IDologists By Rob O'Neill August 2, 2005 http://www.theage.com.au/news/next/idologists/2005/08/01/1122748570079.html? oneclick=true
It took about five minutes for Roger Clarke to swing into action over the latest proposal for a national identity card, the Australia Card 2.0. Mr Clarke was there in opposition to Bob Hawke's 1985 Australia Card and he was there again when the debate was reinvigorated by the Prime Minister last month. "It's impossible to do what they want to do and a disaster if they achieve it," Mr Clarke says. "They haven't got Health Connect (the health services card proposal) to first base yet. They are cocking it up so badly that it will never happen." Mr Clarke, an IT consultant based in Canberra, is the most adamant of Australia Card critics and time has not softened his stance one tiny bit. "Everywhere you look, even at a bare bones proposal, more people have access," he says. "It's amazing who would have access. In those circumstances it is impossible to guarantee security. "Nobody knows what the proposal is, but in the event of a centralised or decentralised system it's a honey-pot for organised or unorganised crime. They would be right into it." In the 20 years since the last serious Australia Card debate our world and our technology have changed beyond measure. AdvertisementAdvertisement Bob Hawke's 1985 card would have been costly and complex to implement, requiring large amounts of custom software development to integrate disparate government systems. It would also probably only have had a fraction of the functionality a 21st century card could boast. A new Australia Card would not necessarily cost any less, but it would do, or try to do, much more. Even the objectives of a national card have changed. The Hawke card was designed to stop tax and welfare fraud. Now the card would do that too, but is also being talked about as a tool in the battle against terrorism and as a means to avoid bureaucratic stuff-ups such as those inflicted on Cornelia Rau and Vivian Alvarez Solon. None of this has served to change Mr Clarke's stance on the issue. "It would have zero impact on terror. Identity has nothing to do with stopping terrorists," he says. "Look at any of the case studies. In no case would any ability to test or prove identity of the attackers have had any impact. "It's not who they are but what they did that's the issue." The new debate can be neatly split into two parts, the political and the technical. Politically, a climate of fear and a never-ending war on terror make the once highly unpopular proposal achievable. Political heavyweights are swinging in behind it, with Queensland Premier Peter Beattie advocating an Australia Card, integrating public and private uses into one card. The Prime Minister, who in the 1980s called the concept un-Australian, is now willing to have the discussion. If the political debate over whether a card is necessary or even desirable is fraught, the technical arguments about whether a secure, affordable and functional card is even possible are hardly less so. Mr Clarke opposes a card on technical grounds as well, saying the key technologies that could make a card possible are not ready or at least have never been used on the scale required here. He says a card would be enormously difficult. You need to prove the identity of 20 million people, he says. Many of these IDs have been established, legally and illegally, as second IDs for people already in the country. The biggest producers of secondary identities are government agencies. "There are lots of official second IDs in existence. There are significantly more IDs than people," Mr Clarke says. "How do you sift through them?" he asks. "The scheme will entrench a pile of IDs and empower criminals in giving them false ID cards." He concedes there are all sorts of data cleansing tools available, but these are all inaccurate and would produce a huge number of false negatives and positives. "It's got to be bloody accurate, otherwise why have we done this? The technology is not capable of supporting that." Similarly, he says, biometrics is not mature and some of the technologies are a joke. He believes Amanda Vanstone had some "ifs" in her statements about the card. She said "if" we could make biometrics work. "The simple fact is biometrics is not an established technology," Mr Clarke says. "Biometric technology is not ready and there is a good argument it never will be. A couple are based on decent science - fingerprints and iris - but face recognition is a total joke." This is because there are no unique characteristics in the face, he says, while there are no large-scale roll-outs of fingerprint and iris-based card ID systems as models for an Australian system. One who strongly disagrees, despite describing himself as "left of left politically" is Aaron Zornes, the US-based founder of the customer data integration research organisation, the CDI Institute. Mr Zornes says a national ID system can work and would be useful, saying technologies such as anonymous identity resolution, offer new ways to think about identity and could alleviate some concerns. The technology can move us from a situation now where people may know your identity but not know very much about you, to one where they know a lot about you but not your identity. The technology is being used in US casinos, which are under pressure not to hire or to do business with known felons. However, anonymous resolution allows people to be tracked and data to be matched through a "magic key" without revealing the identity of the person. The result is that casinos can be warned if someone is related to or shared an address with someone who is bad, Mr Zornes says. Such technology could be used to match data from government databases anonymously to retain privacy, he says - such as people applying for flight training or buying ammonia. Mr Zornes also has faith in biometrics. He says there are many ways to identify people biometrically and a lot of science has been applied to the problem already. "You just have to have the money and the will to do it," he says. Mr Zornes concedes that matching databases can be fraught when data accuracy is not up to scratch, but is also more positive than Mr Clarke about the ability of new tools to clean these up. Another advance since the 1985 debate, he says, is web services technology and particularly XML, which is allowing much greater integration of traditional structured data with new forms of unstructured data, such as emails and video files. Mr Clarke, however, is also concerned about process weaknesses in a card system which could increase the risk of identity theft. He says criminals and others could masquerade as someone else at the point when the card is issued - this could become a very strong form of identity theft. US internet security expert and author Richard Forno backs up some of Mr Clarke's concerns. "National ID cards will not prevent terrorists," he says. "All it will do is keep honest people honest and increase the state surveillance over the law-abiding public. Bad guys don't care about the rules and will continue to do bad things, even without owning a national ID card." Since 1985 our world has become networked, which has had huge benefits but is also a point of weakness. Mr Forno says that apart from the fact cards don't really improve national security, the dangers are numerous. "Unless there's a real-time verification system in place at any location where a national ID card check is required, the service won't work effectively," he says. "Plus there's a centralised database that can be targeted, attacked, or compromised intentionally or otherwise. What then? Does Australia or the US or the UK shut down until the national ID card database is restored? For that matter, what if I disrupt the network lines between Point A and the centralised ID database? Does Sydney airport shut down because it can't process ID checks?" Mr Forno says biometrics might be effective in preventing card forgery but, once again, if someone is hell bent on doing something they won't care about forging a card if they even bother to get one. Mr Forno says national ID cards are "security theatre" designed to reassure people while also increasing the ability of the state and federal governments to monitor their activities in a way that is "not only unprecedented and disturbing, but very much antithetical for a so-called democratic society". Like Mr Clarke, Mr Forno is concerned about the processes behind such a system as well as the technologies. "If there's a reliable way of overseeing such a system to prevent abuse or 'feature creep' that may change my views, but I'm cynical about such reliable and trustworthy oversight ever being developed." Another who has researched the area and decided the dangers are many is Tim Ebringer, an honorary fellow of the Department of Computer Science at the University of Melbourne. He is also concerned about the scale and cost of the project and asks whether the benefits could match the costs. He says the cheapness of card technology and the emergence of web services will make a card more achievable. "Web services would allow different institutions to participate if and when they are prepared to adapt their systems. It also means that their existing processes would not be disrupted," he says. Mr Ebringer says an Australia card does not need a lot of data itself. All it contains is a number or barcode for a person. "It is up to existing agencies to link their data with this number, so the Passport Office would need to link passport numbers with the correct Australia card number. "The trick for the other agencies, then, is how they can be sure they've linked with the correct Joe Bloggs. For many of them, the quality of their data will simply be too poor to do this reliably. The consequences of getting this wrong - for example linking the wrong person's medical records - can be dire. Already we have seen some poor Americans subjected to intensive searches each time they pass through an airport simply because they share a name with someone on a government watch-list." Mr Ebringer says access control is another issue. While mechanisms exist, in theory at least, it also provides a tempting target for criminals. "Expect fierce resistance to strong access control mechanisms from the companies and government agencies who stand to gain most from this system," he warns. He also sees revocation as a trouble spot where many systems fail. How do you prove a card has been stolen and how do you issue new cards and how do you propagate the new identity to linked agency databases? "Biometrics gets caught up in this revocation issue, since it is very easy to forge a fingerprint, but impossible to revoke it," he says. The president of the Australian Oracle user group, Martin Power, however, is in no doubt that Australia has the capacity to implement a national ID card. "Since the 1980s the power and scalability of our central database systems has progressed to the point that a nationally scaled system of this type is quite achievable," he says. "The cost of provisioning this service is also no longer a major concern with the advent of enterprise cluster solutions." Along with clusters, Mr Powers cites grid technologies that share computing resources as factors that could make a card more achievable. "This technology provides a central master repository with data segmentation and agency-specific provisioning of data through the use of virtual private databases and web services for secured data access between systems," he says. "Couple this with embedded data validation within the database and the framework of a solution starts to solidify. Examples of systems vastly larger than the one in question already exist in China's banking systems today." Mr Power says whether a system is distributed or centralised doesn't really matter, but on balance centralisation with satellite replicas for specific agency uses could be the most effective solution. "The challenge that will effect the final solution is the consolidation of the existing data stored in different systems at this time." He says this process is in no small way the principle barrier in realising the concept of an Australia card. He cites experience in education to highlight the difficulties. "The national education system has been investigating the establishment of a single student identifier for Australians, which is proposed for establishment in primary school and will continue with a person during their life of learning. "The merging of data from primary, secondary and tertiary systems is complicated by the movement of people round the country, spelling errors, name changes and the structure of data storage within the multitude of different systems." However, he thinks the tools and processes required to complete the task are available and affordable. Similarly, access can be controlled in the same way access is controlled to any sensitive data. Auditing of the processes around that access would take place as it does now and as required under various corporate governance regimes. Whether Australia Card 2005 is a serious proposal or a political distraction, any implementation would be the Snowy Mountains project of IT. It would have to be carefully and well-managed to avoid cost blow-outs and system failures. The history of significant IT project failures could be perhaps the biggest argument against such an undertaking. You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
