Webdiary - Founded and Inspired by Margo Kingston

The Attorney-General's review of the Privacy Act 1988 is broad, but the Australian Law Reform Commission media release puts health privacy at the top of the list:

Do Australians have enough privacy protection for health, credit and other sensitive personal information? Who can gain access to it? Can it be traded, sold or provided to others? Should privacy laws go beyond data protection to provide rights not to be photographed or subject to electronic surveillance? ...

The Privacy Commissioner's Review of the private sector provisions of the Privacy Act, was completed in 2005, and the first recommendation was that the Attorney-General consider a broader review of privacy in Australia.

I predict there will consternation over the issue of a national Unique Identifier. However, George Bush may be about to announce the enabling solution (for health records, of course!) in the annual rhetoric, so we may as well just do what Halliburton wants and this Inquiry can finish early.

Re QinetiQ sell-off faces National Audit Office investigation

The prospectus is 300+ pages. I haven't found any references to identity management, but it's clearly part of the business.

The UK Parliament is going to commission Scientific Advice to Government.

The first three case studies to be addressed are:
1. The technologies supporting the Government’s proposals for identity cards ...

How's this for a smart card?

In AustralianIT, PM backs off e-health:

... The Health Department's e-health implementation team has been split, with former national director Dr Brian Richards taking a new role in the health services improvement division and other team members moving into that division under acting assistant secretary Tam Shepherd.

An industry source said the repositioning of HealthConnect was a bid to step back from "the overly ambitious attempts of bureaucrats to build an all-encompassing national network..."

If John Howard has given orders to back-pedal on the HealthConnect project, it will have everything to do with his plans for the ministry positions. Ruddock, Abbott, Hockey and Abetz (at least) have all had their fingers in the pie, in one way or another, because the central piece in HealthConnect is the definition of the national identifier.

With Ruddock off to the library studying plans of submarines, for his next job in Defence, Abetz drooling over the A-G job, Abbott more concerned about representing the views of a certain minority group, and Costello looking to get de-hubrissed by the States at COAG, Howard has the power to make or break careers, depending on whether the national identifier project lands in Health, Justice, A-G, Centrelink, Electoral Reform, Immigration or Workplace.

I do not think even Howard would leave the broad practical implications for citizenship in the cold, mechanical hands of Jane Halton. If Howard wants the national identifier left in Health, so he can give the States more stick, he will need to appoint a Minister who can break up the girl-guide mafia.

I was under the impression that these 'smart cards' of themselves carried no real information. Rather they, like ATM cards, only carry directions as to where, on the network, to find the sought after information.

The scary bit is the development of a centralized database. A kind of digitized version of 'This is Your Life".

Misuse of a such a database is not dependant on any card. Why muck around with cards when you could hack straight into the database? Therefore, and this is my question, can we not have one card which is capable of accessing a number of different and separate databases?

I rather fancy the idea of only needing one card to access my money, go to my G.P. or hire a video. By all means keep the databases separate, just do something about all this bloody plastic in my wallet.

Simon Jeffery reports in the Guardian that whilst governments see data-gathering technology as the answer to a range of problems, others see it as the gateway to nightmares, like the one in this scenario:

As for the RFID passports, activists at the 2005 Computers, Freedom and Privacy conference in Seattle - a gathering of the technology-literate and privacy-minded - set up an experiment to show the chips posed both real and conceivable dangers. A souped-up RFID reader was put together that could read a chip at a metre, rather more than the state department's claimed couple of centimetres. Since technological advances never go backwards, this could be extended by a factor of 10 or, to use the journalist's favourite unit of measurement, the length of a double decker bus.

It then does not require a great leap of the imagination for anyone who, say, wanted to blow up Americans to combine an extended reader with explosives to set up a booby trap for US passport holders. The addition of the metal radio shield means the data can be read (and the bomb activated) only if the passport is opened. If it is closed there can be no remote reading or detection of Americans. As travellers tend only to open their passports at passport control in highly supervised areas of airports where any suspect package would be likely to be spotted and removed, this means it is one-nil to the privacy campaigners and, they would argue, US passport holders too.

RFID for those yet to learn about it is radio frequency identification technology and Jeffery describes it like this (in reference to the type of passports undergoing live testing  this week at San Francisco International Airport for selected incoming visitors from Australia, New Zealand and Singapore):

A sleeping chip, an inch square and as thin as a piece of paper, is fitted to the passport. When it is passed over a reader, the chip's onboard antenna powers up and sends back its identifying information.

[snip]

The advantages for border control and governments of RFID-enabled passports is that a record of the passport holder can be read in seconds and they are much harder to forge than the existing passports.

The disadvantage - pointed out by the privacy advocates and lobbyists - is that the technology means that sensitive information on an unprotected RFID chip could be stolen by anyone with a reader.

In 1971 I opened a passbook savings account with one of the "Big Four" banks. qther than having the cash to deposit there was no other packdrill. No 100 points to coply  with. No AUSTRAC. No Tax File Number. Just a straight forward transaction

The other  I wished to increase my payment to a direct debit and the first thing the "customer service officer" asked me for was some form of photographic identification, failing to have such on me I had to give here a password which I had given at a previous transaction.

The passbooks have faded into memory and my account is controlled by an ATM card  with which has PIN. If I wish to access details of my account on the phone I have another PIN and to do likewise on the Internet I must enter a fifteen digit number which is on the ATM card plus a 8-character password...

This is fine for now but what happens if I were to become mentally or intellectually disabled or develop amnesia? Dammit it is my money that the bank holds. I do not play with theirs.

What right do these faceless corporations and their servants have to demand photographic identification and assume that the image is genuine when any bright person in 2006 could play around with a photoshop program and make an acceptable product.

At the present time we are into irises and biometrics and DNA and who is to say that our waste products will be next  thing in assisting these busybodies curiosity.

Corporate Watch (UK) has a 16-page paper (Corporate Identity) in pdf format, on private companies involvement with the ID card process.
For example, a former MD of Accenture became head of E-Government, and ultimately the entire ID cards scheme.

It looks like the pathway to win-win success begins with industry hopefuls organising a conference or two, to impress the mandarins with their ability to facilitate appropriate hospitality.

Looking into the SmartRider developments in WA pointed out by Bernard Rochlin last week (thanks Bernard) I'm seeing a clear need for Transperth to be much more transparent about what happens to the data linked to an individual's identity.  The system they are introducing tracks and holds data on every movement an individual makes within the public transport network. How long is the data held? What analysis on the data is done? Who has access to the raw data and/or the analyses?

Actually many businesses (public and private sector businesses) should be more open about what information they collect on us and how it is used, secured, disposed of, etc.  Most of all they should be open about what kind of data matching could take place, and not just about what they do now but also what they could do with the data if 'ordered to do so' by a government that thinks it is doing the right thing by acting all big brotherly.

The following is a Press release released by Senator Natasha Stott Despoja today:

The claim today by the Attorney-General that "a very large proportion of Australians have a national identity card now..." will come as a great surprise to many Australians, according to the Australian Democrats.

"The ownership of a passport - albeit one with biometric data - is not the same as a completely centralised database containing everything from taxation to health information, social security data to passport information," Democrats' Attorney-Generals Spokesperson Senator Natasha Stott Despoja said.

"Storing such large amounts of sensitive information on individual cards will increase the risk of that information falling into the wrong hands and being abused.

"Only last year, Federal Justice Minister Chris Ellison admitted a national identity card would give 'criminals or terrorists one nut to crack'. He went on to say a document verification system, also under consideration, was 'a more substantial way to verify identities than having one document of the Australia Card type, which could be more easily violated'.

"It is arrogant for the Attorney-General to suggest that this debate is not about whether or not we will have an identity card but what information is stored on it. For many Australians, the debate about whether or not to even consider a national identity card has not been resolved. There are many Australians wary of the centralisation of personal data by the Government and who would not accept the debate is over, even if the ALP and the National Party do.

"The notion that Australians already have their privacy invaded by big Government agencies is not an excuse to further erode privacy rights in this country. Our Government should be strengthening privacy laws, not weakening them.

"Australians have good reason to worry about their privacy rights. This Government appears cavalier in relation to respecting and protecting the privacy and security of the personal information of Australians.

"I initiated an inquiry into the Privacy Act which reported last year and found our privacy laws are inconsistent, confusing, full of exemptions and years behind technology.

"Until the Government addresses the myriad gaps in our current privacy regime, it should not even begin to debate a national identity card," Senator Stott Despoja said.

My pretext for this post is that electronic health records, universal identifiers and SmartCards are tightly linked together.

One the key bureaucrats at the centre of IT for health in Victoria is Shane Solomon. An article in The Age notes Mr Solomon is moving on to greener pastures, so I may as well add to the eulogy. Here's the text of a letter written to him, in May 2003.

Mr Shane Solomon
Executive Director, Metropolitan Health & Aged Care Services, DHS

Dear Mr Solomon

Re: Office of Health IT

Thank you for the informative answer to my question on this subject, after Ms Pike’s presentation to Southern Health staff, yesterday.

I would like to share some thoughts, as a frustrated user. These are my own opinions, and they are not intended to represent my employer or any of my superiors. Further, I do not have any links with the IT industry, and neither does any of my immediate family. I may have taken a biscuit from a vendor’s stand at some stage, but that’s all the gifting I have received from the industry. I do not own shares.

I heard you say that the Board (of Health IT) would not have suppliers or other reps from the industry. That’s hardly the point. The tentacles of influence from “the industry” reach far and wide. The Board may consist entirely of public servants who are forbidden to engage in commerce of a private nature. It is much more likely that said public servants have been, or will be in the near future, working in the private sector. And that they will have been, directly or indirectly, the recipients of support of some kind or other. You will have to do more to convince citizens that Victoria’s public service and government has the will to do better, in order to manage conflicts of interest. The government should have pursued it’s Inquiry into Corporate Governance in the Public Sector through PAEC.

This Board will be the channel through which many hundreds of millions will be spent, at the historical risk of profound failures. The run-up to the “Homer replacement” project was a shambles, clearly not the fault of incumbents, but due to relentless de-skilling and lack of awareness, or worse, at higher management levels. There is no indication that DHS is capable of conceiving and delivering a mammoth installation, including data centres, and it is a pity that the Minister seems to have been advised that it can be done (by DHS). Yes, it can be done, by outsourcing almost the entire project.

There isn’t any doubt in my mind that the only, not the best, way to get what is needed in Health IT for Victoria, is for the government to take the early initiative to set up a robust framework for managing a true partnership between public agencies and suppliers. We must avoid the usual form of PPP – profit for private and all the risk to the public.

The signs are already apparent, there is a high risk these plans will end up with millions being tossed at flashy toys – like tablet computers – for dubious benefit in hospitals, and no discernible outcomes for the wider community. It will be a shame if this Board cannot deliver a bit more care coordination for the real losers – people living with chronic illness, and especially people with mental disability in supervised residentials. Sick people embedded in the public hospital circuit will always be surrounded by professional groups that will drive the debate over resource allocation.

There is always a bald kid for page three, if it suits the purposes of the hospital lobbyists. A poor old duffer, struggling with loss of function and complex medications, will never be an attractive lure for more public funds. A Labor government should not let itself be overcome by glitz and flash promises, to lose sight of the most marginalised.

This brings me to the reason why all those promises of millions for more and better IT for health are bound for trouble. The central need is for an electronic health record, but the scant mention it receives suggests it is in the too-hard category. One could hope that the reticence is due to grand plans waiting to be unfolded soon by Canberra. But since collaboration with other States, let alone the Commonwealth, is not mentioned either, I think my gut sense is correct – the government is waiting for the lobbyists to declare a state of urgency, then in desperation it can turn the whole lot over to contractors. That’s a strategy, but it might be worth costing it out fully and owning up to the taxpayer.

The Electronic Health Record requires some enormous overheads, but at the core is a universal identifier. Unless Australians agree to a system of electronic verification of identity, the health record concept is stalled. Drug companies want to have systems of tracking, so they can follow the progress of clinical trials. Some of these projects may leak over to more routine medication management. But unless the government is involved with centralised patient databases, by regulation, it’s highly likely that (more) inequities will brew. There may be wonderful copy and photo ops for projects to brag about, but I do not think the public will warm to the prospect of unregulated databases. It might be one thing to track diabetics, to make sure they are keeping their appointments for retinal scans, but quite another to make a private company the owner of data that shows which people are receiving anti-psychotic medications. We all know, from personal experience, the difficulties experienced by people with serious mental illness. It is the government’s duty to plan how to protect their rights to privacy and justice. The geeks who are lobbying for prescription management toys in hospitals should be made accountable for the downstream consequences of their enthusiasm.

A weak Board will be powerless to withstand the pressures exerted by dominant medical identities and stooges for monolithic corporations. The appointments to the Board, and all its subsidiaries, should be open, and accountable to someone who will carry a real risk of loss if the processes are perverted. The people who are most at risk of corruption should have government regulations to protect them. The people with the power to funnel large streams of cash to the IT industry should have their relevant private dealings declared and published. The UK government has some excellent examples, that are built on the Seven Principles of Public Life.

The Identity Project, at LSE Department of Information Systems, has a 60 page report on the status of research into the UK ID Card proposals. An extract:

Section II: Research Challenges

Serious and successful research projects require three conditions: (a) an environment of openness in which reliable and accurate information is freely available; (b) access to the full range of key stakeholders, and (c) settled points of reference within a stable research context. In the time since publication of our report in June 2005 none of these conditions has been possible. This section will explain why we are unable to present a final report on the costs and implications of the Identity Cards Bill, and why we believe no such evaluation can be made by any independent research.

A culture of secrecy

We observed in our last report that the identity cards legislation had been drafted almost in its entirety in 2002, and that consequently there had been no opportunity for genuine stakeholder engagement or consultation. This situation exists despite two formal consultations, which in effect were illusory. We do not resile from this view.

There are three important repercussions that arise from this pre-determined and "top down" approach to the identity cards proposal. The first is that the approach requires buttressing through an increasingly closed development and planning process. The second is that a disproportionately large effort is required for public relations and marketing of the scheme's more controversial and contentious aspects. The third is that few opportunities exist for alternative architectures and approaches that may achieve similar objectives.

It is clear that the planning for this project has been conducted in a centrist fashion, with most activity occurring between the Home Office and key IT vendors. The trade body "Intellect" has in effect been appointed the industry conduit for this scheme. The result is a closed process within which public education has replaced public consultation. The question of "how" the scheme can be built has become more important than "why" it should be built, "in what way" it should be built, or even "whether" it should be built.

At Slashdot, E-Passport System Test This Week, Australia is mentioned:

U.S. diplomats, Australian and New Zealand citizens and Singapore Airlines officials are among those who have been issued the e-passports.

And, there is an article and editorial in Financial Review - 'Ruddock to push national identity card' and 'ID card idea will be a tough sell'.

In April 2006 the PTA of WA will be rolling out this new form of prepaid fare. The apparatus in the bus is linked to GPS and in statements issued by Transperth they indicated where you got on or off the bus or train. So if the authorities want to keep track of one, this technology is a tool in their hands. 

Craig R.: Hello Bernard. That's an interesting development to watch. Here's a link to the PTA's info on Transperth's new SmartRider ticketing system.  I notice that under "About SmartRider" they list the benefits under headings of Convenient, Smart and Secure. Unsurprisingly, there's no mention of disbenefits like those that could be listed under the heading Intrusive.  Costs that could be listed under the heading Up Front & Unrecoverable (card purchase fee of $10, $5 for concession users) are mentioned elsewhere.  

I have had a so-called Smart Card with the ANZ for two or three years now. I was not happy when it was sent to me as a renewal of my old card.

I honestly don't know what personal stuff can be accessed through this card. So far, I've taken the easy way out and kept using it.

Can anyone fill me in on exactly how my Smart Card is different to other cards?

I'm with Sid Walker. 

Enormous amounts of criminal fraud and inefficiency do currently occur in Australia due to the lack of a unified identity scheme. The sums are unknown, but staggering. On estimates I have seen the total loss would run well over $1billion per year - and that is almost solely borne by the taxpayer and consumers. Consider that the taxpayer pays $0.30 for every dollar of fraud commited in prvate health insurance, for example.

But, our public service and government have given us ample cause to believe that they will systematically, and probably also negligently abuse any unified identity scheme. The better the scheme, the worse the abuse.

At this point public servants and pollies are relatively immune from the consequences of negligence, or worse, in carrying out their actions.  Children overboard, SIEV-X, Rau, Solon...and whatever else has been brewing.

Until checks and balances are in place that prevent and punish this type of abuse severely we cannot ever contemplate this idea, an Australia Card or whatever we want to call it.  It's a shame as this is a great concept in principle, but our institutions let us down.

We are a therefore a republic trading bananas, perhaps?

In a more normal world, a comprehensive medical database would make good sense. It's easy to envisage ways such a facility could save and enhance human life.

Sadly, in our 'real' world, governments and mass media cannot be trusted on basic matters of fact (faked 'terrorist incidents', mass computerized fraud in US elections, non-existent weapons of mass destruction, modern history etc.)

Given that profoundly pathological behaviour is sanctioned at the highest levels, my position on this topic is one of defensive opposition.

No to the medical smartcard until we have created a social context and political framework which minimizes the prospect of abuse!

It makes no sense to give utterly unscrupulous manipulators, people who covertly control a corrupt system, even more power over other individuals - power that would almost certainly be misused.

I have a friend who is a retired private detective who says information about persons was always easy to access from government sources if one paid the right price. The internet and the idea of combining all data onto one smart card and at one source he claims will just make it easier still. Anyone who thinks government regulations will protect their privacy is sadly mistaken.

Centralised databases (I mean logically centralised) are a very efficient means of storing information. They reduce data maintenance costs and are more accurate (through the elimination of redundancy).

For example, I've moved house several times in the last year, and each time I move I have to update my details with several government agencies. Crazy.

Privacy should be protected by the enactment of appropriate legislation and controls. Not by promoting an inefficient system design.

And, "terrifically in style", Google's intelligent sidebar advertising on Webdiary gently leads you to: "Improve data privacy", Free white paper on improving data privacy: www.initiatesystems.com

Happy commercialist New Year, folks. And see this also.

I hadn't heard of this smart-card before, but it sounds like a great idea...

Hamish: can you elaborate Craig?

William Heath's Ideal Government blog is running hot on ID cards, e-government, etc. He has a current link with Australia's regime, through Malcolm Crompton. 

The Register is another UK site keeping tabs on ID technology, here.