Privacy and Electronic Identification

Electronic identification is of great advantage to organisations and individuals. There are also many benefits to individuals in having a national ID card and being able to access the information on the card electronically.

To date Australia has not introduced a national identification system because it has the potential to compromise an individual’s privacy. The fundamental concern with a National Identification Scheme is the ID number. If we each had our own ID number and if that number was used to identify records in different databases then it becomes very easy for the holders of our information to combine data from disparate databases without our knowledge or our consent.

This is a problem for the following reasons:

  • Information in some databases may be incorrect and that incorrect information can soon spread to other organisations. For example you may have a speeding ticket that you successfully defend in court. The fact that you have a speeding ticket might be spread to your credit history database but your appeal might not.
  • It is not in your interests for the person from whom you purchase groceries to know your health records as it serves no purpose.

While we can put in place rules to say that incorrect information must be corrected and forbidding organisations from sharing data, these are a second best solution when compared to a system that prevents this happening in the first place.

The rules for a system to prevent breaches of privacy are:

  1. A person is never identified by the same number in more than one database. For example, your credit card number only identifies you to the bank issuing the credit card;
  2. A person is entitled to look at any records of personal involvement with any organisation and has the ability to challenge the veracity of the data;
  3. Whenever information is passed from one organisation to another the person approves or is informed of the transfer;
  4. A person need only provide the minimum information required to complete a transaction.

The characteristics of such a system means that breaches of privacy are less likely to occur.

Identity systems based around electronic identity providers such as Edentiti enable these rules to be implemented because we use the person to identify themselves rather than an artifact (such as a number or a card). With an Edentiti system:

  1. A person is identified by their individual edentiti and has a different ID number for each relationship;
  2. A person can access their own information via their edentiti;
  3. A person’s edentiti can be told of the transfers of information;
  4. Only the minimum information needs to be transfered for any transaction.

What this means is that a national identification system can be implemented provided a person is only ever identified via an identity provider. Privacy is maintained because breaches cannot occur if the rules are followed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s