Technology, Thoughts, and Trinkets

(Source)

The Vancouver Sun has an article that was written by Phil Chicola, U.S. Consul General in Vancouver. Entitled “To RFID or not to RFID, that is the question,” it is yet another part of the ongoing propaganda war surrounding the embedding of RFID chips in regular consumer products. In the recently released Canadian Border Services Agency (CBSA) Privacy Impact Assessment of the Enhanced Drivers License (EDL) program, we find that,

An effective external communications strategy will be developed by the [Provinces and Territories] with the assistance of the CBSA to ensure that the Canadian public is made aware of the significant privacy safeguards that will be put in place and the constraints that will be imposed on any subsequent use of personal information, especially sharing with the U.S. in consideration of the U.S.A. Patriot Act (29).

What this has amounted to in Ontario has been a persistent insistence by government officials that because the Radio Identifier that EDLs emit is not tied to any *other* piece of government information (e.g. the RFID number is not generated from an association with your driver license number, birth certificate, etc.) that the identifier isn’t personal information. Thus, while you will be broadcasting a number from your drivers license to anyone with a reader, that isn’t ‘personal’. Let’s turn to the Vancouver Sun article, and see how it squares up with the Canadian propaganda, shall we?

[EDLs] were created for frequent travellers, easy access and fast use. As you wait in your car to cross the border, having the kind of document that can only be read when you hand it over to the border official does not speed up the crossing. So this type of chip can be read by the border official’s machine from several feet away — even when you are in the next car waiting to cross. One thing that’s important to note though, this kind of card has NO PERSONAL DATA embedded in the chip.

Instead, it has a number which, when read by the right database, connects the user with his other personal data. And those databases are also protected with security measures against unauthorized use.

Privacy and preventing identity theft are important considerations in choosing the kind of travel document that is right for you, as are the convenience benefits.

We’re concerned about these issues as well since one of the key goals in mandating secure documents is to make sure they are secure and that people are who they claim to be. Cases of mistaken identity when travelling will become rarer as people opt to establish their identity through these kinds of secure measures. (Source)

So, let’s clarify some things. What is the possible read distance on an EDL? How powerful a radio receiver can you create? The more powerful the antenna, the longer the range. Conservative estimates, with standard off-the-shelf-readers RFID readers, place read rangers at up to 10-50 feet.

Next, while American citizens may not legally have personal data situated on the chip - I don’t know American privacy laws and regulations well enough to definitively say either way - the Canadian privacy commissioner has come out and said that where a number can serve as a proxy for an individual that that number is classified as personal information. Hence, your Social Insurance Number is classified as personal information because, even though it is ‘just a number’ it can (and is) used to identify and service Canadians. A difference, of course, is that there is a more prevalent need to get a SIN, as they are needed to work in Canada.

When they are referring to ’secure measures’ are they referring to ‘broadcasting the number associated with the RFID in the clear, with no encryption?’ The article seems to allude that there will be protections with the EDL numbers, just as there is with American passports, but to clarify that: there is no such encryption in, or planned for, EDL identifier numbers. None. The technical specification for the RFID chips themselves does not allow for encrypting the number. The most ’secure’ thing about the EDLs is that the database will be house in Canada, following outcry by the privacy commissioners of Canada - being safe from the Patriot Act is a good first step, but it’s a first step along a bad road.

(Source)

An update to my last post concerning the location of the EDL databases: Jim Bronskill, with the Canadian Press, is reporting that the CBSA and Canadian authorities are shelving ideas to place the EDL data in the United States. While this certainly alleviates some of the privacy-related concerns with the EDLs, the Office of the Privacy Commissioner of Canada put it well:

“All in all, we are pleased to see that they listened to some of our recommendations, but we remain hopeful that they’ll heed to many of our other concerns,” said Anne-Marie Hayden, a spokeswoman for Stoddart. (Source)

It is nice to know that a massive amount of personal information isn’t being stored in the US for cost management reasons, but this doesn’t alleviate worries that the RFID chip in the EDLs might still be used for mass surveillance purposes. While the privacy commissioners of Canada have recently commented on this to the press, warning businesses that they need to be compliant with law when collecting license information, their need to publish this statement clearly suggests that businesses are not remaining compliant with the law concerning non-RFID licenses. To me, this suggests that there either needs to be some very real coercive ‘convincing’ applied to businesses so that they learn to comply with the law, or that this issue should be used to publicly advocate for modifications to the proposed EDL schemes (e.g. being able to disable the RFID with an on/off switch).

(Source)

Under a Freedom of Information request, the Privacy Impact Assessment (PIA) for the initial tests with Enhanced Drivers Licenses (EDLs) has been released to the public. I would highly recommend taking a look at the documents if you’re interested in this issue. Over the next few days and weeks I’m going to be (briefly) posting notes on the document. For more information, I’d recommend turning to the Canadian hub for advocates campaigning against the EDLs, at the Canadian IDentity forum.

I have a real passion surrounding databases - they are used to guide daily practices, from accessing money at instant tellers, to authenticating you to web sites that you visit, to identifying the cost of products when they are scanned at the grocery store. Databases are big business, and when it comes time to deploy new pieces of identity infrastructure the database chosen is important, as are the security precautions that surround it.

In British Columbia (BC) the personal information for the 500 individuals who were a part of the EDL trial was encrypted by the Insurance Company of British Columbia (ICBC), and then copied to a CD. The CD was handed over to the Canadian Border Services Agency (CBSA) (who could not access the encrypted data) and then shipped south of the border to the American administrators of the Treasury Enforcement Communications System (TECS). The data was retained by TECS and released to the Customs and Border Patrol (CBP) when a traveller with an EDL came the BC/Washington border. At that time, an entry record was recorded - this record was kept in a separate database from the TECS database, though it isn’t wholly clear what information was moved from the EDL to the entry record database. The document that was released had almost all mention to the RFID in the EDL, and use of biometric technologies, redacted.

What is perhaps the most alarming from the document is its focus on using a ‘push’ method to transmit EDL information to the Americans when the EDLs are more widely deployed throughout Canada. The CBP is demanding that all data be accessible to their agents within 500 milliseconds, and the CBSA doubts that they can both provide adequate security and meet the CBP’s access time requirement. As a result, they highly suggest that Canadian EDL information should be periodically ‘pushed’ to American databases - this will ensure that CBSA will not be responsible for the securing and storage of highly personal information, nor will the have to shoulder the costs of this potentially expensive program. Effectively, this will involve transmitting all Canadian EDL records to US authorities on a periodic basis; it is unclear whether this transmission would be to TECS, or to a database that was operated by CBP themselves. Of course, by simply acting as ‘push’ agents the CBSA will largely keep their hands clean of the whole EDL mess, which I’m sure that they aren’t losing any sleep over.

I should note that the document that has been released does note that if demands are high enough, that CBSA may establish a ‘pull’ or ‘ping’ database that the American’s can query when they need access to EDL information. Under this system, the EDL information would be stored on Canadian soil (subject to Canadian, rather than American, law), and when an EDL was brought within proximity of the American border the American border system would call for the record from the Canadian master-EDL database. This would authenticate the EDL, draw up the individual’s data, and allow the CBP agent to create an entry record. The advantage of this is that without the master database of EDL information, a sweeping American surveillance law (i.e. the Patriot Act) could not be used to access the EDL database information.

Something that might be interesting to think about: depending on what is transmitted from the EDL database to the entry record database (e.g. RFID identifier, biometric template) it is possible that by cloning an RFID identifier that ‘ghost’ entries, or attempted entries, into the US might be recorded. It would be very interesting to learn how these sorts of acts of civil disobedience might be prevented by the system as it is presently designed, in part to determine whether this would be effective, and also to gain insight into the actual creation of a record of entry.

(Source)

It looks like Ontario has managed to do what politicians in the UK have been struggling to accomplish for years. This morning the Liberal government of Ontario passed Bill 85, the Photo Card Act, which will see updates to the identity documents that Ontarians typically carry on their persons. While the UK government has been stymied at every turn by no2id when they’ve attempted to roll out a sophisticated identify card, the coalition and advocacy groups in Ontario that have opposed the inception of drivers licenses that contain biometric data and radio frequency identifiers (RFIDs) have been less successful. While the Conservatives had been expected to speak against the bill, this did not, in fact, happen. My money is that the politics didn’t cash out to oppose it.

I’ll post updates as they arrive, and be putting together a post-mordum report in a few days.

Update 1: CTV has an article discussing the EDLs

(Source)

I’ll be on Gorilla Radio tomorrow around 5:30pm (Pacific) talking to Chris Cook about Bill 85, Photo Card Act, and the New Transparency Project. You can listen at 102FM, 104.3 cable, or online.

(Source)

A colleague of mine asked that I write a short post that summarizes the issue and my concerns with the Enhanced Drivers Licenses that Ontario is proposing to implement in the near future. Per his request, I’ll writing this.

Beginning July 1, 2009, the American government will require Canadians and Americans who enter the United States through its land borders to carry either a passport or an ‘enhanced’ identity document. The Ontario government, in response, is preparing to pass Bill 85 – Photo Card Act, which will see the government offer these identity documents to the Ontario public. These identity documents are required to contain a radio frequency identification chip that emits a unique number whenever it is within range of a reader, raising deep concerns surrounding mass surveillance of North American populations. Researchers have consistently proven that the anemic protections suggested by the government, such as placing the identity document in a radio-blocking sleeve, to be relatively ineffective in blocking the interception of the radio’s unique identifier. Further, advocacy groups have noted that it is relatively inexpensive to purchase a reader, raising concerns that non-government bodies and individuals can capture this unique identifier.

In addition to radio tags, enhanced identity documents must contain biometric information that is intended to authenticate a person’s identity. Researchers working in the field of biometrics cannot, as of today, guarantee that biometric evaluation techniques will be wholly successful 100% of the time, thus raising the worry that enhanced identity documents may compound, rather than alleviate, problems at the American borders. Civil liberties associations have raised concerns over the possibilities of misidentification, pointing to the number of false positives on the American ‘no fly’ lists as principle examples of unsuccessful attempts to identify dangerous travelers.

In the cases of both radio tags and biometric data, there exists a serious danger of function creep. As more and more members of the Canadian and American public carry these devices, increased pressures will extend how these documents are used, exceeding their initial purpose of securing American borders.

The Ontario government, to date, has been dismissive of the concerns raised by members of the public, the office of the Ontario Information and Privacy Commissioner, Canadian civil rights associations, and independent privacy advocates regarding the impacts of Bill 85. The government has refused to amend its proposed legislation in any substantial manner in light of the privacy issues raised by the opposition governments. It has avoided seriously engaging the public, despite the far-reaching effects of altering one of the core identity pieces that Ontarians carry on their person daily. To date, the government has withheld a comprehensive explanation of how much data will be shared with American authorities and has yet to clarify where any shared data will be housed.

In light of these failures, I implore you to sign a statement against Bill 85. Alternately, you can leave a comment here, email me, send me a private message through Facebook letting me know that you support the statement, or directly post your name to the idforum website. Your name will be added to the statement, and noted in a press conference early next week at Queen’s park.

(Source)

I’ve recently published an article on the issues surrounding biometric data that will be included in the new Ontario drivers licenses that will be available beginning in 2009. This is intended to complement my earlier piece where I discussed concerns that are raised by the radio identifier that will be inserted in the licenses.