[LINK] Roxon revives smartcard plan

Stephen Wilson swilson at lockstep.com.au
Tue Jun 16 11:29:30 AEST 2009 

Jan Whitaker wrote:
> At 09:47 AM 16/06/2009, Bernard Robertson-Dunn wrote:
>> This smartcard plan is nothing like the access card project, so I don't
>> know why they are using the term "revives".
> It's the same thing in many regards, just that it's coming at it from 
> a health info instead of entitlement angle. 
Focussing on health versus entitlement makes a world of difference.  
It's important of course is to make sure it stays health focussed and 
doesn't creep. 

I think a good front-foot approach to this debate is to appeal to e.g. 
the Australian Privacy Foundation's architectural concepts nutted out 
during the Access Card campaign.  See 
www.privacy.org.au/Campaigns/ID_cards/HSAC-FAQ11.html, copied below. 

Cheers,

Stephen Wilson
Lockstep
www.lockstep.com.au

/Lockstep Consulting provides independent specialist advice and analysis
on authentication, PKI and smartcards.  Lockstep Technologies develops
unique new smart ID solutions that safeguard identity and privacy./

======================================

*What does the APF say should be done instead [of the Access Card]?*

Chip-cards are flexible tools that can be used in a wide variety of 
ways. This FAQ outlines a framework within which a scheme could be 
developed that assists individual agencies in achieving their 
identification and authentication aims, but avoids the excesses of a 
national identification scheme.

The first crucial requirements are that:

    * *multiple single-purpose identifiers *must be retained for each
      agency and program
    * *no multi-purpose identifier* must be created

To put it another way, the Government's "up to 17 cards" can be replaced 
not by 1 card containing 1 zone, but by *1 card containing up to 17 
zones, each securely separated from the others*. That way, the 
card-holder's multiple identities with separate programs and agencies 
can be sustained.

Such a scheme can be designed so that there is no linkage between the 
card-number and the various identifiers for the various agencies. The 
card-number then ceases to be a central feature of the National 
Identification Scheme, and becomes *just a card-number*.

Similarly, the *imposition of an 'official name' is unnecessary*, as 
well as being dangerous.

Further, and *crucially, a central Register of personal data becomes 
unnecessary*. All that is needed is a list of the card-numbers that have 
been issued. A central Register is only needed if the Government wants 
to have a central element of a National Identification Scheme.

With a decentralised scheme like the one the APF proposes, *decisions 
about how each government program is to work can be taken by the agency 
concerned*, rather than by a centralised commissariat that is remote 
from people.

Some agencies will find that the benefits of using a zone on the card 
would be low, and that separate cards will work better and more cheaply 
for all concerned. (This would be likely to apply in particular to 
concession cards, but perhaps also to some cards relating to benefits 
and services).

A scheme of the kind that the APF proposes would be a less grand 
monument to the Minister's term in office. On the other hand, *being 
much simpler, such a scheme would be more likely to actually work*.

Descriptions of schemes like what the APF is suggesting have existed for 
at least a decade e.g.
Clarke (1997) 
<http://www.anu.edu.au/people/Roger.Clarke/DV/IDCards97.html#DesOpt> 
http://www.anu.edu.au/people/Roger.Clarke/DV/IDCards97.html#DesOpt
Clarke (2006) 
<http://www.anu.edu.au/people/Roger.Clarke/DV/ID-ACTSTL-0603.html> 
http://www.anu.edu.au/people/Roger.Clarke/DV/ID-ACTSTL-0603.html
Wilson (2006) <http://www.lockstep.com.au/file?node_id=5813> 
http://www.lockstep.com.au/file?node_id=5813.

In addition to adopting the balanced, privacy-protective architecture 
outlined above, it's also essential that the Government stop suppressing 
information, institute open and consultative processes, and provide 
transparency for the requirements statements, cost/benefit analyses, 
privacy impact assessments, and design details.

More information about the Link mailing list