Leakage Problem Means Cards Will Never Be Secure

Leakage Problem Means Cards Will Never Be Secure

A fierce and prominent opponent of the Hawke government's 1987 plans to introduce a national identity card says nothing has changed technologically in the intervening years that would make a smart card today any more secure than the Australia Card proposed then.

Yet Benbow Consulting Director Gary Benbow says governments are turning a deaf ear to warnings the data leakage problem makes it impossible to ever completely secure any smart card.

His comments came in the wake of revelations that 585 Centrelink staff had been sanctioned for privacy violations, while another 19 had been dismissed and 92 had resigned over a two-year period. Earlier in the year it was revealed that the Child Support Agency had discovered 405 breaches of privacy, including 69 cases where sensitive information had been given to former spouses.

Despite the security lapses, the Howard government wants to issue a smart card to up to 17 million Australians in phases from 2008 to replace 17 health and social security cards, including the Medicare and Veteran's cards. The government argues this will allow better service delivery to customers. It insists the card will not compromise privacy because databases will remain "siloed" and because citizens will be safeguarded by the newly established Access Card Consumer and Privacy Taskforce, chaired by former Australian Consumer and Competition Commission head Professor Allan Fels.

Plans for the card were announced by Prime Minister John Howard in July last year in the wake of the London bombings. The PM, a vehement opponent of the proposed Australia Card, argues much has changed since the Hawke government's proposal to introduce the Australia Card bitterly divided the nation in the mid-1980s. Benbow disagrees.

"I think the smart card (proposal) is atrocious," he says. "I was a vocal advocate against the Australia Card, and I still am. There's nothing that's changed because linking data makes data more accessible. I think what we've seen during the Centrelink debacle, where people trolled through files, is that anywhere that you can get to everybody's history through a unique identifier, where the infrastructure is not there to support privacy, is a problem.

"And we still have lots of areas for leakage of data in corporations. It doesn't have to be online either. It can be in a development environment, it can be data that is copied and sent into an off-site location, it can be the hard copy, it can be through wireless. There's a whole stack of ways that data can be leaked out of a server with or without knowledge. It is just horrendous to think that we are going about linking everyone's known data."

Benbow, with a strong background in IT audit, insists there is no truly secure computer environment and probably never will be. For instance he says he has just completed an audit of a major government and found security there to be "okay". But he says he faced strong pressure to give the go-ahead to the department's plans to link "very, very sensitive high-level confidential information" across the whole of government.

Yet he says even the computer systems of the world's best intelligence agencies, like MI5, the CIA and the KGB, suffer data leakage, usually emanating from "a person with two legs and two arms" and the motivation to compromise the data.

"Whenever you have a person involved you cannot give a 100 percent guarantee," he says.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about CentrelinkHIS

Show Comments