Electronic identity authentication can take many forms and each involves some level of privacy risk. Towards one end of the spectrum there are technologically complex systems such as "smart" identity cards (perhaps incorporating biometrics) and public key technology, and towards the other end are less complex options involving user-names and passwords.
The options being presented for public consultation have avoided the complexity of some of the high-level authentication models and it is reassuring that no-one will be forced to register for the on-line service. However, having a choice whether to "opt-in" or not is only meaningful if other alternatives continue to exist in parallel with the on-line option. It is important that non-electronic methods of dealing with government agencies are retained.
Nor should the adoption of new electronic authentication be used to diminish citizens' opportunities to transact anonymously where appropriate. For example, someone might today pick up a leaflet from a government agency without identifying themselves. People should be able to anonymously download the equivalent leaflet online in the future without having to authenticate their identity. There is a risk of a great loss of privacy if the creation of ubiquitous electronic authentication systems mean that the State insists on verifying identity in a range of circumstances where citizens currently transact off-line on an anonymous basis or are taken at their word when they identify themselves.
Experience in other parts of the world has shown the need for caution in introducing authentication systems. Citizens are rightly concerned about the risks of national identity cards being introduced by stealth and the risks of misuse of their personal information by government. They are right to question how their privacy will be protected - both now and in the future.
I am taking a close interest in this project and have emphasised the need for a thorough analysis of the privacy issues. The government accepted back in April last year that a full assessment of the privacy risks associated with the proposal would be carried out. It is disappointing that the public is now being asked to judge the merits of the various options without the benefit of that assessment. The public needs to be assured in a transparent manner that the privacy risks have been properly addressed before any options are selected. A thorough and detailed privacy impact assessment is needed on the chosen option to ensure that people's privacy is guaranteed.
Tidak ada komentar:
Posting Komentar