Ms Joyce Tam, Principal Assistant Secretary for Information Technology and Broadcasting Presentation on Multi-application Smart ID Card to the Information Infrastructure Advisory Committee Thursday 30 November 2000
Multi-application Smart ID Card Scheme 2 FONG, Ching Ming 出生日期 Date of Birth 女 F Z-A-B-C 簽發日期 Date of Issue (02-00) 方充明
Electronic Authentication Driving Licence Library Card Change of Address Digital Certificate Enhancement of Financial Infrastructure, e.g. e-purse Initial Applications of the Multi-application Smart ID Card 3
We have carried out consultation through the following channels - Legislative Council Security Panel Legislative Council Security Panel Public Hearing Information Infrastructure Advisory Committee District Councils of 18 districts Roving Exhibitions in shopping centres Feedback from the media Public Consultation on the Project 4
Privacy Data Concentration Security Choice of Cardholders Cost of Project Durability of Smart Card Common Areas of Concerns 5
Concerns - The Smart ID Card would infringe data privacy of the cardholders Measures to be taken to address concern - Strict compliance with the Personal Data (Privacy) Ordinance Privacy Impact Assessments (PIA) Close consultation with the Privacy Commissioner Legislative safeguard and introduction of administrative code of practice where necessary Minimal data to be stored on the card Privacy 6
Concerns - Concentration of data on the card may lead to function creep where data would be used for purposes beyond those for which data were originally collected Measures to be taken to address concern - Minimal data to be stored on the card No sharing of databases among different departments Stringent access control to system and database Data on the card to be segregated and encrypted Central monitoring through a steering committee and development of administrative code of practice where necessary Data Concentration 7
Concerns - Smart card is not entirely secure Measures to be taken to address concern - High maturity level of cryptographic technology Adequate risk management measures Experts to conduct security design and audit Compromise of one card will not result in compromise of the whole security regime Minimal data to be stored on the card Sensitive data to be stored in backend systems of Government departments as at present Security 8
Concerns - Cardholders may not have genuine, voluntary and non-discriminatory choice on the additional applications Measures to be taken to address concern - Measures to ensure genuine and non- discriminatory choice Driving licence is likely to be the only possible exception as it would be confusing to have two types of driving licence Choice of Cardholders 9
Concerns - Cost of project at $3.06 billion is expensive Justification The cost is for replacement of the whole ID card system and the individual cards The cost is well-justified by the benefits (higher security level, auto-immigration clearance, greater convenience provided by the additional applications) The cost differential for smart card against non- smart card is about 10% The cost differential for multi-application smart card against immigration-only smart card is also about 10% Cost of Project 10
Concerns Smart card not durable and cannot last for 10 years as purported Measures to be taken to address concern - Strong card materials - Polycarbonate will be used Guaranteed minimum life of 10 years 100, ,000 read/write access Durability of Card 11
Looking Ahead Open Forum organised by Hon. Emily Lau (1 Dec) Motion Debate at Legislative Council (6 Dec) Forum organised for the IT sector by Hon. SIN Chung-kai (Jan) Seeking funding approval from Finance Committee (Jan) System development ( ) Card issue and replacement ( ) * * Essential legislative amendment to be made before card issue 12
Thank you