Quote Of The Year

Quote Of The Year - Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

Sunday, November 12, 2006

The Australian National Identity Security Strategy – Unknown, Critical and Possibly Flawed!

In the November / December issue of the IEEE Internet Computing Journal Daniel J. Weitzner from MIT has written what I see as a very important article entitled “In Search of Manageable Identity Systems”.

The DOI Bookmark is: http://doi.ieeecomputersociety.org/10.1109/MIC.2006.127

The key insights and the reason why I think the article is important is contained in the following two paragraphs from the paper.

“Although no doubt exists about current identity mechanisms’ weaknesses, our efforts to design and successfully deploy network-based identity management systems have been so frustratingly unsuccessful that a new approach seems necessary. Elements of the new approach come into view when we compare Internet identity protocol designs with systems used in financial services.

Traditional computer security systems begin with a nearly metaphysical design goal of associating a single identifier with a single identity (whether a person’s name or pseudonym). Once the system verifies the identifier, all privileges associated with it become available to whoever possesses that identity. Rather than taking this unitary approach, however, credit-card authorization systems take a composite approach, in which the binding between an identifier (a credit-card number) and the associated privileges (access to credit) is established only after the system has completed statistically based antifraud checks. In other words, you aren’t actually recognized as the card holder simply for presenting the card or even after verification that the card token itself is genuine. You’re recognized as an authorized party only on the basis of traditional security checks combined with statistical verification that you’re likely to be who you say you are.”

What is being said here and in the rest of the paper is that the simple concepts of a unique identifier may not be appropriate or workable in the networked world in which we now find ourselves. Indeed the paper suggests we do not yet have “manageable identity systems” as yet.

The paper describes how, in real time we now have credit card providers, having been given an identifier (the card number and expiry date etc), running sophisticated analysis on the card’s transaction history to ensure the purchase looks to fit within the individuals known spending patterns as so on. Unexpected transactions (larger than normal, bigger than normal, from an unexpected location) are either flagged for later review or declined.

It is easy to see how such technology (were it to become widespread) could also be applied to verification of a health or social service identifier, of the sort now being proposed in the Access Card, before a benefit is paid or a clinical record is linked with others.

I wonder are such approaches part of the technology architecture being developed for the various Government identity initiatives?

In late 2005 the following announcement came from the Council of Australian Government.

http://www.coag.gov.au/meetings/270905/

Identity Security

The preservation and protection of a person's identity is a key concern and right of all Australians. COAG agreed to the development and implementation of a National Identity Security Strategy better to protect the identities of Australians. The strategy will enhance identification and verification processes and develop other measures to combat identity crime. The strategy will be underpinned by an inter-governmental agreement.

COAG also agreed to:

• the development and implementation of a national document verification service to combat the misuse of false and stolen identities; and
• investigate the means by which reliable, consistent and nationally interoperable biometric security measures could be adopted by all jurisdictions.”

Further clarification came in May, 2006 in a press release from the Attorney General.

“The national strategy aims to strengthen identity security through rigorous enrolment and authentication processes while ensuring personal privacy. The national strategy is based on a cross-jurisdictional, whole-of-government approach to maximise its effectiveness and interoperability across all governments.

The key objectives of the strategy include:

• improved standards and procedures for enrolment and registration including identifying key Proof of Identity (POI) documents to be used by all appropriate organisations for the purposes of identifying and registering clients for services;
• enhancing the security features on these documents to reduce the risk of incidence of forgery;
• establishing mechanisms to enable organisations to verify the data on key POI documents provided by clients when registering for services;
• improving the accuracy of personal identity information held on organisations’ databases;
• enabling greater confidence in the authentication of individuals using online services; and
• providing appropriate legislative support.”


It is understood that this strategy relies on the concept of a “gold standard” proof of identity - via the so called Document Verification System – where Proof of Identity (POI) is established by confirmation of the validity (via checks of relevant sources such as Births Deaths and Marriage Registers etc) of the documents presented to confirm the POI.

Were this to be the case one is forced to wonder just how sophisticated the approaches being adopted are and whether there is the risk of the waste of a great deal of money in pursuit of a “gold standard” of identity proof which turns out to be chimera.

A number of things seem clear.

1. Even if an identifier is available and has been obtained with extreme levels of verification that may not be enough to provide certainty as compromise is always possible.

2. The level of certainty required for different transactions is different in different circumstances. (e.g. borrowing a video requires less certainty than linking clinical patient records).

3. Judgements as to the required level of certainty as to identity should be made on a pragmatic and reasonable ‘fit for purpose’ basis.

4. The approaches planned by the Access Card team, the NEHTA Identifier Team and those in the DVS team really need to be aligned, made consistent and fit for purpose and suitable to the application planned. It is hard to see how they are at present.

5. For at least some in the community POI will be very difficult to achieve and any systems implemented need to be sensitive to that fact.

Professor Fels makes relevant points in his November 8, 2006 press release entitled “Access Card Consumer and Privacy Taskforce Recommends Safeguards”

“The Taskforce notes statements by the Government that the card is only to be used for access to health and welfare services. The Taskforce notes that the Government is also in the process of considering the adoption of a National Identity Security Strategy which aims to require a very high (“Gold Standard”) proof of identity. However, the Taskforce does not believe that the ‘Gold Standard’ being considered for a National Identity Security Strategy is necessarily appropriate for use by to facilitate delivery of health and social services benefits. The most disadvantaged and marginalised members of the community who may be unable to provide sufficient documentation to establish their identity should not be unnecessarily burdened by this process.”

It seems to me that while purely identifier based systems seem to have met with some success in places as diverse as Germany, Malaysia and Hong Kong we need to make sure the distinction between enabling access to services and an identity card is not blurred so severely as to become meaningless.

The general unease regarding the melange of identification systems being evolved is only heightened by the recent reports of the extent of individual surveillance happening in the UK and now moving to Australia at an apparently unstoppable speed.

One really begins to wonder whether it may be better overall to tolerate a little CentreLink and Medicare fraud and inefficiency rather than surrender so much control of our individual autonomy and freedom.

Comments, as always, welcome.

David.

No comments: