It is difficult for the BCCLA to present its views on the proposed national identity card, because there appears to be no proposal for such a card. Ideas seem to run from the benign – enhanced security of birth certificates or passports, for instance – to the fearsome, with some ideas centred on mandatory national ID, with a legal requirement that it be produced on demand.
We are disappointed that, in addition to having only the vaguest outline for a proposed card, the government has not seen fit to provide any comprehensive evidence regarding the problem that the ID card is designed to address. For instance, we have seen no reports, submissions or proposals addressing the following questions, which we see as fundamental to any debate:
What is the extent of ‘identity theft’ and related fraud in Canada? To what extent could this problem be ameliorated by stronger identification protocols?
If the stated concern is terrorism, what percentage of terrorist activity relies upon access to false identities, and how could more effective identifiers prevent terrorist attacks?
In what situations does the government envisage the identification to be used?
What assurances can be given that the information in the databases is accurate? Experience in other countries indicates very high levels of inaccuracy due to human error at input.
Without any specific proposal on the table, we are here limiting ourselves to expressions of concern over what we take to be the core of the proposals – that is, a universal, possibly mandatory, national ID card that incorporates a biometric method of identification.
The Circumstances in Which the ID will be Required – One of our central concerns regarding the current dialogue is that advocates of a new national identity card apparently anticipate a system whereby the card must be carried at all times, either by everyone or by a certain class of Canadians (i.e. recent immigrants), and that it must be produced on demand, or at least in a wider variety of circumstances than those in which present forms of ID are required.
The BCCLA strongly opposes any system that requires Canadians to produce identification, outside the circumstances when they are presently required to do so (when, for instance, they are being legitimately detained in connection with offenses, when travelling by air, entering or leaving the country, when driving, etc.).
The BCCLA’s position is that privacy requires that law abiding citizens going about their lives must have a right to a legitimate degree of anonymity. The BCCLA endorses the submission of Mr. Loukidelis, B.C.’s Information and Privacy Commissioner, both in general and especially on this point. We propose that free citizens have a special interest in remaining unidentified by the government, except in those narrow circumstances where the government has a legitimate interest in identity. While there are certain circumstances wherein security interests outweigh this privacy interest, these exceptions must be narrowly drawn and demonstrably justified.
Type of Biometric Identifier – There is a concern that insufficient consideration has been given to ‘passive’ and ‘active’ biometric information; the latter requires that the subject participate in – or at least be aware of – the identification process. Examples of ‘active’ biometric identifiers involve traditional modes such as signatures and photographs and more futuristic ones such as iris scans, thumb prints, or hand shapes. Increased reliance upon the latter category presents concerns that their use might lead to computerized tracking of citizens through data matching; however, the participatory nature of the data retrieval (as with signatures and traditional photographs) does not permit surreptitious surveillance.
“Passive” identifiers, on the other hand, are capable of being “read” at a distance by computer; facial recognition technology is the most obvious present-day example. Inclusion of such identifiers in a national ID database, combined with the increased use of CCTV cameras, would expose the citizen to secret tracking that could approach total surveillance and be truly Orwellian in its implications.
Information Storage – At its simplest, a card might presumably feature only the barest information on an individual – name, date of birth and biometric identification information, for instance. However, this information is of limited utility – it would permit the authorities to confirm only that the person before them was in fact who he claimed to be. In order to be effective for law enforcement, immigration, or other government purposes, there must be access to further information, and this is the heart of the problem.
Presumably, other information ‘matched’ to the citizen’s name would be stored in central databases, linked through a system of government protocols and hierarchies of access. However, each further piece of information stored on the card – addresses, etc. – increases exponentially the chance that the card itself can become a catalyst for both official and non-official abuse.
Moreover, to make such a card (at least in theory) secure, the primary information from the card, including the biometric information itself, must be duplicated and stored in a central government database. While the storage of such information does not necessarily present insurmountable privacy concerns, such a database would be easily linked with other government information, providing immediate access to all the information about a citizen in the government’s possession.
The existence of such a broad central database raises many concerns.
Accuracy can Present Temptations for Abuse – Even if there are no conceptual differences between a proposed national ID card and the present system of ID with ‘soft’ biometric identifiers (such as photographs and signatures), it is our concern that the very accuracy of an enhanced card, coupled with its universal adoption and the increasing ease of computer data retrieval, will produce steady pressure and momentum to employ the card in a wider variety of circumstances; this is the so-called “function creep” identified by Mr. Loukidelis, and we adopt, without unnecessarily repeating, his concerns on this point.
Commercial Exploitation – Twinned with our concern about the uses to which government would put the card is an equally pressing question about possible commercial abuses of the technology. The enhanced identification of consumers, and the building and sharing of information that might develop from a single centralized system, would be an invitation to private sector exploitation and abuse.
Collection of Biometric Data – the BCCLA is concerned that any collection and storage of data by the government represents an invasion of privacy. Such an invasion must be proven to be justified by the anticipated benefits arising from the invasion, and even if it is justified, must be carefully tailored to invade privacy as little as possible. The public discussion of the potential benefits and dangers associated with the collection of biometric data has not yet taken place.
Heightening Unnecessary Fears of Terrorism – The BCCLA is concerned that proposals by the government regarding a national ID protocol both feed citizens’ irrational fears of terrorism and feed off those same fears. We note that more effective identification would have been fundamentally irrelevant in preventing Canada’s worst terrorist act – the Air India bombing. In fact, there seems to have been not a single act of terrorism against Canadians that might have been prevented had even a ‘foolproof’ national ID card system been in place.
It is therefore the view of the BCCLA that if fundamental and far-reaching changes are to be made in the way Canadians identify themselves, those changes must be justified on bases other than the threat of terrorism.
Legitimate Strengthening of Foundational Documents
Having mentioned some of the most pressing civil liberties concerns regarding a national ID card, we recognize that arguments remain that Canada’s present system of identification might be insufficient for legitimate government purposes. We therefore accept that a re-examination of the security of Canadian identification regimes is called for, and some provision for a ‘stronger’ foundational document (such as a birth certificate or certificate of citizenship) – with or without biometric identification – might conceivably be desirable, as might efforts to “strengthen” other forms of identification such as drivers’ licenses and passports.
Given the appropriate evidence, the BCCLA might acknowledge that the interests of security and efficiency may well be served by an improved system in which foundational documents are more accurate, reliable, and useful, while ensuring that the system is secure and maximal privacy is afforded. Obviously, such improvements require attention not only to foundational documents, but also to linkages between those and secondary (and tertiary, etc.) documents.
Foundational documents, of course, need not be readily portable; in other words, problems with ‘identity theft’ and fraud can be addressed without a “card” at all. Stronger ‘foundational’ documents would in turn assure that the secondary and tertiary documents actually carried by citizens, such as drivers’ licences, passports and so on, are themselves more reliable as legitimate means of identification.
However, long before we are in a position to determine what ‘strengthening’ of foundational or other documents might be legitimately required, we would need to be confronted with a strong case from the government as to why this is so. At this point, no such case has been made.