Edited text of a speech given by Thomas Beagle at the launch of What If - "an education and action campaign working to stop data collection and sharing by the NZ State and private corporations for the purposes of social control and exploitation, and working for community control of information resources for the benefit of all".
The technocrats have a utopian view of our data driven future. As the NZ Data Futures Forum puts it, they plan to "unlock the latent value of our data assets and position us as a world leader in the trusted and inclusive use of shared data to deliver a prosperous society."
- They promise that we'll be healthier, with population wide tracking to predict and therefore prevent diseases.
- They promise that government services will be both cheaper and more effective through better targeting of those who need them.
- They promise that we'll be wealthier, with businesses able to offer new and exciting products based on our individual needs.
Indeed, is there anything that government and business couldn't do if they had enough data and some smart people to analyse it?
Now, this is going to require a lot of data. And when you're collecting a lot of data you've got to make sure that it's accurate.
One of the things that's particularly important is making sure that we have the right person. There's no point in targeting John Andrew Smith with a medical checkup when it's actually John Adam Smith whose genetic analysis shows their predisposition to a particular condition.
Wouldn't it be easier if everyone in the country had a single electronic identity, one that we could use as a digital key across all these systems to ensure that we had the right person?
And this is where RealMe comes in. It's a joint venture between the Department of Internal Affairs and NZ Post and, in their own words: "RealMe lets you easily and securely prove your identity online, plus access lots of online services with a single username and password."
The sales pitch is aimed at making it easier for the citizen consumer. Get a RealMe account and access a wide range of critical services that require strong proof of identity such as govt agencies, the health system, banks, and so on.
It's important to note that there are two sorts of RealMe accounts. You can get as many unverified accounts as you like - but if you want to use the more useful services you will need to get your account verified and your photo taken at an NZ Post shop. You're only allowed one of these.
RealMe is of particular appeal to financial institutions because of their new responsibilities to identify their customers and report suspicious transactions to the government as a result of the Anti Money Laundering and Countering Financing of Terrorism Act. Kiwibank, the BNZ and TSB Bank are using RealMe, with more expected to follow, although uptake has been slower than expected.
RealMe itself doesn't store any data about people, but it does enable two services that use it to share data if the person gives them permission. For example, if you apply for medical insurance, you can use RealMe to freely choose to give the insurer secure access to your medical records.
There's not much more to RealMe, but there doesn't have to be. It provides two vital components to enable data sharing on an ever larger scale - a key to identify a person, and a pipeline to share the data. It's an important building block in the creation of our glorious shared data future.
Issues with RealMe
Sadly, utopia is not assured. Let's look at some of the issues.
Firstly, data sharing. While the people who developed RealMe seem to have good intentions, I can't help feeling that they seem rather naïve. It's great that data sharing through the RealMe service is voluntary and done under the control of the user, but does anyone really believe that's how it's going to work?
If you want health insurance, you will be obliged to give them access to your medical records. Credit applications will demand access to your bank accounts. You could freely refuse - at the price of being turned down for what you're applying for.
And at some point I can assure you that there will be a small law change allowing the IRD full access to whatever data they want through the RealMe service.
There are other agencies that also have the power to override our privacy choices. The Police, SIS and GCSB can all legally access the information in the systems that RealMe have so kindly linked together, and we'd never know that they'd done it.
Secondly, it seems that RealMe will inevitably evolve into a de facto digital identity card; the "papers please" of the internet age. As processes move online, everyone is going to need a RealMe account and opting out will not be an option.
But there is a deeper philosophical problem with having a single verified identity. Do we actually want to use the same identity for dealing with the government, banks, Trademe, and a variety of social media sites? Will there be increasing pressure to use our 'official' identity everywhere? I see important advantages in being able to present different faces to people - to the people we work with, our parents, our children, our friends, our various communities.
And, of course, RealMe has a big future. It’s going to be available whenever the government thinks up a new reason why it needs to track us and spy on us. We don’t just have to worry about what it’s being used for now, we have to worry what will be build on it in the future.
To think of just one example, something that worries governments and businesses alike is the inability to conclusively identify who did what online. It seems possible to me that in ten years’ time we'll be obliged to connect to the internet using our RealMe identity.
With everything you do online linked back to your RealMe ID, the internet truly will be the greatest surveillance machine ever built.
However, it's when you add large scale data collection and analysis that you realise how this technocratic utopian vision can all too easily become a dystopia.
The same data that can be used to target assistance to those who need it, can be used to penalise those who transgress. Has an algorithm decided you feeding your children too much junk food? Did you spend time helping at the local community centre when you should have been looking for a job? Our data shows you were out in the car when you said you were sick last Tuesday, just how sick were you?
Citizen, justify yourself!
RealMe is just one more component of the big data transformation of our society.
I don't think that the big data juggernaut can be stopped. Every day the technology to watch, collate and analyse data is getting cheaper and more powerful. It’s the price of the modern internet and computer driven society.
And personally, I'm still enough of a utopian that I'm not even sure that we want to stop it.
But we know that people react differently when know they're being watched. We know that people value their privacy and feel powerless when others know their secrets. Can freedom of expression survive in a surveillance state? Will dissent, so necessary in a democratic society, wither under the all seeing eye?
So while we can’t stop it, there is a very clear need to control it. To make sure that we get the benefits while not accidentally creating a society we don't want to live in.
What can we do?
However I do believe that this is possible. We can't control what foreign companies and governments do, but we can set limits on what our own government can do, and we can pass laws that control what New Zealand companies can do.
This isn't going to be easy. We do have the Privacy Act, but the technocrats have the ear of government and they've already announced plans to repeal the Privacy Act and re-enact it in a form even more friendly towards data sharing. But even then, it’s not just privacy that we’re worried about, but power and control.
To stop this trend, to set up real protections, we’re going to have to persuade our fellow New Zealanders that we need them.
We have the power to decide what sort of country we want to live in. We can reject the surveillance society and the subsequent crushing of our democracy. I hope this meeting is another step on the way to doing so.
We've been watching the introduction of RealMe with some concern. While it appears that they have done some serious thinking around privacy, there are some real issues around unified online identities that have not been sufficiently discussed.
This introductory article talks about what RealMe is and then asks some questions about how it might be used.
What is RealMe?
RealMe is a government sponsored online identification service. In their own words: "RealMe lets you easily and securely prove your identity online, plus access lots of online services with a single username and password."
It's a renamed version of the iGovt scheme originally set up by the Department of Internal Affairs. it's now run by a combination of the Department of Internal Affairs and NZ Post (a state owned enterprise). The major enabling legislation for RealMe is the Electronic Identity Verification Act (2012).
The aim is that your verified RealMe identity will provide enough assurance that you are who you say you are that governments and commercial organisations will be able to provide products and services online that require the most stringent forms of identification such as passports, bank accounts, student loans and so on.
It's of particular appeal to financial institutions because of their new responsibilities to identify who they're dealing with after the passing of the Anti Money Laundering and Countering Financing of Terrorism Act. Both the BNZ and TSB Bank are now using RealMe with others expected to follow. Here's the full list of organisations using it.
At the end of February 2013 there were 853,100 iGovt logins (although some people had more than one).
We've heard that implementing RealMe within an organisation is both complex and expensive. There is a significant amount of software development that the organisation is required to do, plus RealMe does its own testing to ensure that standards have been met.
Ongoing costs are based on the number of transactions (typically new identifications, RealMe is not necessarily involved once the identity of the person is established the first time). RealMe refused to release details of the pricing, claiming it is commercially sensitive.
Privacy and data management.
There's no doubt that the people who created the system did it with the best of intentions and it seems they've taken privacy needs into account. One important point is that two organisations using RealMe can't share data about a person unless the person has explicitly giving them permission to do so.
However, we have to assume that this will not always be the case. It seems highly likely that at some point the IRD will get a law change to enforce access - we all want to make sure people aren't cheating the tax system, right? And it makes sense that companies might start insisting on you sharing information, in the same way that health insurance companies currently demand access to your health records. You can refuse but then they won't provide services to you.
It's also easy enough for the Police, SIS and GCSB to be able to use the powers granted by their respective laws to access any person's information across systems as well.
A digital identity card
It seems clear that RealMe is rapidly becoming a digital identity card. It's already not voluntary for a number of people who want to access some services such as Studylink. As more government departments and commercial organisations start requiring it, having a verified RealMe identity is rapidly going to become a requirement.
NZ and Australia both rejected the idea of a non-digital national identity card in the 1980s. There were significant public campaigns against them and the proposals were defeated. So far there's been no outcry against this new form of digital identity card.
Of course, there were different attitudes then. In those days the very idea of government departments sharing data about people was highly contentious due to fears that the government might snoop too much or would abuse its power. Now data sharing between govt departments is commonplace and expected. RealMe is going to enable more and better data sharing, with increased confidence about the identity of the people they're sharing information about.
But the bigger issue is - what does it mean to have one verified identity that's used for everything?
Do we actually want to use the same identity for dealing with the government, your bank, Trademe and a variety of social media sites? Will there be increasing pressure to use your 'official' identity everywhere? We see advantages in being able to present different faces to people - to the people you work with, your parents, your children, your friends, your community. Is this under threat?
We already know that the world has problems with governments over-surveilling people on the internet. We fear that this surveillance already has a chilling effect on democratic dissent. Will improving it by forcing use of a single identity and further enabling data matching be worth the gains?
What does robust and pervasive online identification enable? How will these services be used in 5, 10 or 20 years time?
For example, one of the big problems with law on the internet is proving just who did something. You can trace a downloaded file to an IP address but you don't know which person there actually did the copyright infringing download. Or maybe you want to find out who anonymously published the suppressed name of the accused in a trial.
A government of the future might look at these problems and decide that internet use should be keyed to your RealMe identity, thus undermining anonymity on the internet. It wouldn't be a trivial task but it's also not impossible and would enable the government of the day to track everything you do on the internet. We don't believe that the government needs this power and we see this level of mass surveillance as a threat to our privacy and our democracy.
RealMe has some real advantages - verified identities will make it easier for people to access government and commercial services online, helping us realise some of the promises of the internet revolution. But we're concerned about measures that increase government power over people and we fear that RealMe might be one of those measures.
Over the next few months we're planning to explore some of the issues around RealMe. In particular, we want to answer the following two questions:
- Is RealMe a threat to our liberty now or in the future?
- If so, how can we mitigate it so that we get the benefits without the costs?
Your ideas and contributions would be welcome.