[LINK] Roxon revives smartcard plan
Stephen Wilson
swilson at lockstep.com.au
Tue Jun 16 11:29:30 AEST 2009
Jan Whitaker wrote:
> At 09:47 AM 16/06/2009, Bernard Robertson-Dunn wrote:
>> This smartcard plan is nothing like the access card project, so I don't
>> know why they are using the term "revives".
> It's the same thing in many regards, just that it's coming at it from
> a health info instead of entitlement angle.
Focussing on health versus entitlement makes a world of difference.
It's important of course is to make sure it stays health focussed and
doesn't creep.
I think a good front-foot approach to this debate is to appeal to e.g.
the Australian Privacy Foundation's architectural concepts nutted out
during the Access Card campaign. See
www.privacy.org.au/Campaigns/ID_cards/HSAC-FAQ11.html, copied below.
Cheers,
Stephen Wilson
Lockstep
www.lockstep.com.au
/Lockstep Consulting provides independent specialist advice and analysis
on authentication, PKI and smartcards. Lockstep Technologies develops
unique new smart ID solutions that safeguard identity and privacy./
======================================
*What does the APF say should be done instead [of the Access Card]?*
Chip-cards are flexible tools that can be used in a wide variety of
ways. This FAQ outlines a framework within which a scheme could be
developed that assists individual agencies in achieving their
identification and authentication aims, but avoids the excesses of a
national identification scheme.
The first crucial requirements are that:
* *multiple single-purpose identifiers *must be retained for each
agency and program
* *no multi-purpose identifier* must be created
To put it another way, the Government's "up to 17 cards" can be replaced
not by 1 card containing 1 zone, but by *1 card containing up to 17
zones, each securely separated from the others*. That way, the
card-holder's multiple identities with separate programs and agencies
can be sustained.
Such a scheme can be designed so that there is no linkage between the
card-number and the various identifiers for the various agencies. The
card-number then ceases to be a central feature of the National
Identification Scheme, and becomes *just a card-number*.
Similarly, the *imposition of an 'official name' is unnecessary*, as
well as being dangerous.
Further, and *crucially, a central Register of personal data becomes
unnecessary*. All that is needed is a list of the card-numbers that have
been issued. A central Register is only needed if the Government wants
to have a central element of a National Identification Scheme.
With a decentralised scheme like the one the APF proposes, *decisions
about how each government program is to work can be taken by the agency
concerned*, rather than by a centralised commissariat that is remote
from people.
Some agencies will find that the benefits of using a zone on the card
would be low, and that separate cards will work better and more cheaply
for all concerned. (This would be likely to apply in particular to
concession cards, but perhaps also to some cards relating to benefits
and services).
A scheme of the kind that the APF proposes would be a less grand
monument to the Minister's term in office. On the other hand, *being
much simpler, such a scheme would be more likely to actually work*.
Descriptions of schemes like what the APF is suggesting have existed for
at least a decade e.g.
Clarke (1997)
<http://www.anu.edu.au/people/Roger.Clarke/DV/IDCards97.html#DesOpt>
http://www.anu.edu.au/people/Roger.Clarke/DV/IDCards97.html#DesOpt
Clarke (2006)
<http://www.anu.edu.au/people/Roger.Clarke/DV/ID-ACTSTL-0603.html>
http://www.anu.edu.au/people/Roger.Clarke/DV/ID-ACTSTL-0603.html
Wilson (2006) <http://www.lockstep.com.au/file?node_id=5813>
http://www.lockstep.com.au/file?node_id=5813.
In addition to adopting the balanced, privacy-protective architecture
outlined above, it's also essential that the Government stop suppressing
information, institute open and consultative processes, and provide
transparency for the requirements statements, cost/benefit analyses,
privacy impact assessments, and design details.
More information about the Link
mailing list