Access Card - Comparison with Other Countries
Last Updated: 26 May 2006
According to the Federal Government's Budget 2006 document titled Fact sheet - International experience:
"- France, for example, has been using an access card system for healthcare payments for eight years and has issued over 48 million cards1.
- Germany, regions of Italy, Finland, Taiwan and South Africa all have implemented similar cards for accessing health and/or social services benefits.
1 November 2005 Sesam-Vitale Program Presentation, Cartes Conference"
However, none of the smart cards systems in use in the above countries are similar to the Australian Government's so-called Access Card system. Unlike the Australian Government's planned system, they do not involve a single ID card (and associated registration system) required to identify oneself to receive multiple types of government health and/or welfare service benefits. Furthermore, some are not government issued cards and the health insurance cards in France, Germany and Finland do not have a photograph on them.
South Africa is intending to introduce a multi-purpose national ID smart card system, part of its HANIS system, which is plainly a Big Brother mass surveillance and information sharing system. If the Australian Government's plans are similar to the South African system, Australians concerned about privacy and security should be very afraid.
The French SESAM-Vitale program is for health insurance only, is operated by a group of health insurance funds and the card does not have a photograph on it.
Furthermore the system used in France does not demonstrate that the use of a so-called "smart card" will prevent fraud or protect personal information contained on a chip. To the contrary, as reported in Controversy on the security of French e-health insurance cards, European Commission IDABC eGovernment News, 3 October 2005:
"In May 2004, former Health Minister Philippe Douste-Blazy acknowledged that there were 58 million cards for an eligible population of 48 million people"
"According to Jérôme Crétaux, the non-encrypted data contained in the chips of any 'Vitale' card can be easily copied and loaded onto another card 'in a matter of seconds', thus facilitating fraud. This confirms the findings of another IT professional, Patrick Gueulle, exposed in an article published in the August 2005 issue of 'Pirates Mag'. In response to the publication of this information, the economic interest grouping Sesam-Vitale - which gathers health insurance funds and companies and is in charge of operating the health insurance card scheme - is reported to have filed lawsuits against both Mr Crétaux and Mr Gueulle.Hence the current health insurance card and system operated by a group of health insurance funds and companies in France does not provide any indication at all as to whether the Australian Government's compulsory identification card and system could be secure or effective.
The security risks surrounding the use of the French e-health insurance card should be solved - or at least mitigated - in the near future, as the Vitale card will undergo a major upgrade starting in 2006. ...The new cards were originally scheduled to be phased in over a two-year period, however, the French National Medical Insurance Fund recently announced that in order to spread costs the transition period will last until 2010."
The card in use in Germany is not at all "similar" to the Australian Government's plan. The card has existed since approx. 1994 for health insurance only and is an old 'dumb' smart card that does not contain a microprocessor and holds only the insured's name, address and insurance number. While a plan to introduce a smarter health card has been underway in Germany for several years, the new card will also only be used for health purposes (not for welfare/social services) due in part to Germany's strict privacy/data protection laws.
"JONATHAN HARLEY: Martin Praetorious helped develop the German health care card by corporate giant Siemens. He had to keep potentially sensitive information quarantined.
MARTIN PRAETORIUS: By law it is forbidden to combine and collect data and store it. Even health data and pension data are totally separated - they have different identification numbers and they cannot map each other."
(Smart card debate continues, Reporter: Jonathan Harley, The 7.30 Report, ABC TV, 7 June 2006.)
"Germany has one of the strictest data protection laws in the European Union. The world's first data protection law was passed in the German Land of Hessen in 1970. In 1977, a Federal Data Protection Law followed, which was replaced in 1990 [Federal Data Protection Act (1990)], amended in 1994 and 1997. The final revision took place in August 2002 to align German legislation with the EU Data Protection Directive (95/46/EC). "
(e-Government in Germany, IDABC eGovernment Observatory, June 2005)
"Germans have for years used a chip card to identity themselves when receiving health services. But it is an un-sophisticated memory chip, loaded with such data as the individual's name and insurance number, without the capacity for adding additional information or functions. It can only verify their insurance status within the health system.
The plan is to move to a microprocessor-based smart card that could open the door for a wide range of features. ...
The German Federal Ministry of Health says the rollout is scheduled for 2006, but project organizers must complete a series of pilots first. These tests were scheduled for the fourth quarter of 2005, but have been delayed. It was not the first time organizers have had to reschedule the tests. By law, the cards were supposed to debut on Jan. 1, 2006, but the rollout probably won't begin until 2007. ...
Among the issues to be studied is how well the new card protects patient privacy rights. ... Project backers only finalized the specifications for the card in December, Mainz says. The main organizer, the Society for Telematics, known in Germany as "gematik," is made up of public and private health insurance organizations."
(Health ID Cards: Breaking Down The Political and Technical Barriers, Kevin Woodward, Card Technology Magazine, 1 January 2006)
"Germany is poised to introduce its next generation e-health card in 2006. The new version, set to replace the existing insurance card - holding only the patient's name, address and insurance number - will be the latest example of smart card technology to hit the market in Europe. It will be able to store prescription information and might even be used as the standard card for a digital signature - the key to modern eGovernment applications.
Germans already carry slightly 'dumb' smart cards that hold key health insurance information, such as their name, address and insurance number. Now the government plans to introduce a new e-health card which, in addition to holding personal data, could also store emergency data, including the holder's blood group, known allergies to drugs and so on.
Special emphasis was put on its data security functions. Part of the 'architecture' ensures that only health professionals, such as doctors, dentists or pharmacists, would be able to access patient records using a special 'health professionals' pass. This principle is already employed in France's Sesam health card system. ...
The health pass, say the Fraunhofer experts, gives the cardholder full control to decide which of the available healthcare services to use and when to make his or her data available, and to whom."
(Smart solutions for Germany's next-generation e-health card, European Commission Research Headlines, 11 April 2005)
The health insurance card in Finland is completely unlike the Australian Government's proposal. Called the Kela Card (issued by the Social Insurance Institution of Finland), it is not a smart card and it does not have photograph on it (unless an individual voluntarily chooses, and pays a fee of 25 euros, to have a photo printed on it). Individuals can also voluntarily choose to have other information about their eligibility for various concessions printed on the card (e.g. special reimbursement rates on medicines, pensioner status for discounts on bus and train fees, European Youth card logo for various discounts, etc.)
In addition, a voluntary Finnish electronic identity card was launched in 1999 which can also be used as a passport in Nordic and EU countries. It is a smart card and citizens who wish to have a card pay a fee of 40 euros. The format of the voluntary eID card was changed from June 2004 to allow individuals to voluntarily choose to have their Kela Card health insurance information included on their voluntary identity card instead of having two cards. However, it is not possible to have information such as pensioner status and the European Youth card logo, that can be included on the Kela Card, included on the voluntary identity card.
Furthermore, the voluntary eID card contains very limited personal information. It does not include date of birth or address:
"What information is contained on the chip of the ID card?
In addition to technical data, the card chip contains the PRC's so-called Certification Authority certificates and the cardholder's identification and signature certificates [which can be used for encrypting and electronically signing data, such as e-mail messages].
The only personal data included in the cardholder's certificates are first name, family name and a unique electronic client identifier. In other words, the holder's personal identity number, home address, date of birth or other similar information is not stored on the chip. The electronic client identifier is a serial number that does not tell anything about its holder, unlike the personal identity number. The electronic client identifier ends with a check digit, calculated in the same way as the checksum character of a personal identity number. The electronic client identifier is for life.
Is there a central register somewhere, showing how and where the card has been used?
No. The Public Key Infrastructure (PKI) can be utilised directly between two points (e.g. a workstation and a server), so there is no need to transfer any identifying information to any central system. The PRC has no need, nor is it even technically possible, to monitor the use of the card or certificates, or, e.g., break the encryption or signature made with the card."
It also appears that the chip does not contain a photo since the applicant for a card needs to provide 2 black and white photos:
"When applying for an identity card, the following must be submitted:
two passport photographs, preferably black-and-white, from which the applicant can be easily identified
reliable proof of identity such as a passport, identity card or driving licence the consent of the parents or guardians if the applicant is under 18 years, except for a minor's identity card"
[The voluntary e-ID cards are issued by the police who undertake identity checks in the role of electronic certificate/signature certification authority - it was considered they were an appropriate issuing body likely to be trusted by persons relying on the electronic certificate/signature.]
Voluntary non-electronic identity cards have been available in Finland since the 1980s. In 1999 the voluntary electronic identity card was introduced and contained "a 'citizen certificate' of individual information (although it does not contain a personal identification number issued at birth, a home address, date of birth or other personal details) and can unlock a network of online services, such as banking and insurance services". The chip was upgraded from 1 September 2003 to "allow citizens to carry out secure transactions with public authorities, businesses and other service providers via the Internet as well as from a mobile phone. Since the EU Electronic Signatures Directive came into force in Finland in February, it has been possible for legally binding transactions to be carried out in the country using digital signatures"
(Finland upgrades e-ID card to enable m-government, European Commission eGovernment News, 10 June 2003).
From June 2004, it became possible for Finnish citizens to voluntarily choose to have their health insurance information included in their electronic ID card so that they would not have to carry the health insurance card issued by the Social Insurance Institution of Finland.
"The Government's proposal to combine the electronic identity card and health insurance card into a single ID card dates back to November 2002. At the recommendation of the Data Protection Ombudsman, it was decided that each individual could decide whether he or she would opt for a single card.
Launched in 1999, the Finnish electronic ID card is equipped with a microchip storing personal data and a 'citizen certificate'. Its take-up by the population has however been slower than expected so far."
(Finland combines electronic ID card and health insurance card, European Commission eGovernment News, 23 June 2004)
The voluntary eID cards underwent a further upgrade in July 2005:
"The voluntary electronic identification cards issued to Finnish citizens are getting an upgrade. The cards ... will use Java Card software on a microprocessor chip with 64 kilobytes of rewriteable memory. The new card, available beginning this month, stores on-board certificates used for electronic identification. Setec says Java software will allow the addition of other applications to the card, such as library book checkout and access to municipal swimming pools. The Finland card also acts as an official travel document within several European countries. About 78,000 of the cards have been issued since the government introduced the voluntary card in 1999."
(Finnish ID Card To Run On Java Card, Card Technology Magazine, 5 July 2005)
(Finland has a population of 5.26 million at the end of 2005, far more than the 78,000 voluntary ID cards.)
While the health insurance card in Taiwan has been a compulsory smart card (replacing the previously paper-based card) since 1 January 2004, it is not similar to the Australian Government's plan. The Taiwanese health insurance smart card is not used for identifying oneself when applying for health insurance or any other government benefits/services and it is not used for access to any benefits/services other than health services.
"There are four sections of information stored in NHI IC Card, including the personal information, the NHI-related information, the medical services and the public health administration. The contents are as follows,
The Personal Information Section mainly includes the card's serial number, the cardholder's name, gender, date of birth, ID number, picture and the date of issue.
NHI-related Information Section mainly includes the remark of the cardholder's status, the remarks for catastrophic diseases, the number of visits and admissions, the utilization of the NHI health prevention programs, the cardholder's premium records, the records for accumulated medical expenditures, the amounts of cost sharing, etc.
Medical Services Section mainly includes the drug allergic history and the long-term prescriptions of the ambulatory care and certain medical treatments. This section will be gradually phased in depending on how the healthcare providers adapt themselves to the system.
Public Health Administration Section mainly includes the personal immunization chart and the willingness for organ donation."
Hence it appears to be more similar to the Australian Government's formerly planned combined Medicare and "HealthConnect" card and unlike the now planned health/welfare Access Card.
The health insurance smart card resulted from the collapse of a Taiwanese government plan to combine the health care card with the long existing compulsory National ID card and remains controversial, due among other things, to the wide range of personal and sensitive information to be compulsorily included on the card chip:
"The government of Taiwan has long been promoting the country's information and communication industry. In this context, it launched a national smart ID card initiative in 1997-1998 that originally planned the use of smartcard (IC card) technology to implement a healthcare ID card system that would be combined to the existing (and compulsory) National ID card system. The scheme was later expanded to target more types of personal data. It eventually collapsed in late 1998 due to strong protest from human rights advocates and various other actors from civil society.
But the idea of veering the government into electronic administration so as to boost operational efficiency with information technology was never abandoned. The government failed to learn from the lessons of 1998 and launched another project to implement the healthcare card using smartcard technology in 2000. The Democratic Progressive Party, the opposition party that took power in the same year, did not agree to reconsider the project and started to issue the cards in July 2002 in spite of objections from non-government organizations and warnings from academics. Today, the smartcard-based healthcare ID system poses a strong threat to the privacy of the nation's 23 million citizens.
The smart card is designed to be a mobile data carrier held by the patient. Its personal information section carries the card number and date of issuance in addition to the cardholder's name, gender, date of birth, ID number and photo.
Its health insurance related information section further registers major diseases, the number of visits and admissions to medical institutions, the last menstruation period and pregnancy exams, along with the records of the cardholder's insurance premium and accumulated medical expenditures and so on. Moreover, the smart IC card's medical services section bears sensitive information, including the records of specific prescriptions for chronic diseases and general medical treatments. Its public health administration section includes the personal immunization records and the willingness for organ donation.
The project heightened civil rights groups and academics' concern that electronically-stored medical records with Internet access are particularly more vulnerable to abuse and to illicit disclosure of highly sensitive personal data than paper files."
(Human Rights Concern in An Information Society-Thoughts on Personal Data Protection in Taiwan, Chiting Serena Chuang, Taiwan Association for Human Rights, Paper presented at The World Summit on the Information Society, Tokyo Japan, 13-15 Jan 2003.)
More detailed information is available in the above-mentioned paper and a news report in the Taipei Times New health cards become compulsory despite fears, 2 Jan 2004.
While smart cards are used to distribute pension payments in South Africa, the cards have a different purpose to that proposed by the Australian Government. The South African pension cards are not used to identify onself when applying to receive government benefits, they are used as an electronic purse to receive pension payments instead of payments being handed out by cash, cheque, or deposited in a bank account. The card based service is provided by a contractor in regions of South Africa where there is a need for such a system, primarily rural regions that are not adequately covered by existing financial institutions, e.g. banks.
According to the contractor (Aplitec/Cash Paymaster Services (Pty) Ltd):
"The Southern African region has traditionally been a cash-based society. ...
This diverse region contains well established urban areas which are adequately catered for by existing financial services. The less-developed rural areas in the region have a rapidly growing need for certain types of financial services. ...
Aplitec has pioneered the development of a unique electronic method of social welfare payments through its patented smart card technology, with the ability to provide this service even in the remotest areas of Southern Africa. ...
The CPS method of payment begins with registration. Each beneficiary is required to have the pattern of his or her fingerprint biometrically recorded and then stored in a database and on his or her smart card.
Subsequent to registration the payout process can commence. Designated vechicles drive to predetermined paypoints accompanied by armed security vehicles provided by the client or CPS. Payment then takes place onto the pensioner's smart card. ...
In order to receive payment, the beneficiary inserts a smart card into the card reader and places a finger on the fingerprint scanner. ...
Once the identity of the person is verified by the system, the social grant is dispensed in electronic value onto the smart card and a receipt is printed. The pensioner then has the choice to convert a portion or all of the value received to cash which may then be dispensed through the automated cash dispenser."
"The [Aplitec] model is ideal for rural areas, which lack the infrastructure to connect to major bank networks. Most of the cards use fingerprint identification instead of PINs, which improves security and meets the challenges of 'banking illiterate' people. The system works for both credit and debit models."
"Approximately 300 Aplitec vehicles equipped with a total of 2,000 fingerprint biometric readers travel to 5,184 rural locations throughout South Africa to dispense payments to over 1.8M qualified recipients each month. Because these recipients are among the 80% of the South African population who do not have bank accounts, payments are made in cash."
(SecuGen Wins Contract to Provide Biometric Authentication of Smart Card Welfare Payments, SecuGen Media Release, 23 Sep 2002)
Reportedly the system has not been without problems. For example, according to a news report in 2003:
'The Eastern Cape's social development department has taken over indefinitely the payment of pensions and social security grants in six districts previously served by Cash Paymaster Services (CPS).
The MEC's announcement was made following a statement by the chairperson of CPS, Mazwi Yako, on Tuesday.
Yako said: "A number of logistical issues have contributed to recent problems around pension payouts in the Eastern Cape."
Yako said he believed with the right co-operation from government, the challenges would be overcome.
He was responding to a number of complaints about the service, among them long queues, late arrivals, the length of time taken to process grants and the location of pay points.
Criticism of CPS' service came to a head last week when a 31-one-year-old woman died while waiting in line for her social grant.
Serge Belamant, the chief executive of Aplitec, of which CPS is a subsidiary, said the current glitches were not surprising given the particular logistical problems in the Eastern Cape.
These were compounded by the introduction of new smart card technology and the fact that many of those operating the system were previously disadvantaged people who lacked basic skills.
"It takes time for everyone to understand what it (the technology) does. Our staff in the Eastern Cape need to be trained," Belamant said.'
(Payments: EC govt steps in, News24.com, 4 July 2003.)
South Africa has a long history of compulsory identity documents requiring the taking of all 10 finger prints and a photograph of people over 16 years and issuing them with a National ID book.
The current book is a paper book containing a barcode and the fingerprints have been stored in manual (not electronic) records.
Since 1996, the government has been working on its "Home Affairs National Identification System" (HANIS) project which will eventually result in the replacement of some 30 million National ID books with ID cards that are smart cards. The HANIS project includes an Automated Fingerprint Identification System (AFIS) which among other things, involves converting all existing finger print records into electronic format to allow for online biometric verification.
The decision to use a smart card was made in 1999 and since 2004 it has been said that the rollout would commence "next year", however as at February 2006 it was still "next year":
18 May 2005: Smart card plan to cost R270m, Donwald Pressly, FIN24.co.za"... [Home Affairs Minister Nosiviwe Mapisa-Nqakula] said a year ago that the cards would be rolled out by March this year - but it now looks likely that 2006 is a more likely target.
Earlier this year, Mapisa-Nqakula revealed that her department was holding discussions with banks to have the credit-card size ID cards - which will replace ID 'books' - loaded with banking details. ..."
5 Feb 2006: SA to get 'smart' with new ID system, Santosh Beharie, Sunday Tribune, South Africa"The government plans to start replacing all identity documents with state of the art 'smart' ID cards from next year. The department of home affairs has, since 2003, been involved in a process to draft a tender for a smart ID card, which could be used as a multi-application identification card. ...
'There are still several sensitive policy issues to sort out. If all goes well, this should be complete by next year. Last year it was proposed the department start replacing the current ID books by 2007,' said [Department spokesperson Nkosana] Mbuyi.
The HANIS system is unquestionably a Big Brother mass surveillance and information sharing system:
"A centralized database housing the existences and activities of the South African citizens is kept by the Directorate: Civic Services of Home Affairs. This computerized system, the Population Register, serves to maintain a life profile of each person by capturing the records and updating them on an on-going basis.
The Department has always used a manual fingerprint record system to classify individual records mapped to the corresponding computerized demographic data.
[T]he [HANIS] system will restrict persons to a single unique identity number which will be used as a key to identify individuals on numerous systems that are used within the Public and Private sectors. The identity card will allow three levels of verification to ensure that the person is who he/she claims to be. This verification service will be used extensively whenever a government grant or other service is required by an individual. To this extent it is expected that HANIS will ensure proper governance within the pension payment system, unemployment and health system and many more.
The above levels of verification should provide proper authentication for any transaction, which may be required for future e-commerce. Ultimately the system will have to allow private users (e.g. banks) to verify the identity of citizens without compromising its security.
The Department is currently undergoing an investigation process to draft a tender for a smart ID card, which could be used as a multi-application identification card. Initially the card will be issued with certain identification information together with additional information for one or two government service applications (e.g. Social Development and/or Housing). Additional applications will have to be added to the card at a later stage, once further investigations have been completed."
For detailed information about the background to the pension card and HANIS system, and issues of concern regarding privacy and security, see the paper Biometric Government in the New South Africa by Keith Breckenridge, University of Natal (presented to "The State We Are In Seminar Series", Wits Institute for Social and Economic Research, on 10 October 2002) which among other things points out that:
"In short, the smartcards are to be the lynchpin of a transformed, networked state. They are being designed to interact with all the major sources of government information about its citizens, and most importantly, to offer the state a panoptic 'single view of the customer.'21
Nor are the applications on the smart identity cards to be restricted to government functions. In launching the new AFIS system, Minister Buthelezi indicated that the state has every intention of encouraging businesses to develop applications for the cards. 'By itself this system will make the smart card a great contribution to the development of private sector initiatives,' he remarked in February 2002, 'it can be used for identification purposes in building access control or by vending machines which intend to restrict their products, such as cigarettes, to adults only.'22 When Home Affairs issued a Request for Information (RFI) about the design of the cards they received-to their astonishment-over 60 responses from local and international businesses. (It was by that stage quite clear that, as one of the local computer magazines observed, 'HANIS is IT on the scale of Grand Opera.'23)"
See also: WorldNetDaily: The ANC's hi-tech Big Brother, Anthony C. LoBaido, WorldNet Daily, 3 July 2002