In June 2003, the New Zealand government gave the go ahead for the development of a "whole of government" G2P authentication scheme, involving the establishment of a single stand-alone authentication agency with a minimum of information exchange and storage.
By adopting this approach, the basic identity information supplied by the individual and verified by the authentication agency is kept separate from more privacy sensitive service information held by the agency that actually provides the government service.
The information interchange between the authentication agency and the service agency is limited to the release of identity data (name or names/gender/ date and place of birth) as authorised by the relevant individual using a password or other key (such as a digital certificate) with which his or her identity credentials have been previously associated.
As part of the on-going design work for the scheme, government commissioned a privacy impact assessment ("PIA") by outside consultants. The consultants' report has now been released publicly.
The report is generally supportive of scheme's direction, which:
However, there are other features of the scheme on which "red flags" have been raised.
For example, one of the scheme's design assumptions is that the public should be able to choose whether or not to access services that require online authentication (the "opt-in" principle). The report questions whether this objective can be maintained over time.
It suggests that in order to make the scheme financially viable, government will be tempted to proactively promote the online alternative by offering the public incentives to convert, and by making offline service delivery channels more difficult to access.
In addition, the report predicts that one large category of initial users will be those conducting online transactions for business purposes. Such people are likely to be required by their employers to obtain ID credentials from the authentication agency in order to carry out their job. The report notes that the proposed authentication model makes no provision for the issuance of ID credentials based on organisational roles, even though in many B2G transactions service agencies have no need to actually identify individuals.
Another issue raised by the report, concerns the ongoing use of the photograph that the individual is required to provide when he or she applies to the authentication agency for the issue of ID credentials. The photograph is to be required to ensure that one individual does not try to register more than one identity.
The current design assumes that the photographic image and its associated biometric will be retained by the authentication agency. The report questions the need for the retention of this kind of information, especially given the risk of false negatives using face recognition technology and the fact that ID credentials (with the resubmission of photographs and other identifier information) will have to be renewed on a periodic basis. The authors of the report also express concern on the possibility of use of this kind of information by service agencies over time.
The report also:
These issues and others that are canvassed in the report could, the authors say, result in a system that evolves into a kind of national population register, with all the potential that such a system has for secondary uses of information or subsequent extensions (including the adoption of a national identity card system, a development currently rejected by government.)
It is stated that this impression will only be managed properly by strongly and deeply entrenched legislative safeguards. The report makes a number of detailed recommendations as to the kind of privacy enhancing measures that should be included in the statute that sets up the authentication agency.
This publication is necessarily brief and general in nature. You should seek professional advice before taking any action in relation to the matters dealt with in this publication.