copyright 1988-2006 1 national identity cards? bust the myth of security über alles roger clarke,...
TRANSCRIPT
Copyright1988-2006 1
National Identity Cards?Bust the Myth of ‘Security über Alles’
Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU
http://www.anu.edu.au/Roger.Clarke/......../DV/NatID-BC-0602 {.html,.ppt}
7th Annual Privacy & Security ConferenceVictoria BC – 9 February 2006
Copyright1988-2006 2
We’re Living in an Era of Myths
They Threaten CivilisationFar More Than Do
Islamic and Christian Fundamentalismand Terrorism
The Many Myths Must Be Debunked
Myth No. 1This is about ‘just a Card’
Copyright1988-2006 3
Elements of a National ID Scheme
• A Database• centralised or hub
(i.e.virtually centralised)
• merged or new• A Unique Signifier
for Every Individual• A 'Unique Identifier'• A Biometric Entifier
• An (Id)entification Token (such as an ID Card)
• Mechanisms for:• (Id)entity Authentication• (Id)entification
• Obligations Imposed on:• Every Individual• Many Organisations
• Widepread:• Use of the (Id)entifier• Use of the Database• Data Flows including
the (Id)entifier
http://www.anu.edu.au/Roger.Clarke/DV/NatIDSchemeElms.html
Copyright1988-2006 4
Myth No. 2This is about ‘just another Card’
Copyright1988-2006 5
Myth No. 2 – This is about ‘just another Card’
Characteristics of a National ID Scheme
• Destruction of protective ‘data silos’• Destruction of protective ‘identity silos’• Consolidation of individuals’ many identities
into a single general-purpose identity==> The Infrastructure of Dataveillance
• Consolidation of power in organisations that exercise social control functions
• Availability of that power to many organisations
Copyright1988-2006 6
Identity Managementof the Most Chilling KindThe Public-Private Partnership
for Social Control
With the Capacity to Perform• Cross-System Enforcement• Services Denial• Identity Denial
• Masquerade• Identity Theft
Copyright1988-2006 7
Myth No. 3
‘Privacy’s dead. Get over it’
Copyright1988-2006 8
Privacy is a Fundamental Requirement for Humanity and
Civilisation• psychologically, people need private space, closed doors,
drawn curtains. People need to be able to glance around, judge whether the people in the vicinity are a threat, and then perform potentially embarrassing actions (break wind, jump for joy)
• sociologically, people need to be free to behave, and to associate with others, without the continual, even continuous, threat of being observed. The alternative is the context that we deplored about life behaind the Iron and Bamboo Curtains
• economically, people need to feel free to innovate. Sustaining standard-of-living depends on continual reinvention
• politically, people need freedom to think, to argue, and to act. The chilling of behaviour and speech destroys democracy
Copyright1988-2006 9
Privacy is a Fundamental Human Right, not an Optional
Extra
• UDHR 1948, Article 12• ICCPR 1966, Article 17• national Constitutions and Bills of Rights
Privacy is not a Mere Economic Right
Copyright1988-2006 10
Dangers of Dataveillance (1 of 2)
• Dangers of Personal Dataveillance- wrong identification- low quality data- acontextual use of data- low quality decisions- lack of subject knowledge of data flows- lack of subject consent to data flows- blacklisting- denial of redemption
• Dangers of Mass Dataveillance• To the Individual
- arbitrariness- acontextual data merger- data complexity, incomprehensibility- witch hunts- ex-ante discrimination, guilt prediction- selective advertising- inversion of the onus of proof- covert operations- unknown accusations and accusers- denial of due process
Copyright1988-2006 11
• Dangers of Mass Dataveillance • To Society as a Whole
- prevailing climate of suspicion- adversarial relationships- focus of law enforcement on easily
detectable and provable offences- inequitable application of law- decreased respect for the law
and law enforcers- reduced meaningfulness of
individual actions
- reduced self-reliance and self-determination
- stultification of originality- increased tendency to opt
out of the official level of society
- weakening of society's moral fibre and
cohesion- destabilisation of the
strategic balance of power- repressive potential for a
totalitarian government
Dangers of Dataveillance (2 of 2)
http://www.anu.edu.au/people/Roger.Clarke/DV/CACM88.html
Copyright1988-2006 12
Myth No. 4You can’t have privacy if you want
security
Copyright1988-2006 13
Myth No. 4You can’t have privacy if you want
security• Yes, if course privacy protections are used
by people for anti-social and criminal ends• But the privacy advocacy argument is not
extremist like the national security agenda• Privacy protections are about:
• Justification, not Blithe Assumptions• Balance, not simplistic notions like
‘Zero-Tolerance’ and ‘we need to do anything that might help us wage the war on terrorism’
Copyright1988-2006 14
Myth No. 5
Strong Form:A national ID scheme is
essential to national security
Weaker Form:A national ID scheme will contribute
significantly to national security
Copyright1988-2006 15
Terrorists, Organised Crime, Illegal Immigrants
Benefits Are Illusory
• Mere assertions of benefits: ‘it’s obvious’, ‘it’s intuitive’, ‘of course it will work’
• Lack of detail on systems design• Continual drift in features
• Analyses undermine the assertions• Proponents avoid discussing the
analyses
Copyright1988-2006 16
Biometrics and Single-Mission Terrorists
• Terrorism is defined by an act, not an identity:“Biometrics ... can’t reduce the threat of the suicide bomber or suicide hijacker on his virgin mission. The contemporary hazard is a terrorist who travels under his own name, his own passport ... until the moment he ignites his shoe-bomb or pulls out his box-cutter” (Jonas G., National Post, 19 Jan 2004)
• “It is difficult to avoid the conclusion that the chief motivation for deploying biometrics is not so much to provide security, but to provide the appearance of security” (The Economist, 4 Dec 2003)
Copyright1988-2006 17
Miscreants (Benefits Recipients, Fine-Avoiders, ...)
Benefits May Arise, But Are Seriously Exaggerated
• Lack of detail on systems design• Continual drift in features• Double-counting of benefits from
the ID Scheme and the many existing programs
• Analyses undermine the assertions• Proponents avoid discussing the
analyses
Copyright1988-2006 18
Myth No. 6
Strong Form:The Scheme will include privacy
protections
Weak Form:The Scheme complies with the [Privacy]
Act
Copyright1988-2006 19
The Vacuousness of Data Protection Laws
• FIPs (‘Fair Information Practices’) were designed for ‘administrative convenience’
• OECD Guidelines were designed to protect businesses from inconsistent national laws
• Exceptions, Exemptions, Loop-Holes• Over-Rides
http://www.anu.edu.au/people/Roger.Clarke/DV/PP21C.html
Copyright1988-2006 20
Myth No. 7
A National ID Scheme can be devised so as to preclude abuse by:• Unelected Governments, e.g.
• Invaders• Military Putsch
• Elected Governments, e.g.• that arrange the law as they wish• that act outside the law
Copyright1988-2006 21
Myth No. 8The public accepts that
‘the world changed on 11? (12!) September 2001’
• Privacy valuations are highly situational
• The gloss has gone• People are becoming
inured / bored / realistic about ‘the threat of terrorism’
• People know that a national ID scheme won’t prevent terrorism
Zogby Poll 2 Feb 20062001 - 2005
Luggage Search 63 - 44
Car Search 60 - 37
Vehicle Search 59 - 33
Mail Search 55 - 25
Tel Monitoring 38 - 28
http://www.zogby.com/news/ReadNews.dbm?ID=1068
Copyright1988-2006 22
The Privacy Advocacy Core
• LSE’s Identity Project – http://is2.lse.ac.uk/idcard/
• Privacy International – http://www.privacyinternational.org/
• APF International Resources – http://www.privacy.org.au/Campaigns/ID_cards/Resources.html
• US, e.g. EPIC – http://www.epic.org/privacy/id_cards/
• UK, esp. SayNo2ID – http://www.no2id.net/
• Australia, esp. APF – http://www.privacy.org.au/Campaigns/ID_cards/NatIDScheme.html
Copyright1988-2006 23
Conclusion
• There can be no reconciliation or balance between privacy and security that involves a national ID scheme
• Attempts by intellectuals and regulators to accommodate a national ID scheme must be seen by everyone, and treated by everyone, for what they are: a sell-out of liberty, and a derogation of their duties as human beings
Copyright1988-2006 24
National Identity Cards?Bust the Myth of ‘Security über Alles’
Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU
http://www.anu.edu.au/Roger.Clarke/......../DV/NatID-BC-0602 {.html,.ppt}
7th Annual Privacy & Security ConferenceVictoria BC – 9 February 2006