth 
doing *separately* from a national identification scheme.


>* The card could be used to check eligibility for other concessions,
>such as public transport and cinema discounts.

False.

The present arrangements are simple, because existing cards are 
designed to be easy to recognise.  But the new card is *not* designed 
to display concession-rights.


>* Biometric photograph held on register will make it potentially easier
>to identify and trace people in danger, or who have gone missing.

Utter rubbish, because so-called 'facial recognition' technology is 
of far too low quality to support one-to-many identification 
processes.


-- 
Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW