Examining identity and biometric data in the contexts of national security
privacy and efficieny of governments
payment systems and the financial and banking industries
Mosaic Portal Network
Kevin Beck works with Professional Managers and Associates, Australia
This Melbourne based company has relationships with numerous companies, and interests, engaged in the technology, identity and biometric markets and in banking and finance
national security, transport, health and medical sectors, mining and resources and with small to medium enterprises.
K Beck provides services internationally.
Spying, Identity Theft & Privacy Invasion
AUSTRALIA: CHEAP MINDSETS
AND THE AUSTRALIAN BANKING SECTOR
Since the sixties a whole industry has developed around card issuance. First we had the membership cards, many of them pieces of paper laminated. The identity instrument - things like paper driver licences - were similarly laminated. Bank cards heralded the introduction of mass plastic cards in the mid sixties and large volume card printers entered the market invented by Datacard in Minneapolis, in the United States.
Employee identity, loyalty and the myriad of other cards evolved. Magnetic stripe technology changed the way cards could be used, and the ATM and EFTPOS systems were born. The chip card (or smart card) arrived and the whole concept of cards and identity entered the privacy debate arena. Government wanted to identify people. Big brother conspiracy theories and the "benders and the shapers" who like to tell us how to live and what information may be kept by banks, enterprise and governments, took up the cudgels to defend our very existence against the pernicious forces.
Meanwhile a myriad of players world wide had entered the market place, ranging in size from multibillion dollar international corporations down to small businesses turning a million or lower. The number of players have created a predatory market not the least with the rise of China into the cheap seats, setting new benchmarks in "quality can be cheap" "cheap can be quality", perception and thinking of both business and consumer. The wonder is that some believe that increased productivity and reduction in costs will save the day and that endless growth is achievable. Cheap takes us to the bottom and is a zero sum game. No one is happy except the ultimate winner and are they really the winner in the long run? Relationships are short term, and fraught, in a world of cheap commercial players and market gamers.
The biggest buyers of cards in Australia, and probably the world, are the banks. They come armed with their own rules and a cheap mindset for everyone else except themselves. So the suppliers of products, and services, to them are supposed to sell it to them at bargain basement prices, whilst wearing loin cloths and shivering in cardigans in the icy cold fridge that is the banking world of negotiating contracts and relationships. No heart beats here. On the reverse side the banks charge heavily to their customers making enormous profits for their shareholders. A detachment from reality and relationships. The game is not fair or even. I think that the banks have questionable tendering practices. A technique used by less ethical operators would be to tell bidders how much dearer they are against the others to achieve their price objectives. The end justifies the means and anything goes s we have seen in the past few years. The banks are not good learners. They use fear as their primary tool of negotiation. The suppliers live project by project in this atmosphere of fear. The contracts churn. The margins ever lower destroying the supplier economic base. The consumer never receives the benefits of this repressive action. They still pay the banks usury rates for their credit.
Vested interests rule the world of the ordinary person, and we the consumer, and user, get little say, but that is about to change. Technology as always changes the world and it is mobile technology that returns the control to the user/customer and is the disruptive technology that incumbents fear. Disruptive technology shatters the cosy relationships and the clubby atmosphere.
Mobile technology is evolving and when coupled with the Internet it is defining a forward looking statement based on the long term view of the replacement of cards, tickets, cheques and cash. Financial institutions and banks can move beyond traditional customer bases to targeting the "non bank" customer, which is a very large segment of the Australian market sought by banks as well as micro finance for small business and single entrepreneurs. The Application Mobile Wallet - A new type of instant issuance of the future
A "Mobile Payment Wallet" bundles cards, accounts, prepaid cards, cheques, BPay along with other instruments onto a mobile device. This offering incorporates digital receipts, loyalty, (underwritten by banks and other enterprises, including large retailers and service providers entering non - traditional markets in insurance and finance), generic gift card, health and social security payments and transactions (government and private), airline flight boarding passes, cardless ATM withdrawal, ticketing services for transit and entertainment, using the devices as the transmission (wave and pay technology) with an endless set of options for merchants to participate in programmes.
These new offerings include customer choice options for billing of transactions into the mobile phone, or device service provider such as Optus or Telstra in Australia and subsequent clearance of that bill by the banking or financial services provider. The server-based wallet is quite agnostic to the telecommunications access channel and the customer can access services over both mobile and non-mobile services.
Instead of using a card the customer can use a secure SIM menu, a USSD channel or an SMS, web, POS, ATMs, IVRs and any other thing that comes onto the market. The mobile device, and the identity credential including the PKI credentialing certificate process, enables any transaction over any digital transmission technology.
These technology platforms incorporate multi factor and multi modal authentications for customers covering merchants, money transfers such as western Union, bill pay, secure on line shopping eliminating the "no card present" issue, with stored value prepaid options for customers who wanted secure transaction with limited exposure of their funds and budgetary control. The software control, for these various transactions on mobile, accords with Anti-Money Laundering plus credentialing for specified transactions. Any abnormal account activity will stop the transaction in the mobile device. This goes head on into competitors anti-fraud systems such as ANZ Bank's Falcon.
A whole industry developing mobile applications is crated. The applications are deployed and automatically transmitted to the mobile device without required user action, once they have logged on via their app on the mobile device. The user profiles, goes beyond a mere card, to a customer defined suite of tailored services for the customer demographic running on various integrator platforms.
THE GRADUAL DEMISE, OR REDEFINITION OF TRADITIONAL INDUSTRIES AND SMALL PROVIDERS IN AUSTRALIA
As with any major disruptive shift in technology there are winners and losers. Many small entrepreneurs have built a business around plastic cards, small software applications and the clips and pins that go with them. Some will remain to service niche markets.
The real impacts will come in the large production, and printing bureaus, that have grown up to service banks, large enterprise and government agencies. The card manufactures, and personalisation industries, including packaging, that deliver flat boring cards and the new generation smart cards.
Cards which have dominated the market will no longer be the over - riding marketing, branding and service instruments tools, as the developed world goes mobile.
There are those who argue that mobile devices are unreliable, that not all people have smart phones, the older people will not want to use them, the lower income people. The Australian government gave away set top boxes when they mandated digital and shut down analog. The internet has been embraced. New gadgets infest the houses and the tablets are everywhere. Apps like software are easy to replicate, at almost no extra cost, transport costs, vaults and machines are no longer needed. Cards are not replicated quickly like apps and cannot move invisibly and be delivered instantaneously. It will take time, I think five years. The bureaus will have to become software houses developing applications and offering data warehousing and other services to meet the challenge. Cards will not die out completely they will just slowly fade away to an insignificant proportion of business compared to now. The Australian bureau that moves first on this will take the market until the others catch up. I have a theory as to which of the major players it will be out of, Gemalto, Oberthur, Placard or ABnote Australasia. The manufacturers of the card personalisation machines at desktop and bureau levels (companies like Datacard, Muhlbauer, Zebra, Fargo, Evolis et al) will have to think about their future too. They will have to diversify. United States technology and finance and banking that have for a long time dominated because of their size will lag behind other developed countries. They are price driven, often small banks and companies with a small market share and customer base. The card, and identity, technologies, for example in US banking and telecommunications, are aged or designed for the US market and are not easily migrateable. There are often differing regulatory rules to in the rest of the world.
AUSTRALIAN GOVERNMENT SERVICES AND TELECOMMUNICATIONS DELIVERY
Australians have become used to their Medicare card and their health cards. But governments are looking at the way they interact with the citizens to whom they deliver services,. They are moving on line and with that comes the need for a technology that transmits data in huge volumes to millions of devices of varying type. users will have many, PCs, tablets, mobile phones and televisions. The National Broadband Network is a physical representation of anticipating the challenge. The traditional sellers of telecommunications services, like the bureaus above are also impacted. They better have a better infrastructure than they have now, coupled with really good government policies (the Australian Liberal Party federal opposition wants to get a move on in defining one) than they have got now which is labouring under the new hand held devices. Telecommunications companies live on the edge of misrepresentation of their service delivery capabilities. (Kevin R Beck, "Fear, Manipulation and Disruptive Technology in the Card World", 2012)
An uncomprehending, uncompromising political mindset that plays with the national interest.
When the labor government under Kevin Rudd came to power an initiative known as the National Broadband Network was unveiled. It was valued at $A40 billion. Hysteria among the conservatives and the economic rationalists broke loose. The vested interests of the telecommunications owners was apparent. The media danced a jig with the now common, and boring, retort, "where is the money coming from?". Apparently we, as a nation through our governments, cannot invest in our future if it is expensive. That is the role of the private sector. This is closed mind economic, and ideological, humbug.
Under the Australian coalition, and the ideologically inclined free marketeers, our telecommunications, and internet, is to be at behest of vested "narrow minded" interests. Those who will value Facebook at $US90 billion and believe the internet is about movie downloads and surfing or shopping on line.
The arguments against labor's NBN oscillate around the value of Telstra's copper cable, design concepts - fibre to the node, fibre to the home, wireless and two wires between two cans, all focused on the person at home. Typical myopia. But this was never the aim or objective of the labor plan.
When one digs deeper into the concept, design, planning, and structure, of the NBN Corporation and all of the participants involved it becomes apparent that the fibre optic cable to the home is merely a peripheral item in the more adventurous, and innovative, conceptual NBN. It is a brilliant piece of thinking. There are strategies within strategies, wheels within wheels.
PERHAPS THE LIBERAL OPPOSITION ARE PISSED THEY DID NOT THINK OF IT?
Of great interest to me, in the mosaic of the NBN, is Australia Post's Digital Strategy (incorporating their 24 hour self assistance centres, gyro banking and services kiosks and Amex foreign exchange facilities along with a myriad of other Australia Post initiatives which I believe will include a shopper comparison web based service similar to the Canadian Post service.
In amongst the openly known, higher profile planners and participants we find people working from universities, and institutions, education, research and development, small to medium enterprise existing, emerging and new services, the Digital Economy, commerce, and disciplines such as science, engineering, architecture and planning, housing, banking and finance, manufacturing and design, consumer services, broadcasting services (ABC, SBS, Community, Commercial and new media). People working on many, and as of yet unconceived, contributing value that come from high speed broadband to local government, communities and industry. The NBN and its capabilities are limited only by the imagination of the builders and can only be shackled by the small minded opponents who may occupy decision making roles in the future.
Government agencies will morph to the virtual, the areas of change will be in services transmigration onto the NBN of activities of the public service. Indigenous devices delivery, trade, defence and law enforcement including cyber crime, child protection, transport and regional development, tourism, trade, immigration, foreign affairs. All of them, small, large and obscure, will take on new digital personas and operations.
The NBN brings the ability to register, and apply on line from home or at one of the Post facilities, a library, local government, pharmacy, newsagent, or anywhere there is a connection, for a digital identity to conduct business with all governments and to access services. Instead of the current low grade medicare card which is open to fraud a new logical identity where a card may or may not be required or even issued. The logical instrument can reside in a phone, device, laptop, PC, and one does not necessarily need a smart phone to access services. The National e Health Strategy for medical records and public health services, social security benefits. The operational programmes of COAG, the programmes of Customs, Defence, Immigration and the National Security agenda. The NBN literally revolutionises the social, and economic, fabric of the Australian nation impacting every person at every level. It is something that a new government cannot unravel and will not want to. It is typically the genius of the Australian Public Service hidden from view. The NBN will go down as a change agent on Australia far beyond the impact of any climate change policy and carbon tax. (Kevin Beck, "The NBN, more than just a cable", Melbourne 2012).
Australia's National Security
Australia's National Security Agencies
Australia's Defence and Security
Australia's Strategic and Defence Studies Centre
Smart cards may have a shorter than expected life span. Some predict that biometrics will emerge in a big way in Australia but for that to happen the Greens party, left wing Labor Party machinists, the Privacy and Orwellian conspiracy theorists will have to be shackled and they should be.
So what is a biometric? Find out here.
Is this the world's dearest driver licence in terms of sunk capital costs?
Whilst applauding the move from paper based to plastic licences one wonders why the programme is being rolled out over five years and why it has taken ten years to get to the first base? The Queensland Department of Transport and Main Roads will begin transitioning to the new cards in late 2010. These cards include driver licences, heavy vehicle driver licence, adult proof of age card, marine licence indicator, industry authority which includes driver authorisations, dangerous goods driver licences, tow truck drivers and assistants, traffic controllers, driver/rider trainers and pilot and escort vehicle drivers. Click here for more information
The overall study, specification and procurement exercise has taken the Queensland Department just on ten years, without explanation as to the reason for delays, and the real foundation costs before issuing to the public. The Department has appeared at expensive conferences and exhibitions around Australia and the world over for years, crowing about their new smart card without ever having it on the horizon.
The exercise, during those years, has been plagued with scandal (typical of Queensland) and unethical behaviour, and the tender for the cards has been let twice at great cost to industry.
There is an embedded overblown approach to tendering by governments all across Australia, with poorly constructed, overly complex and onerous documents, requests for technologies that often do not exist and demands for particular goods, and services, that belie reality. The Auditor Generals of all jurisdictions have commented on the processes but all governments (labor and liberal) have ignored the escalating and often wasted costs and efforts. The rise of the bureaucracy seeking to transfer risk, accountability and responsibility, makes doing business with all governments in Australia a very risky business. (Kevin R Beck, Melbourne Australia)
The Australian Passport is far and away the most sophisticated, and secure, identity instrument in Australia today. Why? Because we take it seriously and it has international standing and utility.
The former Australian Prime Minister, Kevin Rudd, the Premiers and Chief Ministers of states and territories, signed an Inter governmental Agreement "IGA" at the Commonwealth of Australia Governments "COAG" meeting on 13 April 2007. The key objectives of the Strategy, as set out in the IGA, and detailed in the reports to COAG, include:
o improving standards and procedures for enrolment and registration for the issue of proof of identity documents (POI)
o enhancing the security features on POI documents to reduce the risk of incidence of forgery
o establishing mechanisms to enable organisations to verify the data on key POI documents provided by clients when registering for services
o improving the accuracy of personal identity information held on organisations' databases
o enabling greater confidence in the authentication of individuals using online services, and
o enhancing the national inter-operability of biometric identity security measures.
o At that meeting, COAG also noted the progress made to date in giving effect to the six to the six elements of the Strategy, and acknowledged the value of this work in providing guidance to government.
Based on the above, and the work of the National Identity Security Strategy Coordination Committee, a federal government entity charged with developing national identity programmes one might think that the progress towards national security and identity is a best practice model. There is after all an impressive library of slogans ("achieving a just and secure society"), political and bureaucratic spin, seriously big, Orwellian and technologically laden words, a healthy mix of motherhood, theoretical frameworks, designs, encryption, standards dissertations and replication, document and identity verification interchange, some inventions (Plaid), extensive studies, theories, committee deliberations, white papers, vacuous policies, diatribe, desktop studies, R&D and agreements. However such an assumption would be an error of judgement. It is not a best practice conversion of policy to outcome, it is not barely an outcome almost all of the time. The bureaucracy does a sterling job and the legislators at state, territory and federal levels let them down. The Ministers, Cabinets and legislators procrastinate, obsfucate and deliberate. They hardly ever activate. Biometrics probably scares the civil libertarian side of the political legislature.
Any action, and implementation, is largely a random set of disparate, high cost - low return, activities across Australia's federal, state, territory and local governments. The latter (local government) is not even in the picture to any extent.
The focus is primarily on "computer logical identity" not physical identity. Cyber crime, and cyber portals, and the interaction between citizen and state, are far more sexy topics than a plastic card, or public servant employee identity and access card. All projects entertained by governments come with massive infrastructure and back room processes and costs. The military, and police, tend to take the issue of identity seriously. They are at higher risk than ordinary folk.
Identity fraud, social security fraud and ATM fraud, is quite common in Australia since the major physical instruments of identity can be easily tampered with or reproduced. Credit cards (magnetic stripe) abound and are easily copied. The banks and credit unions dither because of the cost of conversion, so do universities who struggle with the positive dimensions of possibility. The economy, and taxpayers, bleeds meanwhile. The NSW driver licence is among the most faked in Australia. Yet the NSW state government persists with the arcane, and challenged, notion that people should be able to go into a one stop government services retail store and apply for, and receive, on the spot, a driver licence. Similar on demand services are available at government one stop shops in the Australian Capital Territory. In Victoria the Police have been successful in having the driver licence removed from decentralised instant issuance to central secure issuance though the licence is still mailed.
In Queensland it has taken ten years, and millions of dollars of tax payer funds (including public servants gallivanting all over the world blowing their trumpet at conferences)to devise a smart card driver licence. Talk about reinventing technology and creating hurdles.
AND TENDERS IN AUSTRALIAN GOVERNMENTS SECTORS
State and Federal
Probity and extended compliance rubbish in government tenders that cost and arm and a leg to respond to, are another matter for debate.
There is a card known as ASIC (Aviation Security Identity Card) in Australia, which allows the holder entry to secure areas of Australia's airports. One gets it by going to an agent and filling out a form and producing required identity documents, which make up a points scale, and paying a fee. The documents go off to the Transport department and a police check is requested. Time goes by and then the applicant fronts up somewhere upon notification and shows the agent an identity instrument, say a NSW driver licence, and collects the card. It is, in 2010, a white base plastic card with a low quality facial image and a very questionable overlay. It can be produced on any cheap desk top plastic card printer. So it would have to change from base white stock.
A white base card degrades quickly and can be easily replicated by anyone with a modicum of skill. Yet the federal government agency is hamstrung from doing much about it due to a lack of clear policy, and direction, from the Australian government. State governments, when asked about security in their local ports, babble on with incomprehensible duck shoving and blame shifting. Everything is the responsibility of the Commonwealth apparently. When one writes to an agency some public servant responds with references to the National Identity Strategy, the endless paper trails and diatribe that appear to be action in the eyes of a bureaucrat. If it is on paper and signed by a Minister or the Prime Minister then all is well and good and we are on top of the issue. Why is it that when you write to a public servant that they assume one is uneducated as to the policy frameworks and typical rubbish responses and platitudes? Why can they, like their political masters, rarely answer a question openly and with vigour?
There is no clear mandate for a basic high quality, identity security instrument, for designated public and private sector environments, such as Australian ports,
sensitive enterprises such as utilities, transport, communications and banking, because Australia's governments (labor and liberal) prefer the "arms length - industry self regulation and accountability", proposition.
What do you think of the security procedures at airports? Let's ignore the fact that the people employed at the gates are not the highly paid lateral thinkers in the whole airport. The charade of removing the computer from its case, one wonders why this is a must, perhaps taking off one's shoes, every now and then doing the explosive rub down with a small white bit of paper, taking off the belt, jewellery, chastity belt and so on. All very impressive stuff. This is not security it is show time.
Every person who wants access to an airport, or sea port, beyond being at the front door should have to carry an acceptable identity instrument. All people entering the airports should have to swipe a card or present identity of some form. It cannot be slower than the facade of the current system. And if it is so what! What is important to us?
Australia's Governments will act when a political imperative such as an internal act of terrorism or other embarrassing, and nasty, event motivates them.
A man was beaten to death in the entrance to Sydney airport in view of the public. There was a flurry by authorities, state and federal governments, for a short period then they all went back to snoozing. Flurry, words and platitudes, and then nothing is not irregular for the labor government in New South Wales.
In 2007 the Prime Minister signed the document and yet today public servants still carry sub standard, multiple access and identity cards. Some carry them as a badge of honour. The more one has and the particular colour (carried on their belt and around their necks) denotes their rank and importance perhaps? There are still a plethora of disparate costly tenders and (suspect) outside of tender acquisitions, fishing expeditions by agencies to learn things and inform themselves, especially in NSW where nothing much happens and the system appears to be manipulated if not actually corrupt.
The cost of abandoned tenders and programmes such as the Access Card and programmes in other state and federal agencies, is astronomical measured in the hundreds of millions, it is waste of Australia's productive capacity.
There are endless conferences where participants get excited at the novelty of things that have been around overseas for decades. Producing a driver licence is a feat for some that takes ten years. There are studies in identity, fretting about biometrics, academic and privacy rants and "Orwellian conspiracy theories" across the Australian nation. There is massive fraud in social security. All of this costs the nation hundreds of millions and puts security somewhere at risk everyday. Everyone has agendas, including this author. (Kevin R Beck, Melbourne Australia).
The politicians have weak, shallow polices, and the shackled public servants play to the Ministers' ignorance. Accountability, and responsibility, is pushed towards industry self regulation shoved off to someone else in the hypocrisy that the incumbents have the audacity to call quality government.
The most common identity in Australia, a driver licence, is a budget instrument, cheaply made to a specification, that is designed to reduce cost not deliver security. When I ask about this they tell me is a compromise. The roads department decide and the police may or may not have sway. The governments of those states with more secure licences misrepresent facts to their constituents, and paint a picture of tamper proof technology. This is what the Transport Minister did when the new style Victorian driver licence was launched. There is however no such thing as tamper proof in an identity card of any type.
There is one smart chip driver licence (Queensland) about to be released in Australia and the reliance on a smart chip as the ultimate in security demonstrates the lack of awareness, and knowledge, on the part of the government. Perhaps they have swallowed a story from their advisers. The applications on the chip are a hindrance more than a security feature. This driver licence will be a pain in the arse to police in the field.
Meanwhile Australian, federal, and state, police have to deal with tens of thousands of fake driver licences, and other low grade identity instruments across Australia because they do not have control of a portfolio policy that rightly is their domain.
Politicians see it an economic issue with a driver licence costing $A4.50 mailed. This is quite simply ignorance inviting associated costly risks. Privacy interests see identity mandates as an invasion of privacy and some Orwellian plot. Complicating police working safety is the stupidity of New South Wales, government and public service, issuing driver licences at shop fronts on cheap desktop printers, rather than via high security central issuance as in Tasmania, Victoria and Queensland.
The Australian passport is by far the best identity instrument. That is because the passport is subject to international standards and an international image. The Australian passport office public servants take identity seriously unlike other federal, and state, Ministerial offices and agencies. When one questions each senior state, and federal, Minister about their views of national and local security one gets a rote answer, always full of esoteric references to a framework document, or some paper (weight) policy document as if that is a measure of serious intent, deliberation and commitment. There are more papers on frameworks, in our Australian governments, state and federal, than there are working policies. The identity documents to enter airports and ports, utilities and many other sensitive enterprises are cheap and nasty plastic with a little if any, security features. getting in an out often can be done without any identity card at all. What we need is a crisis to galvanise political attention and action.
They were, and are, under performing on national security policy, internal security, identity holistics and imperatives.
Now, in September 2010, in order to garner support to win government, via the independents Ms Gillard is willing to look at smart cards to reduce problem gambling. What an irony. Meanwhile for the past four years under labor, and even under John Howard's coalition government, it has been possible to obtain a low grade, flawed identity card to work in an airport, port or in the airline industry There is a national checking system. There is no national checking system to gain an identity to enter power stations, other utilities and critical asset environments. Why not? What is the difference in criticality and danger to security?
When one inquires why the aviation and maritime identity document is such poor quality, and capable of being frauded (a transportation identity in use today can actually be made at home) one learns that the government's policy regarding this critical arena of activity is one of self regulation by industry. Now isn't that just peachy. It is one of the most stupid policy derelictions amongst many. The Australian Labor Government has demonstrated a dysfunctional ignorance, a vacuum of ideas and a blatant disregard for national security that one can imagine.
Some public servants opine that it will take a terrorist attack, inside Australia, to galvanise their attention.
The privacy groups, who object to identity cards, have no concept of anything remotely close to understanding just what the Access Card could have been and how it may intertwine with other areas of national security. Perhaps labor thinks that national security is military and refugee focused with no linkages to internal security? Imagine how the privacy. Imagine the reaction if everyone had to have an identity card to go beyond the baggage area of an airport or sea port. To get on a plane or a train. People who want access to these critical areas should have an identity access card but labor is too weak kneed to act to protect our national internal security. Tens of millions of dollars are wasted by industry each year trying to get the attention of Ministers whose pressing interest is one of self. Gillard is an amateur in the role of Prime Minister and national security but Ms Gillard, and her inept colleagues, will most likely be in government and the pain of dealing with those who have little awareness of what to do as an holistic set of actions, will continue unabated. (Kevin R Beck, Melbourne Australia)
Today the government cooks the figures to cover up the extent and the Minister for Health, Nicola Roxon, approved rate rises for health fund premiums that encompass an entrenched, high level of stealing by some in the health professions with patient complicity or disregard. The preferred provider agreement, proffered by health funds, as a benefit to members promotes fraudulent practice. Minister Nicola Roxon, has constantly for over a year, ignored provided evidence, from practitioners, and in this regard she is derelict of the public interest along with her federal labor cabinet colleagues.
Many time this year documents have been sent to the offices of several senior Ministers, including the Prime Minister, to private health funds and to regulators and senior bureaucrats, providing them with evidence of significant, and growing fraud, in the private and public health sectors. They choose to ignore this material and face to face meetings.
THE FARCE OF IDENTITY POLICIES
AUSTRALIA'S GOVERNMENTS DO NOT COLLECTIVELY TAKE NATIONAL SECURITY SERIOUSLY
Primary Document, 70 points
> Birth Certificate
Birth Card issued by the New South Wales Registry of Births, Deaths and Marriages
Expired passport which has not been cancelled and was current within the preceding 2 years
Other document of identity having the same characteristics as a passport including diplomatic documents and some documents issued to refugees
Secondary Document 40 points - Must have a photograph and a name
Driver licence issued by an Australian State or Territory
NSW RTA Photo Card or other state instrumentality issued card
Licence or permit issued under a law of the Commonwealth, a State or Territory Government - (e.g. a boat licence)
Identification card issued to a public employee
Identification card issued by the Commonwealth, a State or Territory Government as evidence of the person's entitlement to a financial benefit
An identification card issued to a student at a tertiary education institution
tertiary Document 35 points - Must have name and address on it
A document held by a cash dealer giving security over your property
A mortgage or other instrument of security held by a financial body
Council rates notice
Document from your current employer or previous employer within the last " 2 years
Land Titles Office record
Document from the Credit Reference Association of Australia
Other Document 25 points - Must have name and signature on it
Marriage Certificate (for maiden name only)
Foreign Driver Licence
Medicare Card (signature not required on Medicare Card)
Other Document 25 points - Must have name and address on it
Records of a public utility - phone, water, gas or electricity bill
Records of a financial institution
Electoral Roll compiled by the Australian Electoral Commission and available for public scrutiny
A record held under a law other than a law relating to land titles,
> Lease/rent agreement
Rent receipt from a licensed real estate agent
Other Document 25 points - Must have name and date of birth on it
Record of a primary, secondary or tertiary education institution attended by you within the last 10 years,
> Record of professional or trade association of which you are a member
Note the Medicare card at 25 points. This card issued by the Australian government enables the holder to obtain medical services across Australia, and in some cases internationally by reciprocation, for thousands upon thousands of dollars. It has no picture, no address and no signature and no security features. An Australian driver licence is valued at 25 points, why? Because it is not a trusted instrument. A bunch of invoices for electricity, gas and telecommunications etc, which can be arranged over the phone or over the internet and the company has no idea who you really are. These are accepted identity instruments. What they are is political necessity unless the voter becomes annoyed. In NSW the driver licence is issued on the spot using low grade identity equipment for political reasons, the applicant wants the instant fix. Never mind that the NSW driver licence is one of the most frauded in the nation. In the Northern Territory the driver licence is issued from a desktop printer like NSW, with low level identity features. There are highly secure standards developed for identity. The question is why do we not have them coherently, and consistently, implemented under a Commonwealth Heads of Australia's Governments Policy and Specification Standard?
What would Australia's travellers say if they had to produce an aviation airport identity card to enter the airport and to board the plane? Would they bleat and whinge? Yet it is in these places that we can expect danger.
"Sydney airport killing after flight argument between bikie gangs, by Kara Lawrence From: The Daily Telegraph March 23, 2009
SENIOR members of both the Hells Angels and the Comancheros outlaw motorcycle gangs were on a Sydney-bound flight and an argument escalated into a fatal brawl from the moment they left the plane, it has been alleged. The brawl resulted in the death of 29-year-old Anthony Zervas and his older brother, senior Hells Angel Peter Zervas, was arrested at the scene, Central Local Court heard this afternoon."
"Keelty says airport bikie brawl response 'acceptable', BY NICK RALSTON, STEPHANIE GARDINER AND KELLEE NOLAN 24 Mar, 2009
Australian Federal Police Commissioner Mick Keelty insists the response to Sunday's deadly bike gang brawl at Sydney Airport is ''within acceptable practice''. The brutal murder of a man in front of crowds of travellers has exposed fatal shortcomings in Sydney airport's security as it was revealed airport police only learned of the brawl, involving up to 20 men, after terrified passengers telephoned triple-0."
Whilst airports have closed circuit cameras would it not also be an effective law enforcement and security policy if everyone had to swipe, or present a proximity card, and the then police could see who was in an airport and where at any time? Could we not attach the card to an alarm system for wrongful entry into a restricted area? We have proximity cards for Victoria's transport system but not for airports? (Kevin R Beck, Melbourne Australia)
AUSTRALIA'S GOVERNMENTS AT ODDS AND ENDS ON IDENTITY AND SECURITY
In 2010 the best that Rudd can offer in a national identity security strategy is a disregarded COAG agreement on identity:
The Prime Minister, Premiers and Chief Ministers signed the IGA at the COAG meeting on 13 April 2007. The key objectives of the Strategy, as set out in the IGA and detailed in the reports to COAG, include:
improving standards and procedures for enrollment and registration for the issue of proof of identity documents (POI)
enhancing the security features on POI documents to reduce the risk of incidence of forgery
establishing mechanisms to enable organisations to verify the data on key POI documents provided by clients when registering for services
improving the accuracy of personal identity information held on organisations' databases.
enabling greater confidence in the authentication of individuals using online services, and
enhancing the national inter-operability of biometric identity security measures.
At that meeting, COAG also noted the progress made to date in giving effect to the six elements of the Strategy, and acknowledged the value of this work in providing guidance to government.
Today (June 2010, public servants carry multiple access and identity cards. a status of their pecking order, to enter Commonwealth government buildings, around the nation, and the federal Parliament in Canberra. Tenders are called and then delayed or abandoned.
The Prime Minister, in response to a security threat at an Australian airport decided that the body scanner should be installed at designated major airports. Never mind that aviation identity applications process, allowing personnel who work in or travel though airports, can be applied for, under the most insecure conditions, from hundred of outlets around the nation using a set of breeder documents that are in themselves questionable. The end result is an aviation - airport identity card that is highly open to fraud and counterfeiting. The national policy on security, and identity, is but words on paper. The whole notion of an identity standard is subject to budget cut whims, and a disjointed research programme and pet project implementation. It is subject to hysterical misrepresentation in the media, "Orwellian" conspiracy theories and the notion that government can spy. Politicians are under educated or non educated. Public servants spend millions at conferences and on the examination circuit worldwide engaged in exploration and study. It takes a decade to produce a smart card driver licence.
There are no standard identities for Australian police, driver licences, for sensitive enterprise employees, for state, and federal, public servants and for parliamentarians. The best, and most secure, identity instrument in Australia is the Australian Passport. Except when the Israeli's produce fraudulent ones. The worst identity instrument would have to be the Australian aviation airport identity card and the NSW driver licence, among others. Instead of demanding highly secure instruments jurisdictions demand that driver licences be produced for $A4.00n each, financial credit cards for few cents. This is quite frankly stupid and counter productive. (Kevin R Beck, Melbourne Australia)
"Deployment of a national access card will be a job for private industry, not government, according to the federal Human Services Minister, Joe Ludwig. The government launched scathing criticism at the Howard government's plans for a national identity card, but has remained open at the philosophy behind the initiative. Speaking at the 2008 Australian Smart Cards Summit in Sydney today, Ludwig said the government does not reject the idea of a national identity card, but will not deploy it without private investment. "The Access Card structure tangled everything into one big complex project, which risked delays, cost blow-outs, and restricted the former government's ability to steer the project over the long term," Ludwig said. "Labor was opposed to the previous government's Access Card, but we have no in-principle objection to smart cards. The Access Card was an Identity Card by stealth. "Even if the Access Card was signed off by the Department of Finance, I don't think it made good sense for the government to be involved in the roll out." The controversial Access Card was designed by the Howard government to tie welfare payments to healthcare and other services and improve service delivery and reduce fraud. The plans were scrapped in December last year. Ludwig said it will be up to the private sector to create a national smart card, and the government would create standards for the transfer of payments. He said enough work is being done to secure identities through reforms including the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) laws, the Know Your Customer regulation, and identity management in the finance sector. "We are keen to take a step-by-step logical approach [to smart cards] where each step stacks up on its own, and unmeasurable synergies are a bonus." Ludwig said further collaboration is required between government and non-governmental agencies to bolster the framework and delivery of national smart card initiatives, including the income management card." Source: Extract of speech by the Minister for Human Services, the Hon. Joe Ludwig, at the Australian Smart Card Summit, Sydney, June 2008)
The Australian smart card industry wasted millions tendering for the, now defunct, Australian Access Card. They did so on the previous government's undertaking that the card was designed to seek to (a) streamline efficient payment social welfare benefits and (b) eliminate fraud currently exceeding $A1 billion per annum. The question of whether it was an identity is mute in the greater necessity of things. To simply kill it for an Orwellian perception, and political expediency and one upmanship, make decisions is scandalous. It is typical of the corrupt nature of Australia's political duopoly who make decisions for political gain rather than public interest. There is a demonstrable lack of morality, and a moral compass, in the above speech. The public service wants to stem the fraud and waste, and inefficiency, but the Minister takes away the tools and shackles them. Whilst the published figures imply a fraud level above a $Abillion other anecdotal estimates are ion the $A2 billion range. This type of decision making is becoming a modus operandi of the Rudd Labor government. Policy made without deep reflection.
Why would the private sector invest in something that renders a massive public benefit to the taxpayer and relatively little to industry? It is a social welfare card. It could be that others wanted the smart card for identity purposes (e.g a video shop, a utility, a medicare provider) but this is ancillary. The current (easily frauded low grade) medicare card is used in the "100 point check assessment" and it is used to give people discounts in local government, utilities and services, it just has no picture on it.
The Australian government of Kevin Rudd is condoning, and allowing, theft of Australian taxpayers' money. It is that simple.
It should only take a year, sometimes as little as six weeks to six months to implement and issue a smart card. So why are Australia's governments spending years and billions to get nothing?
After all of the cost, and effort, there are no smart cards in existence in any of the much published projects.
In keeping with the fine tradition of rewriting history, and manipulating perception, and debate, the Australian government Human Services web site no longer has a reference to the Access Card. The practice of managing democracy and perception, by Australian government media units, within the Premiers and Prime Ministers offices is corrupting democracy. It is reprehensible and criminal.
As demonstrated above there are web sites (some still up, others departed) talking of great initiatives and there are media announcements by Ministers of the state and federal governments. There is the federal government Smart Card Framework that labours over the proposition for a simple device. There there are identity related activities across Australia's governments. There is no common policy, and standard security design and topology, across Australia for all sensitive identity documents such as passports, diplomatic identity, driver licences, sensitive industries identity(airports )ASIC card), transport and utilities, state, federal and territory employees identities. . There is just a mismatch rhetoric of bull dust. The identity documents that exist, are very low standard in design, topology and security features and are easily counterfeited particularly the Medicare card and the Queensland and NSW driver licences.
There are lies and misrepresentations of extensive proportion. There is waste in the order of several billions of dollars. There are no smart cards as of June 2008.
The Australian Labor Party, whilst in federal opposition, were happy to trash the Coalition governments Access Card. They now find themselves of being in the embarrassing position of being in government and having the Access card killed off by one of their Ministers during their time in opposition. They are unable to stem fraud exceeding $A1,000,000,000 in Commonwealth medicare and other payments because of their ill considered, and politically opportunistic stance in 2007. The rhetoric of the Prime Minister, the Treasurer and the Minister for Finance regarding their seeking out savings in the 2008 federal budget to fight inflation is hollow. They today fail to act on the massive fraud and thus are hollow on achieving savings. This ongoing fraud wipes out their claimed savings in the 200 budget papers.
Australian government Department of Human Services. The winners have been the lawyers and the consultants and the embedded computer systems integrators. They have reaped tens of millions of dollars without ever delivering a single smart card to the tax payer. The unit cost of the Queensland driver licence, when and if it emerges, if embedded expenditure is taken into account, will be several thousand dollars per licence. The cost of a smart medicare card will be much ore than was necessary also.
This web site tracks that history, analyses the above activities and also informs the reader about smart card technologies.
See the world today through the Kevin R Beck Mosaic Portal
The Honourable Tanya Plibersek, now a federal government Minister opposed the Access Card, ending up costing the taxpayer tens of millions. In doing this Ms Plibersek has by doing so, assisted the massive fraud of the purse to continue. They have done this in pursuit of their own political interests. They have been ably assisted by others. The goal to kill off the initiative regardless.
"A LABOR government would scrap the contentious $1.1 billion Access Card project, human services shadow minister Tanya Plibersek has confirmed. .... "We have said all along that if the Access Card had not been introduced by the time of the election we would not proceed with it," Ms Plibersek said. "So, yes, we would scrap the proposal entirely." (Source: Labor to dump Access Card, Karen Dearne and Ben Woodhead | October 16, 2007, Australian newspaper, IT section).
"The Federal government calls it a ‘Human Services Access Card’, We call it for what it is: a National ID Card System
This very successful campaign ran from the beginning of 2006 until late 2007. The weight of evidence eventually resulted in a (Coalition-dominated) Senate Committee severely criticising the project. The Coalition all-but gave in, and the incoming Labor Government scrapped the project and the Office of Access Card very shortly after its election.
Congratulations to Campaign Director, Anna Johnston, whose efforts over an extended period were instrumental in the Access Card's defeat; and to the many others who made significant contributions, especially Tim Warner of the Access Card No Way Campaign, other members of APF, and Electronic Frontiers Australia (EFA)!" (Source: Australian Privacy Foundation, http://www.privacy.org.au/)
Is this why there is no Medicare smart card in the 2008 federal budget designed to stop massive fraud? All because of Ms Plibsrsek's short sighted all encompassing statement? The work, the tenders, the research and the money all gone, never to be used? What criminal waste is this in pursuit of political one up manship and the ignorant belittling of the public service effort? The Prime Minister. Kevin Rudd, it seems may have little regard for the public service effort also and could care less about the waste of money and ongoing fraud.
Why bother? |
The Auditor Generals of Australia's governments need to look at the embedded, absorbed and hidden costs! They are really eye poppers.
Smart cards, or chips on plastic, are fundamentally quite simple. They are small computers. They use script to run programmes to perform functions. Computers were invented some time ago although you might not believe this when you look at the cavalcade of waste, and stupidity, that passes for informed knowledge in relation to the Access Card, federal - liberal government initiative and the Queensland driver licence smart card, a labor state government initiative under the logo Smart State, are two that stand out.
Auditor General's and independent members of parliaments, need to look at the costs of ICT activity in governments and the empire building in public service agencies, duplication, and above all relationships of public servants and private company officers and employees as well as the processes and time frames. The hidden costs are enormous. The projected and/or end cost given to parliaments, or publicly stated, across the nation, for most ICT projects, are not true.
Queensland Transport embarked on their study of an evaluation for smart card drivers licence in 2001. The date for delivery was 2008.
The hype that politicians swallow about smart cards leads them to waxing lyrical as if there has been a ground breaking discovery. Even worse are the claims for the efficiency and operation of this simple technology.
" Premier & Treasurer, The Honourable Peter Beattie, Thursday, December 29, 2005
"Smart Licence on the Cards
The State Government will be seeking expressions of interest next year for the delivery of a new Queensland smartcard driver's licence by 2008, Premier Peter Beattie said today. "The new licence technology required in this day-and-age will be a giant step in the right direction in the fight against identity fraud and it will also deliver other benefits to Queenslanders," Mr Beattie said. "As well as incorporating microchip technology, the successful tenderer will be working closely with the Queensland Government to update the licensing technology we need to have in place across the State. "The way driver's licences are currently made and the way information is stored needs to be brought into the new digital age. "Queensland is the Smart State, and we will have a smarter licensing product in place in 2008." (Government media release extract)
" MEGAN MAGILL:
There are estimates the system would cost $60 million to establish. Civil libertarians are alarmed that the government is considering entering partnerships with banks and businesses to help pay for it. Ian Dearden says all Queenslanders should be worried by the prospect of big business paying the government to access otherwise private information.
IAN DEARDEN: It's hard to know what their agenda is. This current licence, if the government believes it needs replacing, could be replaced by a system that very cheaply and adequately does the only job that we believe driver’s licences should be used for, which is to prove that you are a registered driver and you are legitimately able to drive in Queensland and what card, what class of vehicle you are able to drive etc.
MEGAN MAGILL: But Paul Lucas insists the card will only be used by banks and business for identification and security.
PAUL LUCAS, QUEENSLAND TRANSPORT MINISTER: Banks will have access to the authentication material on the smart card if that is the subject of that particular bank's arrangement with the customer but as I said to you, it doesn't have information necessarily about bank balances it certainly doesn't have information about Queensland transport records other than you've got a driver’s licence this is your address, this is your date of birth and what classes of driver’s licences that you've got and the ability perhaps if you wanted to have your donor information on the card as well.
MEGAN MAGILL: He stresses card holders will be able to choose whether they want their bank details stored.
PAUL LUCAS: If you don't have a driver's licence you don't have a card at all. If you do have a driver’s licence it's there for your driver’s licence purposes but many people complain that they have too much plastic in their wallets and many people complain about bank card theft, about credit cards being used and skimmed this is about improving technology, reducing fraud, giving better confidence in our driver's licence system.
MEGAN MAGILL: But critics warn the card's potential is far greater. (Source of extract: ABC Stateline,Broadcast: 30/07/2004, Reporter: MEGAN MAGILL
The simple driver licence is suddenly a monster in the hands of bureaucrats and politicians. They dream large. Yet this is lost on the public officials. Queensland Transport people travel the world extolling their expertise and tell us that they will have the licence out in 2009. Just a minor slippage. What they do not tell the people of Queensland and the audiences of the conferences they attend is the real cost of the licence.
Both government jurisdictions have embarrassed themselves with non sensical, and uninformed, public tenders putting into print some of the most contentious drivel and hurdles for something that is quite simple. The waste by the federal and Queensland governments in worthless study and ponderings is scandalous.
Some fifty nations have smart cards of some type Australia has none. They cannot replicate the best and seek to in effect invent wheels that are square and demand that bidders make them round whilst mandating they be square. They both out multiple tenders that went nowhere and the latter case Queensland has just reissued another two remarkably complex and fantastical in statement of intent. Whomever wrote the tender is a master of complexity bordering on nonsense. They should get a prize for making something simple incomprehensible.
Both are captive to consultants, IT geeks and hired lawyers who know little about the topic at hand, the technology and most strikingly of all, doing business effectively and economically.
The lawyers, in their fanciful world believe that the individual projects they run can be isolated from the general trend towards convergence of technologies and the relationship of the Access Card and the driver licence to security and integrated planning. The few bidders who can provide an integrated conceptual and effective solution are threatened with sanctions for talking about the Access Card or driver licence in any forum. The tender documents contain gag clauses as if they contain intellectual property. The public sector treats its internal IT systems as belonging to them and not the public. Behaving as if they in some Hollywood movie script they state that their diagrams are commercially confidential and highly secretive. Rubbish. These systems are funded on public monies and should be shared by all state and federal jurisdictions rather than be the deemed property of separate states of the federation.
The processes of tender assessment are long and drawn out. They are too often leaded down by people who are not expert in the technology on offer.
In their myopic consideration parties to the tender cannot communicate with governments and agencies about anything in the documents. They create Chinese walls and advisers convince politicians that this world of make believe is real. There is an expectation, from the bureaucrats, controlling these processes, that business will hold their breath and bear exorbitant costs at the demand of a few out of touch public servants and politicians. The Commonwealth Department of Human Services during 2007 stalled numerous other vital projects in an attempt to centralise control. Identity, access and security including improved possibilities for Medicare and Centrelink were all stymied and the cost to taxpayers and the inefficiency, money laundering, fraud and general criminal activity using Medicare cards has been allowed to continue. The incoming labor government then stopped the Access Card.
The creation of complex and unnecessary IT infrastructure demands in tenders has forced innovative smaller companies out of the bid. The Access Card demanded that only companies that had carried out projects of similar dimension could bid. The problem is that there are none in the world like the Access Card. There are no projects of this multicard application implemented and operating any where in the world. It has ensured control of hundreds of millions of dollars in taxpayers' funds will be placed in the hands of systems integrators - big central IT server architectures managed by expensive human resources in a plan to maintain the status quo. The status quo is to maintain the power of IT making treasury captive to gobbly gook. This is common to state and federal jurisdictions. The use of IT models to do simple tasks and thus maintain control of the funds flow.
In most industry sectors there are demands that suppliers provide fixed price contracts. The world of IT is unique. The major corporations, and consultancies, of the IT world are masters at avoiding fixed price. Some better than others. Time and materials contracts rip the budgets as big companies experienced in manipulating politics, and bureaucracy, raid the public purse.
A smart card is worth between $2.50 and say $30.00 if there are a whole lot of "u beauty" applications, holograms and optigrams on the latter. However the federal government Access Card, and Queensland drivers licence, are in reality likely to be a real cost of $10,000 a card when one amortises the cost of all of their activities, trips overseas, studies, consultants and processes undertaken since 2001. The two Auditors' General of these jurisdictions should have a look at the real cost and ask why is it that it takes from 2001 to today to get nowhere on a drivers licence and how a lazy $50,000,000 plus went down the drain on the Access Card?
Meanwhile back in Queensland, Transport issues tenders over the Christmas break. These are people who will go on leave and relax whilst industry slaves over the holiday period to meet the deadlines. These people are detached from commercial reality. It is frankly not worth bidding a Queensland tender. The people of the state are kept in the dark as to the costly failures and over runs of the IT projects in the Smart State, since 2000.
Below in this web site I talk of the government's move into smart card technologies and frameworks. There is much publicity about the government's Access Card. It is stalled, locked in a legislative mire and world of unreality.
Like all projects of this dimension it has been stuffed by experts and consultants and public servants who think they are inventing a new product. There is involvement by the Department of Defence, Agencies, Centrelink, Medicare, other agencies, by AGIMO and anybody who claims knowledge. It is like the Victorian transit card, a shambles. Why is it that a simple card is made complex. Why is it treated as a high security, complex instrument when banks and bureaus are distributing hundreds of millions of cards daily around the globe? The Access Card is a social welfare transaction card. It is not a high tech "spook" card requiring the involvement of the Defence Signals Directorate and a group of people focused on FIPS, cryptography and other fantastic solutions. The government ministers swallowed the advice, and have been mislead and the people of the nation have been conned with lies and misrepresentation. A card that should have been easily communicated to the people, easily designed and produced has been made overly expensive and complex as well as a "dangerous instrument". As a result it is a dead duck.
For this we can blame DHS and the myriad of high paid consultants. We can include the new breed of controller - the probity adviser (lawyers) who make open, and honest, communication between skilled people bidding and the public service a nightmare. They divide the public service from industry and are a imposition on efficiency. They are an overblown, questionable cost on the public purse. For what purpose? Fairness, equality and ultimately compliance to an unrealistic process that says that value cannot be added to a tendered proposition at a later date? What is written is it, and upon that decisions are made, regardless of cost, impact and loss? This is stupid in the extreme and the federal Auditor General needs to examine the rules of probity and their results and costs. The people involved in the tender processes of governments, now operate in some world distinct from the reality of innovation, and cooperation possibilities, that might actually be in the public interest. They are obsessed with their artificial processes and thinking. They are risk adverse and want someone else to bear the accountability. The winners here are the lawyers, the hired experts and consultants who get their fees regardless of delivery and end result. The Access Card has cost the government, the taxpayer, the industry and the nation tens of millions of dollars without result.
The tenders are quite unique in that the imagination of the writer is detached from the reality of the world in the case of the larger contracts on offer. They seek to impose liabilities, and responsibilities, on the market as if the technology is being invented for their particular project. The assessment processes, and subsequent winning bidders, will be interesting given the level of expertise in Australia in this field of technology and within the consultancies hired to advise the government agencies. There was surprise in the industry because they do not reflect the reality of the industry operations or the expertise. They focus on systems integration rather than card technology and public exposure in parliamentary enquiries and in the announcements over time demonstrate the card to be considered as a periphery object. The Senate became aware in enquiries that the Department proposes a new central infrastructure of a dimension unseen. A massive database. This IT structure would reinforce the Department's role and also put it into murky territory. The parliament scrutinised the legislation and the intent and decided that the project was dangerous to privacy and to individual citizens.
The politics ran high as industrial relations became an Achilles heel for the government, a new Minister in the shape of Senator Ellison was appointed. Joe Hockey went to the Workplace Relations portfolio. This was major loss since Joe's knowledge of the card technology was unmatched in the government. Why he allowed the tender process to proceed in its structure and form, in two parts with an emphasis on IT systems is not clear.
The Australian Financial Review published an inside story stating that IBM and Thales were the successful winners of the first tender. The Department was mute and refused to respond. The politics cost the Secretary, Patricia Scott, the role as head of this new super agency. In the meantime the Department continued to issue written threats to anyone in the tender process who criticised them publicly or muttered the words "access card". The rights of people to communicate with the parliament and their government were, and are being, over ridden by the Department's commercial imperatives and their view of the world. Misinterpretation of technology and the word "access" which normally means entry into buildings and computers via passwords has embarrassed the Minister and opened the Department to a lack of attention to detail. The Department was, and is not, reading the politics and the players well at all. The words Department of Human Services, or for that matter "public servant", do not appear in the Australian Constitution. The smart card framework, created by Special Minister of State, Gary Nairn, has taken a back seat as delays and politics intrude.
A more astute, seasoned and experienced, Secretary in the form of Helen Williams, was moved from the Department of Communications Information Technology and the Arts, a loss to Senator (Minister) Ms Helen Coonan. As the debate became more heated the government decided to reframe the legislation and put it out to public view in the June session of parliament. The adversarial forces have struck in the heightened atmosphere of an election campaign. The decision about the card has been deferred into 2008. Labor's Tanya Plibersek told the Australian Broadcasting Corporation (ABC Radio) at the 2007 Smart Card Summit, in Sydney (Wednesday June 6, 2007) that a labor government would tear up the card. In July 2007 the smart card is dead. It will not work in the wider world envisioned by Joe Hockey who created the vision. It was a simple concept made horrendously complex by bureaucrats and information technologists who build monolithic systems as edifices to their expertise. The Minister has the regulatory power to upgrade the Medicare card, to chip, if he chooses to exercise this power. It is likely he would be supported by the parliament and the detractors if - there was no picture on the card and all data needed to support issuance and personalisation was purged from the Department's computers after the file has been sent to the card issuance bureaus. The data that creates the personalised card is not needed to make Medicare function and to reduce or eliminate fraud. In 2008 a smart card will replace the current magnetic stripe Medicare card but it will have no picture on it. It will have a signature on the chip and some minimal detail. Any other detail will be loaded at the discretion and request of the card owner, the citizen.
Queensland is grappling with smart card technology and the methodologies adopted by governments and their agencies such as Treasury and others seem to work against achieving the objective at the first cut. Millions of dollars of public funds are pouring into the coffers of advisers and lawyers, consultants and the big end of town. The governments, through the bureaucracies, are seeking to pass liability onto the corporate solution providers of the cards. This is euphemistically called a form of "public private partnership". Where partnership is definitely one sided. All government tenders now include confidentiality provisions - designed to limit scrutiny by the parliaments, the public and anyone else. Enter the Machiavellian, and Orwellian, world of conspiracy theories and processes below in this site. Welcome to the world of Kevin R Beck.
EMV Migration and the Smart Card
The Australian identity, passport, driver licences, financial and other plastic card and e-document personalisation market scene, including gift cards, smart cards and other bits of marketable plastic is about to undergo a major C-change. The move by Australian banks to EMV compliance and the entrance of new players to the Australian card and e-document systems integration market, generated by the Australian government initiative known as the Access Card, of a scale, not previously in play, in Australian economy and society, will alter the dynamics of the system. The domination of major multinational computer companies is being challenged by new consortiums. The proposal for an Australian Government smart card has generated a mix of hysteria, misinformation, conspiracy theories, hysteria and myopia. This can be viewed in the submissions to the Office of the Access Card and to the Senate enquiry.
There is a lot of concern about the government smart card (which is EMV based) but no concern from consumers about the costs that will flow to them from the changes to credit card liability in Australia and the transfer of costs to establish EMV.
In the UK alone, introducing EMV, the payments associations backed specification for smart credit and debit, will cost over £1bn. Most of that will be financed by the banks. Yet the rationale for EMV, that it will slash fraud losses, no longer seems enough. How can organizations use EMV to earn revenue from new services and cut bad debt at the same time? (Winter 2003)." (Source: ACI Worldwide Trends).
For some their only contribution to the nation is hot air and words rather than actions that add to the nation's economic and social well being. They rely upon perceptions rather than fact and their notions, and beliefs and fears, personal agendas, and ideologies, rather than undertaking an examination and doing the research.
Academics trot out desk to theoretical papers, based on "literature searches and examination", some carefully defined research interest and the need to be seen to be published and relevant. To be contrary is to attract media attention. Some tend to be motivated by prurient interests and are not necessarily aimed at the public interest and positive enhancements, but more so designed to bolster their resumes implying an active contribution to national debates in their particular area of academic discipline. These critics, including many in the minor political parties, do not create jobs, do not run businesses, do not add to the nation's development economically or socially. They harp on the fringes with rudimentary awareness and a lack of experience and knowledge. Such is the nature of representation in our democracy. These self appointed guardians of the ordinary citizen's privacy, moral and spiritual lives, have cost Australia billions over the years. They would prefer that we as taxpayers continue to fund the fraud of Medicare and assist counterfeiters. They are happy to have fraud greater than $A3,000,000,000 per annum rampant if it means that they can claim victory against the Orwellian conspiracy of our government. The most interesting contribution comes from the Democrats and Greens party members who sit in parliament and enjoy all of its benefits whilst accusing their co=parliamentary members of plotting all sorts of crimes against the people. These people should stand in front of a mirror in parliament house and ask "Mirror Mirror on the Wall, am I also a willing participant here in this place?
The foundations of the traditional influencers of policy and outcome are moving. New themes and players are emerging. The landscape and aspect of society and economy will change. I am not simply talking about government and citizen interaction. I am talking about banking, supermarkets, public service and every aspect of the way we currently do business, the cards we carry, passports, employee identity cards and every major economic interaction at every level, with a synergetic value, well above the $100 billion the government is focused on.
A number of the traditional industry players, particularly the bureaus, will progressively lose ground and be culled One or more may be forced out of the market space as international juggernauts begin to carve up the market with new technology offerings across governments, business and community sectors. The deliverers of this high profile government driven initiative will shape the market for the next decade. The source of supply to end user customer will move from the existing group to enterprises not traditionally in the field offering large scale integration services direct to Australian governments, corporations and even end users. The drivers of this C-change are the federal government, under the stewardship of then (2006) Minister for Human Services, Joe Hockey. Mr. Hockey is destined for better things and will move on before the Access Card is implemented. This is a pity because his knowledge of the implications, and the technology, is very extensive. Though he may be prone to extending the concept of a services card into no traditional arenas spooking the horses.
Eventually state governments will be forced by the financial sector impacts into changing every type of card and e-document, embracing some smart card technologies. Though the states, particularly South Australia, Western Australia and Tasmania, are dragging the chain on innovation and take up national security issues will over ride their lax attitudes and failure to anticipate the impacts in their jurisdictions. In fact the states seem oblivious to the whole scenario and sit watching the federal government as if it is the sole catalyst. There is no expectation for change from now till maybe 2013?
The states in Australia have not been the drivers of innovation. The interplay, and jockeying, between federal government agencies will increase as large buckets of money and entrenchment of power base drive their agendas. The problem for the government bureaucracies, state, federal and territory, is that many within do not recognise that the market may, and will be driven, by non - government strategists and action oriented types. That is commercial interests and their hired guns will shape the future. Alliances and joint ventures will play a big role in reshaping and expanding the Australian scene.
Security will impact the shape of Australia's market and future growth and direction in a big way. The states will be dragged into the trajectory as they are required to move towards a common high definition standard of identification and access. Queensland is trying to enter the game with its Expression of Interest for a smart card driver licence. The EOI does not reflect well on the knowledge, and awareness, of the tender specification writers, regarding world market in this arena. The "Smart State" as Queensland likes to be known can inadvertently tarnish its image when it goes into print. The traditional resistance of partisan interest groups, both commercial, and public, to identity cards and smart chip technologies, government and other data gatherers, will be eroded.
Here in this site you can acquaint yourself with the technology, the status of the government project and a myriad of other issues including which companies are advising, planning and leading the implementation, the privacy and security debate and more. There are a number of social factors that have a significant effect on how major projects, and changes, are approached in Australia.
A DRAMA OF SHAKESPEARAN PROPORTIONS
Naivety, misinformation, lack of education and awareness, hubris and sometimes plain stupidity can derail worthwhile exercises in public policy and action
The Minister for Human Services told the Australian Pres Club that the proposed Australian Access Card would, due to its chip - key technology design - be more secure than the Australian passport. The Minister is very well informed on his topic and is knowledgeable about technologies around smart cards but his advisers have mislead him. The Australian passport is more secure due to its total design. A chip on a smart card can be attacked. The reliance on the security of the public key is ill informed. Smart card security is a mix of technologies and techniques from the base card stock, through the personalisation process, image, laminates, overlays, holograms, microprint, indent print and many other features. If the Australian government issues a simple plainly designed and personalised card relying on the chip and terminal (EFTPOS) technologies and the "always on and available" proposition, then fraudsters and hackers will quickly debilitate it and destroy its security and its value. The bureaucracy may well be singularly focused on its own interests in reducing fraud on welfare and payments to the detriment of the broader public interest of how fraudsters may use the card to create fake identities and garner other documents.
The government shies away from a focus on registration and enrollment. The Consumer Privacy Taskforce has reported concern with the possibility of document scans taking place at point of application by the citizen as they are registered. There has been debate about photo capture and signature. Australians are not well versed in lateral thinking and tend to be immature in their grasp of the realities of the modern age. They are inconsistent. They will spill all of their information to borrow money or to register for free stuff on the internet but balk at participating in valuable and justified government initiatives. Documents should be scanned in for later verification against databases around the nation to prove the identity of the person seeking to access the $A1,000,000,000,000 pool of funds given to citizens annually in the form of welfare and support payments. The Orwellian conspiracy theories are immature and show the lack of complex thought, understanding and ability to distil facts from fiction, by many commentators and activists.
Many worthwhile initiatives are abandoned by Australia's governments (brown water recycling is an example) simply because the maturity of the public, commentators, corporation executives and interest groups is stunted. Much of this comes from a lack of ability, experience, knowledge and the ability to look over the horizon and see a bigger picture. In the case of the government, and corporate person, it is likely to be the affliction of myopia.
In the case of the Access Card there are privacy activists more interested in pursuing and maintaining their own platforms, influence and objectives. The project is a billion dollar one and it attracts every aspirant business some capable of implementing all of the enrollment and issuance of the cards, interfacing to the government computers and privacy data bases. Many if not most of the Australian companies and bureaus are not. Of significant annoyance is the arrogance and ignorance of many Australian corporate executives by comparison to their well mannered and polite US counterparts. To test this I wrote to all major Australian interests and their US parent enterprises. Every US parent senior executive at CEO and Managing Director level responded by comparison the Australian senior executives did not. This is not limited to the world of smart cards. It is typical of Australian resource and energy companies, banks, retail and major enterprises.
They are less likely than Americans to treat people with respect, and mutuality, and seems to have an inflated opinion of their position and abilities. If the Australian enterprise executive does respond it is normally via a delegation to a mid level manager. This inculcates the middle ranks with an overblown view of the importance of their bosses. One can observe this when dealing with pubic servants who hold the Secretary of the Department in muted reverence, as a living deity. Looking across differing spectrums there is clear evidence that many of the people who see themselves as having a part to play in influencing decisions, policies, actions and outcomes have a narrow perspective of who might have a role or effect, and how and why, in their particular arena of activity. It is quite apparent that Australian executives and advisers do not spend enough time researching and investigating.
The effects of lack of awareness, knowledge, ability to conceive the broader picture, underestimating and pushing self interest to the detriment of any other consideration has the effect of adding costs, time and unnecessary problems segmenting the nation and making it difficult to undertake any nation building projects particularly if they impact sectional interests. The financial institutions, particularly the banks, are recalcitrant and obstructive. It is an hierarchical system that is inefficient and cumbersome weighing down the process and stymying action particularly at the political level. Politicians become reticent in the face of opposition from powerful interests.
Add all of this to the mix and a somewhat complex technical exercise becomes one of monumental struggle brimming with ego, mistrust and theatrics. Due to the limited, perhaps lateral conceptual, and over the horizon, capacities capacity of significant interests the cost of the Access Card is well beyond $1.2 billion Australian when these hidden imposts of posturing, positioning, time, and waste, are added in. The arguments I encounter every day from those who question the worth of the initiative by Minister Hockey are often spurious, uninformed and based on narrow, short term selfish interests such as the cost business might have to incur. What of the cost of billions to the taxpayer through medicare fraud, credit card and financial fraud, identity fraud and business inefficiency and greed? The banking network hardly offers Australians innovation, technical product and service excellence and security. Yet it has the effrontery to pontificate and I think misrepresent the true value of criminal activity resulting from their ineptitude, incompetency and myopia. Individualism (rampant self interest) is really quite debilitating on economy and society.
THE CREDIT, AND OTHER CARDS, YOU CARRY, IN AUSTRALIA TODAY (March 2007) ISSUED BY BANKS, INCLUDING SMART CHIP CARDS AND OTHER ENTERPRISES IN AUSTRALIA, WITH THE HUMBLE MAGNETIC STRIPE ARE NOT SECURE FROM TAMPERING AND FRAUD BECAUSE THEY ARE NOT THE BEST CARD TECHNOLOGY AVAILABLE. GIFT CARDS IN AUSTRALIA ASSIST MONEY LAUNDERERS
THE FULL RISK AND EXTENT, AND THE COST, OF FRAUD IN AUSTRALIA IS BEING WITHHELD FROM THE PUBLIC. THE INFRASTRUCTURE TO READ SMART CHIPS DOES NOT EXIST NATIONALLY AT THIS TIME.
SOME FINANCIAL SERVICES CARD PROVIDERS HAVE ACCESS TO THE TECHNOLOGY TO GIVE YOU A SECURE CARD HOWEVER AUSTRALIA'S BANKS ARE BEHIND IN THEIR TECHNOLOGY AND INNOVATION AND YOU CANNOT ACCESS SUCH SECURITY FEATURES. THE COST IN THE UNITED KINGDOM FOR UPGRADE D TECHNOLOGIES IS IN THE BILLIONS. PEOPLE CARRYING OLD TECHNOLOGY CARDS WILL BEAR THE COST IF THEIR CARD IS SKIMMED. YOU SHOULD DEMAND THAT YOUR FINANCIAL SERVICES PROVIDER PROTECTS YOUR PRIVACY AND GIVES YOU THE LATEST TECHNOLOGY TO PROTECT YOUR FUNDS.
THE ARGUMENTS, THE FACTS
The KEVINRBECK Mosaic Portal continues its provision of comprehensive research and information on significant Australian public issues. The owner Kevin R Beck, invites a mature, comprehensive and exhaustive, debate on this very important Australian government proposal and on the impact of the emerging smart card technologies across the whole of economy and society. In the coming next two years the changes to the Australian financial transaction sector will be extensive as governments, banks and institutions and other service providers reissue all of our cards, licenses and documentation to authenticated identity types with an extensive range of features and added security.
Why Australians should consider a better technology and demand that their governments, banks and other card providers (such as Qantas Frequent Flyer, Australian retail groups David Jones, Myer and other branded credit and loyalty card purveyors), implement anti-fraud and secure personalised cards. Why people should carry authenticated identification on a smart card to save the public purse billions of dollars whilst seeking to counter fraud. Demand real (not lip service) security and privacy of your personal information.
For some time now a series of behind the scenes meetings, negotiations and strategies have been taking place. Some of these are conducted by government and others by corporations. The media have been asleep at the word processor. The development of a "smart card" nation is underway. There are many seeking to have "skin in the game". A handful have, and they are driving the agenda and direction. They are not necessarily the ones the media are telling you about. The major driver is Minister Joe Hockey. He may well go down in political history as the politician who made the greatest impact on government since Paul Keating floated the dollar. A new Deputy Secretary role is being created within the federal agency of Human Services along with a number of other strategic roles.
The Australian banks, ever the dinosaurs, avoiding innovation, of the corporate world have been exposed as having their minds in neutral. Up until May 2006 they seemed oblivious to the things that go on beyond their horizon. They were however engaging in their own little exercise of authenticated identification platforms. A 100 day exercise, euphemistically called the "trust". The difference being that in their world, as distinct from government, people can, and do, have multiple identities. Some two years after these initiatives were launched by government and some selective corporations, the Australian banks (June 2006) have finally had a dawning of awareness.
The Australian government, through the efforts of Minister for Human Services, Joe Hockey, is driving a change so pervasive that no person or commercial entity in Australia will go untouched by it.
One hundred billion dollars ($100 billion)in transactions has been the catalyst to galvanise the banks' attention. This represents a gold mine in fees and they have to be there to win a slice. In addition they may be able to piggy back onto the government's card, create their own and charge their customers even more for their questionable services, which seem to lag behind the rest of the developed world by years. Pity that the more altruistic outcomes of saving Australian tax payers billions by reducing fraud and inefficiency are not as effective drivers. Greed, as the banks' collective credo is far more potent to their imagination and hip pocket nerve. On 21 June 2006 a major international enterprise notified journalists, and thousands of small, medium and large businesses that the world's most advanced smart card personalisation production equipment and software would go on display in Canberra and Sydney. In Canberra not one bank, law firm, medical practitioner, professional association or private enterprise bothered to take up the offer to view this display or talk about its impact on their lives with the people who would be catalysts in impacting their world of business and enterprise. In Sydney a representative of one of the major bank's came along. Whilst there were hundreds of government and private enterprise observers who attended but again no cross sectional representatives from the greater part of the commercial world. There was no media, large retailers, small business and those who are most directly affected in attendance. They simply appear not to get it.
It seems that others in Australian society are also not so bright overall as to realise what is over the horizon. Every terminal, every card, every automated teller machine and every EFTPOS machine and thus every business will be impacted. These businesses will be impacted, and their world and future will be shaped, by a handful of people who they never bothered to come and meet, though they have been invited.
The privacy conspiracy theorists and certain members of the Australian Labor Party, Democrats and Greens as well as the usual sectors of an uneducated, and often unthinking, public are quite willing to retain the billions in fraud, and inefficiency, rather than learn and jettison their whacky arguments and fears. It seems that the spectre of connected government computers threatens their finely balanced psyche. Meanwhile supermarket giants, banks, market researchers as well as other commercial enterprises grab all and any private information without raising so much as a squeak from the same mob. Perhaps someone might enquire about the Australian labor party's antics of regularly invading the privacy of citizens for political purposes. Those worried about these things might enquire who is assembling and selling lists? Who feeds the call centres that ring incessantly?
Most recently (May 2006) a significant number of discussions have been taking place between a multinational venture and some state governments regarding the creation of a national centre of excellence in smart card and other technologies. The most prominent in those discussions being Queensland's drive to be the leading smart state. South Australia, Tasmania and Western Australia along with the Australian Capital and Northern Territories seem resigned to playing the role of lesser smart types. They have no plans for anything smart let alone cards. In particular South Australia is mired in protocol. The email inviting participation could not be passed to the Premier. It had to be formally written in a mailed hard copy letter. Thus a multimillion dollar opportunity with a potential hundred or more jobs has passed them by. One must keep up appearances and the system of bureaucratic niceties must not be threatened by the technology monster and crass emails. New South Wales, hearing of these chats, has come late to the bargaining table. Victoria has been there from inception of talks but seems unable to quite grasp innovation in thinking and policy when compared to Queensland. The Victorian bureaucrats tend to sit in their office tower and wait for someone to call. Queensland by comparison have "executives that travel" seeking to close the deal. So why would a centre of excellence be of interest? All plastic cards are the same are they not?
"Magnetic stripe technology remains in wide use in the United States. However, the data on the stripe can easily be read, written, deleted or changed with off-the-shelf equipment. Therefore, the stripe is really not the best place to store sensitive information. To protect the consumer, businesses in the U.S. have invested in extensive online mainframe-based computer networks for verification and processing. These have proven to be as ineffective against criminal activity and yet the vested interests persist. In Europe, such an infrastructure did not develop -- instead, the card carries the intelligence". (How Stuff Works)
Perhaps we are simply complacent, some of us are uneducated or passive about the dangers and we have been lulled into a sense of security. Not every incident is reported. If we knew, for example, that 40,000,000 credit cards had been compromised would we suspect that might happen here? Could it be that some would not want us to know that the processing of our data occurs outside of Australia? Would we, should we, demand better security personalised products from our banks and financial institutions now? Which do we prefer? A false sense of privacy reinforced by making our governments drop their plans because we are suspicious, or do we want to have lower taxes, less theft and protect our own money? The privacy fanatics are keen to protect individual privacy and assume conspiracies but at what individual, and collective, cost? They never ever mention that aspect nor do they do their sums just as governments do not like to do pre and after the event, evaluation impact analysis. Vested interests prefer simple and ethereal ideological arguments. Thousands of people are turned away from Centrelink for not having the correct identification. They have to go without whilst the inane of the Australian labor party, and other critics, snipe in their well off world.
"The Australian Federal Police Commissioner Mick Keelty says Australia's current credit card security measures have "outlived their day".
He's also criticised the banks' 100-point check system for identification, on the grounds that many of the documents needed for the test are easily forged. (Source ABC Australia Radio, PM Programme - see hyperlink above) Australia's top police officer made the comments at an international credit card summit in Sydney."
There are new cards being offered every day under the same old technology. The providers, the banks, credit unions and retail stores, and others involved in promoting credit cards, might be (let's trust that it is by omission and not deliberate intent) misrepresenting the security of your credit, and debit, card and your information on it. They are relying principally upon you keeping the pin away from the card number. Similarly the cards you are given by retailers and frequent flyer programmes and other programmes are not secure. Soon the banks and other providers of services and goods, where you use your credit cards, and thus consumers, will lose their liability cover and be forced to implement secure protection. The reason is that there are a plethora of agencies that process the transactions. Your bank is not the most likely company processing transactions to your account. It is just the end recipient of the process. If liability shifts to them the fees they charge you will dramatically rise.
They will blame everyone else for this, and probably try to pass some claim onto the Australian government and the smart card initiative indicating that the onerous provisions of dealing with welfare recipients demands a fee rise on the least able to pay. The banks are going to be forced to move quickly towards authenticated identification by force of the credit card companies, the criminals and the forces of the free market. So why assume that the government's smart card project is, by its design, some form of national identity card? The banks can buy a consumer demographic list (example A-B demographic) that provides far more personal information about you than that which the government may hold.You will have to have an authenticated identification to interact with your financial institutions and other service providers well before the new medicare, centrelink, study, family services and other government agencies'("access") card is implemented. The Australian government alone is not the driver it just happens to be the most public, and proactive, in the arena.
In Australia magnetic stripe is the primary data storage on our credit, loyalty and other cards. It is a very crude form of authentication. It is high risk.
"The scam works by criminals implanting devices into chip and pin machines which can copy a bank card's magnetic strip and record a person's pin number. The device cannot copy the chip, which means any fake card can only be used in machines where chip and pin is not implemented - often abroad". Source article: Bruce Schneier So why would anyone oppose the introduction of a smart card on the pretext of some conspiracy myth of privacy and security breaches? Technology cannot yet breach a chip easily and at low cost like it can a magnetic stripe.
Below is a description, and explanation, of the state of the art. However the practice in this country is more rhetoric and spin, on the part of banks (regarding security)a process largely ignored by governments and politicians, until now. The Australian government (May 2006) decided to move all citizen interaction with federal agencies into the realm of smart cards. The Australian Labor Party, has been caught, yet again, without a credible spokesperson, and policy, and as become the norm fails to give an erudite argument for or against, instead seeking a political advantage rather than a national interest position. The claim by the Honourable Kelvin Thomson, labor member, that the government's budget of $AUD1.1 billion is fictional is a throw away and feeble response to a critical issue. The budget is more than enough to produce the 15,500,000 cards necessary to address the fundamental issues of fraud, security and efficiency with savings in the multiples of billions. The Australian Labor Party opposition in the parliament would do better to consider how it might constructively deliver better services to the people of the nation via its membership of Australia's federal parliament. This matter is, as you will learn below, far more critical than the trite gladiatorial games the party hacks may play in the closeted world of political interest as distinct from public interest. The federal Labor Party, through its ignorance, is helping to maintain the world where your personal funds, identity, taxes and long term security are at risk.
In the emerging debate it is unlikely that the national interest will be the priority as stakeholders, and interest groups, jockey for their position and perceptions. The uninformed, and mischievous, will focus on the "identity" aspect of the technology rather than its extraordinary beneficial applications. The criminally inclined will want to keep the simple medicare card that allows them, and their complicit cheats, to defraud the taxpayer through pharmaceutical and medical rip off schemes. This is a billion dollar crime spree we do not need and costs us millions to hunt down and prosecute.
The Technology, Utilisation, Benefits, Pitfalls and Justification Explained
Authentication establishes trust by proving the identification of a participant in any communication, or in the case of conducting electronic business, in any transaction within the scope of the environment. Authentication solutions are designed to ensure that a person is who he/she claims to be and further that they are legally able to be a participant in the transaction process of a designated type. Transactions can be multiple in nature. The most common authentication used in public and private enterprise is the delegation process for approvals, access control into buildings and into computer systems. A limited number of individual enterprises have carried out pilot work and systems design for using smart cards to create large-scale authenticated access. These are predominantly in the finance sector. These trials in Australia are limited in scope to a small number of entities and are not a sign of the Australian financial sectors desire to take security seriously. These systems define the relationships between authenticated users and information, through the control of access to applications and services through a distributed network application focusing on authorisation level and who did what, where and when with auditing trails. The most common authentication systems in use in the community are in the banking and financial transactions sectors. The common belief is that the EFTPOS - PIN system is safe and yet it is one of the most at risk systems in use in Australia today. It has singular authentication. It identifies the card holder but the card user cannot tell if the system they think they are dealing with on the EFTPOS trader connection, at the ATM or on the Internet, is actually the one they think it is.
Justifying multiple uses for authentication solutions
It may not have dawned on some in enterprise, such as the recruitment and personnel agencies but their temporary staff and contractors, will have to have authenticated identification to enter federal government agencies. Similarly it will permeate into states and territories and sensitive private enterprise. Who will pay for that?
There are primary uses for authentication solutions within any industry or government sector. These are:
Information systems technology - logical access, that is log on and use the computer system. The Australian government's "access" card is somewhat of a misnomer, by industry terminology. The term "access" means to access government services, over the counter or via electronic or other means. Logical access is to do with physically using a computer or some form of technology such as the ATM. Our magnetic stripe credit or debit card is read by the ATM machine and a stream of data communicates to the host financial provider's system which then communicates to the financial network linked systems. This card is neither state of the art technology and nor is it secure.
Internally, an enterprise must ensure that there exist effective mechanisms for controlling access to networks, systems and applications from the perspective of their obligations under legislation, business efficiency and security. In the latter regard their internal systems with firewalls and other software and hardware may fit the definition of security but the focus is on their systems security and not that of the user. They would move swiftly to support the government's proposal for integrated smart card technologies if consumer security was a priority.
These logical access solutions necessarily cover both on-site and off-site requirements such as ATM and banking networks within Post Offices and other agencies, in shops (EFTPOS)and commercial enterprises and in customer enterprises. They also involve controlling employee (permanent, part time, temporary and contractors and other allowed persons) access to premises, and assets, which are fixed and mobile. They may be interactive with external users.
Facilities, infrastructure - physical access
Authentication mechanisms of a somewhat cumbersome and crude variety, by comparison to smart cards, are currently used as a means of restricting or granting access to buildings and facilities. These usually involve a single dimensional picture, name and proximity or magnetic stripe encoded object, which is ungainly and easily duplicated. They are far from tamper proof. Such security apparatus will not comply with the Australian government's desire for greater security in their premises and similarly sensitive corporations such as ports, utilities, airports, banks, transport and so on must look to new devices.
Proactive private enterprises, governments and agencies, would be looking towards convergence of their logical and physical access. The singular problem, as with other major public issues, such as the nuclear debate, the greater number are not proactive. They actually create barriers. In politics it appears that it is the labor party horse has to be literally carried to the water. Their contribution to making Australia secure has yet to surface. The Australian government is looking for a system of convergence (employees) and for selected levels of access (clients and public). It is expected that States and Territories in Australia are similarly planning and will follow suit. However the owner of this web site, Kevin R Beck, conducted an extensive mail out to senior ministers of states and territory governments. The replies indicated that it was only the Australian government that was actually being proactive with many states being well behind in comprehension and planning. A representative of the Western Australian government dismissed any further interaction stating, in writing, that the government had no plans to introduce authenticated identification cards. The Northern Territory and Australian Capital Territory governments did not reply as is par for the course and the Tasmanian government sent a post card size letter saying the "Premier" has noted the content. Queensland, South Australia and Victoria have asked for written details and a meeting has already occurred with representatives of the Victorian government, Department of Innovation, under the portfolio management of Minister and Treasurer, John Brumby.
One of the barriers to progressing any major complex initiative in Australia is the lack of lateral thinkers, and the poor research and awareness, of many in the public service and in advisory roles, to ministers.
The private, and public, sectors have at their disposal numerous authentication solutions for logical access, such as passwords, tokens, USB tokens, smart cards, digital certificates and biometrics, which can all be used either independently or in combination. An examination of the effectiveness of the interaction of the technologies, methods and capacities (largely due to poor induction and training) of the humans who manage them (particularly the front desk contract security person) indicates that physical access security is not taken very seriously in Australia. It is both archaic and substandard.
When choosing an authentication solution individual enterprises tend to focus on their own scale and lowest possible cost (including of the personnel), rather than taking a broader perspective of total system (internal and external) security, implications and overall benefits to society. Companies with proprietary interests are selling their products creating a diversity of applications and products at the front and back end of the processes many of which are outdated, cheap and cannot be upgraded.
Smart cards as a secure and reliable means of electronic identification are the system of choice for modern enterprises. The smart card applications, which most will be familiar with, are the transit systems, of Asia and the physical access solutions developed by large corporations such as, Siemens, IBM and applications by chip manufacturer, Gemplus.
Cards capable of carrying individual stakeholder data and records
U Sim - 16kb - 64kb
U Sim - large memory MB-Giga
The microchip (contact or contactless) within the smart card can be used incrementally (upgradeable depending on RAM size of the chip processor) to store, protect and modify information, thereby offering flexibility for information, sharing and transfer, between parties who are allowed in a transaction. The employer, department or enterprise can choose the level of credentials security required for an employee or client including static and dynamic passwords, digital certificates and private keys, biometrics and pictures.
The justifiable benefits of smart cards
Of the various authentication mechanisms smart cards are the only technology that offers a cost-effective solution for both logical and physical access, across the whole spectrum of activity and service delivery. As well as these inherent security capabilities, smart cards can be used to host multiple applications, enabling consolidation of services on one card, which promotes cost savings and efficiency as well as new services. For example the telecommunications industry's multiple business activities, described below, lend themselves to Smart Card applications technology.
1. Fixed and mobile access services
2. Mobile music
3. Mobile commerce
4. Mobile tickets & room keys
5. Mobile email and internet
6. Mobile photo and video
7. Mobile television
8. Mobile gaming
9. Mobile GPS
Think of all of the stakeholders in your particular enterprise equation. Think of the primary application and who benefits? It is a somewhat trite dismissal of deep evaluation to refuse to consider the Australian governments proposal purely on the grounds of some perceived "big brother" syndrome or fear. There are very valid economic and social reasons for industry, community and interest groups, to work together on a suitable compromise solution. Like the uranium debate, the level of maturity of some in politics, industry, interest groups and community, leaves a lot to be desired. The Australian Banking Industry could be taking a motivating lead in the discussion, design and implementation but appears to be adding little if any value from a corporate citizen perspective. They have as yet not demonstrated that they are going to take a constructive or risk oriented stance, with a record of preferring positions of self interest. This does not reflect well. Evidence, the management practices, customer services, products, facilities and technologies placed in the customer's hands and one might be lead to conclude that bankers are not the most innovative thinkers, and actors, in Australia's industry landscape.
Below in this document are cost savings, and productivity improvements, through application of smart card technology to work flow, services and reduction moving to, ultimate, elimination of fraud. Privacy Issues
There are three levels of smart card:
1 Static data authentication, the lowest level of protection with limited interactive capacity in terms of security because a fake or duplicate card is not detected by the reader terminal.
2 Dynamic Data Authentication, the next level, where the reader can detect a fake or duplicate card using data verification and random challenges, and
3 The highest, and most secure, level of card, the Combined Dynamic Data Authentication/Application Cryptogram Generation (CDA) which can detect communication probes, faked and duplicate cards.
This card can interrogate the host data system (i.e. the Australian government's Centerlink, Health Insurance Commission and other systems) before it is interrogated and can decide what information is imparted via its programmed technology. It can come with an onboard chip capable of storing data in megabytes and gigabytes.
This 3rd card is what people, and interest groups, concerned with privacy and security should demand from their governments (state, territory and federal and their banks and other card providers). It is the one that puts control in their hands. If governments, and companies, really want ensure that Australian society is secure, as free from fraud and identity theft and is as efficient as technologically possible, then they should issue an appropriate card to the user with the maximum chip size necessary to do the task. On that chip reside the user's data, history and personal details. The card user can download the data from their smart card, and regularly put a backup copy onto their own computer if they want through an interface which could be bought from an electronics/computer store or smart card equipment provider such as Datacard South Pacific.
The card owner can choose to store their backup chip contents copy on a secure and provider system of choice that they trust, spreading where Australians store their personal details and card content for backup purposes. On the government systems, the retailers, the agencies, the banks and any other large computer systems, would reside only enough data to verify that the card holder is eligible for the transaction, the name and a secret key (ICC) and the software programmes necessary to communicate, make, and record, payments and services. The card chip can be encrypted requiring that the user be on line with their smart card giving a response to the system before someone in an enterprise, or a hacker, or rogue computer system, can open any personal files or access any data. Audit trails can be stored on the personal smart card as well as the computer to which it is communicating. This acts as a disincentive for anyone to try and gain unauthorised access. The card should have a magnetic stripe with substrate particle fingerprints (not an actual fingerprint of the user but a unique alignment of metal fragment patterns) and embedded noise both of which cannot be replicated.
The smart card is far less vulnerable to attack, compromise and fraud than the existing PC and network systems and financial transaction cards in use such as the one-dimensional magnetic stripe credit card which relies on using a PIN. "Skimming" are the buzz words that denote these cards as being highly insecure and vulnerable. Once the number and the PIN are known a card can be produced quickly.
Add to this the practice of gathering personal data from garbage bins and tips and the spectrum of insecurity broadens making fraud opportunity, and actuality, measurable in billions of dollars. The smart card, as a secure data holder, is mobile in the hands of the accredited party whereas the current magnetic stripe is very machine dependent and gives up its data relatively easily without a fight. There is a new magnetic stripe technology available that is more resistant. It creates a "metallic" fingerprint in the substrate and encodes a noise signal on the card. These are very hard, if not impossible to record and duplicate.
Smart cards are encrypted and they turn off if they are fondled, and interrogated, too much by unfamiliar inquisitors. The functionality of smart cards in providing strong two-factor authentication set smart cards apart. A smart card will interrogate the system at the other end before it is interrogated itself by that system. The card owner can be assured that they are dealing with who, or what, they think they are at the other end or the smart card will decline to be involved in the relationship. The combination of something a user has (the smart card) and knows (a PIN or password), coupled potentially with the user's physical make-up (e.g. a fingerprint, picture) as well as with an encrypted chip is common sense. The proposition that the current EFTPOS system using a magnetic stripe card and a PIN even with signature, in isolation of encryption and two factor identification, is secure, is ludicrous by comparison.
Regulatory compliance factors.
Many private sector enterprises, such as those operating in the financial, prudential and telecommunications sectors, are subject to regulatory regimes. Smart cards can incorporate one or all of these requirements and imperatives.
Conformance to delegations and authorities
Licenses to operate and conditions under which transactions may occur
Contract and other regulated payments systems
Approvals and benefits (class of client/customer and eligibility)
payments, automatic auditing and fraud elimination
Integrity of the system and data security
privacy and consistency of user data and records
The Australian government Human Services portfolio incorporates a range of services and policy agencies. There are seventeen agencies and these include, among others) Centerlink (welfare and employment support in concert with the Department of Employment and Workplace Relations), Veteran Affairs, Family Services, Child Services, Carers, Hearing, Medicare (with cooperative arrangements from within the Health portfolio including pharmaceutical benefits and programmes) as well as support services in disasters such as hurricane Larry (10,000 homes destroyed, farms wiped out and 23,000 insurance claims), flood and fire, other welfare such as food vouchers for purchases in supermarkets.
There are 20,000,000 people enrolled in Medicare, and there are 8,500,000 Centrelink accounts. These are serviced by 850 outlets, 40 call centres and 38,000 staff. Centerlink will advise banks that an individual has access to an amount of funds. They use their ATM card to get to these. This is a paper system. There are 580 forms in Centrelink. The system overall holds 60,000,000 scanned and verified documents. The departments handle about 60,000 address changes per day, with 250,000 individual client services, 180,000 telephone contacts and 400,000 pieces of correspondence. There are 600,000 clients who have to return for services because they have incomplete identification documentation which is currently four identifying documents. These can be a driver's license, passport or student card (with photo) none of which are really authenticated identifications since they are obtained by providing paper records such as birth certificates. The balance of two items can be utility bills, rental leases, a library card or such. It takes 3 - 4 minutes to process these four documents. Every year the government agency replaces 500,000 medicare cards. The medicare card, with no photo or other real identifying security, is used to transact business with doctors, pharmacies, hospitals and other agencies. These transactions range from values around $20.00 to $00,000 or more per individual. people give their cards to relatives and friends particularly when they have reached the annual expenditure threshold, of a few hundred dollars, after which the Australian taxpayer picks up the bill. The opportunity for fraud and actual fraud approaches $3 billion dollars per year. Add to this the fraud in the financial sector and it can be seen that Australian governments (particularly those of the past who have had access to this technology), including state and territory (current governments) and all commercial enterprises (banking, retail, services, transport) operate a pretty sloppy, and cheap system, with attendant security risks. This information, and high risk along with the actual value of annual fraud, in governments and enterprise (public and private) has been kept from the public. It can be seen why critics such as the Australian Labor Party, the privacy groups and commercial enterprises, who present shallow and simplistic arguments should be dismissed. Technology exists to enroll, photograph, identify and verify a person's eligibility to receive government benefits. It is tried and tested. Capture equipment exists, to international standards, such as FIPS 201 and ICAO, to create highly secure data, card and e-document environments which will enhance privacy well above the standards in Australia today. Australian privacy is really not protected with the devices and technology we are using and the state, federal and territory governments policies, processes and systems. Tasmania, Western Australia and South Australia have no plans to introduce smart cards but are watching the federal government's Access Card project closely. The Australian Capital Territory and New South Wales are silent on the matter. Perhaps they have no imagination for a[applications - birth and marriage registration, land titles and other agency documentation called be converted to the smart card in the person's wallet. However such customer, and citizen service, oriented technology applications might deplete government coffers.
Queensland has a expression of interest (EOI) out (August 2006) for a "smart card" driver's licence. This EOI has a process, and a timeframe, for technology assessment, two pilots and planning stretching from October 2006 to November 2009. Queensland has had a driver's licence test centre for smart cards for many years. What have they learnt from that? Reading the EOI apparently very little. The documentation implies a clean slate in terms of awareness and knowledge. The EOI reads as if Queensland is about to assess something mystical and complex. Smart cards are used in 120 countries, not including Australia. The EOI refers to Queensland as the smart state? The Smart State seems unaware that implementing a driver's licence is actually a piece of cake. A smart card driver's licence can be implemented in Queensland and integrated to the Queensland Department of Transport in house "Trails" computer system in under a twelve month time frame. Probably nine months at most. This EOI is an example of the poor take up of technology and a demonstrable lack of awareness in government (by legislators) and the bureaucracy of technology and application. Alternatively the Queensland government may be waiting to piggy back onto the Australian government Access Card in 2009? This would save the Queensland government millions. Surely the government would not be misleading and wasting bidders time and resources in such a cynical manner? However the Australian government, Minister Joe Hockey, would be well advised not to complicate life by populating the federal government access card chip with other applications at such an early stage. The question is why does Australia not have a common driver's licence? The answer is - political and bureaucratic self interest and revenue. Australian governments, and bureaucracies, demand compliance to standards in their tenders but do not apply common platform standards to public policy and systems. The Australian driver is being fleeced (money wise) on their licence card production, and issue, charges. New South Wales has one of the easiest licences to copy in Australia. How does this sit with the national security policy agenda?
Development of standards and compliancy issues in determining product choice
The smart card can go a long way to creating efficiency, eliminating fraud and risk. If implemented in government and the financial sector it will have a payback exceeding $5,000,000 per annum by the year 2010.
Smart cards conform to international standards in terms of content, communication, integrity and security from attack and violation. Customisation of the card is the key to making it tamper evident. The card or document must have both covert, and overt, security features to enhance the authenticity. The internal operation of a smart card can be expanded, and upgraded, to take account of changes in government policy, laws, corporate policy, approvals and authenticated transactions as well as new technologies.
The smart card personalisation production equipment, chosen by enterprise, can be vendor independent to allow flexibility of pricing and competition whilst ensuring secure control and production at the foundation level. Datacard South Pacific a part of the worldwide Datacard Group, for example, is a vendor independent supplier of the platform technologies (production equipment, software and back room management systems) that support open systems card design (all types including smart cards), security, authenticated identity, and the differing natures of transactions, production and distribution. This company creates, and represents the world standard and the highest security available.
· High volume data preparation (up to 60,000 records per hour)
· Scalable applications adding high security mechanisms
· Any volume of card production
· Separation of data preparation from personalisation
· Migration to an enterprise environment
· Branch office production
· Emergency card replacement
· Scripting methodologies for flexibility of card manufacture interface and determined applications use
· Thales P3
· IBM 4758 HSM
· Global Platform Standards V1.1 - V1.3
· Visa VSDC 2.4.1/2.5.0 SDA/DDA and Mastercard M/Chip EMV standards
· ISO 14443 contact less
"EMV" is an acronym often referred to mean the specifications issued by EMVCo, LLC covering the operation of Smart card payment cards. Vendors refer to being "EMV Approved" when their products have been certified as having passed tests to ensure compliance with these specifications. Europay International, MasterCard International and Visa International formed EMVCo, LLC ("EMVCo") in February 1999 to manage, maintain and enhance the EMV Integrated Circuit Card Specifications for Payment Systems as technology advances and the implementation of chip card programs become more prevalent.
The objective of EMVCo is to ensure that single terminal and card approval processes are developed at a level that will allow cross payment system interoperability through compliance with the "EMV" specifications, Europay, Mastercard and Visa Integrated Chip Card Standards. The latest version of the specifications, EMV 2000 version 4.0, was published in December 2000. It is envisaged that the specifications will in the near future be supplemented with support for lower voltage cards and a definition of a contact-less interface to EMV chip cards. The EMV Specifications are built upon the existing ISO 7816 series of standards for Integrated Circuit Cards with Contacts.
The ISO 7816 standards were developed by an inter-industry group and thus contain options applicable to certain sectors only. (Source of EMV description: Acces Keyboards Chip and Pin, United Kingdom)
Contactless smart cards
Currently all issued smart cards have a contact area on the front face of the card to interface to a payment terminal. Contactless SMART cards do not have a contact area, but have an embedded inductive loop aerial which allows them to work in proximity to a contactless card reader without physically making contact. Although not EMV compliant, these types of cards are already used by several toll systems and mass transit operators including the London Underground. EMVCo has worked with the ISO/IEC JTC1/SC17/WG8 committee to come to a clean solution for supporting Contactless Technology Cards and Terminals in the EMVCo specifications. An amendment to the EMVCo V4.0 book 1, detailing the technical changes for supporting Contactless Cards and Terminals, issued by the end of 2002. The standard is therefore still evolving and in the past hardware suppliers have been forced to discontinue products previously believed to be EMV approved. (Source of EMV description: Access Keyboards Chip and Pin, United Kingdom)
Determining the solution and the rate of return on investment.
Consider the complexity of the decisions, and the factors, you must address in evaluating card differentials and the technologies. Datacard South Pacific (www.datacard.com.au) can advise the appropriate technology to suit specific and diverse needs.
1. Planning and Design
4. Investment Optimisation
Enterprises, and government agencies, are able to determine indicative cost and productivity data if each element, described below, is considered, determined and tabulated. Banks might argue that smart card authentication systems require more sophisticated communication protocols increasing the physical operational costs of their own and other retail networks - ATM and EFTPOS machines - by millions of dollars. These costs are well and truly offset by:
Reduction in the costs of maintaining legacy technologies through human management and intervention - e.g. passwords
Passwords require internal system management and are prone to cyber attack and systems violations.
It is a very costly human activity within the government and commercial environments. Smart cards solve the problem of passwords and lessen the human component of password maintenance and application.
Enterprises can reduce overhead costs through the improvement in efficiency gained from combining physical, and logical, access and services payments (benefits) approvals streamlining the productivity internally and externally.
The investment can be measured against the financial criteria of compliance with budgets; costs and the return on the investment measured in pay back timeframes and cost reductions and increased productivity over time.
It is therefore important for board members and executive and line management to understand the potential financial returns that smart cards solutions will generate within their business and community operations. It is vital that citizens understand how smart card technology will improve and secure their livelihood and daily existence and allow them to access and receive the benefits of technology to its fullest capability.
Reducing the varying methodologies, and costs, of management and control and external interactions and systems
The current systems are diverse and there are inconsistencies of costs, controls and security across similar enterprises within sectors. There are (as at August 2006) only two card personalisation bureaus that have the technical capability, with their hardware and software, to personalise credit cards to high level security standards. This means that the bulk of the cards being churned out in Australia, and all cards being personalised in New Zealand are open to security breaches and fraud. The elements of management should be consistent, and controllable, across economies and at the operational levels to take advantage of economies of scale as well as conformance to national and international security considerations and agreements. This is particularly so in relation to international agreements on money laundering and anti-counterfeiting as well as movement of funds across borders. Money launderers buy gift cards to wash their cash and thus the retailers and the card personalisation enterprises that make these low security products are contributing to the ease at which laundering can be effected.
Smart cards can be acquired at an equivalent cost to USB tokens and digital signatures, and are cheaper than biometrical authentication solutions. They can be standardised and thus are cheaper than proprietary solutions provided that vendor independent foundation hardware and software providers are used.
Systems integration, the diversity and disparity of existing systems can be reduced and eliminated over time.
Contactless (cash less) payment systems e.g. canteens, social clubs, smart credits and debits, e-wallets and any need for payment internally or by direct credit to an external e-wallet in the hands of a customer.
Imagine how much easier the lives of people affected by the Larry Hurricane, in Queensland, would have been if we all had smart cards. The ATM's, and banks, were out of action yet the community could have functioned. The supermarket trucks coming in could have had satellite capable terminals. The Australian government could have placed the $1,000 aid grant directly into the holder's record account at Centrelink, their bank, any system. The recipient could have got their vital needs, clothing, food etc. and simply swiped their card across the reader or scanned it by other means and paid for the goods. The holder does not need to have a bank account. The card can draw from the Australian government approved recipient account within Centrelink. So it goes for medicare and for any government service.
Security - fraud detection, and elimination, remains the greatest justification for smart cards. There is fraud everyday across Australia in our government agencies and thousands of investigators are working to reduce it, eliminate it and get the money back. It is measured in billions in social security, medical, credit card and finance fraud. It is in the multiple billions. We demand that the government eliminate it and yet we tie the government's hands with nebulous arguments about privacy and our poor understanding of the capacity of technology to eliminate fraud and protect our privacy. We do not trust our governments yet we are always ready to demand that they look after us when we are afflicted by a bad event or circumstance.
More sophisticated capability including isolating incidence occurrences
No footprint fraud investigation capability
Theft and fraud detection, reduction and elimination
Elimination of counterfeiting opportunities.
The replacement of a lost or stolen smart card comes at a cheaper cost than alternative authenticators. The smart card internal authorisation code can be changed eliminating the previous card from the system.
Public key and biometrical solutions stored on a smart card are far less vulnerable than on a PC desktop, legacy system or external user or contractor system.
Security in using collaborative web services
Single sign on that translates across multiple enterprises.
Portability (smart cards move with the user and do not require mandated static hardware access) which increases serviceability and makes fraud all that harder to effect.
Satellite and mobile communication capability.
A smart card that masks, or eliminates its tracks, during or immediately after use would be a great aid to people who investigate major crimes.
It is security and elimination of fraud worth billions from our government and private sectors, that Australian citizens should be demanding. We need new technology credit cards and a card to receive our benefits and services from government and the companies with which we deal. The financial sector appears to put costs, and profits, before risk assessment, avoidance and protection of is customers' assets, privacy and security of information. The skeptics rave on about privacy, and conspiracy, surveillance and skullduggery, without doing an evaluation, or gaining real knowledge, as to what it is costing them personally in higher prices and lost public infrastructure and service because criminals are stealing billions from our taxpayer funded systems and banks, retailers and any other places where it is easy to carry out criminal activities. How much does criminal activity add to the cost of goods and services and how much does it divert public funds from public benefit. Is my personal data so important that the nation should collectively bear that enormous cost. As they say, "get real".
The credit card, and other cards, in your wallet issued by your Australian or international bank, credit union, building society, airline or any other entity are not safe. The medicare card invites fraud as do most other bits of plastic including our driver's licenses and birth certificates. The identity cards we take to work and use to enter government buildings and other sensitive enterprises are a joke. Particularly when the receptionist at the counter is an outsourced, under trained security guard, who will accept a verbal nod or word, that it is okay to let you in. Recruitment companies are providing staff, across the nation, often on a moments notice (temporary and contract) whose identity have not been originally authenticated and who are going into places without any secure identification.
In the Australian Defence Department, the external recruitment agency that is the major supplier of temporary and contract personnel will simply send a body and they get in to our most sensitive locations without strict and constant secure procedures and personal identification. The company rarely if ever has checked their identity, and these personnel carry no authenticated identification. They may not be the original person designated to be there. In any location you go where there is a security desk you will observe people playing at checking and identifying people. Every day in our government agencies staff and investigators use rudimentary methods to try and stop fraud.
The cards we carry are collectively not secure unless you have a very specific type of card manufactured specifically with security and authentication as the priority.
These enterprises upon some other entity carrying the burden of recompense. In the lives of citizens this means that currently the banks and credit unions are relying upon Visa, Mastercard, Amex and Diners and so on, to take the risk and compensate you when your card security is breached and purchases are charged to your account. Things are about to change as these companies are telling Australia's banks and financial institutions and retailers that they are not going to take the liability any more. Similarly other companies such as Frequent Flyer (airlines) and similar loyalty programmes are using lower standard produced cards which can be easily copied. Again it is about not wanting to spend the money necessary to protect your security. They want your business preferably without any, or as minimal as possible, liability on them.
What of the vigilance of our policy makers?
The Australian government is trying to do something about all of this. Yet the state and territory governments, some politicians, the banks, the critics and the stakeholders of antiquated systems and technologies are all seeking to frustrate the progress.
Interests within the IT departments of enterprise and government, and the large computer manufacturers will want to protect their current and future interests by convincing Ministers of governments, CEOs of companies, their executives and clients to keep all the data to be used in the smart card project on mainframes in the central offices.
· Make the IT people indispensable and grow their influence and control
· Guarantee the revenue, maintenance and ongoing high cost of existing legacy systems to the large companies whilst extracting maximum dollars from the implementation budget by arguing the enterprise needs new, and ever bigger systems. Likely leading to cost blow outs in implementation costs of the projects.
· Risk networking of the systems between government departments, and external parties, enabling access of the information for whatever purpose deemed necessary by the public service, the government of the day and major corporations.
· Support the departments' central control that allows the card content, and capability, to be altered after it has been issued without necessarily having to notify the holder.
The Australian Privacy Foundation, and others, are marshaling their resistance and are communicating with like interests overseas to garner arguments for their case. It is possible to influence the development of cases and to counter fear mongering.
The privacy and security of data in these large systems cannot be guaranteed since the data is under many peoples' control. However it is possible to place the data in the hands of the consumer of service. This is true interactive authentication and control. This method of design, and implementation, would:
1. Limit the personal data held on the government's large computer systems
2. Save the public service money in terms of computer hardware and software
3. Allow the user to determine where their smart card back up data is stored
4. Allow the user to negotiate what is on the card and limit what is sharable between departmental and other agency, computer systems.
The big computer companies arguing for large central computer systems do not make state of the art capture and smart card production systems so they have to push the entities towards their systems opening up the security and privacy debate. They are integrators of systems.
The provider of the personalised card should be vendor independent.
That is the card personalisation company should be capable of working with the existing large computer back room systems of any make, or of managing the production and deployment of cards independent of the suppliers of existing large systems but capable of communication and interaction with their systems.
The issue for any supplier of smart cards, and computer systems, should be what does the consumer (card user) need to make them feel secure in their privacy? Which manufacturer interest is arguing their case in Australia? Not the big legacy computer systems and their supporters because they want big systems to sore and integrate and network the data.
The Australian media tends to run trite hysterical and fanciful pieces without examining and informing the public. It makes for better stories if there is sarcasm, conspiracy and 1984 themes to trot out. Fiction is more enthralling than fact. The sad fact is that there is little mature debate, on major policy matters like this and there is no common ground. The prurient interests of an antiquated, and slow to grasp what is over the horizon, financial sector, the under performing, and narrow minded, corporate executives, with limited horizons and a here today mentality, the vested interests, such as the privacy theorists, the lawyers, etc. etc. etc. are all working to scuttle the Australian government's plans. There are legitimate considerations and it is not intended to make light of them. It would just be a little easier if people would actually learn something before they run off and make accusations and claims. The proposition that governments will create huge databases and that police and pharmacies, doctors and other places will have card readers to access the information and store it, network and distil it belie the fact that to do this would cost mega-billions. These costs are beyond all of Australian's enterprises and an attempt to do so would bankrupt the small, and the large, snoops who are alluded to but never identified.
Are we suspicious of our fellow citizens? The bodies the privacy worriers, and critics, are pointing at are staffed by people who live next door and who carry cards themselves and are users of the system. Do we consider that they have separate personalities and ideals to us? Are they robots who with malicious intent have Jekyll and Hide alter egos?
Alternatively there are those commercial enterprises trying to avoid having to spend money to make Australia more secure. It is of no consequence to these people if the government is exposed to massive fraud. Their personal privacy issues, their personal corporate empires and their vested interests, fears, ignorance and misinformed views, are of greater significance.
There are some serious academic papers on the topic but they are not contemporary and they authors are informed as to the cutting edge production of today's real cards. Not the bits of plastic we are issued with by our banks, credit unions and myriad of service providers.
The greater number of Australian people are disengaged from government and significant social issues. They rely upon gossip, anmecdoteal stories, biased unfounded perceptions and the media for their opinions and views. They are too busy to inform and to educate themselves to the facts. Ready to offer opinions are the commentators and a few adjacent ideas. The merchants of doom peddling hysteria, the shock jocks, their favourite television host and talk back reality shows to inform their views. They have their place and are right and able to express their views and worries, concerns and fears. Meanwhile they, like the rest of us, are being robbed blind and the criminals are laughing all the way to their banks.