[LINK] Leakage Problem Means Cards Will Never Be Secure

Roger Clarke Roger.Clarke at xamax.com.au
Thu Sep 28 10:12:07 AEST 2006 

At 9:02 +1000 28/9/06, Bernard Robertson-Dunn wrote:
>And in the case of the access card, the data they are considering 
>putting on the card (either in the face or in the chip) is no 
>different from (or in fact less than) that already likely to be in 
>their wallet next to the  Access Card.
>
>The back end systems that support the card will be subject to the 
>same constraints as any other government system with respect to 
>security, privacy, data matching etc.

I share some scepticism (and commented on the privacy list that I 
hadn't come across him before, in over 30 years of privacy advocacy. 
*But* us advocates welcome new devotees to the cause!!).

But it's also vital to apply the same scepticism to the statements 
made by the Government about their 'Access Card'.

The assurances that you're relying on are written in weasel words, 
are full of designed-in ambiguities and loopholes, are unable to be 
tested against the actual project documents because the Government 
refuses to release them, and hence the assurances are anything but 
trustworthy.

The very considerable pressure that we've had on the project has to 
be sustained, information has to be forced into the open that they 
don't want to see made public, the design has to be beaten into a 
shape that is practicable and no more privacy-threatening than is 
actually warranted, and controls have to be put into place that make 
it difficult for the next round of social control devotees to 
re-purpose the scheme to what they really wanted it to be in the 
first place.

And don't believe that nonsense about privacy laws acting as an 
effective constraint on this or any other government system.  The 
Privacy Act was designed to be rubbery from the outset.  Its power is 
continually stripped back by scores of provisions that go through 
Parliament without discussion every year and that authorise 
additional privacy-invasive uses of data.

-- 
Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW

More information about the Link mailing list