Title: 25th International Conference of Data Protection and Privacy Commissioners
1Identity and PrivacyWho wants to know, and why?
- 25th International Conference of Data Protection
and Privacy Commissioners - September 11, 2003
- Tim Dixon
- Consultant, Baker McKenzie
- Past Chairman, Australian Privacy Foundation
- tim.dixon_at_privacy.org
2Key drivers of higher integrity ID
- Responses to the threat of terrorism
- Minimising waste and fraud in provision of
government services - Controlling illegal immigration
- Minimising identity theft
- Protection of property
3ID is part of a wider social system
- Identity is used in interactions between people
and all kinds of public and private institutions - ID ensures that the people with the required
credentials can participate in economic, social
and political dimensions of society - can travel or be admitted to a location
- receive a benefit or service
- can undertake transactions
- ID also enables exclusion of others who do not
have the required credentials
4ID systems have significant impacts
- ID systems operate according to the prerequisites
established by governments or business - They are an important instrument of power that
can have positive and negative effects - The effect of exclusion or targeting of
individuals and minority groups can be harsh - The use of identity systems has been a hallmark
of authoritarian regimes - An open society should therefore evaluate
identity systems and their effects rigorously
5Reflections from history
- Democracy and freedoms are fragile
- Over time, the likelihood of power being abused
is high - When societies are under stress, people directly
affected by risks often perceive those risks in
extreme terms - Perception of extreme risk can prompt extreme
responses - Authoritarian responses are common, even in
societies with well-developed civil society
institutions - eg targeting particular individuals or groups as
the source of evil - Public debate becomes more difficult
- Minority groups are targeted when societies are
under stress
6The public may perceive these risks
- Governments and corporations may confront
resistance when introducing intrusive identity
systems - Several factors affect public response
- Proportionality and purpose of identity system
- Level of trust in the government or business
- Extent to which the ID system captures the public
imagination eg through a specific ID card - Protests can be sudden and substantial
- Japans Jyukinet 2002
- Australia Card 1987
7The Australia Card campaign, 1987
- Attempt to introduce a national identity card
with multiple purposes across government - Initially popular as means to reduce tax and
welfare fraud - Publics change of opinion was sudden and
dramatic - Seen as being inconsistent with the Australian
way of life - There has never been a debate like it on the
letters page there has never been such a cry of
opposition from the nation over one topic. - (The Australian newspaper, September 1987)
8Another Australian legend
- Eureka Stockade seen as birth of Australian
nationalism, 1854 - Gold miners protest against compulsory gold
licences - British Regiments and local police attacked group
of gold miners in Ballarat, Victoria - Juries repeatedly refused to convict rebels at
State Treason Trials - Democratic reforms followed, including right to
vote and buy land
We swear by the southern cross to stand truly by
each other and fight to defend our rights and
liberties. (Miners oath)
9Eureka Stockade
- The main objection of the diggers is to the mode
of collecting the license fee since this is
managed with so much offensiveness as to make the
diggers appear like a criminal class, and digging
like a crime. They are subject at any time to be
stopped and interrogated by the police, and to be
carried off to a watch house. (Dr Owens) - The police are unpopular because of the power
they have, and which they exercise pretty
frequently, of going into a mans tent and
rifling and turning over his property to find
grog, just whenever they please. (George
Purchase) - Minutes of Evidence, Report of the Select
Committee of the Legislative Council on the
Goldfields, Victoria, Legislative Council. Votes
and Proceedings 1853-4
10What goes wrong
- Subtle loss of individual rights
- Legitimacy becomes something that is given by the
state, by someone proving their ID - Legitimacy no longer something that is inherent
in an individual - Increasing incentives to organised crime to
counterfeit or crack any ID system - A one stop shop for criminals and terrorists?
- System errors
- Increased vulnerability
- Increased connectedness means greater
consequences when something goes wrong
11Who is at risk?
- Greatest risk of ID systems is for people at the
margins - often targeted by ID systems
- least able to navigate processes for redress and
assertion of rights - ID systems can exclude ethnic, religious,
political minorities - Frequently used as instrument of power by the
state - Current implementation of biometrics in Australia
- Prison visitors
- Methadone program participants
- Asylum seekers
12Privacy protection
- Need for justification of ID systems rather than
relying on post-implementation safeguards - Risk that privacy laws and data protection
authorities ultimately legitimise privacy
invasive ID systems - Regulators nevertheless play a key role in
resisting function creep and ensuring
accountability once systems established
13Thresholds for identity systems
- Is identity necessary?
- Australian privacy legislation - recognition of
the right of anonymity - If it is necessary, is personal identity or only
an attribute necessary? - Criteria to determine when identity should be
required - eg where there is a threat to personal safety,
when entitlement needs to be substantiated - Privacy impact assessment - identify costs and
benefits fully - including the risks associated with new identity
systems
14Alternatives to intrusive ID
- Anonymity
- Pre-paying a bond or deposit where financial risk
exists, but not providing personal identity - Purpose-specific identity
- Limiting to specific contexts
- Federated identity
- Identity brokers
- Minimising collection of information
15Framework for assessing law enforcement and
security powers
- Four step process released by Australian Privacy
Commissioner 2001 - Analysis ensure that the measure is necessary,
effective, proportional and least privacy
invasive - Authority more privacy-invasive measures should
be subject to parliamentary authority or judicial
discretion - Implementation transparency and accountability
eg independent complaints handling, audit,
reporting - Periodic appraisal review of effectiveness,
sunset clauses
16Our opportunity and challenge
- To pass on to the next generation the freedoms
that we have enjoyed - To resist the historic pattern of authoritarian
responses which promise an illusion of security - To build social capital and trust, and resist
fear - To address the upstream causes of global
insecurity - To show that open, accountable and democratic
processes can survive under severe stress