Monday, 16 June 2008

Your private life on your ID card

The news that the new ID cards will contain sensitive personal medical information is a very nasty prospect. Why on earth should I have such private and sensitive data on a card that has to be produced in a variety of situations and can easily be lost? Why should the bank have access to my health information? If I go to see an eye doctor, why should he have my banking details?

Keep in mind that every encryption technology has limitations, but these cards will be there for a long time and cannot be replaced overnight. All it takes is for a simple secret code to be leaked or stolen, and all of a sudden your local video rental store can know your bank accounts, your visits to the GP or sexual health clinic, your card transactions and who knows what else. And once the ID cards are used in every general practitioner's clinic, in all hospitals, in all bank branches and so on, it becomes only a matter of time before one of the keys is secretly stolen. You won't know it happened. Your card will be read like it is normally read, but it gives up far more information than you'd be willing to divulge if you knew about it.

I would expect that the powers that be have plans for some good security in place, but in the report I linked there are no mentions of what these might be, or whether people will even have the right to NOT have their medical information on the card. Does this mean, for instance, that our constitutional right to vote will become conditional on having our medical information on the ID card?

The ID card is a document that we are legally obliged to posses. It should therefore have nothing on it beyond the absolute minimum of information required to identify the individual - which is what the ID card is for anyway.

I think it's high time that we started being more aware and concerned about the importance of defending our privacy. In a world where a 500Gb hard disk costs less than €100, you could store all the personal details of every person in Malta for a few cents each. There are companies to whom this would be a useful asset - they might want to market their new herbal remedies to anyone who visited a dermatological clinic in the past year, or invite people with a low bank balance to take out a no-questions-asked loan and mortgage from their online bank. They are ready to pay good money to posses a slice of the private life of everyone in the country. The new ID cards could be exactly what they're looking for.

We need to defend our privacy if we want to remain in control of who to trust with our personal details.

No comments: