The proposed uniform authentication scheme for online use of government services is already threatening to slide away from the privacy commitments made for it at the scheme’s inception.
A privacy impact assessment of the scheme suggests that it eases the way for a national ID card, is likely to demand the use of biometrics and lays open the opportunity for more data matching between government agencies.
The assessment makes 35 recommendations for amendment or further elaboration, beginning with the suggestion that the business justification for centralised authentication has not been fully explored.
“A clear articulation of the justification for the scheme, and a quantified analysis of the underlying problems it addresses, are necessary in order that the business case for the scheme can be assessed alongside the privacy impact,” says the report, prepared by Australian companies Pacific Privacy Consulting and Xamax.
The centralised authentication system — the nine-month design of which started last July following a three-month period of consultation — claims as a major justification a reduction of identity theft and “identity fraud”.
But there is “a dearth of evidence” that ID fraud and theft are major and growing problems, the assessment says. Recent Australian reports have lowered previous estimates of such losses, the consultants report. However, they allow that “reasons for this [may] include the reluctance of organisations to admit to security breaches, and the reluctance of government agencies to share information about the alleged problem”.
Likewise, they say, there is insufficient evidence to support the other major justification, that of “ensuring ... that individuals do not receive services to which they are not entitled, or receive duplicate benefits”.
The nascent project has already begun to “test the limits” of the original privacy constraints put on it, the report says. While there is a specific declaration against any intention to institute a national ID card, the system undeniably eases the development of such a card. This should be made impracticable by design or specifically discounted by legislation, the report recommends.
Original descriptions of the project created the impression that biometrics would play little or no part in the scheme, the consultants say. By contrast, it now appears that a photograph, and a digital code derived from that photograph, will play a crucial role in a person initially obtaining his/her identity credential and as a “tie-breaker” in the case of more than one person having the same name, gender and place of birth. This apparent “scope creep” may give cause for concern, the report says.
Moreover, any plan to enforce a single centralised identity increases the ability to link personal information between government agencies, seen by many as invasive of privacy, the report says. It also increases the risk that irrelevant data about the individual could inadvertently be exposed to an agency which has no real need to know it. Avoidance of duplicate benefit claims and similar abuses could be achieved by preserving a link between one person’s multiple identities — how people operate in the real world, the authors say — stored away from the main authentication facility, for use only in case of need.
A strict “opt-in” approach, where citizens have the freedom not to use internet services or authentication procedures, might be hard to maintain in a future where a large majority of people transact business online and economies of scale begin to work against other channels.
E-governent unit head Laurence Millar says the unit has already taken action on a number of the recommendations in the impact assessment and has asked the authors to reassess the scheme in the light of those proposed changes.
Asked whether there were any objections the unit did not consider valid, Millar says he came into the post partway through the process and "I've not got that level of detail". He prefers to wait for the second round of discussion before raising any major remaining differences of opinion.
As one of the outputs from the exercise, the unit is producing a "best-practice framework for authentication" for the guidance of agencies. This is due for completion next month."