New Services Card brings new security, security flaws to ID Cards

Trent Ernst, Editor
Starting this month, you will be required to replace their CareCard with a new BC Services Card. 
As part of that, you will need to renew your enrollment in the Medical Services Plan sometime over the next five years. 
According to the government, the current CareCard was introduced over twenty years ago, and has not been significantly updated in that time. “The new BC Services Card takes advantage of significant advances in technology since that time, to provide a more convenient and secure piece of identification with enhanced features to protect citizens’ personal information,” says the press release from the BC Government. “The new card is more secure as it includes a photographof the beneficiary, anti-forgery features, identity proofing and an expiry date.”
However, some privacy experts are not convinced the new card is more secure. Vincent Gogolek, Executive Director, BC Freedom of Information and Privacy Association (FIPA) wrote an editorial for the Huffington Post, arguing that this line of reasoning is unproven. “The government has yet to demonstrate, beyond pointing to vague top-end cost estimates generated by the Canadian Anti-Health Care Fraud Association, that B.C. really does have a fraudulent expensing problem,” writes Gogolek.
FIPA has joined forces with the BC Civil Liberties Association to investigate the new service card. However, their investigations to this point have been fruitless. “To date, efforts to get information from the government about the new card have been either ignored or met with silence,” writes Dr. Kate Milberry, head of the research project. They filed several Freedom of Information requests, but these were returned with “no responsive records.” Gogolek says this is surprising to the point of near unbelievable-ness. 
Gogolek says they tried to find out why the Notice of Intent from the government, normally the start of a bidding process, was in fact just an announcement that tech firm SecureKey was being awarded the contract, no bidding required. “Apparently in the 12 months around the issuing of the Notice of Intent, the chief information officer of British Columbia, the man in charge of the entire CareCard project, had no contact whatsoever (or at least none that generated records) with the company that ultimately received an untendered $20 million dollar contract.” 
Unlike the current system, residents will need to re-enroll every five years. “Children and certain groups of adults, such as the elderly or those in residential care or extended hospital care—for whom renewed enrolment would be impractical or present a hardship—will be exempted from re-enrolling or managed through special arrangements,” says the Government Release. 
The new card can also be combined with a driver’s licence, and will, meaning one less card to carry, though it may prove problematic in situations where two pieces of ID are required. (People who wish can still get a separate driver’s licence.) The new card will also serve as an enhanced licence, allowing BC citizens to cross into the states at border crossings (a passport will still be needed for air travel). 
The new cards will be renewed alongside driver’s licences. People who do not drive can still get a Services Card through outlets where licences are issued. In Tumbler Ridge, that means HUB Insurance. 
According to the release, “The BC Services Card also provides the foundation for supporting the potential future development of more convenient access for citizens to new online government services.”
It is this that really troubles privacy groups. The BC Civil Liberties Association (BCCLA) argues that by linking together disparate databases, the government is “creating a potential goldmine for hackers.”
“You have to look past the glossy brochure version of this,” says Micheal Vonn, Policy Director for BCCLA. “In in the early 2000s, the Federal Government first had this idea of a national ID card. There’s been a trend internationally towards these National ID cards to solve these problems. But in Canada and in the US and the UK, there was considerable pushback. What we’re seeing now is established ID systems start to become more robust.”
She says that’s what is happening here in BC. “BC looks to be heading the way with a ubiquitous provincial identifier, and it seems like it is becoming the template for a de facto National ID card.”
While the proposed benefits seem good on the surface, Vonn says people need to look beyond what is being promised. “There are two separate problems. The first is how the system facilities data linkage. The only thing that prevents, say, the police wandering into your health care records is data silos and legislation.”
But Data siloing is breaking down, says Vonn. “You look at a system where your lab info was only available to your lab tech, now it’s held in a central repository that is accessible by tens of thousands of people. Now the law is the only thing that stops people.” And that law is changing, she says. “In BC, we’ve seen amendment after amendment to privacy laws. The last set of changes was to facilitate data linkage.”
The more we have these linkages, the more the legislation protecting your data is going to erode, says Vonn.
The second issue is security. “The more we link these things up and have them on the same system as commercial systems, the more we use these platforms to access these records the more insecure they are,” argues Vonn. “Security is different from data siloing, but linked. And as data is accessible from an iPad or Android tablet, it isn’t just the health professionals that are going to be trying to access this information.
“Imagine the kind of ID fraud you could perpetrate with access to these databases,” says Vonn. “We know that these systems are not fully cooked. And they haven’t been fully reviewed. This is backwards.”
Vonn says the government needs to be transparent in what they are setting up. “They did a terrible job with the Education system database. They have done an equally abysmal job with Integrated Case Management. It neither protects privacy, nor is it secure, nor does it allow for information.”
Vonn says they are not anti-technology. “We’re not fundamentalist radicals. Of course we need systems, but these are important rights and considerations that haven’t been addressed. There’s no perfect security. If you are going to record data, there is a possibility that it will go amiss. But you want to make it restrictive. At the point you develop a system that impacts this amount of information, you invite attack, so you want to make it cost prohibitive for thieves to get at it. This is extremely valuable data, and the government simply doesn’t have a very successful track record of implication or transparency.”