No, no it’s fine – just trust me

March 15, 2007

A couple of articles today here and here regarding privacy concerns with the proposed new health and welfare smartcard.

If you’re not in Australia, there is a bit of controversy at present over the Goverment’s desire to replace several different health and welfare service cards with a single smartcard – with a strong concern that the card might come to be used as a defacto national ID , a la the much maligned Australia Card.

Lets ignore for a moment the whole idea of the effectiveness of Security by Identification that underlies a national identification system (by the way, I agree with Bruce Schneier on this, it’s bogus) and focus on the issues raised by a cross party senate committee looking into the legislation. One article states that the report declares:

“Imprecise wording of key items in the bill raised … concerns that there are inadequate constraints to prevent the Access Card becoming an ID card.”

Which is not entirely unexpected. Frightening “anti-terror” (and I cringe as I use the term) legislation passed following the New York World Trade Center attacks and the bombings in Bali was also reported at the time as being poorly specified, and as such open to both misinterpretation and abuse. We don’t have a Bill of Rights as a safety net in this country, and accordingly I would think that is it not too much to ask to be clear and precise when specifying laws that touch on our civil rights and liberties.

But wait! There’s more:

Other concerns raised in the report include:

Biometric photographs on the surface of the card could turn it into a defacto ID card.The card and the supporting database could be used for unintended purposes.

Well, I’ve never heard of a “Biometric photograph” before, but mangled English and buzz words aside the point remains the same. A requirement for identity documents is a reasonably current photograph, and I can’t think of any of the current health/welfare cards being replaced that currently have such a requirement – so why is this necessary?
As to the use of any associated database for unintended purposes? Well, I think that’s going to be a given without specific legislation regarding secondary uses and data persistence.

The card database could be linked with other databases to compile extensive information on individuals.

Well, duh.
As above – without specific guidelines, I think that this is not only inevitable, but probably a major rationale for the card change – that a variety of services for which the government pays out money will now be easily cross referential via a single unique number that identifies the card. In this, the card is all about fraud prevention, not convenience for the user.

The Australian Federal Police and ASIO could get information from the database without a warrant and without the knowledge of the Parliament.

This problem came to light when the aforementioned “anti-terror” laws were passed – giving law enforcement and security agencies the ability to bypass legislative checks and balances. There’s a reason that these checks exist in the first place – to prevent abuse of power – and even if such abuse is not taking place now, poorly defined laws leave a gaping hole of opportunity. Just because you trust John Howard (although I can’t imagine why you would) to use these laws and systems fairly, doesn’t mean you can trust the next guy (I of course use guy in a non gender specific sense) or the guy after that. Or the guy a hundred years down the line for that matter.

“The committee is being asked to approve the implementation of the Access Card on blind faith without full knowledge of the details of the program,” the report says. “This is inimical to good law-making.”

On that point, I couldn’t agree with them more.