Posts filed under ‘Canada’
It’s interesting to see how booze seems to bring up great questions of identity and privacy. Or maybe it’s just the Canadians?
Canadian Dick Hardt uses buying booze as an example in his famous Identity 2.0 presentation and makes very interesting points about using ID, such as a drivers licence, to buy booze.
Now comes another angle from Canada involving booze: if your ID is scanned when entering a bar, would that make you behave? That was one of the issues at the heart of a case decided by the Information and Privacy Commissioner of Alberta.
The Tantra Nightclub in Calgary had a practice of scanning driver licences before allowing people in. Clearly it is collecting and storing personal information as it includes an individual’s photograph, license number, birth date, address, and bar codes with embedded information unique to the individual driver’s license.
The club says that “We’ve got hard data that it works, we have inthat says crime and violence is down in our venues by over 77%.” On the other hand, the Information and Privacy Commissioner described ID scanning as a deterrent to violent behaviour “conjecture” not backed up by hard data and ordered the club to stop the practice.
In terms of consent, the only thing that the complainant agreed to was the club confirming his date of birth off the licence.
This is precisely the kind of situation that the Laws of Identity frowns upon in digital identity systems, in particular User Control and Consent; Minimal Disclosure for a Constrained Use; and Directed Identity. And another example of unjustified expectations from ID cards that knowing a person’s identity somehow magically solves most societal problems.
I spend a lot of my working day thinking about identity-related online services. Protection of privacy in these services is axiomatic. Not only does it make good sense to me, it’s also mandated as one of the policy principles by Cabinet.
The 2007 Privacy & Human Rights Report issued by Privacy International provides a reality check. Across the 47 countries surveyed, the Report says that, “The 2007 rankings indicate an overall worsening of privacy protection across the world, reflecting an increase in surveillance and a declining performance of privacy safeguards.”
New Zealand gets a red colour indicating “Systemic failure to uphold safeguards” as does Australia. Canada gets a yellow for “Some safeguards but weakened protections” while USA and UK get a black for being “Endemic surveillance societies.” Top of the heap is Greece but even it gets only a 3.1 rating out of 5.
The Report lists nine key aspects for New Zealand’s ranking. This seems to have prompted a leading blogger in The New Zealand Herald to call it ‘Systematic failure’ to protect our privacy who goes on to say “From biometric passports to greater sharing of information among Government departments to greater use of surveillance technology, we would certainly seem to be following the lead of countries in the black category. But privacy is a touchy issue for Kiwis and rightly so. Just listen to talkback radio whenever talk of a national ID card emerges in the media.”
According to the Report, of particular concern for NZ is:
- “Court of appeal has had some problematic decisions regarding privacy complaints” and
- “DNA database based on order from high court judge, violent crimes, and convicted burglars; though voluntary samples can be included and increasingly this is being pushed by the police, resulting in more than 80% of samples on database being given ‘voluntarily’.”
I think what’s missing from the Report is people’s perception of the state of privacy in the country being reviewed. Perceptions can be as (if not more) important than the reality.
On that front, in my opinion NZ is doing fine but, as the Report shows, things could be better.
There is an interesting video entitled What does a friend of a friend of a friend need to know about you? It does a really good job of illustrating how relationships in social networks work and the dangers to personal information that can arise.
Given the privacy slant of the video, perhaps the source of the video is not so surprising- the Privacy Commissioner of Canada’s blog. Showing a great understanding of the target market, the video has also been put on YouTube. A good example of effective Web 2.0 use by government.
Unfortunately, the people who really need to understand and act on this message are unlikely to do so. It’s not that these people don’t know the dangers- they just don’t act on it. And that remains a core problem of addressing the downsides of social networking and protecting people from the dangers they continue to expose themselves to.
From the outside, it seems that one of the central beliefs in the US government is that if they can collect every person’s biometrics on Earth and put that into a database, then they can substantially solve all their security problems. Federal authorities have pursued this approach almost single-mindedly over the past few years.
Sometimes these efforts have been overt. A good example is the US-VISIT Program where visitors to the US have to endure lengthy delays as everyone’s fingerprints (currently both index fingers but soon all ten) and photograph are taken.
For me personally, after a 12-13 hours flight, the thought of another two hours standing in a line to get my fingers squashed by a “friendly” official so that the fingerprint reader gets an acceptable reading within a couple of attempts means that I try to avoid travelling to or via the US altogether.
In classic government doublespeak, the benefits of US-VISIT are touted as “Protects the privacy of our visitors” and “demonstrate that we remain a welcoming nation.” Yeah, right!
Sometimes the US efforts to collect the biometrics of every single human being have been more subtle. I think the current “Server in the Sky” concept falls into this category. Police from the International Information Consortium (US, UK, Canada, Australia, and NZ) will be able to exchange biometrics and personal information about criminals and suspects. New Zealand is “considering joining the consortium.”
These five countries already share intelligence amongst themselves and co-operate in running Echelon, the global eavesdropping service that can listen into telephone, radio, and email communication.
What’s subtle about this is that anything submitted for matching also gets added to the US biometrics database. And that’s another step forward in the grand plan to collect the world’s biometrics.
What’s wrong with this? Why shouldn’t we all do our bit in the fight against global terror and criminals? If you haven’t done anything wrong, surely you have nothing to fear from having your biometrics in a US database?
You do… because the central belief that collecting the world’s biometrics will substantially solve all the US’s security problems is wrong. Because the US federal authorities have not proven themselves worthy of such trust. Because the US has a long history of subsequent misuse to achieve more pressing national security concerns. Because “acceptable collateral damage” from data inaccuracies means a lot of grief for some innocent people.
As the last post for the year, there was a temptation to look back and reflect on the past year. All that changed after I heard a recording of Jon Udell interviewing Dick Hardt in IT Conversations. It made me realise how the real opportunities and challenges lie ahead of us, not behind.
In the interview, Dick talks about the work being done for the Government of British Columbia, Canada (BC) to develop a claims-based identity metasystem. Essentially, the work is an Identity 2.0 and Info Cards rendition of traditional government to people interactions.
New Zealand’s approach, GOAAMS delivered under the “igovt” banner, is perhaps best understood from the 2007 IDDY Award webcast. Both the slides and the webcast recording (needs WebEx Player) are now available.
The drivers that Dick articulated for BC are the same for NZ:
- better service delivery that requires information held across various government departmental and organisational silos to somehow be brought together in a secure and privacy-protective manner; and
- giving citizens better access to the information held about them by government.
However, the implementation paths are different. The BC project is based on Info Cards while the NZ one will probably go down the Liberty Alliance’s specs path but allowing Info Cards as an optional UI.
One thing everyone will agree with is that both implementation paths have their own pros and cons. Over time, hopefully differences will not matter too much but given the current state of interoperability, they do. And that translates into substantial differences in architecture, customer experience, the “mental model”, requirements on information providers, ability to join up service delivery, and the uptake strategy.
While the similarities in outcomes between the BC and NZ approaches are important, it is the differences in implementation that provide a great insight into the opportunities and challenges for both governments. Work on comparing and contrasting the two should throw up areas that both governments need to consider in their respective efforts.
To me, that is a very important piece of work to do next year.
In the meantime, it’s time to get the barbie (BBQ) going and break out the beer. I hope you have a great holiday and, like me, come back refreshed and ready for a cracker year ahead.
Even though I have no connection with Passport Canada, for some reason I’m feeling terribly let down by them.
My disappointment may stem from an agency making an elementary security mistake and, rather than fixing the problem, repeating it and looking foolish.
Or, it might be that it is incidents like these that collectively undermine trust people have in dealing with government agencies online.
Sigh…government agencies dealing with sensitive personal information simply have to do better.
What happened? According to Globe and Mail, a security flaw in their website allowed passport applicants to view the personal details (including social insurance number, date of birth, address, driver’s licence number, and gun ownership) of other applicants by simply changing one character in the URL displayed in the address bar. A very, very basic mistake and, worse, evidence of appalling testing.
The site was taken down but when it was put up again, a few key strokes were still all it took to reveal personal information. All the while, Passport Canada was in a public denial mode.
Their website says about Web Security that “Passport Canada is taking the measures necessary to protect the confidentiality of the personal information you provide and to ensure that your electronic transactions with us are secure.”
The problem is, when fine words don’t match reality, public cynicism results. And that hurts.
I was recently discussing with a colleague about the differences in peoples’ attitude to privacy in New Zealand and Singapore. He thought most of it could be explained by differences in culture.
To illustrate his point, he sent me a link to a very interesting website that is based on work done by Prof Geert Hofstede. Prof Hofstede developed a framework for scoring countries on five dimensions: Power Distance, Individualism, Masculinity, Uncertainty Avoidance, and Long Term Orientation.
While it’s possible to see the rating of countries individually, what’s really useful is to compare pairs of countries. Sure enough, comparing New Zealand with Singapore showed the huge variations between the two countries.
I tried a few more combinations and, based on my own opinion about various cultures, found his assessment to be pretty accurate. For example, New Zealand-Canada showed striking similarities and the privacy approach between the two are in fact quite aligned.
As expected, New Zealand-Australia showed similar scoring on all the five dimensions. Not quite sure why Australia is higher on every dimension though.
This approach is of course bordering on stereotyping but, at a sweeping generalisation level with country = culture, it does provide an easy way to see how attitudes to privacy are rooted in culture.
There seems to be a growing trend in the past few years to collect and place more and more data about people into databases and then expect data mining to work its magic. The end result is always justifiable, e.g. stopping terrorism.
It’s irrelevant whether a person is innocent or guilty, just record everyone’s data. And if they are innocent, as the vast majority are, well no harm done.
The flaws in this approach are both privacy concerns and the base rate fallacy.
First, privacy concerns always arise from collecting data when there is no obvious need. It was therefore good to see Ontario’s Information and Privacy Commissioner, Ann Cavoukian, ordering a stop to the practice of mining “extensive” information from people selling goods to second-hand stores, cautioning the practice is a slippery slope toward an Orwellian society where authorities could misuse private data.
She went on to say that, “You’re collecting information on law-abiding citizens, which in a free and democratic society, you only do when you have a suspicion of wrongdoing. Here, we’re . . . treating everyone as a potential criminal.”
Secondly, ignoring the volume and impact of false positives. There is a great article by Bruce Schneier called Data Mining for Terrorists that explores in detail why it’s simply not possible for rare events, like a terrorist attack, to be prevented by data mining (the base rate fallacy).
This article concludes with one of my all-time favourite quotes, “It’s a needle-in-a-haystack problem, and throwing more hay on the pile doesn’t make that problem any easier.”
Dale Olds in The physical location of data matters writes, “…it matters to me in real, tangible ways who runs the servers and where my data is stored ‑‑ and who is liable when there is a failure.”
From an international perspective, while this is of course true, there are bigger issues than just operational issues and liability.
For many non-Americans top of mind when they think about the physical location of their data is the USA Patriot Act. This law presents two particularly thorny issues regarding their data stored in the US.
First, the bar is set very low. US law enforcement agencies can access the data if they consider it relevant to their investigations. This is far easier to meet than the normal test of probable cause.
Second, if data is accessed in this manner, the data holder (the US-based vendor) is not allowed to tell the overseas data owner that their data has been accessed, even if the vendor is contractually bound to do so.
Both of these angles and more are well covered in a report from the Information & Privacy Commissioner of British Columbia, Canada (pdf, 1.29 MB). It was published in October 2004 but still remains relevant.
There is another angle for data location that is top of mind for organisations that outsource IT or back-office functions internationally. That’s privacy and protection of personal information from unauthorised access, especially from insiders of the vendor’s company.
NZ’s Privacy Commissioner recently gave a presentation that includes concerns for personal data held overseas.
It’s no wonder that most organisations prefer to keep their data onshore. Data location does indeed matter.
Clearly timed to start the Privacy Awareness week with a bang, the guidelines are modelled on the Canadian ones (pdf, 253 KB).
The guidelines are “harm based” and leave it to organisations to make their own assessment and decisions about key aspects including which breaches require customers to be notified. They recommend that agencies ask the following questions to determine if notification is required:
- What personal information was released or otherwise compromised?
- How sensitive is the information?
- What is the context (nature) of the personal information?
- Is the personal information adequately encrypted, anonymised, or otherwise inaccessible?
- How can the personal information be used?
- Who received the personal information?
- Will notification assist the affected individuals to mitigate harmful consequences?
All of this sounds sensible but the fact remains that they will be voluntary guidelines. How effective is that going to be? We’ll have to wait and see once the guidelines come into effect at the end of the year.
My guess is that they will be ineffective… and will become mandatory sooner rather than later. After all, most organisations when faced with a choice of burying an embarrassment with the help of legal eagles or coming clean in public are going to make the obvious choice.
The answer is to give them no choice.