Copyright National Identity Cards? Bust the Myth of Security über Alles Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU {.html,.ppt} 7th Annual Privacy & Security Conference Victoria BC – 9 February 2006

Copyright Were Living in an Era of Myths They Threaten Civilisation Far More Than Do Islamic and Christian Fundamentalism and Terrorism The Many Myths Must Be Debunked Myth No. 1 This is about just a Card

Copyright Elements of a National ID Scheme A Database centralised or hub (i.e. virtually centralised) merged or new A Unique Signifier for Every Individual A 'Unique Identifier' A Biometric Entifier An (Id)entification Token (such as an ID Card) Mechanisms for: (Id)entity Authentication (Id)entification Obligations Imposed on: Every Individual Many Organisations Widepread: Use of the (Id)entifier Use of the Database Data Flows including the (Id)entifier

Copyright Myth No. 2 This is about just another Card

Copyright Myth No. 2 – This is about just another Card Characteristics of a National ID Scheme Destruction of protective data silos Destruction of protective identity silos Consolidation of individuals many identities into a single general-purpose identity ==>The Infrastructure of Dataveillance Consolidation of power in organisations that exercise social control functions Availability of that power to many organisations

Copyright Identity Management of the Most Chilling Kind The Public-Private Partnership for Social Control With the Capacity to Perform Cross-System Enforcement Services Denial Identity Denial Masquerade Identity Theft

Copyright Myth No. 3 Privacys dead. Get over it

Copyright Privacy is a Fundamental Requirement for Humanity and Civilisation psychologically, people need private space, closed doors, drawn curtains. People need to be able to glance around, judge whether the people in the vicinity are a threat, and then perform potentially embarrassing actions (break wind, jump for joy) sociologically, people need to be free to behave, and to associate with others, without the continual, even continuous, threat of being observed. The alternative is the context that we deplored about life behaind the Iron and Bamboo Curtains economically, people need to feel free to innovate. Sustaining standard-of-living depends on continual reinvention politically, people need freedom to think, to argue, and to act. The chilling of behaviour and speech destroys democracy

Copyright Privacy is a Fundamental Human Right, not an Optional Extra UDHR 1948, Article 12 ICCPR 1966, Article 17 national Constitutions and Bills of Rights Privacy is not a Mere Economic Right

Copyright Dangers of Dataveillance (1 of 2) Dangers of Personal Dataveillance -wrong identification -low quality data -acontextual use of data -low quality decisions -lack of subject knowledge of data flows -lack of subject consent to data flows -blacklisting -denial of redemption Dangers of Mass Dataveillance To the Individual - arbitrariness - acontextual data merger - data complexity, incomprehensibility - witch hunts - ex-ante discrimination, guilt prediction - selective advertising - inversion of the onus of proof - covert operations - unknown accusations and accusers - denial of due process

Copyright Dangers of Mass Dataveillance To Society as a Whole -prevailing climate of suspicion - adversarial relationships - focus of law enforcement on easily detectable and provable offences - inequitable application of law -decreased respect for the law and law enforcers - reduced meaningfulness of individual actions - reduced self-reliance and self-determination - stultification of originality -increased tendency to opt out of the official level of society -weakening of society's moral fibre and cohesion -destabilisation of the strategic balance of power -repressive potential for a totalitarian government Dangers of Dataveillance (2 of 2)

Copyright Myth No. 4 You cant have privacy if you want security

Copyright Myth No. 4 You cant have privacy if you want security Yes, if course privacy protections are used by people for anti-social and criminal ends But the privacy advocacy argument is not extremist like the national security agenda Privacy protections are about: Justification, not Blithe Assumptions Balance, not simplistic notions like Zero-Tolerance and we need to do anything that might help us wage the war on terrorism

Copyright Myth No. 5 Strong Form: A national ID scheme is essential to national security Weaker Form: A national ID scheme will contribute significantly to national security

Copyright Terrorists, Organised Crime, Illegal Immigrants Benefits Are Illusory Mere assertions of benefits: its obvious, its intuitive, of course it will work Lack of detail on systems design Continual drift in features Analyses undermine the assertions Proponents avoid discussing the analyses

Copyright Biometrics and Single-Mission Terrorists Terrorism is defined by an act, not an identity: Biometrics... cant reduce the threat of the suicide bomber or suicide hijacker on his virgin mission. The contemporary hazard is a terrorist who travels under his own name, his own passport... until the moment he ignites his shoe-bomb or pulls out his box-cutter (Jonas G., National Post, 19 Jan 2004) It is difficult to avoid the conclusion that the chief motivation for deploying biometrics is not so much to provide security, but to provide the appearance of security (The Economist, 4 Dec 2003)

Copyright Miscreants (Benefits Recipients, Fine-Avoiders,...) Benefits May Arise, But Are Seriously Exaggerated Lack of detail on systems design Continual drift in features Double-counting of benefits from the ID Scheme and the many existing programs Analyses undermine the assertions Proponents avoid discussing the analyses

Copyright Myth No. 6 Strong Form: The Scheme will include privacy protections Weak Form: The Scheme complies with the [Privacy] Act

Copyright The Vacuousness of Data Protection Laws FIPs (Fair Information Practices) were designed for administrative convenience OECD Guidelines were designed to protect businesses from inconsistent national laws Exceptions, Exemptions, Loop-Holes Over-Rides

Copyright Myth No. 7 A National ID Scheme can be devised so as to preclude abuse by: Unelected Governments, e.g. Invaders Military Putsch Elected Governments, e.g. that arrange the law as they wish that act outside the law

Copyright Myth No. 8 The public accepts that the world changed on 11? (12!) September 2001 Privacy valuations are highly situational The gloss has gone People are becoming inured / bored / realistic about the threat of terrorism People know that a national ID scheme wont prevent terrorism Zogby Poll 2 Feb Luggage Search Car Search Vehicle Search Mail Search Tel Monitoring

Copyright The Privacy Advocacy Core LSEs Identity Project – Privacy International – APF International Resources – US, e.g. EPIC – UK, esp. SayNo2ID – Australia, esp. APF –

Copyright Conclusion There can be no reconciliation or balance between privacy and security that involves a national ID scheme Attempts by intellectuals and regulators to accommodate a national ID scheme must be seen by everyone, and treated by everyone, for what they are: a sell-out of liberty, and a derogation of their duties as human beings

Copyright National Identity Cards? Bust the Myth of Security über Alles Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU {.html,.ppt} 7th Annual Privacy & Security Conference Victoria BC – 9 February 2006