Technology, Thoughts & Trinkets

Touring the digital through type

Tag: british columbia

A National ID Card By Stealth? The BC Services Card – Privacy Risks, Opportunities & Alternatives

2013-National-ID-Card-by-Stealth-coverThe policies, politics, and technologies associated with Canadian identity documents and their surrounding data architectures are incredibly important issues because of their capacities to reconfigure the state’s relationship with its residents. The most recent such system, the BC Services Card, is designed to expand digital service delivery options that are provided to residents of British Columbia by the provincial government and by corporations. The government, to date, remains uncertain about what services will be associated with the Card. It also remains uncertain about how data linked to the Card’s usage will be subsequently be data mined, though promises that such mining efforts will be exciting and respective of people’s privacy.

Vague statements and broad policy potentials are the very things that make people concerned about identity systems, especially systems that are untested, expensive, and designed with unclear intentions, objectives, or benchmarks.

To try and unpack the policy issues associated with the Services Card, Dr. Kate Milberry and I have written a report wherein we suggest that the Services Card may operate as a kind of ‘proto Pan-Canadian’ identity card. Specifically, the Card is designed to be massively interoperable with other province’s (similar) identity document systems as well as with the federal government’s digital delivery service. Similarly, the Card is meant to interoperate with private businesses’ services. To this end, the lead vendor for the project, SecureKey, has already secured telecommunications and financial organizations as key service delivery partners.

The Services Card isn’t necessary good nor evil. But it is a system that has received little public attention, little external technical scrutiny, and even less external policy critique. The province of British Columbia, and indeed residents of other provinces that are taking up the SecureKey offering, need to be properly consulted on the appropriateness, desirability, and feasibility of the Services Card architecture. To date, this has not been performed in British Columbia nor by the Government of Canada. The document that Dr. Milberry and I have written is meant to contribute to the (limited) public discussion. Hopefully the provincial and federal governments pay attention.

Funding for this report was secured by the British Columbia Civil Liberties Association (BCCLA), and provided for through the Office of the Privacy Commissioner of Canada’s Contributions Program. The text in the report is reflective of the BCCLA’s position towards the Services Card; the report does not, however, necessarily reflect the position of the Privacy Commissioner of Canada. The executive summary, and download link, of  the report follows.

Executive Summary

For the last several years, British Columbia has been developing the technical infrastructure and legal framework for a comprehensive integrated identity system as part of its “technology and transformation” approach to governance. Otherwise known as “Government 2.0” or e-government, this approach will aggregate the personal information of citizens in order to link and share this data across government bodies. The BC Services Card is the latest in a series of major information technology projects that is part of the Government 2.0 mandate. It is a mandatory provincial ID card that enables access to a range of government services, beginning with health care and driver licencing. The BC Services Card is a key element of unprecedented changes in the way the province collects, accesses and shares personal information, including highly sensitive health information, amongst departments, agencies and even private contractors.

The card is just part of BC’s wide-ranging vision for integrated identity and information management—a vision that scales and interoperates on a federal level. Indeed, the system is not only envisioned to extend to other provinces, in essence forming a pan-Canadian identity architecture, but the ID card is expressly intended to provide authentication conducted by the private sector and facilitation of commercial transactions governed by PIPEDA and applicable provincial private sector privacy legislation. The importance of developments with the BC card for national identity management cannot be overstated: the BC Services Card model is interoperable with the federal system, and thus a (proto) Canadian ID card, and is also meant to be used for commercial and e-commerce transactions. Thus, developments in BC have critically important implications for ID systems provincially and federally, and involve both the public and private sector.

This report examines the normative, technical and policy implications of the BC Services Card and the federal and commercial implications of the technical systems underlying the Services Card. Throughout the report, the ID system is examined from the perspectives of security, privacy and civil liberties, and generally echoes the Information and Privacy Commissioner for BC’s call for broad and meaningful public consultation before Phase II of the card program is implemented. Emergent from the analysis of the Services Card is a call for the Office of the Privacy Commissioner of Canada to work with provincial privacy commissioners to issue a joint resolution on the applicable privacy and security standards for the provincial systems on the basis that they will ultimately compose the national federated system. The report concludes with provincial and federal recommendations for designing an identity system that is secure, privacy-protective, trusted and fit for purpose.

Download: A National ID Card By Stealth? The BC Services Card – Privacy Risks, Opportunities & Alternatives

BC Services Card Report Released

Screenshot_2013-04-15_11_24_PMThe proposed imposition of identity cards tends to gets people riled up. This is especially true of the people who are going to have to carry the documents in their purses and wallets. In British Columbia the provincial government has slowly, and quietly, developed an identity card termed the ‘BC Services Card’. The Services Card will effectively be a required piece of documentation for all BC residents as of about 2018; it will be used to access non-emergency medical services, as well as to-be-decided government services provided by education, citizen services, and more.

In 2012, the British Columbia Civil Liberties Association commissioned a technical report about the services card from my company, Block G Privacy and Security Consulting. The goal of our report was to contextualize the politics and technology behind the new BC Services Card and, in the process, understand prospective security-and privacy-related issues linked with the initiative. A core aspect of our report consists of a technical survey of the Services Card and its associated infrastructure. As part of our survey we evaluate possible vulnerabilities that could be exploited by a hostile third-party intent on undermining, disrupting, or otherwise compromising Services Cards or the trust BC residents are expected to place in them as technically sophisticated and reliable identity tokens. Given that we lacked direct access to the cards and infrastructure our analyses and critiques were based on limited documentary evidence, expert-level interviews, and secondary sources.

Highlights from the section of the report covering risks and vulnerabilities include:

  •  The importance of ensuring that government actors responsible for issuing the cards are trustworthy; failure to do so could undermine many of the government’s identity assurance processes that underlie the entire card system.
  • Physical security characteristics are positive, though the inclusion of biometric facial images does not necessarily lead to the security enhancements suggested by the government.
  • The near field communication (NFC) chips embedded in the cards are a point of significant vulnerability, insofar as they could be read at a distance, compromised by a malicious actor, or tampered with to intrude into the computers and mobile phones reading the chips.
  • The potential for ‘function creep’, or the expanded use of the Services Card for purposes beyond the current scope of the card. This might include use of the card by private parties or the card ultimately being integrated with the federal government’s planned pan-Canadian identity card.

In light of these risks, we provide the following suggestions to ameliorate potential security dangers:

  • Penetration tests should conducted to ‘attack’ the system, in order to understand where vulnerabilities exist, how they could be exploited, and how to subsequently rectify them. Given the magnitude of the government’s proposed data linking infrastructure associated with the Services Card this kind of analysis is critical. Testers should be given a wide permit in testing the system and not be artificially limited in what they can do to identify vulnerabilities.
  • Public consultations with security experts should occur and consultations findings summarized and subsequently made public. These consultations should attend to how security of the cards and BC residents’ privacy can be maximized.
  • Public audits should be routinely conducted on the systems and infrastructure surrounding the BC Services Card. This should include auditing private vendors who are contracted to provide service.

Our report is available for public download.

Checking the Numbers Behind BC CareCard Fraud

Image by ivers

On January 7, 2013, the British Columbia government (re)announced that the province’s new identity card, the BC Services Card, would be arriving on February 15, 2013. To date, the Office of the Information and Privacy Commissioner of British Columbia has not released her analysis of the Services Card. To date, the provincial government has been particularly recalcitrant in releasing any information about the cards short of press releases. Though members of civil society are concerned about the card it remains unclear whether they can mobilize to effectively delay or stop the card: indeed, this lack of capacity is something that is explicitly recognized in government documents that were released by ICBC.

This will be the first of a few posts on the proposed Services Card. In aggregate, the posts will examine pragmatic (e.g. fraud, security, biometric privacy) and principled (access to information problems, lack of democratic discussion surrounding the cards, secret usage of citizens’ data, function creep) criticisms of the Services Card. This particular post examines the government’s misleading claims surrounding CareCard fraud. Specifically, I interrogate the government’s assertion that there are many more CareCards in circulation than there are residents and statements that fraud presently costs the province $260 million/year or more. I conclude by stating that the government ought to clearly tell citizens what is driving the cards, given that the primary driver is almost certainly not medical fraud.

Continue reading

Facial Recognition and Enhanced Drivers Licenses

boyinmodelcar1912Enhanced Drivers Licenses (EDLs) have been with us for a while now, and it would appear that we’re starting to see the ‘advantages’ of EDLs in British Columbia (BC). Before getting into the how facial recognition and EDLs are being used, let’s back up and (briefly) outline what makes these new licenses special. As I wrote in “Now Showing: EDL Security Theatre“:

As of June 1, 2009, Canadians and Americans alike require an Enhanced Drivers License (EDL), a NEXUS card, a FAST card, a passport, or a Secure Certificate of Indian Status to cross a Canadian-American land border. In Canada, only Ontario, Quebec, B.C. and Manitoba have moved ahead to develop provincial EDLs; the Saskatchewan, New Brunswick and Prince Edward Island governments have all decided not to provide these high tech, low privacy, cards to the constituencies (Source). To apply for an EDL in a participating province, all you need to do is undergo an intensive and extensive 30 minute face-to-face interview at your provincial equivalent of the Department of Motor Vehicles. Your reward for being verbally probed? A license that includes a Radio Frequency Identification (RFID) tag and a biometric photograph. The RFID tag includes a unique number, like your Social Insurance Number (SIN), that is transmitted to anyone with an RFID reader. These readers can be purchased off the shelf by regular consumers, and number your EDL emits is not encrypted and does not require an authentication code to be displayed on a reader. Effectively, RFID tag numbers are easier to capture than your webmail password.

As part of the EDL process in BC, there is a capturing of facial biometric data to better authenticate license holders. I noted that I was confused about how effective such a system might be without a mass adoption of the EDL a few months ago,

Continue reading