Public Service Card - ID card by stealth?

Grab All Association

Grab All Association wrote: »

Story last week in the indo about an elderly woman who forgot to pay for an item. The security guard in Dunnes Stores took a photo of her PCS. The data protection need to investigate this immediately. She was under no obligation to show it to them nor did they have the right to take a copy of it

I'll link the story when I find it

http://m.independent.ie/irish-news/news/elderly-woman-barred-from-all-dunnes-stores-after-mistakenly-leaving-without-paying-for-350-bottle-of-wine-36020022.html

The article says they took a photo of her bus pass. The information is in the chip of her PSC not in a photo of a bus pass. I know that the PSC double as a bus pass, but the article specifies bus pass. Some still have the old ones.

blanch152

Grab All Association wrote: »

Story last week in the indo about an elderly woman who forgot to pay for an item. The security guard in Dunnes Stores took a photo of her PCS. The data protection need to investigate this immediately. She was under no obligation to show it to them nor did they have the right to take a copy of it

I'll link the story when I find it

http://m.independent.ie/irish-news/news/elderly-woman-barred-from-all-dunnes-stores-after-mistakenly-leaving-without-paying-for-350-bottle-of-wine-36020022.html

That is nothing to do with the Government, and nothing to do with the Public Services Card.

It is a data protection issue for Dunnes Stores. Can you link to the specific piece of legislation/case law that says they weren't allowed take a picture of it once she voluntarily showed it to them.

AndrewJRenko

Sincere Straight Viper wrote: »

I'm sure figures were given at the presentation but I can't remember them. It's also nothing to do with my dept.
As for exact figures. As these people signed off and there is no requirement to give a reason or indeed present at a swo then exact reasons can't be given.
However as is said, if it barks like a dog, wags it's tail like a dog...etc

We can't really be justifying €60m spends on the basis of 'if it barks like a dog'. We need something more concrete than that. If there is a serious saving to be made as a result of this card being a deterrent, somebody needs to be prepared to put their neck on the line and put a number on this. If the experts are not prepared to commit to this, that tells a story.

jimmycrackcorm wrote: »

The figures don't take into account the benefits across government function of being able to tie in a single identity model for people. For example, what cost is associated with all the different IT systems on government departments dealing with peoples identities, with all the processes, time and effort behind them and the public servants tied up duplicating the work?

Why not? If there are real savings here, why aren't these quantified? I'm not so sure this is a big saving. Yes, there may be some duplication on authentication and identification, but there will also be some additional complexities around interfacing into a central system to counter these.

jimmycrackcorm wrote: »

I don't know why there's even an argument about this card when people happily will hold a passport or a driving licence. But then we do have form for letting our imaginations run with it.

Until the day arrives when you need to carry ID with you in public, there's no such thing as a national ID card and if that day is arriving then that's the time to stand up and object.

That day will be way too late. Let's have a proper mature discussion about this.

recedite

AndrewJRenko wrote: »

We can't really be justifying €60m spends on the basis of 'if it barks like a dog'. We need something more concrete than that. If there is a serious saving to be made..

There's two separate issues here.
1. How many millions will be saved per year (by avoiding fraud, and by better efficiency in admin)
2. How much does a card cost to introduce, and whether the taxpayer paid over the odds for this one.

Chips Lovell

Total fraud prevention savings isn't quantifiable. They're only able to put a number on detection, not prevention.

They haven't put a number on time savings for public bodies.

It would be hard to put a value on time saving/convenience for the general public.

blanch152

AndrewJRenko wrote: »

We can't really be justifying €60m spends on the basis of 'if it barks like a dog'. We need something more concrete than that. If there is a serious saving to be made as a result of this card being a deterrent, somebody needs to be prepared to put their neck on the line and put a number on this. If the experts are not prepared to commit to this, that tells a story.



Why not? If there are real savings here, why aren't these quantified? I'm not so sure this is a big saving. Yes, there may be some duplication on authentication and identification, but there will also be some additional complexities around interfacing into a central system to counter these.


That day will be way too late. Let's have a proper mature discussion about this.

Here is the report you asked for:

http://audgen.gov.ie/viewdoc.asp?fn=/documents/annualreports/2015/Report/En/Chapter10.pdf


You will note in the second paragraph:

"The key advantage identified for using a single card-based access to public services was that delivery of services becomes substantially more efficient when the means for identifying and authenticating the user are standardised across all government agencies."

Now, that has nothing to do with savings from fraud, which is just another red herring put by the serial objectors in the media. The fraud savings are almost seen as an afterthought:

"In addition, the use of a PSC would reduce the rates of fraud and errors caused through incorrect identification and authentication of users of public services"

Sam Russell

As far as I see, this card is the current Gov method of identifying a person. It contain a bio-metric photograph, and other details such as dob. It is only given (currently) on a face to face basis where a photograph is taken and is a bio-metric image that can be used in facial recognition software. This is at 'SAFE 2' level, whatever that means.

Previously, the passport was the most secure ID document issued by the state which went bio-metric following 9/11, but now this card is the highest level of ID security. It is/will be the basis for all high value payments from the state.
Security of the passport itself has been beefed up with the latest ones, separately from this card.

Expect it to be used by the revenue, in conjunction with the Eircode. They really will have everyone by the short ones. In fact I am surprised that one's Eircode is not included.

Looking at the Medical Card, it says on it that the magnetic strip only contains the data printed on the card. The PSC does not say that and if it did, it would not be true.

uck51js9zml2yt

I can't see the problem here. If it's a data protection issue, every time a person needs to avail of a particular service they need to provide all their details on a form, letters and bills.
All this stuff is kept on file and in a database which can be accessed by staff
We already know information is shared between social welfare and revenue. I was reading recently that someone was caught claiming too much JSA based on the amount of DIRT they were paying on their undeclared savings.

The argument over data protection with regards the card is a red herring.
It's purpose is to prevent fraud. It's working
If anyone thinks we shouldn't have the cards please provide another solution to prevent my taxes being stolen by people who shouldn't have access to them.

recedite

Sam Russell wrote: »

Expect it to be used by the revenue, in conjunction with the Eircode. They really will have everyone by the short ones. In fact I am surprised that one's Eircode is not included.

There is no need to match everyone to an address, especially if they are students or tenants or whatever.
You can be sure that the person who is liable for property tax (the nominated owner) is already matched via their PPS number to their eircode. If there is any Eircode that is not paying property tax, they will want to know why. Eircodes are basically PPS numbers for properties. The actual number is pretty random, therefore it is not "a code" but it is "a unique identifier".
The idea of postcodes was knocking around for decades, but it only gelled into an urgent requirement to have a unique identifier for each property after the IMF "encouraged" us to introduce a property tax.

That's another project that cost a lot of money, even though a more advanced working version was already available, and offered to the govt. for free.

Sam Russell

recedite wrote: »

There is no need to match everyone to an address, especially if they are students or tenants or whatever.
You can be sure that the person who is liable for property tax (the nominated owner) is already matched via their PPS number to their eircode. If there is any Eircode that is not paying property tax, they will want to know why. Eircodes are basically PPS numbers for properties. The actual number is pretty random, therefore it is not "a code" but it is "a unique identifier".
The idea of postcodes was knocking around for decades, but it only gelled into an urgent requirement to have a unique identifier for each property after the IMF "encouraged" us to introduce a property tax.

That's another project that cost a lot of money, even though a more advanced working version was already available, and offered to the govt. for free.

Well, in the area of the country that does not have unique addresses, Eircode is essential for many Gov functions if they are to reduce fraud and evasion. For example, vehicle registrations, Driving licences and fine, summonses. The PSC identifies a person, the Eircode pins them to an address. The combinations gives two excellent keys into a database.

In Ireland, remember, many people operated under their name, and an alter ego, their name as Gaeilga. With the PSC this will no longer work.

oscarBravo

recedite wrote: »

There is no need to match everyone to an address, especially if they are students or tenants or whatever.

"Need" is a relative term. It might be useful to have a more real-time view of population trends and housing situations than twice a decade.

Denmark, for instance, doesn't have a census. It doesn't need one.

recedite

Sam Russell wrote: »

Well, in the area of the country that does not have unique addresses, Eircode is essential for many Gov functions if they are to reduce fraud and evasion. For example, vehicle registrations, Driving licences and fine, summonses. The PSC identifies a person, the Eircode pins them to an address. The combinations gives two excellent keys into a database.

I'm not against being able to pin people to an address. But lets take your example of serving a summons to somebody living in an apartment. The efficiency comes from the server being able to find the building easily. There is no further efficiency to be had by giving each apartment a separate Eircode. When the server reaches the outer door, they will have to find the doorbell at that point and ring it.
However, there is an advantage to having separate IDs for each apartment if your real intention is to make sure each apartment is paying property tax.

That being the case, the govt. could have asked for a single loc8 code to be submitted for each property, just to have one linked to the property tax database. If the owners didn't have one already, then assign one.
People would then have had the option of creating additional location codes for themselves; for deliveries to garage entrances off back lanes, or farm outbuildings etc.
Also for meeting up at places like beaches or forest car parks. Being a genuine code, Loc8 also works in car sat navs, or on mobile phones when internet coverage is lost.

The eircode on the other hand is not actually a code at all, its just a reference number. It needs to connect as an online "look up" to be of any use. Also it cost €38M whereas the other one was offered free. Some of the people adjudicating over the tender process (including a member of the winning consortium) were also bidding in the tender.

25. Both Tico Group and An Post were involved in the National Postcode project Board advising DCENR;- a matter over which there may be a legal challenge. This was the subject of an article alleging a conflict of interest in the SBP in Nov 2012
26. An investigation into the Postcode procurement process was undertaken by the EU procurement Unit. This investigation revealed 3 possible breaches of EU/Irish best practice and legislation. A private company is currently considering a legal challenge on that basis.

Anyway, that's all water under the bridge now. But there is a lesson to be learned; If a new public project seems to be bad value, that's often because private lobbyists will always want as much money to be spent on it as possible.
The original concept may well have been possible to implement in a very simple, cheap and effective way. But it just got distorted and corrupted, and its costs inflated.

SPDUB

blanch152 wrote: »

That is nothing to do with the Government, and nothing to do with the Public Services Card.

It is a data protection issue for Dunnes Stores. Can you link to the specific piece of legislation/case law that says they weren't allowed take a picture of it once she voluntarily showed it to them.

There is currently a restriction that it can't be used by an unspecified body (basically Govt Departments ) and is actually an offence

They are planning to get rid of the restriction in the Social Welfare Bill 2017

https://twitter.com/Tupp_Ed/status/900038915666710528

max life

It should be mandatory for everyone to get a card. People who dont want to get one obviously have something to hide

AndrewJRenko

Sincere Straight Viper wrote: »

If anyone thinks we shouldn't have the cards please provide another solution to prevent my taxes being stolen by people who shouldn't have access to them.

But you're not concerned about spending €60m+ to save €2m or €3m?

CeilingFly

AndrewJRenko wrote: »

But you're not concerned about spending €60m+ to save €2m or €3m?

Do you really think social welfare fraud is only a couple of million?

Couple of hundred million - a year!

AndrewJRenko

CeilingFly wrote: »

Do you really think social welfare fraud is only a couple of million?

Couple of hundred million - a year!

I'm going by the Department's figures, what's your source? And how will the PSC impact this?

elperello

Sincere Straight Viper wrote: »

I can't see the problem here. If it's a data protection issue, every time a person needs to avail of a particular service they need to provide all their details on a form, letters and bills.
All this stuff is kept on file and in a database which can be accessed by staff
We already know information is shared between social welfare and revenue. I was reading recently that someone was caught claiming too much JSA based on the amount of DIRT they were paying on their undeclared savings.

The argument over data protection with regards the card is a red herring.
It's purpose is to prevent fraud. It's working
If anyone thinks we shouldn't have the cards please provide another solution to prevent my taxes being stolen by people who shouldn't have access to them.

Its a bit late for that, probably ten years!

The "Stephens Green hole in the wall gang" and others are the ones who really cleaned us out.

blanch152

AndrewJRenko wrote: »

But you're not concerned about spending €60m+ to save €2m or €3m?

AndrewJRenko wrote: »

I'm going by the Department's figures, what's your source? And how will the PSC impact this?

I have posted already (see below) that the savings due to fraud are incidental to the main aim of the card is so "that delivery of services becomes substantially more efficient when the means for identifying and authenticating the user are
standardised across all government agencies"

That makes sense but those savings are impossible to quantify.

Of course, people can keep ignoring the actual facts and rationale set out in the C&AG report if they so wish.

blanch152 wrote: »

Here is the report you asked for:

http://audgen.gov.ie/viewdoc.asp?fn=/documents/annualreports/2015/Report/En/Chapter10.pdf


You will note in the second paragraph:

"The key advantage identified for using a single card-based access to public services was that delivery of services becomes substantially more efficient when the means for identifying and authenticating the user are standardised across all government agencies."

Now, that has nothing to do with savings from fraud, which is just another red herring put by the serial objectors in the media. The fraud savings are almost seen as an afterthought:

"In addition, the use of a PSC would reduce the rates of fraud and errors caused through incorrect identification and authentication of users of public services"

jimmycrackcorm

max life wrote:

It should be mandatory for everyone to get a card. People who dont want to get one obviously have something to hide

If you drive, go abroad our use and public services then essentially it will be a mandatory card. But given almost everyone has a passport, I cannot see what the difference is in real day to day terms.

AndrewJRenko wrote:

But you're not concerned about spending €60m+ to save €2m or €3m?

As mentioned above fraud is incidental, but we should remember fraud is an annual cost so the savings from prevention will also add up over the years.

CeilingFly

A drivng licence is not obligatory, but is mandatory for driving.

A passport is not obigatory but is mandatory for travel outside of EU and for most trips within the eu.

A Public Services card is not obligatory but is mandatory to access social welfare and other public services.

If you do not wish to access any social welfare payments or ou#ther government servcie there is no obligation whatsoever to get the card.

But if you do want the taxpayer's contribution to your life whether its children's allowances or pension, then you need the card.

Very simple.


But the leftist media will create scaremongering BS about it - and some suckers will believe the sensationist "catastrope syndrome" musings of the civil (read as criminal's) rights brigade.

Tabnabs

Read two interesting titbits about this saga in the Indo over lunch today. Firstly, according to FF TD Will O'Dea (FF Spokesperson on Social Protection), civil servants are getting a €5 bonus per card issued. Secondly the information is sent to India where the cards are printed and shipped back to Ireland.

So a clear incentive for the CS to get the cards rolled out and data protection must be questioned when the information is let out of the control of the government department to a third party to actually print out the cards and then have them shipped back to Ireland.

CeilingFly

AndrewJRenko wrote: »

I'm going by the Department's figures, what's your source? And how will the PSC impact this?

According to the Oireachtas Library and Research Service report Tackling Social Welfare Fraud from 2011, the estimated rate for Ireland is between 2.4 per cent and 4.4 per cent

If those figures were applied to today's social welfare budget then
at 2.4% it comes in at €500 MILLION.
at 4.4% it comes in at €900 MILLION

A Year!!


This covers the entire social welfare budget.

Some is human error. A lot is plain and simple fraud. PPS card has elimated a lot already but naturally will not get rid of all fraud.

There's no report on current estimates, but considering the success of tackling fraud since implementation of the pps card, you can see that only frausters and those who champion criminals such as civil liberties loonies have anything to fear from the card.

blanch152

Tabnabs wrote: »

Read two interesting titbits about this saga in the Indo over lunch today. Firstly, according to FF TD Will O'Dea (FF Spokesperson on Social Protection), civil servants are getting a €5 bonus per card issued. Secondly the information is sent to India where the cards are printed and shipped back to Ireland.

So a clear incentive for the CS to get the cards rolled out and data protection must be questioned when the information is let out of the control of the government department to a third party to actually print out the cards and then have them shipped back to Ireland.

I very much doubt that civil servants are getting a €5 bonus per card issued. Unless you have a credible link, that reads like more rubbish.

AndrewJRenko

CeilingFly wrote: »

If you do not wish to access any social welfare payments or ou#ther government servcie there is no obligation whatsoever to get the card.

But if you do want the taxpayer's contribution to your life whether its children's allowances or pension, then you need the card.

Excuse me, but how is applying for a driving licence or for replacing my passport a 'taxpayer's contribution' to my life? This is classist sneering, that the card is a great idea for the lower orders who (if you listen to George Hook or Pat Kenny) contribute nothing to society, but no need to bother 'nice people' with it.

I tell ya, if the card was required to claim mortgage interest relief or medical insurance tax relief, there would have been a revolution from the chattering classes long ago.

Tabnabs wrote: »

Read two interesting titbits about this saga in the Indo over lunch today. Firstly, according to FF TD Will O'Dea (FF Spokesperson on Social Protection), civil servants are getting a €5 bonus per card issued. Secondly the information is sent to India where the cards are printed and shipped back to Ireland.

I really don't believe this. Let's see what Willie can uncover by all means, but I really don't believe that civil servants are being paid a bonus on any task-based activity. It would impossible to control - who gets the bonus? The person who sent out the letter, or the person who greets them at the door, or the person who posts out the card or whatever.

I suspect that this relates to certain social protection functions that are outsourced, such as welfare payments being made by independent postmasters who operate their own post offices.

CeilingFly wrote: »

According to the Oireachtas Library and Research Service report Tackling Social Welfare Fraud from 2011, the estimated rate for Ireland is between 2.4 per cent and 4.4 per cent

If those figures were applied to today's social welfare budget then
at 2.4% it comes in at €500 MILLION.
at 4.4% it comes in at €900 MILLION

A Year!!


This covers the entire social welfare budget.

Some is human error. A lot is plain and simple fraud. PPS card has elimated a lot already but naturally will not get rid of all fraud.

There's no report on current estimates, but considering the success of tackling fraud since implementation of the pps card, you can see that only frausters and those who champion criminals such as civil liberties loonies have anything to fear from the card.

So why are the Dept quoting figures of €1m and €2m for the fraud savings on the 2m cards issued to date?

Tabnabs

blanch152 wrote: »

I very much doubt that civil servants are getting a €5 bonus per card issued. Unless you have a credible link, that reads like more rubbish.

Meanwhile, Fianna Fáil TD Willie O'Dea clashed with the Government over alleged bonus payments of €5 for every PSC issued by Social Protection officials.

"As the department... keeps tabs on how many cards are issued in each centre, the funds to pay the bonus are sent on to each local branch manager to make the bonus payments to staff," Mr O'Dea said.

http://www.independent.ie/irish-news/revealed-how-120-state-bodies-could-access-your-data-on-cards-36086520.html

Tabnabs

Tabnabs wrote: »

http://www.independent.ie/irish-news/revealed-how-120-state-bodies-could-access-your-data-on-cards-36086520.html

The operative word is "alleged" bonus payment.

blanch152

Tabnabs wrote: »

http://www.independent.ie/irish-news/revealed-how-120-state-bodies-could-access-your-data-on-cards-36086520.html

Reading it three things strike me

(1) The word "alleged"
(2) Clearly there may be a sub-contracting arrangement in place, in which case €5 isn't a bonus but a fee (as Andrew pointed out already) which of course means that it isn't civil servants who are getting it.
(3) Willie O'Dea and his relationship with reality.

AndrewJRenko wrote: »

I suspect that this relates to certain social protection functions that are outsourced, such as welfare payments being made by independent postmasters who operate their own post offices.

Brendan Bendar

blanch152 wrote: »

I very much doubt that civil servants are getting a €5 bonus per card issued. Unless you have a credible link, that reads like more rubbish.

I would have to agree with that viewpoint.

Please provide a credible back up or withdraw the allegation.

Hotblack Desiato

Wille O'Dea - :rolleyes:

This whole story is silly season nonsense of the worst order. The media has pages and airtime and websites to fill and not much to fill it.

Hotblack Desiato

AndrewJRenko wrote: »

Excuse me, but how is applying for a driving licence or for replacing my passport a 'taxpayer's contribution' to my life? This is classist sneering, that the card is a great idea for the lower orders who (if you listen to George Hook or Pat Kenny) contribute nothing to society, but no need to bother 'nice people' with it.

Poorer people are less likely to have a driving licence or a passport. Nice of you to call people lower orders by the way.

This rollout has been going on for a few years now but for some reason it's only now that the media realise it exists, problem for them is that all they've really got to complain about is a nonsense story about a crank who refuses to meet the requirements for their SW claim and is moaning about it.

The PSC is not just weekly SW claimants, child benefit applies to all parents and for the last couple of years CB claimants have been invited to apply for the PSC, my wife was over a year ago and has never claimed any SW other than CB in her life. But nobody raised a fuss over this and people got on with their lives so the media never noticed.

I tell ya, if the card was required to claim mortgage interest relief or medical insurance tax relief, there would have been a revolution from the chattering classes long ago.

Do the 'chattering classes' not claim child benefit, or have passports or driving licences?

I really don't believe that civil servants are being paid a bonus on any task-based activity.

No facts have been presented and it's an extraordinary claim - extraordinary claims require extraordinary evidence. Civil servants do not get bonuses.

Sam Russell

I have come to the conclusion that this PSC is no more than the manifestation of the increase in ID certification required by the public service - SAFE 2 level. The PSC is becoming (maybe IS) the paramount method of identifying a person's ID for Government purposes.

This is more stringent than that used historically by either the Driving Licence or by the Passport. If that is true, you can only get the PSC by face to face interview where a bio-metric grade photograph is taken and you will need the PSC to get either document. That is the plan.

However, if the card carries personal data, it should be encrypted, and the data should not be generally available throughout the Public Service but access should be strictly controlled - for each bit of data.

I am under the impression the data is not encrypted, and it is not properly controlled. That needs to corrected, if true. Also the various Ministers should make declarations about this aspect which is very important.

Whether it is a National ID Card or not is small beer in comparison.

Grab All Association

CeilingFly wrote: »

According to the Oireachtas Library and Research Service report Tackling Social Welfare Fraud from 2011, the estimated rate for Ireland is between 2.4 per cent and 4.4 per cent

If those figures were applied to today's social welfare budget then
at 2.4% it comes in at €500 MILLION.
at 4.4% it comes in at €900 MILLION

A Year!!


This covers the entire social welfare budget.

Some is human error. A lot is plain and simple fraud. PPS card has elimated a lot already but naturally will not get rid of all fraud.

There's no report on current estimates, but considering the success of tackling fraud since implementation of the pps card, you can see that only frausters and those who champion criminals such as civil liberties loonies have anything to fear from the card.

The majority is overpayments due to accidental incorrect information by either the DSP or claimant. Some of it is lone parents cohabitation/spouse employment without informing the DSP. Identity theft and claiming when working etc are a lot less rare. In one case a woman went to Australia for work and the DSP were not informed, the money was literally resting in her account.

Donal55

Willie O Dea and FF not happy with its current implementation.

I'd say thats the end of this.

BarryM

Sam Russell wrote: »

This is more stringent than that used historically by either the Driving Licence or by the Passport. If that is true, you can only get the PSC by face to face interview where a bio-metric grade photograph is taken and you will need the PSC to get either document. That is the plan.

Not my experience. Last year, (I suppose the date ran out), my free travel card was replaced by a public service card. I had no interview....

The new card has a photo, which looks the same as my driving license (new one about three years ago), I assume the data was "shared"....

See the article in today's IT about the experience of an FOI request.... data shared unnecessarily....

I am not opposed in principle to efficiency in public service providing, but what are the checks? I recall that the social security file of the lady who won a big euromillons prize was accessed over 100 times immediately after the win....

Grab All Association

Just to confirm those of you with the new PCS your old white Social Services Card still works for collecting payments and is accepted by An Post

antoinolachtnai

So you didn't sign a consent for the photo to be used? Did you get any letter from them at all about this?

blanch152

BarryM wrote: »

Not my experience. Last year, (I suppose the date ran out), my free travel card was replaced by a public service card. I had no interview....

The new card has a photo, which looks the same as my driving license (new one about three years ago), I assume the data was "shared"....

See the article in today's IT about the experience of an FOI request.... data shared unnecessarily....

I am not opposed in principle to efficiency in public service providing, but what are the checks? I recall that the social security file of the lady who won a big euromillons prize was accessed over 100 times immediately after the win....

And those who did so were disciplined.

Court cases have followed in other instances:

https://www.irishtimes.com/news/crime-and-law/courts/district-court/private-investigator-convicted-of-obtaining-details-from-welfare-official-1.2682884

Brendan Bendar

blanch152 wrote: »

And those who did so were disciplined.

Court cases have followed in other instances:

https://www.irishtimes.com/news/crime-and-law/courts/district-court/private-investigator-convicted-of-obtaining-details-from-welfare-official-1.2682884

We really need more of that kind of action when 'rules' are broken.

Unfortunately the culture is not to 'stir things up' or so it would seem,and this then gives rise to the lack of confidence from the public.

Jim2007

BarryM wrote: »

I am not opposed in principle to efficiency in public service providing, but what are the checks? I recall that the social security file of the lady who won a big euromillons prize was accessed over 100 times immediately after the win....

Which shows that access to such data is being monitored and people are being disciplined for miss use.

Hotblack Desiato

Sam Russell wrote: »

I am under the impression the data is not encrypted, and it is not properly controlled. That needs to corrected, if true.

How is this sort of complete supposition supposed to be helpful? This is equivalent to 'some fella down the pub told me X'.

jimmycrackcorm

Still the debate seems to be centred about fears of this being turned into a national identity card.

Yet no one has qualified what those fears are. By law you're required to carry your licence at all times when driving. What happens if you don't?

ressem

Sam Russell wrote: »

However, if the card carries personal data, it should be encrypted, and the data should not be generally available throughout the Public Service but access should be strictly controlled - for each bit of data.

I am under the impression the data is not encrypted, and it is not properly controlled. That needs to corrected, if true. Also the various Ministers should make declarations about this aspect which is very important.

.

While encryption is necessary for the central repositories,
should it be encrypted on the card?

Then the readers, which could be in the middle of nowhere, in the middle of the night, would either require reliable access to a central password database to do some sort of challenge before the key would be provided; or there would be a bundle of authentication keys that have to be widely distributed to hundreds of thousands of card readers, making it fairly weak protection, and causing costs and problems keeping the reading devices current.

Alternatives?
There could be a pin that the holder would be required to provide before the chip would provide the detail. Would that be a benefit above physical possession handover + the photo itself?
Or fingerprint readers as standard + adding a fingerprint hash on the card?

Info on it is...
Name, last known address, DOB, nationality, gender, photo, signature, PPS number, previous name(s)?
Am I missing anything that explains the outrage?

antoinolachtnai

Every other country with a national identity card and a centralised general purpose registration database has some sort of coherent law which governs its operation (see as an example of what such a law might look like http://www.legislation.gov.uk/ukpga/2006/15/pdfs/ukpga_20060015_en.pdf) . Ireland does not. That is a significant departure from international best practice and a major concern in and of itself.

Sam Russell

ressem wrote: »

While encryption is necessary for the central repositories,
should it be encrypted on the card?

Then the readers, which could be in the middle of nowhere, in the middle of the night, would either require reliable access to a central password database to do some sort of challenge before the key would be provided; or there would be a bundle of authentication keys that have to be widely distributed to hundreds of thousands of card readers, making it fairly weak protection, and causing costs and problems keeping the reading devices current.

Alternatives?
There could be a pin that the holder would be required to provide before the chip would provide the detail. Would that be a benefit above physical possession handover + the photo itself?
Or fingerprint readers as standard + adding a fingerprint hash on the card?

Info on it is...
Name, last known address, DOB, nationality, gender, photo, signature, PPS number, previous name(s)?
Am I missing anything that explains the outrage?

On a medical card, it says that the data held on the magnetic strip is the same as printed on the card.

The PSC should say that the data held on the magnetic strip is identical to that printed on the card, while the chip carries additional data that is encrypted and can only be accessed by those authorised to access it, and each piece of data is separately authorised for access.

There are several issues involving this card.

1. Is there any legal basis for it being issued as a form of identity for use by certain Gov agencies. [Currently the Dept of Social Protection - the issuer, The RSA - for driving licences, The Dept of Foreign Affairs - for passports].

2. Is the data on the card secure and is it necessary to be on the card? Surely some of the data elements would be better held on a secure database controlled by the issuing Dept, with high security for any access.

3. Is the card mandatory for access to the Gov depts listed above, or are there other means of identity acceptable?

4. Is it the intention to make this card a national ID card? This has been answered already - no it's not.

I think that a new piece of legislation is required to give legal backing to what looks like a Trojan horse, but might not be.

oscarBravo

antoinolachtnai wrote: »

Every other country with a national identity card and a centralised general purpose registration database has some sort of coherent law which governs its operation (see as an example of what such a law might look like http://www.legislation.gov.uk/ukpga/2006/15/pdfs/ukpga_20060015_en.pdf) . Ireland does not. That is a significant departure from international best practice and a major concern in and of itself.

I agree that we should have clear legislation governing such things, but I'll reiterate that we're not good at having grown-up debates about them. As long as we have opposition parties - any opposition parties - who feel it is their job to prevent the government from ever actually doing anything, then we'll have government parties - any government parties - who will try to do things by stealth instead of through open debate.

National ID cards and registration databases can and do work in other countries. That said, in other countries people get water bills. We have a lot of growing up to do.

BarryM

antoinolachtnai wrote: »

So you didn't sign a consent for the photo to be used? Did you get any letter from them at all about this?

I assume this addressed to me? No, the new card just "arrived"

uck51js9zml2yt

AndrewJRenko wrote: »

But you're not concerned about spending €60m+ to save €2m or €3m?

How do we know the 60m saving. A lot of people signed off when asked to get one. They didn't have to give a reason so we don't know if they had been fraudulent claims. I assume they were!

uck51js9zml2yt

Tabnabs wrote: »

Read two interesting titbits about this saga in the Indo over lunch today. Firstly, according to FF TD Will O'Dea (FF Spokesperson on Social Protection), civil servants are getting a €5 bonus per card issued. Secondly the information is sent to India where the cards are printed and shipped back to Ireland.

So a clear incentive for the CS to get the cards rolled out and data protection must be questioned when the information is let out of the control of the government department to a third party to actually print out the cards and then have them shipped back to Ireland.

I'm a CS. I'm not getting a bonus!

BarryM

Jim2007 wrote: »

Which shows that access to such data is being monitored and people are being disciplined for miss use.

Following the issue indicates that should read "is NOW being monitored"

AFAIK, the euromillions case resulted in a check by the Dept. It was reported that one of the people identified as having accessed the data, without any justification, was "allowed to retire" and others were disciplined. Nobody, afaik, was fired.

I suppose we can assume that there is a method of watching who uses what, for what, but when was this introduced and is it automatic? Is there any annual report on the results?

There have also been issues with the garda pulse system, journos being "briefed", spying, etc.

As I said, I have no issues in principle, only with the practice, and why not publish the methodologies of supervision/checks in place? Hacking is today's computer sport.