A couple of weeks ago, I gave a presentation in Brussels at the European e-ID Card Conference. The central question of the conference was: “e-ID right first time?” In other words: “Are we going to hit the nail on the head at the first time with e-ID?” I was asked to provide an answer after having analysed the legal issues related to interoperability of and trust in the deployment of e-ID cards. I concluded, that from a legal point of view, things have not been done right yet. Therefore, it is very unlikely that we will get it right the first time with e-ID cards.
Let me explain to you how these questions originated from the legal analysis of interoperability and trust issues related to e-ID cards.
Interoperability and trust (in the sense of acceptance) are the two key elements of the European Commission’s new strategic framework i2010. Through i2010, the Commission promises that a great deal of progress on e-ID will be made in the next five years.
Interoperability is defined as the ability of IT systems and of the business process they support, to exchange data and to enable the sharing of information and knowledge. Enabling systems to exchange information is very effective. In fact, services based on that information improve in speed and completeness, and lower the costs.
However, information related to e-ID is usually personal data. Therefore, the easy availability of personal data and the possibility to match them present a threat to citizens’ privacy. The solution to this threat is security. Security consists of three basic elements: the technological element (technological solutions that prevent violation of citizens’ right to privacy), the legal element (rules which protect the right to privacy), and the human element (competent and trustworthy staff that apply the technological solution and legal rules). Security exists only if all the three elements are in place.
Let us take a concrete example – European register(s) for travel documents and identity cards. Most Member States will create their own databases of travel documents and identity cards issued, including biometric identifiers enrolled at application. The effectiveness of these databases could be significantly enhanced if a register of indexes is established at European level. Alternatively, national databases could be interlinked. Whatever the adopted solution will be, it would allow a check on the authenticity of every travel or ID document issued in a Member State and to determine, using biometric information, the identity of any person to whom a travel or ID document was issued. This approach could also contribute to the identification of disaster victims and unidentified bodies. On the one hand, both the European register and the interlinked national databases will be very effective solutions. On the other hand, the collection of personal data in a unique database or in interoperable databases represents a big threat to citizens’ privacy. The principle of proportionality, finality, and data minimization are of particular relevance when it comes to the creation of the European register for travel documents and identity cards.
In fact, the data could be collected in compliance with these principles. However, once the data are stored, either in a central European register or in Member States’ interoperable databases, the potential risk for abuse is high, e.g., matching of data to profile citizens, data being accessed by non-authorised staff. Any processing of those data for purposes other than the ones they were collected for will be not proportionate, and it will be against the principles of finality and data minimisation. “It must be noted that all the relevant data protection authorities including those that welcome the creation of national registers, have recommended not implementing a European register, due to the potential for abuse. The creation of such a register should therefore only be envisaged if access is strictly limited and if searching the register is justified by an overwhelming and imperative public security interest” (COM (2005) 597 final). Security is profoundly needed to protect citizens’ privacy.
Technologically speaking, the systems which host citizens’ data need to be configured to allow the data to be used only for the purposes they were collected for, to minimize the use of the data for the service required, and to allow access to the data only authorised people. A balance between interoperability and security, the communication and non-communication of the systems, needs to be struck by means of adequate technological solutions.
From a legal point of view, Article 8 of the ECHR together with the implementation in all Member States’ legal systems of the principles of proportionality, finality, and data minimization may grant protection across Europe against any public authority interference with citizens’ privacy. However, the protection offered by these rules could be halted for reasons of public safety and prevention of disaster and crime, i.e., the fight against terrorism. As the citizens’ personal data have been collected and could be processed by a public authority for a fight-against-terrorism reason, citizens’ privacy will give way where governments decide to use that reason. In other words, governments have created a situation in which they can legally collect and process citizens’ personal data as they wish.
Last but not least, I will consider the human element of security. At the end of the day, technological measures and legal rules have to be applied by human beings. An IT system can be very secure, but if the persons who use it are not competent, the system will fail. The deployment of e-ID cards requires IT training for staff who were used to working with paper-based documents until yesterday. Furthermore, staff needs to be carefully selected; in fact, apparently, the majority of security incidents are caused by insider attacks. This means that secure systems that have been properly set up are still at risk from people who have legitimate access to those systems. Moreover, if, for example, a claim on alleged violation of privacy by means of new technologies is brought before a court, the judge will need to have sufficient knowledge of the matter in hand to be able to decide on a case. Judges have already showed their deficiency in dealing with both privacy and technology-related matters. I do not see staff and judges’ training high (if at all) on governments’ agendas.
In conclusion, interoperability should be achieved by finding a balance between efficiency, citizens’ privacy protection, and security, with special care for the capability of the human element involved in specific procedures.
Beside interoperability, trust, in the sense of citizens’ acceptance of e-ID cards, is a key element of the European Commission policy on e-ID. Trust can be considered to be the voluntary giving up of control over something valuable to another person or entity based upon a choice to place faith in the ability and willingness of that person or entity to care for the valuable thing. In the present situation, I think that citizens voluntarily give away their personal data for e-ID cards with the expectation that governments will protect the data and process them properly. Furthermore, citizens expect to get, through the e-ID system, equal treatment, better mobility across Europe, and better public services, not just in their own country but in each Member State they happen to be. This is also what the Commission called for in the communication on “Interoperability between national administrations for pan-European eGovernment services” (Reference IP/06/216, date 23/02/2006). So far, governments have imposed e-ID cards on citizens. However, in order to make citizens accept e-ID cards, governments have to fulfil citizens’ expectations.
Concerning citizens’ privacy expectation, I refer to what was already pointed out before on interoperability. Let us now focus on citizens’ expectations to equal treatment, better mobility and better services across Europe. All these possible advantages expected by citizens depend on interoperability and Member States’ mutual recognition of e-ID cards. From the technical point of view, “[T]he EU is still a long way from European-wide interoperable eID solution. (…) European countries usually develop their national solutions without thinking in European terms first and only at a later stage think about European collaboration” (FIDIS - Future of Identity in the Information Society No. 507512).
From the legal perspective, the requirements for e-ID cards are not uniform in the European Member States and this frustrates mutual recognition of e-ID cards. Moreover, legislation in the area of identity management is also different in EU countries and this hampers interoperability at the legal level. Equal treatment, better mobility, and better services across Europe also depend upon the communication between Member States’ public administrations and the openness of the staff to procedural changes for the benefit of uniformity. Previous studies have already pointed out such issues as the lack of spontaneous information exchange between public administrations in Europe, the language barrier, and widespread resistance to changes in public administration procedures, a sort of culture of “but this is not the way we do it round here!” Again, as for interoperability, also for mutual recognition of e-ID cards the human element also needs to be taken into consideration. Investments in staff education and campaigns to break down cultural barriers are strongly needed.
Summarizing, interoperability and trust issues related to e-ID depend on technical, legal, and human elements. I have showed that the technical element is not always developing in the right way. Furthermore, from the legal point of view things have not been done right yet. Moreover, the human element seems to be the weakest link and governments should not underestimate it. All in all, my answer to the question: “e-ID right first time?” would be very unlikely.
Given this analysis, it seems to me that e-ID represents a great threat to citizens’ privacy; the conditions to fulfil citizens’ expectations are not in place yet. So why do governments still proceed with e-ID programmes? And, “Whose e-ID right is it anyway?”, “Who benefits most?”
In fact, governments have taken the right to profile citizens for reasons of public safety and prevention of disaster and crime, in other words, for the fight against terrorism.
We are witnessing a scenario of power accumulation. There is an implicit threat to privacy in the accumulation of vast number of personal information government databases. The threat in question is not only the possible use of this information for, e.g., intrusive profiling of individuals, but also the creation of a situation in which one actor accumulates so much power that it becomes difficult for a society to define accurate checks and balances. The Swiss philosopher Benjamin Constant therefore reversed John Locke’s concept of trust. One should not too easily assume that the interests of governors coincide with the interests of the governed. He argues that rulers should not be expected to be competent. They have been and will be rarely above average, either morally or intellectually and often below it. Not the state, but the individual should be trusted. Constant introduced the principle of preparing for the worst into constitutional thinking.
Assuming then that technology fulfils its promise, the discussion should not be about the risk of errors, but about power, about possible limits of actors in society to know.
I would like to conclude as I started, with a question, but this time to the reader: Is this article a symptom of a popular form of technological anxiety directed to what is new that I contracted in the course of my studies on e-ID? Or is it a clear account of a scenario in which individuals are slowly but constantly stripped of their rights and liberties for the benefit of accumulation of the government power, in other words, another step towards the realisation of the ‘surveillance society’?
Autor: Paolo Balboni
Quelle: eGov monitor, 24.04.2006
