UK Dept for Digital, Culture, Media and Sport (DCMS) Call for Evidence on Digital Identity 2019
UK Government Biometrics Inquiry
The British House of Commons Science and Technology Committee over 2014-15 carried out a lengthy investigation into “Current and future uses of biometric data and technologies”. Lockstep made a detailed submission, which was cited in the committee’s report.
Australian Digital Identity Legislation 2017-21
Over the years, Lockstep has made submissions to Australia’s federal Digital Identity Agency on the “digital identity system”, the Trusted Digital Identity Framework (TDIF) and the recent moves to legislate for digital identity.
- There are plenty of “trust frameworks” already; the last thing we need is a specific digital identity trust framework like TDIF.
- The international digital identity industry has moved comprehensively towards decentralised verifiable credentials and strong client-side authentication tools (especially through the FIDO Alliance); Australia needs to catch up with these standards.
- The Australian states are implementing digitised credentials at a rapid rate, refocusing from Who a citizen is, to What attributes and claims they need to prove online; DTA risks being left behind by these developments.
OAIC Guide to Information Security 2013
We made a detailed submission to the Office of the Australian Information Commissioner on the development of privacy guidelines for security practitioners.
“I have two reasons for raising awareness of Threat & Risk Assessment in the context of the Guide to information security. Firstly and most immediately, I suggest that the methodology of TRA is the best way to unify the disparate security measures that are provided in the draft.
“More strategically, Lockstep Consulting has found that in practice, the TRA exercise is readily extensible as an aid to Privacy by Design. A TRA can expressly incorporate privacy as an attribute of information assets worth protecting, alongside the conventional security qualities of confidentiality, integrity and availability (sometimes collectively dubbed ‘C.I.A.’). A crucial subtlety here is that privacy is not the same as confidentiality, yet as discussed, ICT practitioners frequently confuse the two. A fuller understanding of privacy leads designers to consider the Collection, Use, Disclosure and Access & Correction principles, over and above confidentiality when they analyse information assets.”
Health Identifiers Bill 2010
Lockstep made a brief submission to the Senate Community Affairs committee reviewing the draft Health Identifiers Act. The submission has been published at the committee inquiry website (submission no. 2) and is attached below.
We submitted that the bill appears to have been drafted around one particular centralised architecture, and contemplates only one use case, in which an authorised person retrieves the IHI for a given patient by sending identifying information about that patient to the identifier service. We discussed the adverse privacy impacts of this architecture, and urged consideration of decentralised, patient-centric alternatives where individuals can carry and present their IHIs directly as needed.
“We submit that the healthcare identifier system and legislation should anticipate the advent of personal security technologies for protecting IHIs. In legislating, government should seek to avoid enshrining a single centralised architecture for managing identifiers.”
“The IHI service as contemplated in the Act would intrinsically lead to information about patients’ consultations with healthcare professionals being disclosed to the government. It would create an audit trail outside the clinical environment of every point where a provider accesses the IHI service, such as initial consultations, hospital admissions and emergency department admissions. As a consequence, participation in treatment by certain types of patients (e.g. those with mental health conditions, drug & alcohol dependency, or sexually transmitted diseases) could be jeopardised if their personal details are to be routinely disclosed to the HI service. Some patients in these categories will simply forego treatment rather than have their personal information escape the trusted local clinical environment.
“We submit that options must be provided where a patient is able to disclose a reliable copy of their IHI directly to the healthcare professional, so as to minimise the extraneous disclosure of information about the clinical encounter.”
Cybercrime Inquiry 2009
In May, the House of Representatives Standing Committee on Communications launched its Inquiry into Cyber Crime. Lockstep made a detailed submission (PDF) concentrating on the need for better protection of digital identities. We argued that smartcards and the like [that is, smart phones subsequently] have unique potential and yet attract undue anxiety, and we canvassed ways to reduce the political risks.
Committee Hearing appearance
On 9 Oct 2009, Stephen testified at the Inquiry hearings in Sydney. The Hansard transcript of the hearing is available here.
Stephen testified that ‘We take a lot more care with car keys than digital identity. Electronic services are still very timid about authentication. Convenience trumps all else. [So now] cost of ID fraud every year far exceeds the cost of car theft.’
Other topics covered during Stephen’s appearance included the limitations of biometrics in the cybercrime context, overseas learnings from programs such as Estonia’s multi-function smartcard, the risks of not using intelligence authentication to safeguard health identifiers, and the parallels between smartcards and SIM cards which attract no anxiety at all.
Extract from Lockstep’s written submission (Executive Summary):
“It is no exaggeration to characterise the theft of personal information as epidemic. Personal information in digital form is the lifeblood of banking and payments, government services, healthcare, a great deal of retail commerce, and entertainment. But personal records―especially digital identities―are stolen in the millions by organised criminals, to appropriate enormous financial assets, as well as the fast growing intangible assets of ‘digital natives’.
“Credit card fraud over the Internet is the model cyber crime. Childs play to perpetrate, and fuelled by a thriving black market in stolen details, online card fraud represents 50% of all card fraud, is growing at 50% p.a., and cost A$71 million in 2008. The importance of this crime goes beyond the gross losses, for some of the proceeds are going to fund terrorism, as recently
acknowledged by the US Homeland Security Committee.”
“Lockstep submits that to really curtail cyber crime we need the sort of concerted balanced effort that typifies security in all other walks of life, like transportation, energy and finance. Bank customers don’t need to install their own security screens; bank robbers are not kept at bay by security audits alone. The time has come, now that we’re constructing the digital economy, to embrace a new breed of intelligent security technologies that can actually prevent identity theft and cyber crime.”
“We submit that the most important new technology for preventing digital identity theft and therefore cyber crime in general is to be found in smartcards and related intelligent personal authentication devices such as smart phones …”
“Please note carefully that what we propose is that Australia can implement digital identity security measures nationally without any semblance of a national identity system. To avoid a national identity, intelligent technologies should be deployed according to principles such as:
- existing purpose-specific identifiers and relationships with service providers should be preserved
- different digital identities should be dedicated to banking, commerce, healthcare, government …
- no new multi-purpose identifiers need be created
- businesses and agencies should remain autonomous in how they transact with users
- no new central registries are necessary to improve the pedigree of digital identities”
Digital Economy 2009
Lockstep responded in February 2009 to the “Digital Economy Future Directions Concept Paper” issued by the Department of Broadband, Communications & Digital Economy. Our submission is attached below, and can be accessed at the DBCDE submissions website.
Extract from the Executive Summary:
“The identity fraud epidemic and its implications for all online services must not be underestimated. The Internet has given criminals x-ray vision into peoples’ banking details, and perfect digital disguises with which to defraud business and governments. Identity theft is perpetrated by sophisticated organised crime gangs, behind the backs of the best trained and best behaved online shoppers, aided and abetted by insiders corrupted by enormous rewards. No amount of security policy, database encryption or compliance audit can overcome the profit motives of today’s fraudsters.
“The predominant policy of technology neutrality and a focus on policy and user education has led to an imbalance in how government and business deals with identity security. We urge government to treat cyber security – especially identity security – with the same sort of blended approach as befits any critical infrastructure … Government should lead by example, deploying the very best identity technologies to safeguard its citizens when rolling out coming generations of online services, such as health identifiers, shared electronic health records, social security services, and e-voting.
“A common approach does not imply a shared identity management system, which would be problematic on many levels. Rather, we advocate a shared set of standards and specifications – comparable to the telephony environment – underpinning a fully contestable market supplying solutions to all sectors.”
National Innovation Review 2008
Lockstep made a submission to the Federal Government’s Review of the National Innovation System in 2008, and lodged an online follow up after Dr Terry Cutler’s “venturous Australia” report was released. Here’s part of what we had to say:
“What do entrepreneurs (especially small ones) need most to help them innovate and prosper? I suggest it is metaphorical OXYGEN! We innovating SMEs need:
- access to prospective customers so that we may showcase disruptive technologies
- procurement processes that admit (or encourage) some technological risk taking
- tender specifications that allow for the unexpected in responses (that is, disruptive technologies)
- attention and open-mindedness from big players who too often are disdainful of SMEs
- curiosity for innovation amongst business people.”
Our submission is at the bottom of this page.
Access Card Consumer and Privacy Task Force (Discussion Paper 2) 2007
The Access Card website was taken down when the project was canceled. Our submission is no longer available online but is attached at the bottom of this page.
“Lockstep sees no technological problems in replicating electronically something very much like the Medic Alert system. In fact we propose in this submission a secure, lighttouch digital certificate based approach which would simplify the process of loading trusted data, and enhance the privacy and integrity of the system. Using certificates, we can convey the “pedigree” of medical data created by authorised parties without creating an additional special area of the card, or using any special protocol per se for storing authorised data to the card. Instead, pedigree can be embedded in the way the data is packaged before it is stored, simplifying the layout of the chip, and also improving the trustworthiness of data when accessed in offline environments.”
Senate Committee inquiry into the Access Card legislation 2007
On 2 March 2007, Stephen appeared before the Senate Finance and Public Affairs Committee reviewing the Human Services Access Card legislation. The Hansard record of Stephen’s testimony is at http://www.aph.gov.au/hansard/senate/commttee/S10026.pdf.
“The Access Card plans do not yet embrace the full potential of smartcard technologies to enhance consumer privacy and online safety … There is an array of privacy enhancements that are compatible with the expected Access Card platform. These could be implemented right away – or if need be, retro-fitted later – but only if the legislation allows. Public confidence and take-up of the card depend on getting privacy right, upfront. A huge opportunity to fully utilize this most important infrastructure investment might be lost if the Access Card Bill prematurely freezes the design of the chip, cementing possible privacy compromises, or inhibiting future safety improvements.
“Lockstep offers the following recommendations:
- There is no need for the legislation to be so specific about the contents of the chip.
- There should be a new independent ombudsman or similar function to review and oversee all new Access Card applications so as to manage the risks of function creep without over-legislating the chip design.
- To prevent the Access Card number becoming a de facto electronic identifier for indexing backend systems, it would be better for as many participating agencies as possible to have their customer reference numbers accommodated in the chip (and not merely Medicare and DVA numbers as currently drafted).
- Given that significant welfare fraud is associated with manipulating or counterfeiting dependants’ details, more work may be needed on how dependants will be recorded and managed in the chip.
- When it comes to legislating for the consumer-controlled area of the Access Card, we should anticipate beneficial third party services and intermediaries that will benefit consumers by enhancing smartcard-based information management.”
DCITA spyware inquiry 2005
“One of the most important countermeasures against spyware for now and the foreseeable future is [Mutual] Authentication, to safeguard against phishing and fraudulent websites (as these are major vectors for the propagation of malware). Lockstep contends that the only truly effective means for bilateral authentication today is smartcard technology. Other commentators, and the US Government, agree that conventional two factor identity devices have major weaknesses in remote authentication over the Internet.
“Therefore, Lockstep believes government would do well to foster the use of smartcards as best practice [mutual] authentication. Government could do so by implementing smartcards for public servants as the standard means for remote access security. The smartcard reader supply side could be stimulated by government purchasing policy mandating the inclusion of readers in standard builds (as has happened in the US Department of Defence).”
National Health Privacy Code 2003
Submissions on the draft code are no longer available from the Department of Health and Aging website, but Stephen’s letter is attached below.
“The current definition of health information includes ‘genetic information … which is or could be predictive (at any time) of the health of the individual’. We suggest that the predictive power of information about diet and exercise is stronger today than is almost any genetic information at hand, and is therefore just as deserving (if not more so) of inclusion in the definition.
“We strongly support [proposed definition option 2] where the scope of the Code is broad enough to cover all organisations handling health information of any individual. Thanks to e-commerce, there is a fast growing array of non-health organisations capable of compiling rich veins of health-related information about individuals. For example:
- Bookstores and libraries tracking interest in self-help books can determine what their clients at least believe they suffer from, if not what their medical conditions actually are.
- Grocery stores with regular customers can determine in great detail the eating habits of families and individuals.
- While herbal remedies remain generally available from supermarkets and retail outlets, these organisations too can work out what some of their customers may believe they suffer from. For example, regular purchase of St Johns wort is very likely to indicate a depressive illness, real or imagined. …
- Internet fridges are capable of fine-grain tracking of what and when people eat. It is not yet clear which types of organisations are going to be collecting this information as Internet fridges and other domestic appliances penetrate the market; if whitegoods manufacturers can collate the data automatically, then there could be a ready market for the information. There are clear health privacy implications.
“If the definition of health information was to include diet and lifestyle information then there is a strong case that any organisation handling such information , including bookstores, Internet search engines, grocery outlets and fast food companies , should be covered by the Code.”Lockstep Submission on the Digital Economy Feb 2009 Lockstep Submission to Fels Access Card DP1 (July 2006) Lockstep Submission to Fels Access Card DP2 (March 2007) National Health Privacy Code submission April 2003 Lockstep Senate Community Affairs Committee Submission Healthcare Identifiers Bill 2010 100301 Lockstep Submission to Innovation Review 080430