tag:theconversation.com,2011:/ca/topics/identity-card-22386/articlesIdentity card – The Conversation2021-11-05T05:04:58Ztag:theconversation.com,2011:article/1706372021-11-05T05:04:58Z2021-11-05T05:04:58ZScrapping ID number requirement can be the first step in overcoming Indonesia’s vaccine gap<figure><img src="https://images.theconversation.com/files/429695/original/file-20211102-20320-18jbkz7.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C3856%2C2640&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">An elderly citizen receives a COVID-19 vaccine in Tangerang, Banten, Indonesia, in May 2021.</span> <span class="attribution"><span class="source">Fauzan/Antara Foto</span></span></figcaption></figure><p><em>This is the last of four articles in the series on Civil Registration and Vital Statistics (CRVS) in Indonesia entitled “Data that Records and Protects All”.</em></p>
<p>As of October 10 2021, <a href="https://www.kompas.com/sains/read/2021/10/12/203000523/vaksinasi-covid-19-dosis-pertama-capai-100-juta-bisakah-mencegah-gelombang?page=all">100,059,481 Indonesian residents</a>, or only about 48% of the vaccination target, had received their first jab of the COVID-19 vaccine. This means more than half of the country’s population, including <a href="https://theconversation.com/klaim-herd-immunity-di-jakarta-berbahaya-2-juta-anak-belum-divaksin-dan-belum-aman-dari-ancaman-covid-16858">children</a>, still have not received even a single dose. </p>
<p>A requirement to produce the Single Identity Number (<em>Nomor Induk Kependudukan</em> or NIK) when registering for a vaccine jab has become a major obstacle in reaching the vaccination target. Other disincentives include the requirement to have each citizen’s current address printed on their Identity Card (<em>Kartu Tanda Penduduk</em> or KTP) to register for the jab. </p>
<p>The NIK factor is but one of several that have limited vaccine coverage. Other factors include inadequate vaccine supply, unreliable cold chain and supporting infrastructure, and the lack of skilled human resources.</p>
<p>The number of COVID-19 cases in Indonesia has dropped sharply since the peak of the last wave on July 24 2021, when 574,000 active cases were recorded. The total had dropped to <a href="https://databoks.katadata.co.id/datapublish/2021/10/14/kasus-aktif-covid-19-di-indonesia-sedang-di-titik-terendah">19,852</a> by October 14 2021, the lowest in the past 15 months.</p>
<p>According to the government’s <a href="https://covid19.who.int/region/searo/country/id">report to the World Health Organization</a>, Indonesia recorded a total of 4,228,552 cases from January 3 2020 to October 11 2021, with 142,716 deaths. </p>
<p>The number of cases might have declined consistently in the past few months, but Indonesians must not let down their guard. We must do everything we can to prevent another wave. The collective failure to do so in the first few months of this year — after surviving another wave at the end of last year — led to the massive rise in cases in June and July. </p>
<p>Aside from test and trace, masking up, maintaining social and physical distancing, and improving ventilation and air circulation in shared indoor places (such as classrooms, childcare centres, and offices), vaccination is another risk mitigation method with a great success rate for keeping the number of cases down. </p>
<p>Some Indonesian regions have relaxed their proof of <a href="https://mediaindonesia.com/humaniora/429011/warga-tanpa-nik-bisa-vaksinasi-di-sentra-vaksinasi-sinergi-sehat-hingga-3-september">residence requirement to receive the vaccine</a>. It’s a bold move that others would do well to emulate. Sadly, the NIK requirement still restricts access to vaccination, especially for marginalised groups such as children and senior citizens from poor families. </p>
<p>Scrapping the NIK requirement for COVID-19 vaccine is the first step in overcoming a vaccine gap caused by residents — especially those in vulnerable groups — not being able to obtain identity documents. It would allow the government to provide more equal access to basic protection and services that are sorely needed now and in the post-pandemic future. </p>
<p>There is some good news in this regard. The Indonesian Health Ministry <a href="https://covid19.go.id/p/regulasi/surat-edaran-nomor-hk0202iii152422021">issued a directive in early August 2021</a> to increase vaccination rate among vulnerable groups and residents who don’t have a NIK. The directive was addressed to provincial, district and city health agency heads. Its aim was to improve synergy between the central and regional governments, the public and other stakeholders. </p>
<p>The Health Ministry’s circular and its partnership with the Home Affairs Ministry are commendable initiatives to make sure vulnerable people who lack a NIK can still get their vaccine jabs. </p>
<h2>Scrapping NIK requirement protects vulnerable groups</h2>
<p>Who can benefit from these initiatives? The <a href="https://sirusa.bps.go.id/sirusa/index.php/dasar/view?kd=1558&th=2020">2020 National Social Economy Survey (Susenas)</a> by the Indonesian Central Bureau of Statistics estimated 3.99% of the country’s population of 270.3 million still have not been issued with a NIK. </p>
<p>This means around 10.7 million residents — 4.3 million over-18s and 6.4 million children — run the risk of missing out on the COVID-19 vaccine. </p>
<p>The survey found poor families and residents in remote areas with limited health services are less likely to have the NIK. </p>
<p>This is because the Indonesian Civil Registry Service Offices that dispense identity documents are often located in the district capital. Residents in remote areas often cannot access their services. </p>
<p>Too far, takes too much time, too expensive and no reliable means of transportation are just some of the many reasons residents offer for not making the arduous journey to the offices. Other disincentives they mention for never applying for the NIK include a complicated process, rules that often change without notice, and not having the necessary supporting documents. </p>
<p>Many senior citizens, who are more vulnerable to COVID-19 and are more likely to be hospitalised or die from the disease, and children have never applied for the NIK. Protecting these groups from serious illnesses and possible death from COVID-19 should be a priority considering the current high transmission rate and the fact that many regions have reopened for business and are allowing face-to-face contact again. </p>
<p>Low rates of NIK adoption are also found among marginalised but highly mobile — and hence hard to track and trace — social groups who are more likely to contract and spread the virus. </p>
<p>These groups include disabled people, children forced into marriage, people displaced by natural disasters or violent conflicts (including refugees and asylum seekers), and traditional communities or believers in traditional religions. There are also minority groups who often face stigmatisation (transwomen for example) and residents of care homes, prisoners and people forced to live in non-conventional households. </p>
<p>Residents who don’t have a NIK face multidimensional threats to their lives. Barriers to obtaining citizenship documents are often similar and related to barriers faced by vulnerable groups to get access to COVID-19 vaccine: distance, lack of information, and bureaucratic red tape. </p>
<p>As noted above, aside from people living under the poverty line and in remote areas, some highly mobile but hard-to-trace social groups also face many stumbling blocks when they apply for the NIK. It’s a problem that makes them more vulnerable to contracting COVID and more likely to spread the disease. </p>
<p>These vulnerable groups must be the number one target in the Indonesian government’s vaccination program. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/426621/original/file-20211015-13-4ecc8i.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/426621/original/file-20211015-13-4ecc8i.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=399&fit=crop&dpr=1 600w, https://images.theconversation.com/files/426621/original/file-20211015-13-4ecc8i.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=399&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/426621/original/file-20211015-13-4ecc8i.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=399&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/426621/original/file-20211015-13-4ecc8i.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=502&fit=crop&dpr=1 754w, https://images.theconversation.com/files/426621/original/file-20211015-13-4ecc8i.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=502&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/426621/original/file-20211015-13-4ecc8i.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=502&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">A child receives the COVID-19 jab in Bandung, West Java, August 2021.</span>
<span class="attribution"><span class="source">Raisan Al Farisi/Antara Foto</span></span>
</figcaption>
</figure>
<h2>Opportunities to obtain data of vulnerable individuals</h2>
<p>The pandemic actually offers opportunities for the Indonesian government to find, collect data of, and provide services to vulnerable individuals. It can do this by combining its vaccination drive and the civil registry service using already available resources. </p>
<p>We have come up with a solution for an integrated vaccination and NIK issuance service to obtain and protect data of vulnerable residents. </p>
<p>There are three approaches that can be considered by the Civil Registry Service Offices and vaccine providers. These will need to be approved first by the Indonesian Home Affairs Ministry and the Health Ministry. </p>
<p><strong>The first approach</strong> is based on speed and simplicity. An integrated vaccination and NIK service (data entry and issuance) can be a feature of pop-up vaccination centres in easy-to-access locations. </p>
<p>NIK-less residents can be invited to come to the vaccination centres at specified times when Civil Registry Service officers will also be present to record their data. </p>
<p>Additional staff can be employed at vaccination centres to record data of NIK-less individuals. The data can then be forwarded to the local Civil Registry Service Office to be processed. To keep track of vaccination status, individually numbered tickets can be issued. The NIK, when ready, will eventually replace these unique numbers. </p>
<p><strong>The second approach</strong> involves active community participation. Civil registry services can be integrated with vaccine registration in a “bottom-up” design. </p>
<p>Regional Civil Registry Service Offices can provide basic population data that local health agencies can use to list vaccination targets. The basic data can be downloaded from the civil registry information system or from the population master files in village offices. </p>
<p>Village-level officers, including COVID-19 task forces, can verify and validate the data of NIK-less individuals. Their records can be kept in a separate folder from residents with a NIK. </p>
<p>The practice might be familiar in some villages that have already identified their vulnerable and NIK-less groups. This means it can be easily and widely adopted throughout the country. </p>
<p><strong>The third approach</strong> would dispense with administrative requirements when special groups try to register for the COVID-19 vaccine. This must be done to make sure the government’s vaccination drive reaches groups in the community that face legal barriers to even make it to the registration stage. They might, for example, be rejected for not having a proof of address or other prerequisite documents like the Family Card. </p>
<p>The pandemic will end some day, but the obstacles vulnerable groups face as they try to improve their lot in life will only increase if the government does not put in extra effort to acknowledge their existence and provide them with the services and assistance they need. </p>
<p>By piggybacking on the vaccination drive, the Indonesian government has an excellent chance not only to protect Indonesians from the virus but also to discover, reach out to, and provide services swiftly and effectively to citizens who have not been issued with the NIK. </p>
<p>By ensuring every citizen is afforded the opportunity to claim their NIK and their citizenship papers, the government would have a better chance of leading a more effective recovery once the pandemic is over. </p>
<hr>
<p><em>The studies and programs related to this article were conducted in collaboration between PUSKAPA and the Indonesian Ministry of National Development Planning (Bappenas), with the Australian government’s support through the KOMPAK (Governance for Growth) program. Previous related studies were carried out with support from AIPJ (Indonesia-Australia Partnership for Justice).</em></p><img src="https://counter.theconversation.com/content/170637/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Para penulis tidak bekerja, menjadi konsultan, memiliki saham atau menerima dana dari perusahaan atau organisasi mana pun yang akan mengambil untung dari artikel ini, dan telah mengungkapkan bahwa ia tidak memiliki afiliasi di luar afiliasi akademis yang telah disebut di atas.</span></em></p>By scrapping the requirement, the Indonesian government can improve equality of access to basic services and protections that are sorely needed now and in the post-pandemic future.Marsha Habib, Communication and Relations Manager, PUSKAPAClara Siagian, Senior Researcher, PUSKAPASanti Kusumaningrum, Director, PUSKAPALicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1664652021-08-30T12:27:57Z2021-08-30T12:27:57ZAfghanistan’s Taliban reportedly have control of US biometric devices – a lesson in life-and-death consequences of data privacy<figure><img src="https://images.theconversation.com/files/417480/original/file-20210823-22-pzodwj.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C4043%2C2625&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">A U.S. Army soldier scans the irises of an Afghan civilian in 2012 as part of an effort by the military to collect biometric information from much of the Afghan population.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/news-photo/an-american-isaf-solider-from-team-apache-of-task-force-news-photo/149781425">Jose Cabezas/AFP via GettyImages</a></span></figcaption></figure><p>In the wake of the Taliban’s takeover of Kabul and the ouster of the Afghan national government in August 2021, <a href="https://www.reuters.com/article/afghanistan-tech-conflict/afghans-scramble-to-delete-digital-history-evade-biometrics-idUSL8N2PO1FH">alarming reports</a> indicated that the insurgents had potentially accessed biometric data collected by the U.S. to track Afghans, including people who worked for U.S. and coalition forces. </p>
<p>Afghans who once supported the U.S. have been attempting to <a href="https://www.theguardian.com/world/2021/aug/15/an-afghan-woman-in-kabul-now-i-have-to-burn-everything-i-achieved">hide</a> or <a href="https://timesofindia.indiatimes.com/world/south-asia/i-am-burning-my-id-card-and-fleeing-my-house-the-future-of-afghans-in-jeopardy-as-taliban-regains-control/articleshow/85422687.cms">destroy</a> physical and digital evidence of their identities. Many Afghans fear that the identity <a href="https://www.bbc.com/news/technology-58245121">documents</a> and <a href="https://www.politico.com/news/2021/08/24/taliban-afghan-data-target-allies-506638">databases</a> storing personally identifiable data could be transformed into <a href="https://www.wsj.com/articles/afghanistan-veterans-in-congress-trying-to-prevent-a-death-warrant-for-helping-america-11629299971">death warrants</a> in the hands of the Taliban, and a March 30, 2022, report from Human Rights Watch indicated the Taliban have been <a href="https://www.hrw.org/news/2022/03/30/new-evidence-biometric-data-systems-imperil-afghans">collecting biometric data</a> to potentially match against captured U.S. and Afghan government databases. U.S. military devices and the data they contain have since <a href="https://www.nytimes.com/2022/12/27/technology/for-sale-on-ebay-a-military-database-of-fingerprints-and-iris-scans.html">turned up on the open market</a>.</p>
<p>This data breach underscores that data protection in zones of <a href="https://theconversation.com/the-taliban-may-have-access-to-the-biometric-data-of-civilians-who-helped-the-u-s-military-166475">conflict</a>, especially biometric data and databases that connect online activity to physical locations, can be a matter of life and death. My <a href="https://pennstatelaw.psu.edu/faculty/hu">research</a> and the work of <a href="https://anniejacobsen.com">journalists</a> and <a href="https://dx.doi.org/10.2139/ssrn.2134481">privacy advocates</a> who study biometric cybersurveillance anticipated these data privacy and security risks.</p>
<h2>Biometric-driven warfare</h2>
<p>Investigative journalist Annie Jacobsen documented the birth of biometric-driven warfare in Afghanistan following the terrorist attacks on Sept. 11, 2001, in her book “<a href="https://www.penguinrandomhouse.com/books/624446/first-platoon-by-annie-jacobsen/">First Platoon</a>.” The U.S. Department of Defense quickly viewed biometric data and what it called “identity dominance” as the cornerstone of multiple counterterrorism and counterinsurgency strategies. Identity dominance means being able to keep track of people the military considers a potential threat regardless of aliases, and ultimately denying organizations the ability to use anonymity to hide their activities.</p>
<p>By 2004, thousands of U.S. military personnel had been trained to collect biometric data to support the wars in Afghanistan and Iraq. By 2007, U.S. forces were collecting biometric data primarily through mobile devices such as the <a href="https://www.nist.gov/system/files/documents/2021/03/23/ansi-nist_archived_vermury-bat-hiide.pdf">Biometric Automated Toolset</a> (BAT) and <a href="https://www.nist.gov/system/files/documents/2021/03/23/ansi-nist_archived_vermury-bat-hiide.pdf">Handheld Interagency Identity Detection Equipment</a> (HIIDE). BAT includes a laptop, fingerprint reader, iris scanner and camera. HIIDE is a single small device that incorporates a fingerprint reader, iris scanner and camera. Users of these devices can collect iris and fingerprint scans and facial photos, and match them to entries in military databases and biometric watchlists.</p>
<p>In addition to biometric data, the system includes biographic and contextual data such as criminal and terrorist watchlist records, enabling users to determine if an individual is flagged in the system as a suspect. Intelligence analysts can also use the system to monitor people’s movements and activities by tracking biometric data recorded by troops in the field.</p>
<p>By 2011, a decade after 9/11, the Department of Defense <a href="https://www.gao.gov/assets/a317375.html">maintained approximately 4.8 million biometric records</a> of people in Afghanistan and Iraq, with about 630,000 of the records collected using HIIDE devices. Also by that time, the U.S. Army and its military partners in the Afghan government were using <a href="https://info.publicintelligence.net/CALL-AfghanBiometrics.pdf">biometric-enabled intelligence</a> or <a href="https://dx.doi.org/10.2139/ssrn.2886575">biometric cyberintelligence</a> on the battlefield to identify and track insurgents. </p>
<p>In 2013, the U.S. Army and Marine Corps used the <a href="https://www.marcorsyscom.marines.mil/News/News-Article-Display/Article/509568/new-biometrics-device-helps-marines-determine-friend-or-foe/">Biometric Enrollment and Screening Device</a>, which enrolled the iris scans, fingerprints and digital face photos of “persons of interest” in Afghanistan. That device was replaced by the <a href="https://www.marines.mil/News/News-Display/Article/1394036/marine-corps-fields-game-changer-biometric-data-collection-system/utm_content/bufferec10a/utm_medium/social/utm_campaign/buffer/?utm_source=plus.google.com">Identity Dominance System-Marine Corps</a> in 2017, which uses a laptop with biometric data-collection sensors, <a href="https://arstechnica.com/information-technology/2015/10/military-looks-to-upgrade-its-tactical-biometrics-with-identity-dominance-system-2/">known as the Secure Electronic Enrollment Kit</a>.</p>
<p>Over the years, to support these military objectives, the Department of Defense aimed to create a biometric database on <a href="https://www.npr.org/2021/01/14/956705029/first-platoon-examines-how-war-on-terror-birthed-pentagons-biometrics-id-system">80% of the Afghan population</a>, approximately 32 million people at today’s population level. It is unclear how close the military came to this goal. </p>
<h2>More data equals more people at risk</h2>
<p>In addition to the use of biometric data by the U.S. and Afghan military for security purposes, the Department of Defense and the Afghan government eventually adopted the technologies for a range of day-to-day governmental uses. These included <a href="https://www.fbi.gov/news/stories/mission-afghanistan-biometrics#:%7E:text=The%20Afghan%20biometrics%20program%20was%20barely%20off%20the,insurgents%20from%20infiltrating%20the%20army%20and%20police%20force.">evidence</a> for criminal prosecution, <a href="https://www.afcea.org/content/us-defense-department-expands-biometrics-technologies-information-sharing">clearing</a> Afghan workers for employment and <a href="https://www.reuters.com/article/us-afghanistan-election-technology/biometric-machines-in-afghan-vote-improve-after-last-years-glitches-idUSKBN1WD0DM">election security</a>. </p>
<p>In addition, the Afghan National ID system and voter registration databases contained sensitive data, including <a href="https://www.politico.com/news/2021/08/24/taliban-afghan-data-target-allies-506638">ethnicity data</a>. The Afghan ID, the <a href="https://www.loc.gov/item/global-legal-monitor/2018-07-19/afghanistan-distribution-of-controversial-electronic-identity-cards-launched/">e-Tazkira</a>, is an <a href="https://www.justice.gov/sites/default/files/eoir/legacy/2014/04/03/afg104742.e.pdf">electronic identification document that includes biometric data</a>, which increases the privacy risks posed by Taliban access to the National ID system.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/418115/original/file-20210826-15-1mh4vcb.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A computer screen shows an enlarged image of a pair of eyes as an arm holds a boxlike object in front of the eyes of a woman wearing a headscarf and facemask" src="https://images.theconversation.com/files/418115/original/file-20210826-15-1mh4vcb.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/418115/original/file-20210826-15-1mh4vcb.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/418115/original/file-20210826-15-1mh4vcb.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/418115/original/file-20210826-15-1mh4vcb.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/418115/original/file-20210826-15-1mh4vcb.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/418115/original/file-20210826-15-1mh4vcb.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/418115/original/file-20210826-15-1mh4vcb.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Before falling to the Taliban, the Afghan government made extensive use of biometric security, including scanning the irises of people like this woman who applied for passports.</span>
<span class="attribution"><a class="source" href="https://newsroom.ap.org/detail/AfghanistanAnxiousAfghans/ed3c480aa7be4e11998a0d472e625ad7/photo">AP Photo/Rahmat Gul</a></span>
</figcaption>
</figure>
<p>We do not yet know the extent to which the Taliban have been able to commandeer the biometric data once held by the U.S. military. One report suggested that the Taliban may not be able to access the biometric data collected through HIIDE because they <a href="https://theintercept.com/2021/08/17/afghanistan-taliban-military-biometrics/">lack the technical capacity to do so</a>. However, it’s possible the Taliban could turn to longtime ally Inter-Services Intelligence, Pakistan’s intelligence agency, for help getting at the data. Like many national intelligence services, ISI likely has the necessary technology. </p>
<p>Another report indicated that the Taliban <a href="https://www.reuters.com/article/afghanistan-tech-conflict/afghans-scramble-to-delete-digital-history-evade-biometrics-idUSL8N2PO1FH">have already started to deploy a “biometrics machine”</a> to conduct “house-to-house inspections” to identify former Afghan officials and security forces. This is consistent with prior Afghan news reports that described the Taliban subjecting <a href="https://pajhwok.com/2017/02/14/taliban-subject-passengers-biometric-screening/">bus passengers</a> to biometric screening and using biometric data to <a href="https://tolonews.com/afghanistan/taliban-used-biometric-system-during-kunduz-kidnapping">target</a> Afghan security forces for kidnapping and assassination.</p>
<h2>Concerns about collecting biometric data</h2>
<p>For years following 9/11, researchers, activists and policymakers raised concerns that the mass collection, storage and analysis of sensitive biometric data posed dangers to <a href="https://ssrn.com/abstract=2041946">privacy rights</a> and <a href="https://www.humanrightsfirst.org/resource/steps-protect-your-online-identity-taliban-digital-history-and-evading-biometrics-abuses">human rights</a>. Reports of the Taliban potentially accessing U.S. biometric data stored by the military show that those concerns were not unfounded. They reveal potential cybersecurity vulnerabilities in the U.S. military’s biometric systems. In particular, the situation raises questions about the security of the mobile biometric data-collection devices used in Afghanistan. </p>
<p>The data privacy and cybersecurity concerns surrounding Taliban access to U.S. and former Afghan government databases are a warning for the future. In building biometric-driven warfare technologies and protocols, it appears that the <a href="https://nsarchive.gwu.edu/document/24571-department-defense-directive-8521-01e-department-defense-biometrics-january-13-2016">Department of Defense assumed</a> the Afghan government would have the minimum level of stability needed to protect the data. </p>
<p>The U.S. military should assume that any <a href="https://www.politico.com/news/2021/08/24/taliban-afghan-data-target-allies-506638">sensitive data</a> – biometric and biographical data, wiretap data and communications, geolocation data, government records – could potentially fall into enemy hands. In addition to building robust security to protect against unauthorized access, the Pentagon should use this as an opportunity to question whether it was necessary to collect the biometric data in the first instance.</p>
<p>Understanding the unintended consequences of the U.S. experiment in biometric-driven warfare and biometric cyberintelligence is critically important for determining <a href="https://privacyinternational.org/sites/default/files/2021-06/Biometrics%20for%20Counter-Terrorism-%20Case%20study%20of%20the%20U.S.%20military%20in%20Iraq%20and%20Afghanistan%20-%20Nina%20Toft%20Djanegara%20-%20v6.pdf">whether and how</a> the military should collect biometric information. In the case of Afghanistan, the biometric data that the U.S. military and the Afghan government had been using to track the Taliban could one day soon – if it’s not already – be used by the Taliban to track Afghans who supported the U.S.</p>
<p><em>This article has been updated to include news that biometric data from Afghanistan has been sold on the open market.</em></p><img src="https://counter.theconversation.com/content/166465/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Margaret Hu is affiliated with the Future of Privacy Forum, a non-profit think tank that provides policy guidance on data privacy. Some of Hu's research assistants receive funding from Microsoft Research. She received an honorarium for speaking at an event hosted by Microsoft Research.</span></em></p>The potential failure of the US military to protect information that can identify Afghan citizens raises questions about whether and how biometric data should be collected in war zones.Margaret Hu, Professor of Law, William & Mary Law SchoolLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1408992020-10-07T18:13:36Z2020-10-07T18:13:36ZLack of ID can endanger already vulnerable people during COVID-19 pandemic<figure><img src="https://images.theconversation.com/files/360403/original/file-20200928-24-11pmtkm.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C3594%2C2596&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">COVID-19 restrictions like physical distancing and cashless payment are making life more difficult for those already vulnerable. </span> <span class="attribution"><span class="source">THE CANADIAN PRESS/Nathan Denette</span></span></figcaption></figure><p>Rod Maxwell, a young Indigenous man from northern British Columbia, was forced to live on the streets of downtown Vancouver last March <a href="https://www.cbc.ca/news/canada/british-columbia/indigenous-man-stranded-dtes-1.5504544">after his personal identification was stolen</a>. Maxwell had travelled to the city to access health-care services unavailable in his rural community. After his identification was stolen, he was left with no alternative but to live on the streets of downtown.</p>
<p>He now lives and sleeps in close proximity with other people experiencing homelessness and unable to practise effective physical distancing. He doesn’t have the money to replace his personal ID. Even though family members want to purchase a transportation ticket for him, without identification he is unable to get on a bus or train. There are organizations in Vancouver that would normally help with replacing his ID, but due to COVID-19 these services have been temporarily suspended. </p>
<p>This case sheds light on the issue of personal identification for marginalized and underserved people who are made further vulnerable because they lack forms of official identification. Ultimately he is a bureaucratic hostage. An apt metaphor for someone rendered exceedingly vulnerable and marginalized due to being without identification at a time when it is vital to have but nearly impossible to obtain.</p>
<h2>Surviving COVID-19 without ID</h2>
<p>Individuals living without personal identification are unable to access most, if not all, of the health, social and economic supports available during the current pandemic. There are many individuals living without forms of essential identification like a birth certificate, health card, social insurance number (SIN) and driver’s licence. Without these forms of ID <a href="https://doi.org/10.3390/ijerph16040567">it is nearly impossible to access necessary income and health supports.</a></p>
<p>Government agencies like <a href="https://www.theglobeandmail.com/politics/article-ottawa-considers-shutting-down-service-canada-centres-as-employees/?utm_source">Service Ontario and Service Canada have reduced their hours in response to COVID-19 restrictions</a>. Non-profit organizations that <a href="http://neighbourhoodlink.org/partners-for-access-and-identification-paid/">normally hold ID clinics,</a> cover the costs of obtaining personal identification or provide a mailing address have been forced to reduce or altogether eliminate their services during the pandemic. </p>
<p>To avoid creating more bureaucratic hostages in a time of crisis, policy and emergency responses must deal with the needs and circumstances of the most marginalized people in our society.</p>
<p>Businesses and essential services have implemented physical distancing rules to limit person-to-person contact. Notably, many are <a href="https://www.bnnbloomberg.ca/covid-19-could-accelerate-shift-to-cashless-experts-say-1.1442318">asking customers to pay using debit and credit cards or e-transfers</a> instead of cash. This comes along with increased efforts by government agencies to transition to e-banking for the distribution of income supports during the current pandemic. </p>
<figure class="align-center ">
<img alt="A phone being used to make a cashless payment" src="https://images.theconversation.com/files/348995/original/file-20200722-30-1gaa5z3.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/348995/original/file-20200722-30-1gaa5z3.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/348995/original/file-20200722-30-1gaa5z3.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/348995/original/file-20200722-30-1gaa5z3.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/348995/original/file-20200722-30-1gaa5z3.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/348995/original/file-20200722-30-1gaa5z3.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/348995/original/file-20200722-30-1gaa5z3.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Many businesses have moved to cashless payment due to the pandemic. But that often disadvantages those whose only option is paying by cash.</span>
<span class="attribution"><span class="source">(Jonas Leupe/Unsplash)</span></span>
</figcaption>
</figure>
<p>Discouraging the use of paper money and unnecessary face-to-face contact during the pandemic is reasonable. However, there are many people who are unable to go cashless. Such measures risk excluding individuals who are already vulnerable. </p>
<p>Many people live without access to financial institutions for a variety of reasons including a lack of birth certificate or other forms of personal identification. In Canada, for instance, <a href="https://www.canada.ca/en/financial-consumer-agency/services/banking/opening-bank-account.html">financial institutions require two pieces of personal identification to open an account</a>: a photo ID with signature (not including a health card) and a SIN. However, a birth certificate is required to obtain the required forms of ID. To get a SIN, for example, individuals need at least a birth certificate and access to a broad range of parental information that some may not have, <a href="https://www.canada.ca/en/employment-social-development/services/sin/before-applying.html">including primary documents (not photocopies)</a>. Without these forms of ID it is virtually impossible to obtain a bank card, effectively barring people from the cashless economy.</p>
<p>Many individuals and families who are experiencing economic hardship during this period rely on food banks. <a href="https://vancouversun.com/news/local-news/starting-april-1-food-bank-users-will-need-to-prove-low-income-status-and-address/">Most food banks in Canada require personal ID for individuals to access their services</a>. While it is difficult to know exactly how many Canadians are without ID, <a href="https://this.org/2017/03/31/what-it-means-to-be-a-canadian-living-without-id/">reputable sources conservatively estimate the number to be in the thousands.</a> </p>
<p>Our preliminary research suggests the numbers may be much higher in the territories and northern areas of provinces, where there is limited access to health-care resources and social services. Many people simply do not have access to those documents and information, cannot afford the added cost of a personal ID application or lack a fixed address to receive the documents, all of which means that it is nearly impossible to obtain personal identification now that they need it most. A lack of ID and the systemic barriers that make it difficult to acquire identification operate within a <a href="https://doi.org/10.3390/ijerph17124227">structure of existing social and economic inequalities in our society</a>.</p>
<p>Policies should not be implemented if they render people <a href="https://www.cbc.ca/news/canada/british-columbia/indigenous-man-stranded-dtes-1.5504544">bureaucratic hostages</a> and make it almost impossible for those who most need assistance to get help. </p>
<h2>Modest interventions can make a big difference</h2>
<p>Relatively straightforward bureaucratic fixes can have a meaningful impact. Governments should <a href="https://www.ontario.ca/page/get-or-replace-ontario-birth-certificate">reduce or eliminate fees associated with birth certificate applications</a>. <a href="https://doi.org/10.3390/ijerph17124227">Our research finds</a> that even birth certificate applications fees as low as $25 still present a major barrier for many low-income individuals.</p>
<p>Why not waive fees altogether? Providing people with birth certificates should not be a fee-driven service as this unintentionally imposes yet another obstacle to possessing ID for many people, particularly low-income people.</p>
<p>Governments should also reduce bureaucratic requirements for obtaining a birth certificate especially during crisis periods. Some requirements for birth certificate applicants — like mother’s maiden name at time of birth or physical signatures — also present major barriers, particularly for people with deceased or estranged parents. </p>
<p>In light of COVID-19, agencies like the Canada Revenue Agency are enacting <a href="https://www.canada.ca/en/revenue-agency/campaigns/covid-19-update/covid-19-electronic-signatures.html">alternatives to physical signatures</a> in order to accommodate Canadians during this challenging time. The same must be done to help people attain vital documents at a time when having access to personal identification is more important than ever.</p><img src="https://counter.theconversation.com/content/140899/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Kristin Burnett receives funding from SSHRC</span></em></p><p class="fine-print"><em><span>Chris Sanders receives funding from Social Sciences and Humanities Research Council (SSHRC).</span></em></p>The outbreak of the COVID-19 pandemic has exposed gaps in the health-care system that leave those without identification documents vulnerable.Kristin Burnett, Profesor in the Department of Indigneous Studies, Lakehead UniversityChris Sanders, Associate Professor of Sociology, Lakehead UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1457312020-09-10T14:20:30Z2020-09-10T14:20:30ZDigital identity: new UK scheme risks running a repeat of ID card controversy<figure><img src="https://images.theconversation.com/files/357485/original/file-20200910-21-fdgajd.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/log-profile-enter-global-icon-concept-386811184">Rawpixel/Shutterstock</a></span></figcaption></figure><p>Is the UK government planning to revive identity cards for the internet age? The decision to scrap its national ID cards and database in 2010 means the UK is one of the few developed countries not to have such an identity scheme. While this was seen as a victory for civil liberties campaigners, <a href="https://www.techuk.org/images/documents/digital_id_FINAL_WEBSITE.pdf">some now argue</a> that the lack of a simple way to prove who you are, especially online, is holding back the digital economy and improvements to public services.</p>
<p>With this in mind, the government recently <a href="https://www.gov.uk/government/news/next-steps-outlined-for-uks-use-of-digital-identity">announced plans</a> to pave the way for a new digital identity scheme, which <a href="https://www.thetimes.co.uk/article/digital-id-cards-lead-the-dominic-cummings-data-revolution-v750fn3kt">some media outlets</a> have called digital ID cards. </p>
<p>In reality, there’s no single agreed definition of what a digital ID is or looks like, so saying the new system will be similar to the unpopular card scheme is misleading. However, the UK government is a long way from demonstrating that it could operate an ID system that follows the principles of privacy, transparency and good governance it claims to support and that are needed to protect people’s rights.</p>
<p>The government’s main argument for a digital ID is the supposedly growing need to prove who you are. For example, anyone buying or selling a home in the UK has to prove their identity multiple times with multiple pieces of evidence. This is time consuming, repetitive and expensive, often requiring face-to-face verification or sending sensitive documents in the post.</p>
<p>A digital identity should help to simplify the process, reducing the friction and costs associated with a stressful series of transactions. It could make it easier to register with a GP, or prove your age if you don’t have a driving licence or passport. And, the government argues, a digital ID could play an important role in preventing identity fraud – a serious and <a href="https://www.ukfinance.org.uk/system/files/Fraud-The-Facts-2020-FINAL-ONLINE-11-June.pdf">growing problem</a>.</p>
<h2>E-government</h2>
<p>Other countries appear to have had success with digital identity programmes. Estonia has a mandatory scheme that includes an ID card but can also be used as definitive proof of identity online. It’s used for travelling, national insurance, checking medical records, submitting tax claims, accessing bank accounts, ordering prescriptions and even online voting.</p>
<p>And the scheme appears to have benefited the country, as part of its <a href="https://e-estonia.com/estonia-showcases-the-advantages-of-a-digital-society-siim-sikkut-government-cio-of-estonia-shares-how-citizens-as-well-as-businesses-can-benefit-from-a-digital-government-at-the-gcio-forum-2017/#:%7E:text=There%20are%20many%20benefits%20of,in%20Estonia%20are%20now%20digital.">general mass digitalisation</a>. In fact, Estonia has been called the <a href="https://interestingengineering.com/e-estonia-the-worlds-most-advanced-digital-society">most advanced digital society in the world</a>. It has one of the world’s best rates of tax collection, <a href="https://medium.com/e-residency-blog/heres-why-tax-evaders-are-disappointed-in-estonian-e-residency-2322644f5f59">supported by e-taxation</a>. Participation in elections has increased, alongside the introduction of <a href="https://e-estonia.com/new-record-i-voting-system/">online voting</a>. Around 99% of public services are now online, <a href="https://e-estonia.com/solutions/e-governance/">available 24/7</a>. Its healthcare system is <a href="https://www.baltictimes.com/estonia_has_eu_s_most_cost-effective_healthcare_system/#:%7E:text=It%20has%20emerged%20in%20a,is%20Estonia%2C%20Postimees%20Online%20reports.&text=Estonia%20improved%20its%20total%20score%20by%2053%20points.">highly cost effective</a>, supported by significant investment in digital records.</p>
<p>Plans for a digital identity would most likely be part of the government’s <a href="https://www.thetimes.co.uk/article/no-10-takes-control-of-data-back-into-the-heart-of-government-ksq79rh33">wider attempt</a> to improve data collection and used to inform policymaking and implementation. A digital identity scheme, with a unique identifier for each citizen, could help create government to join up a variety of personal information currently held in separate department databases. This could lead to new insights on citizen behaviour and improved government decision-making. </p>
<figure class="align-center ">
<img alt="Old man sat on sofa looking confused at smartphone" src="https://images.theconversation.com/files/357486/original/file-20200910-20-880cbv.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/357486/original/file-20200910-20-880cbv.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/357486/original/file-20200910-20-880cbv.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/357486/original/file-20200910-20-880cbv.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/357486/original/file-20200910-20-880cbv.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/357486/original/file-20200910-20-880cbv.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/357486/original/file-20200910-20-880cbv.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">A digital ID won’t necessarily make things easier for everyone.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/old-man-sit-on-sofa-hold-1679792968">Fizkes/Shutterstock</a></span>
</figcaption>
</figure>
<p>So what could possibly be the problem with such a supposedly advantageous system?
One of the risks is that a poorly implemented digital ID scheme could make it harder for some people to access services, particularly those with limited access to the internet or skills in using it. Some charities have already noted in a <a href="https://www.gov.uk/government/consultations/digital-identity/outcome/digital-identity-call-for-evidence-response">government consultation</a> that a significant amount of their time is dedicated to supporting vulnerable users to navigate government online services.</p>
<p>Another risk is that people may feel that a “joining up” of data across government will damage their privacy. Even if we have (willingly or unwillingly) shared our data with government already, we may be relying on the notion that most officials couldn’t that easily pull up (and potentially abuse) all our information in one place. The loss of such protection could further undermine trust in those who have access to our data, from the government itself to our local GPs. </p>
<p>But if Estonia can make it work, why can’t the UK? One of the reasons for Estonia’s successful digitalisation is that it was in many ways starting from scratch, and able to design its digital ID as part of a new wider system. The UK, on the other hand, has numerous separate existing digital systems that would need to be integrated.</p>
<h2>Creating more problems</h2>
<p>This problem also has implications for the UK government’s plans for more data-focused policymaking. As the <a href="https://www.instituteforgovernment.org.uk/blog/no10-data-science-unit-could-create-more-problems-it-solves">Institute for Government</a> put it, “A No10 data science unit could create more problems than it solves.” The thinktank noted that much of the data collected, stored and processed by government departments is of poor quality and subject to significant gaps, difficult to find and share, and locked away in legacy IT systems. </p>
<p>Building a well-rounded picture of government and society, and empowering the rest of Whitehall to use data science, will require an overhaul of data use that goes way beyond the abilities of small team in Downing Street. The UK needs a long-term plan backed up with practical steps, a much greater willingness to invest in skills and systems, and clear high-level leadership. </p>
<p>Put simply, the government needs to learn to walk before it tries to run with a complex and highly sensitive digital identity scheme. It has highlighted six principles that it wants to guide the project (privacy, transparency, inclusivity, interoperability, proportionality and good governance). But these are very broad and there’s no indication yet of how they will be followed.</p>
<p>A UK digital identity will only work if it allows people to stay in control of their data, who it is shared with and what they are allowed (and not allowed) to do with it. Without this, we can expect to see a revival of <a href="http://news.bbc.co.uk/1/hi/uk_politics/7137966.stm">the campaign</a> that helped kill ID cards the first time around.</p><img src="https://counter.theconversation.com/content/145731/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Maureen Meadows does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>A digital ID will only work if people are allowed to keep control of their data.Maureen Meadows, Professor of Strategic Management, Coventry UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/851792017-10-06T02:49:25Z2017-10-06T02:49:25ZLet’s face it, we’ll be no safer with a national facial recognition database<figure><img src="https://images.theconversation.com/files/189098/original/file-20171006-9753-1ww25ll.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Many more faces to be added to a national database, but will it make us any safer?</span> <span class="attribution"><span class="source">Shutterstock copy/Andrey_Popov</span></span></figcaption></figure><p>A commitment to share the biometric data of most Australians – including your driving licence photo – agreed at Thursday’s Council of Australian Governments (<a href="https://www.coag.gov.au">COAG</a>) meeting will result in a further erosion of our privacy.</p>
<p>That sharing is not necessary. It will be costly. But will it save us from terrorism? Not all, although it will give people a false sense of comfort. </p>
<p>Importantly, it will allow politicians and officials to show that they are doing something, in a climate where a hunt for headlines demands the appearance of action.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/leaders-agree-to-hand-over-driver-licence-data-as-part-of-coag-counter-terror-package-85251">Leaders agree to hand over driver licence data as part of COAG counter-terror package</a>
</strong>
</em>
</p>
<hr>
<h2>Your biometric data</h2>
<p>Biometric data used in fingerprint and facial recognition systems is indelible. It can be used in authoritative identity registers, featured on identity documents such as passports and driver licences. </p>
<p>It can be automatically <a href="http://unswlawjournal.unsw.edu.au/sites/default/files/04-mannsmith-advance-access-final.pdf">matched</a> with data collected from devices located in airports, bus and train stations, retail malls, court buildings, prisons, sports facilities and anywhere else we could park a networked camera.</p>
<p>Australia’s state and territory governments have built large biometric databases through registration of people as drivers – every licence has a photograph of the driver. The national government has built large databases through registration for <a href="http://www.border.gov.au/Trav/Visa/Biom">passports</a>, aviation/maritime <a href="http://barnoldlaw.blogspot.com.au/2011/06/identity-privacy-and-aviation-security.html">security</a> and other purposes.</p>
<p>Irrespective of your consent to uses beyond those for which the picture was taken, the governments now have a biometric image of most Australians, and the ability to search the images.</p>
<p>COAG <a href="https://www.coag.gov.au/meeting-outcomes/special-meeting-council-australian-governments-counter-terrorism-communique">announced</a> that the governments will share that data in the name of security. </p>
<h2>Sharing data with who?</h2>
<p>Details of the sharing are very unclear. This means we cannot evaluate indications that images will be captured in both <a href="http://www.abc.net.au/radio/programs/am/we-target-terrorists,-absolutely:-malcolm-turnbull/9013620">public and private places</a>. For example, in <a href="https://www.theregister.co.uk/2017/10/03/australian_pm_malcolm_turnbull_hints_at_surveillance_expansion/">retail malls</a> and libraries or art galleries – soft targets for terrorism – rather than in streets and secure buildings such as Parliament House. </p>
<p>Prime Minister Malcolm Turnbull has <a href="http://www.abc.net.au/radio/programs/pm/facial-recognition-is-not-mass-surveillance-turnbull/9020418">responded</a> to initial criticism by clarifying that matching will not involve “live” CCTV.</p>
<p>But the history of Australian surveillance law has been a matter of creep, with step-by-step expansion of what might initially have been an innocuous development. When will law enforcement agencies persuade their ministers to include live public or private CCTV for image matching?</p>
<p>We cannot tell which officials will be accessing the data and what safeguards will be established to prevent misuse. Uncertainty about safeguards is worrying, given the history of police and other officials inappropriately <a href="http://www.couriermail.com.au/news/queensland/crime-and-justice/police-file-of-netball-star-laura-geitz-allegedly-hacked/news-story/0076d999f36106167c97bdf446821baf">accessing</a> law enforcement databases on behalf of criminals or to <a href="http://www.canberratimes.com.au/act-news/former-afp-agent-pleads-guilty-to-using-restricted-police-system-to-stalk-exgirlfriend-20150603-ghfk7r.html">stalk</a> a former partner.</p>
<p>The sharing occurs in a nation where Commonwealth, state and territory privacy law is inconsistent. That law is weakly enforced, in part because watchdogs such as the Office of the Australian Information Commissioner (<a href="https://www.oaic.gov.au/">OAIC</a>) are <a href="http://www.austlii.edu.au/au/journals/UNSWLJ/2015/43.html">under-resourced</a>, threatened with <a href="http://www.aph.gov.au/About_Parliament/Parliamentary_Departments/Parliamentary_Library/pubs/rp/BudgetReview201617/Office-AIC">closure</a> or have <a href="https://www.themandarin.com.au/78938-victoria-an-information-policy-backwater-privacy-commission-abolition-bill-passes/">clashed</a> with senior politicians.</p>
<p>Australia does not have a coherent enforceable right to privacy. Instead we have a threadbare patchwork of law (including an absence of a discrete privacy statute in several jurisdictions). </p>
<p>The new arrangement has been foreshadowed by governments over several years. It can be expected to creep, further eroding privacy and treating all citizens as suspects. </p>
<p>Software and hardware providers will be delighted: there’s money to be made by catering to our fears. But we should be asking some hard questions about the regime and questioning <a href="https://www.coag.gov.au/node/339">COAG’s statement</a>.</p>
<h2>Let’s avoid a privacy car crash</h2>
<p>Will sharing and expansion of the biometric network – a camera near every important building, many cameras on every important road – save us from terrorism? The answer is a resounding no. Biometrics, for example, seems unlikely to have saved people from the Las Vegas <a href="http://www.abc.net.au/news/2017-10-03/las-vegas-shooting3a-lives-changed-forever/9009768">shooter</a>.</p>
<p>Will sharing be cost effective? None of the governments have a great track record with major systems integration. The landscape is littered with projects that went over budget, didn’t arrive on time or were quietly killed off. </p>
<p>Think the recent <a href="https://theconversation.com/senate-committee-on-abs-censusfail-still-points-to-basic-failures-on-ibms-part-67672">Census</a> and <a href="https://theconversation.com/errors-in-centrelinks-debt-recovery-system-were-inevitable-as-in-all-complex-systems-71409">Centrelink</a> problems, and the billion dollar bust up known as the <a href="https://theconversation.com/new-name-and-opt-out-policy-wont-save-the-personal-health-record-41601">Personally Controlled Electronic Health Record</a>.</p>
<p>It won’t be improved by a new <a href="https://theconversation.com/lets-kill-the-australian-identity-card-zombie-once-and-for-all-71328">national ID card</a> to fix the <a href="https://www.theguardian.com/australia-news/2017/jul/06/medicare-data-breach-tax-office-suspends-cards-as-id-before-u-turn">Medicare</a> problem.</p>
<p>Is the sharing proportionate? One answer is to look at experience in India, where the Supreme Court has comprehensively <a href="http://barnoldlaw.blogspot.com.au/2017/08/aadhaar.html">damned</a> that nation’s ambitious <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2800835">Aadhaar</a> biometric scheme that was meant to solve security, welfare and other problems.</p>
<p>The Court – consistent with decisions in other parts of the world – condemned the scheme as grossly disproportionate: a disregard of privacy and of the dignity of every citizen.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/coag-meeting-on-counter-terrorism-was-more-about-politics-than-practice-85249">COAG meeting on counter-terrorism was more about politics than practice</a>
</strong>
</em>
</p>
<hr>
<p>Is sharing likely to result in harms, particularly as the biometric network grows and grows? The answer again is yes. One harm, disregarded by our opportunistic politicians, is that all Australians and all visitors will be regarded as suspects.</p>
<p>Much of the data for matching will be muddy – some <a href="http://www.aic.gov.au/publications/current%20series/rip/1-10/08/04.html">street cameras</a>, for example, are <a href="http://www.securitynewsdesk.com/safeguarding-your-surveillance-system-an-introduction-to-the-siqura-camera-health-check/">fine resting places for pigeons</a> – and of little value. </p>
<p>As with the mandatory metadata retention scheme, the more data (and more cameras) we have the bigger trove of indelible information for hackers. Do not expect the OAIC or weak state privacy watchdogs (which in some jurisdictions do not exist) to come to the rescue.</p>
<p>As a society we should demand meaningful consultation about official schemes that erode our rights. We should engage in critical thinking rather than relying on headlines that reflect political opportunism and institutional self-interest. </p>
<p>The incoherent explanation and clarifications should concern everyone, irrespective of whether they have <a href="http://www.news.com.au/national/politics/new-counterterror-laws-wont-strengthen-existing-measures-legal-expert/news-story/84bd45a9b568b9d3b7e35406af21c2e8">chosen to be on Facebook</a> – and even if they have nothing to hide and will never be mistaken for someone else.</p><img src="https://counter.theconversation.com/content/85179/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Bruce Baer Arnold teaches privacy, data protection and secrecy law. He is a director of the Australian Privacy Foundation. </span></em></p>The COAG agreement to share our biometric data - including some photo ID - is an erosion of our privacy and will give people a false sense of comfort.Bruce Baer Arnold, Assistant Professor, School of Law, University of CanberraLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/713282017-01-17T00:33:12Z2017-01-17T00:33:12ZLet’s kill the Australian identity card zombie once and for all<figure><img src="https://images.theconversation.com/files/152812/original/image-20170116-16920-1rigjbw.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Pauline Hanson's One Nation has suggested a national identity card.</span> <span class="attribution"><span class="source">AAP/Sarah Motherwell</span></span></figcaption></figure><p>Some policies are like zombies – toxic, frightening, defiantly unkillable. They reappear, even though they aren’t useful and aren’t pretty. Pauline Hanson’s call for a <a href="http://www.onenation.com.au/policies/identity-proof">national identity card</a> is one of those zombies.</p>
<p>The One Nation leader has been <a href="http://www.abc.net.au/news/2016-09-15/pauline-hanson-maiden-speech-2016/7847136">calling</a> for a networked biometric card for people who interact with the national government. Put simply, that is most citizens. The card will supposedly significantly reduce fraud by non-citizens who are resident in Australia. </p>
<p>Statements about the card are <a href="http://www.9news.com.au/national/2017/01/13/05/32/pauline-hanson-calling-for-national-id-card">confusing</a>. Presumably it is meant also to reduce entitlement fraud by citizens – a focus of the current Centrelink <a href="http://www.abc.net.au/news/2017-01-12/government-knew-of-potential-problems-with-centrelink-system/8177988">debacle</a> – and provide definitive proof of identity in dealing with state or local government and the private sector. </p>
<p>Past enthusiasts for a national <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2195493">identity card</a>, claiming “if you have done nothing wrong you have nothing to fear”, have suggested a “must carry” regime. People would be expected to take the card with them when they use public transport, walk the dog, visit granny, go shopping or otherwise step outside. The card would be the default proof of identity in private sector transactions, stronger than the <a href="http://www.abc.net.au/news/2015-02-26/identity-fraud-bust-sydney-afp-nsw-police/6263366">easily forged</a> driver licence photo cards that are the standard ID for most adults.</p>
<p>The proposal may be good politics – a timely diversion from Hanson’s very public tendency to <a href="http://www.abc.net.au/news/2017-01-08/one-nation-pauline-hanson-dumps-anti-gay-candidate-shan-ju-lin/8168388">lose candidates</a> – but it is unviable. Just as importantly, it is contrary to the dignity we are entitled to as members of a liberal democratic state. On that basis we must hope government ministers looking for a quick policy fix do not cynically embrace the idea. </p>
<p>What would the Hanson card look like? At this stage its operation is unclear, other than it would apparently involve a photo, name/birthdate, digital fingerprint (a unique biometric identifier) and link to multiple official databases. It would be a single key to “health, education and welfare”.</p>
<p>As a national <a href="https://theconversation.com/iris-scanners-can-now-identify-us-from-40-feet-away-42141">biometric</a> scheme the card would involve all adults registering their fingerprints. Infrastructure for that registration does not exist – the Commonwealth would presumably have to co-opt state driver registries. Its operation would not be cheap. </p>
<p>Would the card work? Aside from the affront to human dignity, such a card is unlikely to substantially reduce the incidence and severity of entitlement fraud (for example, unemployment, disability, health and other fraud by citizens and people pretending to be citizens). </p>
<p>The cost of national registration, databases and data-sharing mechanisms required to set up and maintain the card would dwarf the fraud likely to be identified and recovered. The Australian government has not been very good at establishing multi-purpose population-scale systems. Recall the recent <a href="https://theconversation.com/root-of-census-failures-say-badly-done-ibm-and-abs-still-down-for-some-63845">census</a> debacle, revelations about major problems with Centrelink, obfuscation about the national e-health scheme that saw <a href="https://theconversation.com/unfixable-time-to-ditch-personally-controlled-e-health-record-scheme-19834">the Personally Controlled E-Health Record scheme</a> become MyHR, and criticisms about operation of the <a href="http://www.computerworld.com.au/article/344251/auditor_gives_fail_24_8m_document_verification_service_/">national Document Verification Service</a> and <a href="https://www.anao.gov.au/work/performance-audit/management-aviation-and-maritime-security-identification-card-schemes">maritime/aviation</a> identity card schemes. </p>
<p>A “must carry” requirement appears to be unconstitutional. We are not at war (arguably the only situation that would allow mandatory “registration and display”). Few Australians would be happy to face criminal sanctions if they forgot to carry the card or refused to show it to a range of officials. </p>
<p>Some people may be comforted by the idea that everyone would be required to carry – and display – a <a href="https://www.wired.com/2016/03/biometrics-coming-along-serious-security-concerns/">biometric</a> card, an instance of magical thinking. Others will either be disillusioned or relish the thought that the magic card is a tool for a variety of scams in the private sector, where most <a href="https://www.ag.gov.au/RightsAndProtections/IdentitySecurity/Pages/Trends-in-Identity-Crime.aspx">identity offences</a> occur. When we read court reports, for example, we can see that crooks are just as good at <a href="http://www.smh.com.au/national/buying-counterfeit-medicare-cards-no-questions-asked-20160610-gpgj1v.html">manufacturing</a> birth certificates, credit cards and driver licence cards as the organisations responsible for those identity documents.</p>
<p>Many business will weigh risk, choosing convenience over the costs of rigorous authentication. Few Australians have substantial forensic skills. We’ll accordingly see quite a few fake Hanson cards if the One Nation scheme gets off the ground. </p>
<p>In her 2016 maiden speech, Hanson <a href="http://www.abc.net.au/news/2016-09-15/pauline-hanson-maiden-speech-2016/7847136">said</a>: “I will not accept do-gooders complaining about people’s privacy.” </p>
<p>Despite the prime minister’s stirring advocacy of privacy in his 2012 <a href="http://www.malcolmturnbull.com.au/media/free-at-last-or-freedom-lost-liberty-in-the-digital-age-2012-alfred-deakin">Deakin Lecture</a>, the government (along with the opposition) has been reluctant to respect <a href="https://theconversation.com/its-time-for-privacy-invasion-to-be-a-legal-wrong-31288">privacy</a> and has ignored the “do-gooders”. The most effective opposition to the Hanson card is unlikely to come from the Law Council, law societies and civil society advocates. It is instead likely to come from the Department of Finance.</p>
<p>In recalling the <a href="http://www.naa.gov.au/collection/explore/cabinet/by-year/1984-85/australia-card.aspx">Australia Card</a>, that department is likely to be wary about poorly contained costs, inevitable project creep and the ambitions of competing departments. It has a healthy disrespect for grandiose silver bullet proposals. It has a realism about the prospects for getting the competing immigration, health, education and welfare empires to integrate their databases in ways that deliver timely and accurate results. And the Finance Department is more powerful than decorative bodies such the <a href="https://www.oaic.gov.au/">Office of the Australian Information Commissioner</a>.</p>
<p>Finance’s project management analysts, rather than legal “do-gooders”, may save us from the card. Let’s hope someone kills that zombie once and for all.</p><img src="https://counter.theconversation.com/content/71328/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Bruce Baer Arnold does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>One Nation’s proposed national identity card is unviable and likely unconstitutional, so should not be entertained.Bruce Baer Arnold, Assistant Professor, School of Law, University of CanberraLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/500142015-11-08T19:21:45Z2015-11-08T19:21:45ZIt’s time for an eAustralia Card<figure><img src="https://images.theconversation.com/files/101016/original/image-20151106-16273-58zecd.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">A digitally integrated identity card with comprehensive security could simplify many transactions with government and business.</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Australian e-government is a long way behind many other developed nations. Our national leadership has utterly failed to comprehend why e-government should have been a national priority decades ago, and continues to offer little in the way of policy direction.</p>
<p>Hence, our current solutions are a bizarre mish-mash of inconsistent approaches, making it confusing and frustrating for Australians. Every mis-step sets back public trust in online government services. Usability, reliability and security are the keys.</p>
<p>The Australian Tax Office (<a href="https://www.ato.gov.au/">ATO</a>), for example, provides online data entry, but inadequate explanatory guidance. Searching the ATO website is risky because it also contains obsolete material from previous years. </p>
<p>The ATO communicates by print-formatted electronic documents to a separate MyGov email inbox, making reference to non-existent additional information, yet two-way communication is not possible through this service.</p>
<p>If the <a href="https://www.dto.gov.au">Digital Transformation Office</a> is appropriately funded, empowered and motivated, then a top-down review of government services may be able to address the usability and reliability issues over time. Of much greater concern and urgency is the challenge of digital identity. </p>
<h2>Who are you?</h2>
<p>The Australian <a href="https://mygov.gov.au">MyGov</a> identity system was developed by the Department of Human Services (<a href="http://www.humanservices.gov.au/">DHS</a>) for the online delivery of Centrelink and Medicare transactions in particular. </p>
<p>According to the Department’s <a href="http://www.humanservices.gov.au/corporate/about-us/">own website</a>, it has no role in the development of government-wide online services. So it is perplexing that the ATO has adopted an identity solution from a non-specialist department, developed to address a particular application and its own list of security concerns.</p>
<p>Whether those particular security concerns are relevant to the ATO is not clear. It’s also not clear whether a top-down threat assessment was ever conducted for either the DHS or the ATO.</p>
<p>The security threat is not just that government agencies want to protect their own systems, it is also that the users of these services need to be able to trust that their private information is accurate, correctable, auditable and secure. </p>
<p>The key issue is establishing that the digital identity of an account truly belongs to the physical person. Unfortunately, personal health records, social security payments and tax details provide a strong incentive for identity theft, and MyGov’s identity verification process is weak.</p>
<p>So how else could you establish that you really are who you say you are?</p>
<h2>The UK and New Zealand</h2>
<p>The UK government rightly puts identity front and centre in the mission of the <a href="https://gds.blog.gov.uk/category/id-assurance/">Government Digital Service</a>. And the UK government has been at pains to <a href="https://gds.blog.gov.uk/2014/01/23/what-is-identity-assurance/">consult and to explain publicly</a> how the digital identity system will work.</p>
<p>In the UK model, identity is established by one of a small number of private service providers, using multiple identification sources. In most cases, this can be done entirely online. The UK government also believes that the private sector is the most efficient way to develop evolving solutions to minimise the risk of emerging identity fraud attacks.</p>
<p>There is a further requirement that identity verification for a particular government service is <a href="http://www.theguardian.com/technology/2014/nov/06/govuk-quietly-disrupts-the-problem-of-online-identity-login">proportionate</a> to the service. Passports need biometric verification, but other services have less stringent requirements.</p>
<p>We have similar familiar in-person processes in the form of a <a href="https://en.wikipedia.org/wiki/100_point_check">100 point check</a> for financial service providers such as banks, and multiple identity documents for passports.</p>
<p>New Zealand has followed the UK model with <a href="https://www.realme.govt.nz">RealMe</a>. However, the service is provided by the <a href="http://www.dia.govt.nz/">Department of Internal Affairs</a> in collaboration with the New Zealand Post Office rather than private providers. Once identity has been established, details can be shared with service providers.</p>
<p>Of particular interest in New Zealand is that RealMe is sufficient to open a bank account and apply for a passport entirely online.</p>
<h2>The Estonian approach</h2>
<p>The mature and battle-hardened <a href="https://theconversation.com/what-australia-can-learn-about-e-government-from-estonia-35091">Estonian e-government</a> approach includes digital signatures, electronic prescriptions, online voting, and opening and operating both bank accounts and online businesses. Estonia has also extended its digital services to so-called e-Residents. </p>
<p>Estonia’s identity solution requires a smart identity card to be issued in person, which is when they collect biometric information, including a photograph and fingerprints. A smartphone application also provides identity validation for lower risk services.</p>
<p>The underlying system architecture provides a very robust and secure platform for both government and private sector services, even enabling users to verify who has been accessing their private information, and why.</p>
<p>The Estonian approach works in no small part because of <a href="http://www.themandarin.com.au/31637-australia-false-understanding-privacy-says-estonia-cio/?pgnc=1">strong and effective leadership in the 1990s</a>, which brought with it public support. Whether or not Estonians like their current government, there is an inherent sense of trust in the security of government services.</p>
<h2>What is happening in Australia?</h2>
<p>If you search hard enough in the Digital Transformation Office website, you’ll eventually find a glib reference to <a href="https://www.dto.gov.au/budget/trusted-digital-identity-framework">digital identity</a>. Just <a href="https://www.dto.gov.au/budget">A$254 million</a> has been budgeted over four years to begin the transformation of Australia’s Commonwealth services to online delivery. That’s less than half the cost of the <a href="http://indaily.com.au/news/2014/05/07/oval-costs-wrap-610m/">Adelaide Oval redevelopment</a>, but with enormous and quantifiable long term benefits to Australia’s economy and society.</p>
<p>In 1985 the Hawke Labor government proposed a national identity card, the <a href="http://www.naa.gov.au/collection/explore/cabinet/by-year/1984-85/australia-card.aspx">Australia Card</a>, which was subsequently abandoned in 1987. Politics got in the way of our nation’s leaders to grapple with real policy substance, to Australia’s detriment. </p>
<p>Robust policy debate still might not have delivered the Australia Card, but whatever solution emerged might have set up Australia to be a world leader in the delivery of modern government services.</p>
<p>Policy needs to be driven by open public discussion and consultation. The UK and New Zealand models are compatible with Australian expectations, although the Estonian smart-card based solution is far more robust and versatile.</p>
<p>We have two clear choices: an eAustralia Card would offer flexibity, security and convenience, not to mention eliminating a half-dozen cards from a typical wallet; or we can continue to fail to innovate, swallow our pride and follow New Zealand’s lead.</p>
<p>In the absence of well-considered policy driving e-government services, Australians will continue to have no good reason to trust our government to keep our private information secure.</p><img src="https://counter.theconversation.com/content/50014/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Matthew Sorell holds an Estonian "e-Resident" Digital ID Card and has a research relationship with the Tallinn University of Technology.</span></em></p>It’s time to bring our digital identity up to date with other developed nations. That might even mean a unified digital identity card with top notch security and privacy protections.Matthew Sorell, Senior Lecturer, School of Electrical and Electronic Engineering, University of AdelaideLicensed as Creative Commons – attribution, no derivatives.