Copyright1988-2006 1

National Identity Cards?Bust the Myth of ‘Security über Alles’

Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU

http://www.anu.edu.au/Roger.Clarke/......../DV/NatID-BC-0602 {.html,.ppt}

7th Annual Privacy & Security ConferenceVictoria BC – 9 February 2006

Copyright1988-2006 2

We’re Living in an Era of Myths

They Threaten CivilisationFar More Than Do

Islamic and Christian Fundamentalismand Terrorism

The Many Myths Must Be Debunked

Myth No. 1This is about ‘just a Card’

Copyright1988-2006 3

Elements of a National ID Scheme

• A Database• centralised or hub

(i.e.virtually centralised)

• merged or new• A Unique Signifier

for Every Individual• A 'Unique Identifier'• A Biometric Entifier

• An (Id)entification Token (such as an ID Card)

• Mechanisms for:• (Id)entity Authentication• (Id)entification

• Obligations Imposed on:• Every Individual• Many Organisations

• Widepread:• Use of the (Id)entifier• Use of the Database• Data Flows including

the (Id)entifier

http://www.anu.edu.au/Roger.Clarke/DV/NatIDSchemeElms.html

Copyright1988-2006 4

Myth No. 2This is about ‘just another Card’

Copyright1988-2006 5

Myth No. 2 – This is about ‘just another Card’

Characteristics of a National ID Scheme

• Destruction of protective ‘data silos’• Destruction of protective ‘identity silos’• Consolidation of individuals’ many identities

into a single general-purpose identity==> The Infrastructure of Dataveillance

• Consolidation of power in organisations that exercise social control functions

• Availability of that power to many organisations

Copyright1988-2006 6

Identity Managementof the Most Chilling KindThe Public-Private Partnership

for Social Control

With the Capacity to Perform• Cross-System Enforcement• Services Denial• Identity Denial

• Masquerade• Identity Theft

Copyright1988-2006 7

Myth No. 3

‘Privacy’s dead. Get over it’

Copyright1988-2006 8

Privacy is a Fundamental Requirement for Humanity and

Civilisation• psychologically, people need private space, closed doors,

drawn curtains. People need to be able to glance around, judge whether the people in the vicinity are a threat, and then perform potentially embarrassing actions (break wind, jump for joy)

• sociologically, people need to be free to behave, and to associate with others, without the continual, even continuous, threat of being observed. The alternative is the context that we deplored about life behaind the Iron and Bamboo Curtains

• economically, people need to feel free to innovate. Sustaining standard-of-living depends on continual reinvention

• politically, people need freedom to think, to argue, and to act. The chilling of behaviour and speech destroys democracy

Copyright1988-2006 9

Privacy is a Fundamental Human Right, not an Optional

Extra

• UDHR 1948, Article 12• ICCPR 1966, Article 17• national Constitutions and Bills of Rights

Privacy is not a Mere Economic Right

Copyright1988-2006 10

Dangers of Dataveillance (1 of 2)

• Dangers of Personal Dataveillance- wrong identification- low quality data- acontextual use of data- low quality decisions- lack of subject knowledge of data flows- lack of subject consent to data flows- blacklisting- denial of redemption

• Dangers of Mass Dataveillance• To the Individual

- arbitrariness- acontextual data merger- data complexity, incomprehensibility- witch hunts- ex-ante discrimination, guilt prediction- selective advertising- inversion of the onus of proof- covert operations- unknown accusations and accusers- denial of due process

Copyright1988-2006 11

• Dangers of Mass Dataveillance • To Society as a Whole

- prevailing climate of suspicion- adversarial relationships- focus of law enforcement on easily

detectable and provable offences- inequitable application of law- decreased respect for the law

and law enforcers- reduced meaningfulness of

individual actions

- reduced self-reliance and self-determination

- stultification of originality- increased tendency to opt

out of the official level of society

- weakening of society's moral fibre and

cohesion- destabilisation of the

strategic balance of power- repressive potential for a

totalitarian government

Dangers of Dataveillance (2 of 2)

http://www.anu.edu.au/people/Roger.Clarke/DV/CACM88.html

Copyright1988-2006 12

Myth No. 4You can’t have privacy if you want

security

Copyright1988-2006 13

Myth No. 4You can’t have privacy if you want

security• Yes, if course privacy protections are used

by people for anti-social and criminal ends• But the privacy advocacy argument is not

extremist like the national security agenda• Privacy protections are about:

• Justification, not Blithe Assumptions• Balance, not simplistic notions like

‘Zero-Tolerance’ and ‘we need to do anything that might help us wage the war on terrorism’

Copyright1988-2006 14

Myth No. 5

Strong Form:A national ID scheme is

essential to national security

Weaker Form:A national ID scheme will contribute

significantly to national security

Copyright1988-2006 15

Terrorists, Organised Crime, Illegal Immigrants

Benefits Are Illusory

• Mere assertions of benefits: ‘it’s obvious’, ‘it’s intuitive’, ‘of course it will work’

• Lack of detail on systems design• Continual drift in features

• Analyses undermine the assertions• Proponents avoid discussing the

analyses

Copyright1988-2006 16

Biometrics and Single-Mission Terrorists

• Terrorism is defined by an act, not an identity:“Biometrics ... can’t reduce the threat of the suicide bomber or suicide hijacker on his virgin mission. The contemporary hazard is a terrorist who travels under his own name, his own passport ... until the moment he ignites his shoe-bomb or pulls out his box-cutter” (Jonas G., National Post, 19 Jan 2004)

• “It is difficult to avoid the conclusion that the chief motivation for deploying biometrics is not so much to provide security, but to provide the appearance of security” (The Economist, 4 Dec 2003)

Copyright1988-2006 17

Miscreants (Benefits Recipients, Fine-Avoiders, ...)

Benefits May Arise, But Are Seriously Exaggerated

• Lack of detail on systems design• Continual drift in features• Double-counting of benefits from

the ID Scheme and the many existing programs

• Analyses undermine the assertions• Proponents avoid discussing the

analyses

Copyright1988-2006 18

Myth No. 6

Strong Form:The Scheme will include privacy

protections

Weak Form:The Scheme complies with the [Privacy]

Act

Copyright1988-2006 19

The Vacuousness of Data Protection Laws

• FIPs (‘Fair Information Practices’) were designed for ‘administrative convenience’

• OECD Guidelines were designed to protect businesses from inconsistent national laws

• Exceptions, Exemptions, Loop-Holes• Over-Rides

http://www.anu.edu.au/people/Roger.Clarke/DV/PP21C.html

Copyright1988-2006 20

Myth No. 7

A National ID Scheme can be devised so as to preclude abuse by:• Unelected Governments, e.g.

• Invaders• Military Putsch

• Elected Governments, e.g.• that arrange the law as they wish• that act outside the law

Copyright1988-2006 21

Myth No. 8The public accepts that

‘the world changed on 11? (12!) September 2001’

• Privacy valuations are highly situational

• The gloss has gone• People are becoming

inured / bored / realistic about ‘the threat of terrorism’

• People know that a national ID scheme won’t prevent terrorism

Zogby Poll 2 Feb 20062001 - 2005

Luggage Search 63 - 44

Car Search 60 - 37

Vehicle Search 59 - 33

Mail Search 55 - 25

Tel Monitoring 38 - 28

http://www.zogby.com/news/ReadNews.dbm?ID=1068

Copyright1988-2006 22

The Privacy Advocacy Core

• LSE’s Identity Project – http://is2.lse.ac.uk/idcard/

• Privacy International – http://www.privacyinternational.org/

• APF International Resources – http://www.privacy.org.au/Campaigns/ID_cards/Resources.html

• US, e.g. EPIC – http://www.epic.org/privacy/id_cards/

• UK, esp. SayNo2ID – http://www.no2id.net/

• Australia, esp. APF – http://www.privacy.org.au/Campaigns/ID_cards/NatIDScheme.html

Copyright1988-2006 23

Conclusion

• There can be no reconciliation or balance between privacy and security that involves a national ID scheme

• Attempts by intellectuals and regulators to accommodate a national ID scheme must be seen by everyone, and treated by everyone, for what they are: a sell-out of liberty, and a derogation of their duties as human beings

Copyright1988-2006 24

National Identity Cards?Bust the Myth of ‘Security über Alles’

Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU

http://www.anu.edu.au/Roger.Clarke/......../DV/NatID-BC-0602 {.html,.ppt}

7th Annual Privacy & Security ConferenceVictoria BC – 9 February 2006