Immediate clarity is needed on the scope, intention and justification for the mishmash that is the Public Services Card.
If any lingering doubt remained that Irish citizens need far greater transparency from the State on this regularly morphing, biometric, wannabe national identity card, then the searing presentation in Dublin this week from the UN’s special rapporteur on extreme poverty, Philip Alston, surely has put it to the torch.
Speaking at Pavee Point on Monday night, at an event organised by the Irish Council for Civil Liberties, the New York University professor of law identified the card as a serious threat and “big risk” to civil liberties and privacy.
The digital identity card is being touted by its issuer, the Department of Employment Affairs and Social Protection, as a less fraud-prone way to access public services. But under dubious and, as many legal experts argue, unlawful justifications, possessing one is now mandatory to obtain State benefits, even though an Irish passport – a personal identity document accepted internationally – should satisfy requirements.
The card is linked to sensitive personal information held in government databases and contains a digitally generated photograph that the department insists is not a biometric identifier, yet under technological definitions would be considered biometric and therefore, particularly vulnerable and requiring special safety protections under the General Data Protection Regulation(GDPR).
Yet the public has been given no indication of how such data is stored and protected.
The cards are produced by a company that was originally called Biometric Card Services, until it changed its name to Security Card Concepts a short time after the department began a campaign to try to reassure citizens that the card did not incorporate biometric data.
Already use of the card has expanded to other departments, again with vague justifications. In a submission in June to the UN special rapporteur, the Irish Council for Civil Liberties noted the card was in use for “social welfare services, passport services, citizenship applications, driver licence online renewal, student grant applications, and certain revenue services, among other services.”
The card constitutes “a digital checkpoint that includes the collection, processing, examination, pooling and distribution among numerous bodies of personal and biometric data of people living in Ireland” and “requires people to trade their personal data for access to essential services which they are already legally entitled to”.
This is a key point. As the council and Alston argued this week, the State’s most vulnerable citizens – the poor and economically marginalised – are especially affected because they have no choice but to apply for the card, making it an “example of how technology can be used against people living in poverty.”
Alston rightly argues that the card carries grave concerns. He told his audience that “the Irish Government is taking decisions which will have huge potential consequences for governance in the future, without any transparency or public debate”, noting that many states have used such non-transparent, slow-growing data-gathering projects to effectively enable grand scale societal surveillance.
Lack of transparency
At the moment – and years after the government initially proposed this card – the public still do not know which State agencies will be able to use the card and for what purposes, or whether they will be able to access what Alston clearly stated was “biometric information” connected to each card.
“Down the line you may have a situation where information as sensitive as health data may be stored in a database accessible by many State bodies and which, unless serious protections are put in place, is vulnerable to attack,” he warned.
And while a report is shortly due from the Office of the Data Protection Commissioner, following an investigation into the cards that has taken nearly two years, those affected by the card – the entire population of the State – may end up none the wiser. In an Oireachtas hearing earlier this year, a Data Protection Commission representative stated it would not release the report to the public unless the department allowed it.
Alston found this deeply concerning. “Alarm bells would go off if the [Data Protection Commission] report into [the cards] is not made public,” he said on Monday. “If a report of this significance is not published, then you could not justify the role of Data Protection Commissioner.”
Elizabeth Farries, the Irish Council of Civil Liberties information rights project manager, says the release of the report on a card that is discriminatory and probably illegal under EU law is essential.
“The public has a right to know.”