According to the OPC (Office of the Privacy Commissioner), the concept of identity is defined simply as how a person is known, either by other people, or by an organization. An individual’s identity is a distinguishing set of information that may vary from context to context. For instance, family and friends may identify a person by certain traits; an employer might identify a person by role, skill or position; and a service provider might identify a person by a unique identification number. This article examines identity concepts and identity management systems that citizens come in contact with on a daily basis, as well as the possibility of a national identity card.
Identity is an important issue for citizens and governments, as well as private sector organizations and individuals. It is important for organizations to identify individuals so that they can provide appropriate services, track individuals’ histories (e.g. health history, previous purchases) or target new services to specific individuals. Whether it is a public or private service organization, individual profiling is a growing trend.
Identity is formed through the combination of disparate attribute information, which can include:
- How an individual is known to other individuals (e.g. name, appearance, membership in a group)
- How an individual is known to an employer (e.g. full name, employee identification number)
- How an individual is known to the government (e.g. name, SIN/Social Insurance Number, health card number)
Each attribute is unique, since the individual in question is the only one to have that attribute. For instance, no two people share the same SIN or health card number. Attributes are context-dependent. While an attribute may serve as an identifier in one social sphere, it may not have any meaning in another context. For instance, a person’s full name may be a unique identifier in his/her workplace, but it may not be a unique identifier in his/her city, as a number of other people may also share that name.
Constant identification limits individual privacy and creates an environment of surveillance and monitoring of activities. One important component of privacy is the ability to carry out daily activities anonymously. Another threat to privacy takes place when there are inappropriate or inadequate safeguards for personal information. Lack of security may facilitate identity theft and impersonation.
Identity Systems Management
A well-structured and responsibly managed identity system can reinforce and defend privacy rights. An identity system recognizes the necessity of effective identification mechanisms in order to fulfill the goals of government and businesses, while still upholding the privacy rights of individuals. Identity management refers to the concept of managing any personally identifying information throughout its lifecycle. For instance, this might involve the passing of attribute data, or the identification of an individual. Identity systems became a significant issue for discussion, especially in terms of improving security after the attacks of September 11, 2001.
The OPC, along with the National Academy of Science of the United States, has suggested a list of criteria that must be well defined before the introduction of new identity systems:
- System purpose
- Scope of population affected by the system
- Means of identity authentication
- Scope of data collected from the individuals
- Users of the system who would have access to the data and their scope of powers (e.g. contributors, viewers, editors)
- Types of use, circumstances of use
- Type of participation/identification (i.e. voluntary or mandatory)
- Level of consent involved
- Legal structures governing the system, data subject’s privacy, due process rights, liability for system misuse/failure
Large-scale, nationwide identity systems are especially of interest, given the security threats posed by terrorists. The implementation of such an identity system would involve policies and procedures regarding account security, privacy considerations, scalability and other management factors. It would require an infrastructure of databases, communications networks, card readers as well as the physical identification cards themselves. There would need to be a system that registers individual identities; stores, updates, searches identities; and issues credentials. It is arguable whether such a system is feasible, desirable or effective at responding to security issues.
Limitations of Authentication
The process of authentication establishes confidence in an identity claim. In order to authenticate their evidence, individuals can present different types of evidence, or authenticators (e.g. passport, ID card, health card or birth certificate).
In most situations, authentication, rather than identification, is what an organization is really after. For instance, a retail clerk wants to know that the customer is authorized to use a credit card. The clerk is not actually interested in the individual’s identity. Likewise, a peace officer checks driver’s licenses in order to determine that the person is entitled to drive. In this case, it would be irrelevant to know the person’s name, age or address.
One of the arguments made by proponents of a national identity card is that it can better prove someone’s identity. While this may be true, the card cannot indicate whether or not the person is trustworthy. However, if identifying information is cross-checked with a criminal database, it can then establish the person’s trustworthiness.
National Identity Cards
Discussion about Canadian National Identity system began after the terrorist attacks on September 11, 2001. This would broadly be defined as an all-purpose identification document, similar to an internal passport, issued to all Canadian citizens by federal or provincial governments. The identification card would be used in numerous situations, including matters with government agencies as well as private entities. Proponents support the replacement of many identification documents with an ID card that would be standardized, recognized and widely accepted in Canada.
According to the Minister of Immigration & Citizenship, this document would likely take the form of a tamper-resistant card that contains a computer chip recording the individual’s name, date, birth place, gender and serial number. It may also include physical attributes (e.g. height, eye color) and other information, such as current address or a sample signature. It would also capture some sort of biometric information from the card holder, for instance, a fingerprint or retinal pattern. This was the most controversial factor.
Countries such as Belgium, Germany, Greece, Italy, Poland and Spain have already implemented national ID card systems, similar to what is being proposed in Canada. The UK is currently looking at means to introduce voluntary or mandatory ID cards, while Australia is debating a national identification plan.
Opponents of the national identity cards argue that it is an inadequate security solution. According to the PIAC, the proposed card scheme fails to meet the three broad goals set out in Canada’s Security Policy, as outlined below:
- Ensuring public safety in Canada.
- Preventing the use of Canada as a launching pad for terrorist attacks.
- Contributing to international security.
To address the first goal, the connection between national identity cards and anti-terrorist initiatives is largely intuitive; there is no evidence to suggest that national documentation would effectively deter terrorist activity. Establishing an individual’s identity in no way reveals that individual’s intentions.
Regarding the second goal, it is arguably more productive to allocate resources to terrorist prevention strategies and intelligence gathering initiatives, rather than to a costly identity system that would only be useful for linking names to faces. The PIAC suggests that the national identity card scheme would be ineffective at identifying terrorists before attacks are committed.
Thirdly, national identity cards may contribute very little to international security. The countries that have already implemented a national identification system have not produced results demonstrating that the cards are actually effective. There is no demonstrable connection between terrorism and the presence of a national identity system.
The development of a national identification card system may be prone to fraud and counterfeit, as much as any other forms of identification. The OPC also argues that such a system may even increase national security risks, as it could give citizens a false sense of security. By contrast, effective security requires depth, or multiple angles of protection. A national ID card provides only one level of security.
Furthermore, the likelihood that the card would serve other purposes is high. The national ID may see a type of “function creep,” which is when information collected for one purpose is used for another. This is certainly the case with the Social Insurance Number (SIN), which branched out into new and unrelated uses. This could raise profound privacy implications for card holders.
This article explores the concepts of identity, identity systems and identity management in Canada. It looks at the shortcomings of identification methods alone, as they are often meaningless without some form of authentication. The article also explores the debate surrounding national identity cards, which were proposed after the September 11, 2001 attacks in the US. It examines the purported objectives of the ID cards as well as the arguments against the introduction of such a system.
In preparation for the Certified Information Privacy Professional/Canada exam, a privacy professional should be comfortable with topics related to this post, including:
- Types of Personal Information (I.B.a.)
- Commissioner Expectations (III.B.g.i.)
- User Access & Redress (V.C.d.)