Stolen identity?

As electronic identification systems are being introduced to citizens around the world, concerns have been voiced on the security of personal data, ID theft and fraud as well as the use of personal information in terms of access given to third parties. The containment of personal information in centralised government databases, which allows information to be shared across borders, is a primary concern.

Last month, UK Shadow Home Secretary David Davis resigned, saying he opposed the "creation of a database state opening up our private lives to the prying eyes of official snoopers and exposing our personal data to careless civil servants and criminal hackers".

The Maltese government is planning to have electronic identification systems by the start of next year. A Bill is under discussion in Parliament that would see the introduction of e-ID cards - an electronic replacement of our present ID cards. Biometric passports are envisaged by the end of the year.

People attempting to renew ID cards now are already being turned away unless the need is absolutely necessary. From next year, we will have new e-IDs in our pockets.

Answering questions on the need for such e-IDs and their benefits, Investments Ministry head of secretariat Manuel Delia said: "Networked information systems give access to information on demand; the key here is storing data centrally and ensure its validity."

This in itself does not clarify the need for Maltese citizens to carry electronic identification systems. The advantage that Mr Delia highlights can be met by converting data already held by the government into digital format so that it can be networked and shared. So why are we being given new IDs?

"The e-ID cards will be able to act as secure authentication systems (as required for online transactions)," Mr Delia explained. This will be possible through the chip that each new ID card will contain.

However, e-ID chipcards linked to centralised databases are contentious for several reasons. Once such a system is in place, it can contain any amount of information on an individual ranging from health records to financial statements. It can store all kinds of data and be linked to other systems. Moreover, all cardholder actions and movements with the e-ID chip card can be electronically traced and linked - as they are through credit cards. The difference with credit cards is that people may opt to use them or not whereas the ownership and use of an e-ID is compulsory.

Transaction-generated data trails from such cards can readily be picked up by computers, stored in databases, searched-for patterns of activity, processed to distil profiles, and merged and matched with census data, credit report data, postal codes, car registrations, birth certificates and so on.

Transactions need not be monitored in real-time; once stored, data trails are permanent for the record and can be examined at any time.

It is for these reasons that concerns about privacy have dominated debates in Europe and beyond wherever similar systems are being introduced.

Plans to introduce ID cards have met with protest in the US, the UK, Canada, New Zealand, and Australia, among others. In these countries, opposition revolves around the idea of an ID card itself, which is an unacceptable concept due to privacy concerns. The fact that the new ID cards will be electronic has only served to make the issue more controversial.

After the loss of CDs in the UK containing the details of 25 million recipients of child benefit, the issue of digital data has become hotter than ever and exposed the vulnerability of centralised databases containing sensitive personal information.

A growing number of hi-tech firms say that far from improving security or cutting down fraud, the cards could actually create security risks. Microsoft underlined the allure of confidential information to criminals warning that the ID card posed a huge security risk that could increase the likelihood of confidential personal information falling into the hands of hackers and criminals.

For the introduction of electronic identification systems in Malta, Mr Delia said that concerns regarding the possible loss or theft of an individual's ID card had been considered.

"The ID card is reported as missing and its functionality is disabled. If it takes the card holder a long time to realise that they have lost the card this in itself poses no major threat as the card will be protected by a further security layer such as a PIN or password."

He dismissed the idea of public opposition and emphasised the added security that such a system would offer: "The government, through the introduction of the National Identity Management Systems, is stepping up the security with which it treats personal information already held on government information systems... People here voluntarily (disclose) their ID card number understanding that doing this facilitates transactions. But the current safeguards for privacy and data protection will remain in full effect."

Mr Delia added: "The data held by the government about a person will not be any more or less available to other parts of the government simply because of the introduction of an e-ID Card."

However, the fact remains that our personal data could be made more accessible to third parties.

Project Stork was set up within the EU with the aim of achieving a pan-European recognition of electronic IDs. European ministers, as well as some non-EU countries, such as Iceland, set themselves the political objective to reach mutual recognition and interoperability of electronic identities by 2010 in the Manchester Declaration adopted in November 2005.

Project Stork, according to its architects, is expected to help bridge the gap between the different e-ID systems currently in use, leading to a de facto standard for interoperability in e-IDs. The deadline for this is 2010, when the EU's European e-ID Management Framework comes into force.

The reason why the EU wants electronic identification systems in all member states containing data that can be read by the different systems in each of its countries is that the information can then be shared.

Mr Delia says that "Malta is following the progress of the Stork project and the e-ID card will keep up with the pace of pan-European interoperability".

It is therefore highly probable that Maltese citizens will have less and less control over who has access to their personal data and for what purposes it will be used.

Numerous questions - for which there are so far few clear answers - still have to be addressed in a transparent public discussion. The introduction of electronic identification documents requires planning and consideration of their implications at all levels, from issue through to control level.

Citizens should be able to understand the system so that they can identify its problems, criticise it, and ultimately control it. This has been the main demand voiced by citizens in Europe and other parts of the world where emphasis is made on the need for more comprehensive public debates that once more focus on a transparent government rather than a transparent citizen.