EDL

Biometrics and the BC Services Card

/ Christopher Parsons / 3 Comments

Image by kentkb

Anti-fraud capabilities are touted as a major component of the proposed BC Services Card. While the government is almost certainly overstating the issue of fraud, the political rhetoric around fraud doesn’t inherently mean that proposed anti-fraud mechanisms will be similarly overstated. Indeed, many of the Services Card’s suggested changes could be helpful in limiting the issuance of fraudulent identity documents; adding a card holder’s photo, an expiry date, and anti-counterfeiting technologies to new medical CareCards could be quite helpful in ascertaining, and addressing, fraud levels. Unfortunately, the biometric systems that will also be linked to the Services Cards are unlikely to significantly defray fraud.

In this post I continue my analysis of the BC Services Card, this time with a focus on the cards’ integration with biometric analysis technologies. I begin by giving a primer on the origins of biometric analysis for identity documents in BC, and then move to outline how the government asserts that the biometric analyses should work. I then explain why adopting biometric identifiers matters: why don’t they tend to work? what is at stake in their inclusion? I conclude by (re)suggesting some entirely reasonable security processes that might defray fraud without needing the cards’ proposed biometric properties.

Continue reading

Now Showing: EDL Security Theatre

/ Christopher Parsons / 2 Comments

darktheatreWe’re paying for a high-tech Broadway show that’s themed around ‘security’, but we’re actually watching the equivalent of a catastrophic performance in a low budget community theatre. The price of admission? Only millions dollars and your privacy.

As of June 1, 2009, Canadians and Americans alike require an Enhanced Drivers License (EDL), a NEXUS card, a FAST card, a passport, or a Secure Certificate of Indian Status to cross a Canadian-American land border. In Canada, only Ontario, Quebec, B.C. and Manitoba have moved ahead to develop provincial EDLs; the Saskatchewan, New Brunswick and Prince Edward Island governments have all decided not to provide these high tech, low privacy, cards to the constitutencies (Source). To apply for an EDL in a participating province, all you need to do is undergo an intensive and extensive 30 minute face-to-face interview at your provincial equivalent of the Department of Motor Vehicles. Your reward for being verbally probed? A license that includes a Radio Frequency Identification (RFID) tag and a biometric photograph. The RFID tag includes a unique number, like your Social Insurance Number (SIN), that is transmitted to anyone with an RFID reader. These readers can be purchased off the shelf by regular consumers, and number your EDL emits is not encrypted and does not require an authentication code to be displayed on a reader. Effectively, RFID tag numbers are easier to capture than your webmail password.

Continue reading

Update: EDLs Live in BC

/ Christopher Parsons

victoriaparliamentThis is almost a week old (things have been busy *grin*), but in case you missed it British Columbians can now apply for Enhanced Drivers Licenses (EDLs) for land and sea entry into the US. Enhanced Identity Documents (EIDs) will be made available for individuals who cannot, or do not wish to, carry a drivers license.

Something that is interesting: To get an EDL in BC will cost you $110 ($75 for a regular 5-year license plus an addition $35 fee); at that price, a passport ($87/92) is cheaper! It seems to me that getting and EDL at that price is just foolish; you still need a passport to fly into the US, and a passport is cheaper if you will both be driving and flying. EDLs (again) come off as a half-assed idea that don’t really accommodate Canadians, but are meant as a passport substitute for Americans who are far less likely to widely travel abroad than Canadians.

Update: More on Quebec EDLs

/ Christopher Parsons

200903191537.jpgQuebec formally announced that EDLs will be available for Quebecers on Monday, with Jean Charest using a relatively bogus financial argument to support EDLs.* Says he:

“If there are five people, five kids and two parents, if they had to all pay for a passport it would be an expensive requirements for them to come here” (Source)

Not withstanding Charest’s poor math (I count seven people in his ‘equation’), the costs that he is referencing are for the people coming to Quebec, not the costs of Quebecer’s traveling to the US. Were he really concerned about costs, he could adopt the line that the OPC and IPC (Ontario) have been pushing: Canadian’s should have their passport’s subsidized, and the lifetime of these documents extended. Were he honestly concerned about the privacy concerns, he would be pushing passports, not EDLs. Fortunately, of course, Charest is a stanch ‘supporter’ of privacy:

“[Privacy is a serious issue. We believe we need to do what has to be done to protect the privacy of individuals” (Source)

Continue reading

Update: EDLs in Saskatchewan and Quebec

/ Christopher Parsons

200903161147.jpgAs I noted a few days ago, the Saskatchewan government is debating whether or not they want to implement EDLs given the privacy and financial risks that accompany the licenses. It seems as though the Office of the Privacy Commissioner of Canada is supporting this hesitancy, with the assistant privacy commissioner;

. . . is applauding the province’s decision to back away from the enhanced licences until legislation addresses concerns about how personal information is used and how vulnerable it is to hackers.

“It’s highly significant,” Bernier said in an interview with The Canadian Press. “The province seems to come to the conclusion … that the cost-benefit analysis is not convincing.” (Source)

It will be interesting to see whether or not Saskatchewan reintroduces EDL legislation after Ontario’s information and privacy commissioner manages to implement an ‘on/off’ switch that she has been talking about with Jesse Brown for the past few weeks. My suspicion is that they will, but that they will let Ontario do the heavy lifting in this area (I expect that Ontario’s influence with DHS will be more substantial than Saskatchewan, but maybe that isn’t/won’t be the case).

Continue reading

Update: EDLs in Saskatchewan

/ Christopher Parsons

200903121823.jpgSome interesting news coming out of Saskatchewan: the government is looking to put the brakes on Enhanced Drivers License (EDLs). While headlines are saying that this is dominantly because of privacy concerns, I think that cost is probably a deeper reason for turning away these licenses. Crown Corporations Minister Ken Cheveldayoff is on record saying:

The criteria from homeland security has been changing. The costs have been increasing and if they go to a point where it just doesn’t make sense anymore then we’re not going to move forward. (Source)

It seems as though costs have risen from $50 – $80 dollars, without a clear sign of that stopping. Cost (financial and political) really seems to be the force keeping these licenses out of the hands of the public.

This being said, I should be fair and point out that the Privacy Commissioner of Saskatchewan hasn’t received the Privacy Impact Assessment from Sask. Government Insurance (Source). The Commissioner wasn’t outright opposed to the EDLs, and is instead suggesting that the province look to its neighbors for ways of tweaking the Bill 72 legislation.To me, this suggests looking to BC and Ontario. I don’t know exactly what the consequences of this kind of ‘tweaking’ would be, especially given how limited those governments incorporated suggested privacy protections, but it would be nice to see documents that really put the Commissioner’s cards (and desired changes) on the table. Seems like a FOI moment….