Right now, many government computer systems cannot “talk to each other” because their systems are not “‘interoperable”. It is the stated intention of the BC government and of the government of Canada to change their systems to promote “interoperability.”

This lack of “interoperability” means that the personal information in government departments and agencies are effectively “walled off” or in “silos”. When those walls come down, and staff in one department or ministry are given access to information held in other departments or ministries, there is a serious risk that people will have access to a lot more information than they need, or than they should have. This means that individual privacy rights could be at risk.

These ‘‘enterprise-wide” changes are driven by governments’ goals of efficiency and cost-reduction. Recent governments have also pursued outsourcing of the management and administration of their information systems to the private sector based on a belief that this increases efficiency and delivers services more directly to citizens. In the process, governments are often failing to adequately consider the privacy impacts of their work, or even to consider privacy at all.

Another purpose of enterprise-wide interoperability appears to be to permit departments and ministries to do more data matching, and data mining.

Data matching and data mining pose significant privacy threats because both activities involve taking personal information collected for one, original purpose and using it for an unknown number of new, unidentified purposes, including for surveillance. And both involve building a very detailed picture of an individual in a way that was never possible before, while the laws protecting personal information held by governments and protecting individuals’ rights simply have not caught up.

Inter-jurisdictional (Pan-Canadian) Identity Management and Authentication Task Force (1)

One key reason for this drive toward interoperability is the perceived need to avoid duplication. (2) For example, if more than one government agency needs to use your name, address, birth date and SIN, then it seems to make sense for that “identity information” to be stored in one place and accessed from many departments and agencies. This is at the root of governments’ efforts at “Identity Management,” one of the major projects of both the BC and the federal governments.

Governments believe that Identity Management and Authentication will make service to you more efficient, especially when they need to update their own information about you, or verify some information that you (or someone posing as you) has given them in a form, over the phone or online, or they need proof that you are who you say you are (this is referred to as authentication). Privacy advocates are not convinced they are right.

The Inter-jurisdictional Identity Management and Authentication Task Force (“IdM&A Task Force”) was established by a council of Deputy Ministers of provinces, territories and the federal government to develop a national strategy for managing identity information and authenticating individuals across governments, across departments and in various ways. The key to interjurisdictional identity management is interoperability. The Task Force lasted six months, and in that time produced the following reports.

The final report, entitled A Pan-Canadian Strategy for Identity Management and Authentication includes an overview of identity management in Canada.  Recommendations include a set of Pan-Canadian IdM&A guiding principles; a framework which would set the foundation for the development of inter-operable standards, guidelines, models and architecture; a proposal for an interim governance structure; and an action plan for moving forward.

Work continues on identity management at all levels of government. At the federal level, work is planned for the next three to five years, lead by the Treasury Board Secretariat.

Government computer systems linking our information are becoming a reality.  Now, more than ever, strong privacy laws, better enforcement mechanisms and greater awareness are critical to protecting our privacy rights and ensuring we do not “sleepwalk into a surveillance society.”

(1) Much of the work done by this Task Force, including the framework it developed, is being incorporated in other BC Identity Management initiatives including BCeIDng

(2) For example, federal institutions currently obtain identity information including vital statistics (name, birth, death, addresses) from provinces in a multitude of ways, depending on the institution and the system used. The National Routing System permits immediate information exchange of information; by contrast Elections Canada receives updated death information quarterly by CD-ROM; and Service Canada receives the same information several ways, including by secure email.

(3) The Information Commissioner of the United Kingdom, Richard Thomas, who is the privacy watchdog in that country, has repeatedly warned that we are “sleepwalking into a surveillance society.”