CIMM Committee Report

INTRODUCTION

In November 2002, the Minister of Citizenship and Immigration proposed that Canadians engage in a full and informed discussion about the possibility of creating a national identity card. Minister Coderre further suggested that the House of Commons Standing Committee on Citizenship and Immigration would be an appropriate forum for such a discussion and the Committee agreed to study this important question.

At this point, the study is incomplete. The Committee plans to continue its deliberations and to hear further from Canadians as this issue continues to provoke public debate. We have determined that it would be useful to publish our interim findings to help focus this ongoing policy discussion. While there is still no specific identity card proposal to which Canadians can respond, it is hoped that this interim report will better clarify the basic questions that must be answered.

A.	The Scope of the Study

While national security concerns in a post-September 11 environment may be one factor driving this issue, a national identity card could also address other concerns, such as facilitating travel and commerce, and combating identity theft. In an appearance before the Committee on 6 February 2003, the Minister stated:

A national ID card is simply a tool that permits the bearer to prove, with a high degree of certainty, that they are who they say they are. The card provides certainty because of the security around its issuance and the technology used in the card.

….

While the new focus on a positive proof of identity is partially rooted in the aftermath of the terrorist attacks, other forces are at play. Identity theft is seen as a serious and growing problem in Canada.

….

We must also guard against rushing to judgment. There will certainly be strong opinions on both sides of the debate, and we will need to hear from everyone. What we require is objectivity — an open debate based on fact and reason, not innuendo.

The Committee was, in essence, given carte blanche to examine the issue of a national identity card. No formal consultation document has been published and witnesses who appeared before the Committee were asked to comment generally on the issue.

B.	The Study Process

The Committee began by conducting hearings in all the provincial capitals, and Vancouver and Montreal, in February 2003. Other important matters relating to the Committee’s mandate were also discussed in these hearings, such as immigration settlement issues, the Provincial Nominee Program and Bill C-18, the Citizenship of Canada Act, and two reports have already been produced as a result of these consultations.¹ While a significant number of witnesses expressed their concerns regarding a national identity card, this issue was not the main focus of the hearings. Although no formal consultation document has been produced by Citizenship and Immigration Canada with respect to this issue, some guidance had been provided by a short document released by the Committee. The Committee’s press release read, in part:

There are two main types of identity documents used by Canadians. The first are often referred to as “foundation” documents, and include birth certificates and immigration records. These primary documents are used to obtain documents of the second type, “entitlement” documents, such as passports, drivers’ licences and social insurance numbers. The fraudulent use of either type of document poses significant concerns in respect of national security, the integrity of government programs, commercial crime and the ability of Canadians to travel internationally.

The Committee intends to address these issues, as well as concerns about the protection of privacy and the preservation of Canadian values. Some of the topics that the Committee would like to hear witnesses discuss include:

•	What are the existing problems with Canadian identity documents, particularly “foundation” documents such as birth certificates?

•	What should be the guiding principles for a national strategy on identity documents?

•	Which level(s) of government should be responsible?

•	Do we need to create a new national identity card, or can the security features of existing “foundation” documents be strengthened?

•	What has been the experience of other countries with national identity cards?

•	Should everyone in Canada be required to carry a secure identity document at all times? Or should the identity document be voluntary for some (e.g. Canadian citizens and permanent residents) and mandatory for others (e.g. refugee claimants, foreign students, or other temporary residents)?

•	What information should be imbedded in the cards, who should be able to access that information, should the information be stored centrally, and what safeguards would be required to prevent misuse?

•	What technologies are available for enhancing document security and what issues are raised by the use of particular technologies, such as biometrics? (Biometric identifiers include fingerprints, iris scans and facial scans.)

•	How much would a national identity card cost? What savings would be realized by introducing such a card (e.g. reduction in crime related to identity theft)?

The Committee recognizes that some witnesses felt that there was inadequate time to prepare detailed submissions on the issue given the Committee’s schedule. Others found it difficult to comment without a specific proposal before them. Our consultation with Canadians is clearly far from complete and we will be hearing further submissions in the near future.

In March 2003, the Committee visited Washington, D.C. to discuss immigration and border security issues with our congressional counterparts. In the course of our visit, we also took the opportunity to discuss identity documents, biometrics and related issues with various members of Congress, Washington-based non-governmental organizations and private companies involved with this evolving technology.

In June and July 2003 the Committee continued its study in Europe. Our efforts there focused on the national identity card question, although we were also able to examine the implementation of the new Immigration and Refugee Protection Act at various Canadian visa posts. The Committee had the chance to visit six European capitals where identity cards were either in use or were being debated. We had an opportunity to examine smart card technology that is being developed and to assess the level of public acceptance of such technology.

In Canada and in Europe, we also heard from experts involved in the various aspects of identity card production, including those specializing in the use of biometric identifiers. In all, the Committee heard from 48 associations and individuals in Canada, and 89 government officials and other individuals abroad. We will continue to hold hearings on this important issue and expect that this interim report will generate further discussion and debate.

PRIOR CONSIDERATION BY THE COMMITTEE

The House of Commons Standing Committee on Citizenship and Immigration has not previously studied the issue of national identity cards. In the Committee’s report on the proposed Immigration and Refugee Protection Regulations of March 2002, the issue of the new “Maple Leaf” card for permanent residents was discussed.² The Committee reviewed the competing concerns of privacy and security in the context of the use of biometric identifiers on these cards and concluded that to enhance the security of the new permanent resident card, the government should introduce a biometric identifier once satisfied that appropriate safeguards are in place. A universal card for all Canadians was not directly addressed, but the Committee stated the following in respect of the Maple Leaf card:

Although the Committee is sympathetic to the above concerns about the use of biometric identifiers, we believe that with the appropriate safeguards, and for the limited purposes envisaged, a biometric identifier is essential to provide sufficient security for the new permanent resident card.

What safeguards would be appropriate? We recommend the following:

•	Although no biometric system is foolproof, the system should be made as accurate as possible to ensure a high degree of confidence in the results.

•	All available measures should be taken to prevent the possibility of tampering with the system.

•	A unique identifier — fingerprints or retinal scans — would be preferable to a less reliable one.

•	The biometric identifier on the card should be limited to authentication for immigration purposes only.

•	Because the identifier on the card authenticates the identity of the person who enrolled in the system, it is essential that the initial enrolment process be as valid as possible. Biometrics cannot detect an assumed identity.

OTHER PRIOR CONSIDERATION IN CANADA

In the 1990s, a proposal to replace the Social Insurance Number with a national identity card was examined by the House of Commons Standing Committee on Human Resources Development. The idea was rejected by the government due to privacy concerns and the projected cost.³ The government’s response regarding the creation of a national identity system at the time was, in part, as follows:

With over 30 million potential SIN card users and little infrastructure in place, it is estimated that the cost of issuing a “smart” SIN card to Canadians would range from $1.2 billion to $3.6 billion. Incremental expenditures would be incurred by the Government of Canada to ensure the safeguarding of personal information and appropriate sharing of information. Additional substantial costs would be incurred in the periodic re-registration of SIN cardholders.⁴

In that 1999 document, the government also stated:

There would be severe privacy concerns attached to a comprehensive national identity system. (emphasis in original) Any shift to this policy approach would require substantial attention to how information was provided, how it was accessed, the rules of access, requirements for mandatory registration and periodic re-registration and other impacts of a National Identity Register.

……

It is reasonable to assume that a much more accurate and secure identity system would reduce fraud and abuse in the programs and services that made use of it. At present, there is no consistently reliable estimate of the costs of fraud and abuse across the public sector that might be avoided through a national identity system. However, expanding the SIN to become a national identity system would also increase the value of this identifier to successful defrauders looking to profit from identity fraud, requiring increased vigilance related to the administration and control of the system.⁵

The Committee is also aware of at least two federal-provincial-territorial working groups that are looking at the issues of identity and fraud. One is the Identity Theft Working Group and another is the Federal-Provincial-Territorial Council on Identity. The task of the former is to examine the existing Canadian legal framework and recommend possible changes in the law that might assist in the prosecution of identity theft and related offences. The latter is examining the development of a strategy for improving identity processes, particularly with respect to the issuance of foundation documents. To the Committee’s knowledge, neither group has issued a public report.

BIOMETRICS

It would perhaps be beneficial to outline exactly what the scientific term “biometrics” means in the context of identity systems. As noted earlier, in the Committee’s March 2002 report Building A Nation: The Regulations Under the Immigration and Refugee Protection Act, we discussed the possible introduction of a biometric identifier for the Permanent Resident (or Maple Leaf) Card. The overview provided in that report bears repeating in the context of a national identity card for the citizens of Canada.

Biometrics is the technology that takes physical or behavioural characteristics of individuals and converts them into digital data. They are then encrypted into a system, which can be an individual card, from which subsequent comparisons are made.

There are a number of possible biometric identifiers. Some — fingerprints and features of the eye (the retina and the iris) — are considered unique to an individual. Others, such as facial features, hand geometry, and voiceprints are considered relatively unique to an individual. Both types contain information that is considered non-transferable among individuals. Neither type contains data about the person; rather, a biometric identifier is information of the person.

Biometric identifiers are used for the purpose of authentication (or verification) of identify, or for identification of a person, or both.

Some commentators are wary of the widespread use of biometric information, particularly in the private sector. They warn that biometric systems are not foolproof, and that there are dangers in data sharing. They view some uses, such as surveillance of crowds on the basis of facial features, as threatening individual autonomy.

Critics feel that the widespread use of biometrics raises issues relating to privacy and human individuality, and may engender in people a sense that the government and private organizations are becoming all intrusive. They warn too of what has been called "function creep," the extension of technology to uses unintended and possibly unforeseen when first introduced.

WHAT CANADIANS SAY

A.

Polling

The Committee is aware of two recent polls that directly addressed the question of a national identity card for Canadians. A COMPAS/National Post poll from December 2002 asked the question, “How about a high-tech identity card for all residents of Canada? Comparing the possible security benefit and the possible risk to freedom, is this a good idea or a bad idea?” In response, 57% of those polled said it was a good idea and 30% said it was a bad idea.

The context in which the question was asked, however, raised doubts about the usefulness of the response. The preceding three questions in the poll were as follows:

(Q20) Turning now to global and international issues, do you see the terrorist threat from Islamist extremists like Osama bin Laden as more serious than most threats in the past or less serious?

(Q21) Thinking of the legal rights of people who are accused of crimes, should people living in Canada who are accused of being terrorists have the same rights as accused criminals have had in the past, or fewer rights?

(Q22) When the United States said that it would finger-print travelers to the U.S. from Canada and elsewhere who were born in countries that the U.S. believes are involved in terrorism, was the U.S. right in its policy?

The second poll, dated 31 March 2003 and entitled Canadians’ Views Towards a National ID Card and Biometrics, was conducted by Ekos Research Associates at the direction of Citizenship and Immigration Canada. The Committee was not involved with the conduct of this survey and had no input regarding the questions posed.

This second poll also demonstrated significant public support for a national identity card. Related to the above comments regarding the first poll, it is interesting to note that in the Ekos survey, support for a card was higher when the question was posed at the end of the survey, rather than at the beginning. The responses obtained were as follows:⁶

With respect to biometrics, the question and results were as follows:

It should be noted, however, that the poll also suggested that most Canadians do not understand what “biometrics” means. When asked what the term means to them, only 15% of those polled even ventured a response. Of that small percentage, only 32% (i.e., less than 5% of all those polled) gave an answer that Ekos Research considered correct. The Committee also notes the concluding remarks of the report:

While the overall results suggest solid support for the adoption of a new national ID card and the use of biometrics by governments and the private sector, the possibility that these results represent a peak of support exists. Despite the preliminary finding that that support for a new national ID card is higher if the relevant survey question is placed at the end of the battery on biometrics (i.e., after people have been exposed to information about the issues), it is certainly plausible that a public debate on the issues could erode support. As with other public policy-related issues, we expect that the debate will be dominated by elites (e.g., civil libertarians, lawyers, academics, privacy groups, media and opposition parties), almost all of whom will argue against the adoption of a new card and the use of biometrics. Adding to this challenge, we find that the strongest arguments for adoption of these technologies are based on those that point to the inadequacies of current documents, systems and procedures, leading to fraud and abuse.

The communications challenges of the Government of Canada engaging debate with such negative messaging are daunting.

B.	Committee Hearings

In stark contrast to the polling results reviewed by the Committee were the submissions made by witnesses appearing before us in Canada. While the Committee is still just beginning to hear from Canadians, the majority who have testified thus far were adamantly opposed to any sort of national identity card. Many gave detailed presentations with highly developed arguments against the introduction of such a scheme. Their main concerns, which tend to overlap to some degree, are summarized under the following 13 headings. It should be emphasized that what follows does not reflect any findings by the Committee; it is simply a summary of the concerns we have heard expressed by witnesses to date.

1.	A national identity card and national security

Many witnesses argued that if the purpose of introducing a national identity card is to combat terrorism or otherwise enhance our national security, it will not be of any benefit or effect. Short-term visitors to Canada would likely not be eligible for a national identity card, but even among citizens and permanent residents, the mere fact that someone has a national identity card would not necessarily mean that they are not a threat to Canada’s security. As some witnesses noted, the American authorities knew the identities of many of the September 11 highjackers; it was their intentions that were unknown. The Committee is also aware that terrorist incidents involving Canadians, such as the FLQ bombings and kidnappings, and the bombing of Air India flight 182, would not have been prevented if a national identity card had been in use.

2.	A national identity card and privacy vis-à-vis the state

The Committee was warned many times about the prospect of the police being able to stop people on the street and demand proof of their identity. Witnesses suggested that for a national identity card to be useful to law enforcement, it would have to be mandatory for everyone and it would have to be carried at all times. It was suggested that the introduction of a national identity card would be a slippery slope leading to greater intrusions on our private lives. Even if a voluntary card were introduced and it was not compulsory to produce it to the authorities, witnesses asserted that that situation would likely soon change as the cost of the project would encourage the expansion of the card’s use. Some witnesses were convinced that a national identity card would, in essence, become an internal passport.

The Committee also heard that a national identity card, if mandatory, might violate the Canadian Charter of Rights and Freedoms. Reference was made to the Supreme Court of Canada case R. v. Dyment,⁷ where Justice La Forest stated:

Grounded in man's physical and moral autonomy, privacy is essential for the well-being of the individual. For this reason alone, it is worthy of constitutional protection, but it also has profound significance for the public order. The restraints imposed on government to pry into the lives of the citizen go to the essence of a democratic state.

The possible cross-referencing of data was also an issue. If a national identity card contained various types of information relevant to government authorities or could be linked to that information — for example, a person’s health care record, driving abstract and employment history — the impact on personal privacy would be substantial. The Committee was told that it would be preferable to have separate and distinct repositories for our personal information to help protect the privacy of Canadians.

Witnesses also discussed the assertion that if you have nothing to hide, you have nothing to fear from state officials demanding identity documentation, and that only criminals should worry about privacy intrusion. It was suggested that such a premise is flawed and that if carried to its logical extension would mean that the police should be allowed to enter our homes, read our mail or listen to our telephone calls at any time just to ensure that we are not breaking the law. As one witness stated:

The fact is that we all have things to hide, not because they are wrong or shameful, let alone illegal, but simply because they are private.

3.	Data protection concerns

The protection of personal data is already a sensitive issue and many witnesses expressed concern about the possible abuse of the data contained on a national identity card, as well as the fact that the data would have to be stored centrally for the card to work as intended. Witnesses referred to the fact that databases may be “hacked” or used improperly by the bureaucrats running the system. During the Committee’s travel in Canada, the loss of a single hard drive from an insurance company in Regina was headline news. The hardware contained sensitive and private information on approximately one million individuals and businesses. Although it was eventually found, this event confirmed the fears of many witnesses.

Biometric industry representatives stated that the card itself would not adversely affect an individual’s privacy. Rather, the system in which a national identity card is employed is what must be addressed. It was suggested that a data protection framework could be developed that would allay the concerns of critics and protect personal information.

While opponents noted that data protection laws exist and could be expanded if a national identity card were introduced, some suggested that for such laws to be of any value, a massive bureaucracy would be needed to administer the law and protect personal data. It was argued that this would either substantially impact the cost of an identification system or would make adequate data protection unlikely to occur.

4.	“Function creep”

Many witnesses doubted that a national identity card could be produced with a limited and specified purpose. As noted already, the likely cost of a national identity card system could encourage the expansion of its functions. As well, the fact that the information would be just “sitting there” could result in government departments and agencies lobbying for expanded access.

Witnesses pointed out that when we provide information to government, we are normally promised that it will only be used for the purpose for which it was collected. If the state and its enforcement agencies are able to access that information for other purposes, it was suggested that a fundamental promise would be broken. Function creep can often be justified on the grounds that it will save money, increase efficiency or make society safer, but it was argued that expanding the data’s use would be a serious violation of fair information practices.

Others pointed to the social insurance number as an example of “function creep.” Introduced for limited government purposes, its production was soon requested as a matter of course by non-government entities as well. It was suggested that a national identity card could become essential for any business transaction, from buying groceries with a credit card to renting a car. This raised two main concerns among witnesses: that any proposal that a card be purely voluntary would not work if people without one were prevented from conducting normal business transactions; and, the potential that every use of the card would leave a digital record could result in a central database that would record all of the details of a person’s daily life.

5.	Technical sophistication of the card and the potential for fraud

While technological advances allow governments to produce documents that are touted as being less prone to counterfeiting, the same new technologies are often accessible to criminal organizations. The Committee was told that Canada’s new and highly secure Permanent Resident Card is being counterfeited already. Witnesses suggested that the “bad guys” are usually just one step behind when it comes to technological progress.

6.	Concerns about reliance on a single card

It was suggested that if a highly secure, multi-purpose national identity card were introduced, there would be great incentive to counterfeit the card or obtain a card fraudulently using a false identity. Oddly enough, witnesses argued, a single document that would provide supposedly definitive proof of identity could actually increase counterfeiting and identity theft. One witness brought to the Committee’s attention a report by the National Research Council in the United States from 2002 where it was stated:

While offering better solutions to some problems surrounding identity theft, a nationwide identity system poses its own risks. For example, it is likely that the existence of a single, distinct source of identity would create a single point of failure that could facilitate identity theft. The theft or counterfeiting of an ID would allow an individual to “become” the person described in the card, in very strong terms, especially if the nationwide identity system were to be used for many purposes other than those required by the government…. The economic incentive to counterfeit these cards could turn out to be much greater than the economic incentive to counterfeit U.S. currency.

If a national identity card were required to access government and private services, the failure of the card could be very problematic, both for the individual concerned, who might become, in essence, a non-entity, and for any system that places great reliance on the card’s effectiveness. Currently, if the Employment Insurance database experiences technical problems or a person loses their health card, there might be some inconvenience, but witnesses suggested it would be minimal compared to the possible disruption caused by the loss or failure of a multi-purpose card.

7.	Concerns about foundation documents

One question that was asked by many witnesses was, “What identity documents would one use when applying for a national identity card?” It would seem pointless to create an expensive, highly technical system and then issue cards to people based on a birth certificate and a health card. The Committee is well aware of the problems of fraud in respect of passport issuance and understands that, at both the federal and provincial levels, reforms are either proceeding or are being contemplated to ensure that foundation documents are more reliable and are only issued to their rightful bearer. However, as many witnesses noted, the risk of fraudulently obtained foundation documents is real and could jeopardize a multi-billion dollar national identity card system.

8.	A national identity card and international travel

The Committee notes that the Passport Office has recently enhanced the security features of the Canadian passport and is working towards using facial recognition biometrics. The International Civil Aviation Authority has issued standards in this respect and it is anticipated that most nations will soon be following suit. As such, some witnesses suggested that if facilitating travel is an objective, a national identity card with biometric identifiers would appear unnecessary or redundant. They argued that creating an entirely new government bureaucracy for this purpose would not be cost effective.

9.	A national identity card and identity theft

Various concerns about the use of a national identity card to address identity theft were put to the Committee. To begin with, the Committee was told that most identity theft occurs by people getting someone else’s credit card number, bank PIN, or similar personal data, and it is not done in a face-to-face situation. As such, the production of a national identity card might not be required in many commercial transactions, such as those conducted on-line or by phone, where fraud could occur.

Others questioned whether Canadians would have to present the national identity card every time we conduct a commercial transaction and, if so, what digital trail of our purchases and daily travel would be left? Minister Coderre said that the biggest threat to individual privacy is to have one’s identity stolen and used by someone else. A Montreal Gazette editorial presented to the Committee retorted:

It’s an assertion only someone in government could make. As far as we’re concerned, the biggest threat to individual privacy is a vast government register using a smart card to track our every movement, purchase and action.

Some also pointed to the potential for information abuse by businesses. A national identity card, it was suggested, could facilitate the unwanted correlation of data for marketing or other purposes.

Finally, it was suggested to the Committee that business, rather than government, should bear the costs of such a system. Public funds could be better directed to enforcement agencies, it was argued, rather than a costly and unproven bureaucracy.

10.       The cost of setting up a national identity card system

Given that a proposal for a specific type of card and data management system is not before us, it is impossible to know how much the introduction and ongoing administration of a national identity card system would cost. However, witnesses did their best to provide us with some guidance.

For example, some made reference to the cost of the national gun registry that has, thus far, cost over a billion dollars to register a minority of the Canadian population. Others provided their own estimates, which ranged from $2 billion to $5 billion dollars, based on our population, technology costs and administrative overhead. The Interim Privacy Commissioner of Canada, for example, suggested that start-up costs alone would be $3-$5 billion dollars. Mr. Marleau based this estimate on the cost of registries currently in place in Canada and also by reference to cost projections made in the United Kingdom and the United States for a similar scheme.

The Committee notes that when the province of Ontario was considering introducing an entitlement smart card, start-up costs were estimated at $500 million. And as mentioned earlier, a proposal to replace the Social Insurance Number with a national identity card was brought forward in the 1990s and was rejected by the government due, in part, to a projected cost of as much as $3.6 billion. Another point of reference may be the new permanent resident card, which although biometric-ready, does not yet contain any biometric information. To date, this card has cost approximately $68.5 million and further spending of $36.2 million is planned for 2003-2004 and $19.7 million for 2004-2005. There are approximately 1.5 million permanent residents who are eligible for the card and as of June 2003, 450,000 cards had been issued. It is estimated that as of October 2003, 600,000 cards have been produced. There is a $50 cost recovery fee charged to each applicant.

Many of the witnesses who addressed the issue of cost also suggested that whatever the actual cost would be, that money could be better spent at our borders, on law enforcement and on enhancing the security of existing documents.

11.	Concerns about the level of advancement of biometric technology

Biometric technology is not foolproof. The Committee was told of the problems with respect to “false accept” and “false reject” rates. The former refers to the acceptance of identification when the person presenting the card does not actually match the embedded biometric feature. The latter refers to the rejection of identification when presented by the legitimate cardholder. For a card to be highly secure, the Committee was told that there will have to be a lot of false rejects. That is, people who are legitimate will be rejected by the technology, simply because such a large pool of enrolees comes with an inherent margin of error. This means that legitimate national identity card holders could be subject to suspicion and accusations when the technology fails. According to witnesses, to lower the false reject rate would result in raising the false accept rate. Of course, a high false accept rate would undermine the purpose of creating a national identity card.

In response, biometric technology experts suggested that using two or more biometric identifiers on the card could ensure greater security. Facial recognition logarithms coupled with fingerprint or iris data could address this concern.

12.	A national identity and racial profiling

Some witnesses suggested that the introduction of a national identity card would foster new forms of discrimination and harassment of visible minorities. It was argued that certain groups would be subject to continual status and identity checks by the police and by business.

13.	The lack of a specific identity card proposal

When the Committee was asked to study this issue, no specific national identity card proposal was put before us. Rather, we were given a blank slate and asked to enquire of Canadians whether we, as a country, should have a new national identity document and, if so, what form it should take. Some of those appearing before the Committee expressed frustration with this approach, arguing that it is impossible to defend or criticize a particular course of action when it is so nebulous.

THE UNITED STATES

In March 2003, the Committee travelled to Washington, D.C. to discuss immigration and border security issues with our American legislative counterparts, as well as various non-governmental organizations. While the issue of a national identity card was not the focus of our discussions, because this study was an ongoing concern, related questions frequently arose, particularly with respect to the use of biometrics in travel documents.

As we expected, the American government is preoccupied with security issues. There was an atmosphere of heightened security concern in the U.S. capital, fed of course by the events of 9-11 and the hostilities in Iraq, but also by the then-recent Washington sniper killings. This climate, it was suggested by some, was being used for political purposes by various groups, some of which were spreading misconceptions about Canada and the security of America’s northern border. Even without such false impressions, it was clear to the Committee that the vast size of the U.S.-Canada border and the amount of resources required to ensure that it is secure was of great concern to American legislators. The continued facilitation of commerce was also an important consideration and the possible economic consequences of border slowdowns for both countries were discussed at some length. Clearly, the U.S. government is looking to ensure a “zone of confidence” between our countries and believes that a secure identity document system must be part of that equation. This is not to suggest that the United States is exerting pressure on Canada to institute a national identity card. Rather, it appears that the security of existing documents is what is at issue.

Under the Enhanced Border Security and Visa Entry Reform Act of 2002, by 26 October 2004, in order for a country to remain eligible for participation in the American visa waiver program, its government must certify that it has a program to issue to its nationals machine-readable passports that are tamper-resistant and which incorporate biometric and authentication identifiers that satisfy the standards of the International Civil Aviation Organization. Current visa waiver countries include: Andorra, Australia, Austria, Belgium, Brunei, Denmark, Finland, France, Germany, Iceland, Ireland, Italy, Japan, Liechtenstein, Luxembourg, Monaco, the Netherlands, New Zealand, Norway, Portugal, San Marino, Singapore, Slovenia, Spain, Sweden, Switzerland, and the United Kingdom.

Canada is not a visa waiver country. We are, in essence, in a category of our own with respect to entry to the United States. Citizens of Canada are exempt from the visa and passport requirement of the Immigration and Nationality Act. To enter the United States, a Canadian citizen must be able to establish both identity and citizenship, but this may be done with a birth certificate, citizenship certificate or a passport. In fact, Immigration Inspectors may even accept an oral declaration of citizenship, although it is now strongly recommended that Canadians carry a document that establishes citizenship. The Committee is aware that, given the current climate, this dispensation for Canadians could change and requirements similar to the visa waiver program could be imposed.

With respect to a national identity card, when the topic was broached with American non-governmental organizations, their opinions mirrored much of what the Committee had heard in Canada: there are concerns about privacy protection, function creep, the reliability of the technology and the costs involved. While there is no official proposal for an American national identity card — the Committee was in fact told that most Americans would oppose one — it was argued by one witness that a de facto national identity card is being created through technological enhancements of State driver’s licences and national data sharing of State-controlled information.

The Committee’s attention was also drawn to a recent technology assessment report by the U.S. General Accounting Office from November 2002 entitled Using Biometrics for Border Security.⁸ The GAO considered seven leading biometric technologies — facial recognition, fingerprint recognition, hand geometry, iris recognition, retina recognition, signature recognition, and speaker recognition — and determined that only four appear suitable for border control applications: facial, fingerprint and iris recognition, and hand geometry. As well, the report cautioned the U.S. government to plan carefully before deploying any particular technology, indicating that questions about the cost of such technology and its effect on trade and personal privacy had to be carefully scrutinized.

We also had the opportunity to view demonstrations of face recognition and fingerprint technology designed for border applications. Our presenters demonstrated systems that served to confirm the identity of the document holder and were useful in identifying individuals whose photograph is contained on a “watch list” of criminals or others of interest to the authorities.

We were also informed about the limitations of using a single biometric identifier. Not only is there an inherent margin of error, but the Committee was also told that some technologies have other limitations. Some people are physically incapable of providing a usable fingerprint. Facial recognition technology cannot distinguish between identical twins. A glass eye cannot provide an iris scan. The use of multiple biometrics — a combination of fingerprint and iris scan was suggested by some experts — could address such concerns and greatly reduce the false accept and false reject rates.

Biometric technology is clearly an important tool in providing for our collective security; whether a national identity card system using biometric identifiers is the best option for employing this tool is still unclear.

THE EUROPEAN EXPERIENCE

Many of the world’s countries, if not the majority, have some sort of national identity card system. Identity documents have been created with various functions in mind and the level of technological sophistication varies widely. The Committee was provided with research from Citizenship and Immigration Canada on identity documents being used or considered for use worldwide, a copy of which is reproduced in Appendix B of this report. This document is incomplete and the information contained may not be current for all countries. The Committee has also noted that there may be some inaccuracies. As our hearings proceed, we hope that a full and accurate summary of the international identity card systems will be completed. What is happening globally was a subject of considerable discussion in our hearings and it is clear that international study and comparison is essential for an informed debate.

The Committee’s review of national identity card systems in selected European countries, and the proposed “Entitlement Card” in the United Kingdom, proved quite useful for the members who were able to travel abroad. Understanding how identity schemes arose historically and how personal data is now being protected was most illuminating. Much was gleaned from the European experience but, clearly, there are cultural differences between Canada and continental Europe when it comes to privacy issues vis-à-vis the state. In many countries that have had national identity card systems for more than a generation, data protection issues did not appear to be at the forefront of concerns and the importance of personal anonymity with respect to the government was not widely expressed. We saw, in fact, how some document systems are moving beyond the basic purpose of establishing identity and becoming capable of multiple functions.

The Committee also had the opportunity to receive briefings on new smart card technologies currently being developed. The amalgamation of data from different government departments on a single card, as is being tested in Spain, was ingenious, but also troubling. Italy’s electronic identity card, currently being issued in selected municipalities, clearly offered some security benefits, but many questions remained in the minds of Committee members as to whether a similar program would be beneficial or acceptable in Canada.

The summaries that follow present the highlights of the information received by the Committee in Europe. Other international comparisons will certainly prove valuable and the Committee intends to continue reviewing national identity card systems being used in other jurisdictions.

A.	United Kingdom

In the U.K., the Government launched a consultation exercise in July 2002 with the publication of its paper Entitlement Cards and Identity Fraud.⁹ The consultation lasted until the end of January 2003, and examined the introduction of a national identity card under three different possible schemes:

1. Targeted — where there is a requirement to establish identity to a high degree of confidence for access to particular government services.

2. Voluntary — where it would be optional to register and obtain a card.

3. Universal — where everyone would be required to register and obtain a card but there would be no compulsion to carry a card.

The proposed card would be intended to address entitlement fraud, a problem that also exists in Canada where benefits such as health care and social assistance are sometimes improperly obtained by deception. The British entitlement card would not be meant to address national security issues, such as terrorism, and those who briefed the Committee made it quite clear that it would not be a particularly useful tool in this regard.

In a meeting with the Home Office Entitlement Card Unit, the Committee was told of the response to the government’s consultation exercise. We were informed that there had been no real shift in public opinion during the consultation and that there exists general support for such a scheme. Among the supporters, most were in favour of a compulsory card. However, it was noted that while support is broad, it is not deep, and an articulate “liberal minority” is very opposed to the introduction of a card. Whether this minority would gain strength following the introduction of legislation implementing an entitlement card was the subject of some speculation.

While criticism of the government’s plans in the U.K. seems to mirror what the Committee heard from witnesses in Canada, according to the Entitlement Card Unit representatives that we met, there is greater concern about the likely security and integrity of the proposed card, rather than the possibility of data sharing between government agencies.

Of particular interest to the Committee were the preliminary cost projections. It was estimated that the per person cost for an entitlement card would be in the range of 30–35 pounds (approximately C$65–77). It was not clear whether this would allow the government to recoup the initial start-up costs, but the Committee was told that this figure is higher than the estimated cost in the government’s consultation paper. In that document, set-up costs for a central database and network of biometric recording equipment were estimated at 136 million pounds (approximately C$300 million). Operating costs would depend on the type of card chosen. The following figures, which, as mentioned, are now thought to underestimate the likely overall cost, were provided:

Type of Card10	Cost (U.K. pounds)	Cost (Canadian dollars)
Plain plastic card	1.318 billion	2.780 billion
Simple smartcard	1.640 billion	3.575 billion
Sophisticated smartcard	3.145 billion	6.850 billion

The Committee notes that the population of Great Britain is approximately double that of Canada. Thus, the price tag for a similar system in Canada would likely be less than, although not necessarily half, the British cost.

The Committee also met with representatives of the British Passport office, where biometric pilot projects are being conducted. The Committee heard that the U.K. is planning to include facial recognition technology in its passport by 2005, based on the International Civil Aviation Organization’s May 2003 standards, in an effort to comply with the American legislation regarding visa waiver countries discussed earlier.

In London, we were also told of pilot projects that are also being conducted on the use of iris scans and fingerprinting, both of which were well received by the public, according to the officials that briefed the Committee.

The Committee was informed of the problem of passport fraud in the U.K. where it is estimated that there are 9,000 fraudulent applications per year, representing approximately 0.8% of all applications. One aspect of this problem that was discussed was familiar to the Committee: the issue of insecure foundation documents. The principal document used to obtain a British passport is the birth certificate. It is a public document in Britain and anyone can apply for a copy of anyone else’s.

The Committee was also able to meet with Home Office Minister Beverly Hughes and other parliamentarians who provided further details of the consultation exercise. Differences of opinion were evident and it is clear that British legislators are not unanimous in endorsing the entitlement card.

Finally in Britain, the Committee heard from one of the non-governmental organizations that are steadfastly opposed to the proposed entitlement card, Privacy International. This group was involved in the 1987 national identity card debate in Australia, which almost brought down the government. Representatives cautioned that they see many similarities to the current U.K. situation. In Australia, there had been a huge swing — from approximately 90% in favour to 90% opposed — once identity card legislation was introduced. The Committee was told that although identity cards will always get initial popular support, once issues such as data protection and the penalties for non-compliance come to the fore, support will decrease or outright collapse.

The relationship between the individual and the state in Canada, the U.S., the U.K. and Australia was also discussed as a commonality that distinguishes our countries from those with a long-standing tradition of national identity card systems. This cultural difference became readily apparent to Committee members during our travel in continental Europe.

Other concerns expressed to the Committee in our London meetings echoed those heard in Canada. For example, if foundation documents such as birth certificates are fallible and forgeable, any high-tech identity card that is issued based on these documents will be insecure. As well, the Committee was told that to get close to 100% card security, current technology would require a high “false reject” rate. This would of course be problematic if citizens were wrongly denied access to their bank account or health care services. And to relax the “false reject” rate would mean allowing more “false accepts” and an insecure card. It was also suggested that the cost of the system would be greater than the cost of identity theft fraud, which in any event would be better addressed by providing adequate resources to the police and investigative authorities.

B.

Germany

Due to time constraints, our national identity card discussions in Germany were brief, lasting half a day. They were nonetheless very informative and provided the Committee with an opportunity to have a “hands-on” experience of biometric identification systems that are being developed using facial recognition and fingerprint technology. The potential time efficiency that could be achieved at a customs or immigration post at the border, as one example, was made clear in these demonstrations.

In Germany, the government department responsible for the German national identity card was privatized in 2000. The Bundes Druckerei produces the document that is required for all German citizens, beginning at age 16. The Committee was also told of a separate citizenship card that is voluntary and comes equipped with a microchip that permits access to local government services. The data on the card and the data produced by the card’s use are subject to Germany’s federal data protection laws. There is a national registry as well and everyone, including foreigners residing, working or studying in Germany, is required to register.

While voluntary smart card technology is being used in Germany, they have yet to begin using biometrics on their documentation. The Committee was informed that a working group is currently examining the technology and that this review was precipitated by the American legislation relating to visa waiver countries, referred to previously.

C.

Poland

The Interior Ministry of the Polish government is responsible for issuing passports and national identity cards, and also for administering the country’s population registry. Every citizen of Poland is issued a personal registration number at birth. For most Poles, this number remains constant throughout life, although a new number may be assigned in some cases, such as adoptions and sex changes. The national identity card contains personal details, passport information and the registry number. It does not include other government information, such as health or criminal records, but the Committee was told that such records will contain the individual’s registry number and could, therefore, be cross-referenced. Since 1997 Poland has had a law relating to the protection of personal information, but it was difficult for the Committee members to gauge its effectiveness.

In respect of the cultural differences regarding personal privacy that we have previously remarked upon, it was interesting to hear that Polish citizens are not particularly troubled by the government’s extensive databases. Rather — and this may be a consequence of Poland’s political history — the Committee was told that the main concern for Poles was that they be able to access the information in the government’s control.

The Committee also had an opportunity to tour card production facilities in Poland. Visits such as this — the Committee had seen similar facilities in Canada and the United States, and would see another in Spain — were enlightening. They made concrete the infrastructure and capital requirements of creating an identity card system, as well as the security aspects involved.

The Committee was very impressed with the level of technology in use and was greatly appreciative of the cooperation and assistance of our Polish hosts. We were received by numerous government officials who provided invaluable information and insight.

D.

Italy

Italy is moving towards a single smart card for all citizens. The Committee was informed that the existing national identity card is not secure and that there are an estimated 500,000 fraudulent cards in circulation. The card that is being proposed is currently being tested in a pilot project. The first phase, begun in 2001, saw 100,000 cards issued. Officials indicated that in the next phase, 1.5 to 2 million cards will be produced.

The new Italian smart card will have a microchip. The Committee was told that the use of a microchip is preferable to an optical band, as the former can store significantly more information. We were also informed that the Italian government has run into three main problems with respect to upgrading their national identity card technology.

First is the question of standards for the chips to be used. Officials briefing the Committee indicated that they were concerned about using proprietary technology as this could limit future options, in effect tying the government’s hands with respect to the capital equipment needed for start-up and with respect to future changes to the card if deemed necessary.

A second concern was the fragile nature of microchips. Could they be scratched or dented in regular day-to-day use? Could damage be prevented if the card is carried in a person’s pocket, wallet or purse? And what ongoing costs would be involved in ensuring durability or replacing cards that are damaged?

Finally, there was some debate as to what information should be put on the microchip. Should all health, employment and social services information be included or simply a biometric to confirm the identity of the person presenting the card?

In terms of cost, the Italian officials estimated that the data management system and the card production process would cost approximately 25 to 30 Euros (C$38–46) per card. This, however, would not include the price of the readers required to make use of the microchip, the cost of which could vary widely depending on the technology used and the amount of information stored on the card. The Committee was told that one cost-saving measure under consideration was to include an electronic banking capacity on the national identity card. Fees generated from the card’s use could help finance its production. It was also noted that by making the card multi-purpose, Italians would save money that they would otherwise have to spend on other cards, such as driver’s licenses.

With respect to data protection, the Committee was informed that the Italian Ministry of the Interior maintains a central database, but that other levels of government that provide services also store pertinent data. Italy’s Privacy Commissioner informed us that identity cards continue to be part of Italian culture, even though they were introduced under the fascist government of Benito Mussolini in the 1930s. As such, many privacy issues that have been raised in the common law countries with respect to national identity cards do not have the same impact in Italy. However, he informed us that the proposed use of biometric identifiers has begun to raise some eyebrows. In particular, taking fingerprints is often, as in Canada, associated with criminality. Although the current national identity card has a blank spot for a voluntary fingerprint, the Committee was told that almost no one provides an imprint. Using fingerprints as the biometric identifier could provoke a negative response in Italy.

The Commissioner also noted that fingerprints, unlike other biometrics, are left behind wherever people go. If the only purpose of the national identity card is to confirm one’s identity and it is not meant for police investigative purposes, it was suggested that an elaborate, and perhaps costly, system would have to be created to prevent misuse.

When meeting with Italian parliamentarians on the Committee of Internal Affairs, we were told that the European Union has expressed some reservations about the new smart card and that the government’s database may not meet EU privacy guidelines.

E.

Greece

In Greece, the national identity card is the responsibility of the national police. It is mandatory for all citizens 14 years and older to have their card with them at all times. The Committee was told that failure to produce a card upon demand by the police will result in the person being detained until their identity is established. The card is considered incontrovertible proof of identity in both the public and private sectors, and contains a photo, personal data, including the person’s blood type, and a unique number. This national identity card number may appear on other government-issued documents, such as the passport.

Police officials briefing the Committee suggested that counterfeiting of the Greek national identity card is rare and that the application process makes it difficult to fraudulently assume another’s identity. It was also noted that Greek society is quite homogeneous and that this might affect the level of identity fraud.

At age 14, individuals must report to their local police station to request a card and must bring their birth certificate and one witness (often a parent) who can vouch for their identity. Copies of the application are sent to three different government departments and are centrally stored. The police control the central database, but other government agencies may request access to the information from the police.

Our hosts were unfortunately unable to give us any cost estimates with respect to their national identity card system, indicating that as part of overall police functions expenditures were difficult to isolate. No cost-recovery fee is charged to applicants for a national identity card.

F.

Spain

Spain’s national identity card was introduced under the fascist regime of General Franco and was, according to one Spanish parliamentarian, primarily motivated by the desire of the state to control its citizens. The card is mandatory. Though the application process requires the applicant to provide a fingerprint, it is not embedded as a biometric identifier on the national identity card itself. However, a pilot project for a social entitlement card was underway during the Committee’s visit and Spanish officials were eager to demonstrate its capacities and security features.

The Spanish Social Security Smart Card, being tested in the Andalucía region, contains a microchip with the holder’s basic personal data, national identity number and important medical information, such as drug allergies. Using a fingerprint reader at special kiosks throughout the region, cardholders have access to a wide assortment of personal information, including their health records and employment information, as well as documentation regarding social security and other similar benefits. Healthcare professionals can also use the card to access the individual’s medical history, including prescription drug use. The Committee was provided with a demonstration of this technology at one of the government’s automated kiosks.

In terms of data security, the Committee was informed that the information on the microchip is encrypted. As well, the databases are segregated so that official access to health information, for example, does not permit access to pension or employment records. The different social service departments are only permitted access to the databases deemed necessary for their function and all access requests are recorded. Healthcare professionals require not only the patient’s card and a special card reader, but must also input their special access card and their fingerprint to see medical records. Individuals, as noted, can access their own social security and health records only through fingerprint identification.

The Committee was told that savings were expected to be realized after four years, particularly in respect of the cost of pharmaceuticals, as the card was expected to reduce fraud, and government labour costs. Start-up costs for the pilot project, involving approximately eight million cards, were estimated at 55,623,629 Euros (about C$85,200,000), broken down as follows:

Items	Euros
Cards (8 million microchips plus plastic insertion and personalization)	19,707,187
Government Hardware (including fingerprint readers, automated kiosks and support PCs)	13,402,569
Healthcare Equipment	13,222,266
Technical Support and Implementation	6,310,627
Other (including advertising and data verification)	2,981,020
TOTAL	55,623,629

We were informed that a digital national identity card with a microchip similar to the Social Security Smart Card was also in its early planning stages. The proponents we met argued that such a card could be used to make Internet transactions more secure and that it would provide a commercial competitive advantage to the people of Spain. Rather than a control mechanism for the citizenry, it was suggested that it would provide people with greater liberty to pursue their daily activities in a secure manner.

The Committee was also given a tour of the Spanish national identity card production facilities, where we noted the similarity of the equipment being used to that demonstrated in Poland. It was similar, as well, to equipment we viewed in Canada and the United States. The question was raised by some members as to whether the apparent uniformity or general availability of such printing equipment might be relevant when considering the possibility of counterfeiting identity documents.

Our visit to Madrid continued with a meeting with the President of the Parliamentary Commission on Justice and the Interior, who engaged the Committee in a frank discussion regarding the balancing of security interests and personal privacy. He emphasized that the reaction to the former dictatorship in Spain was guiding current privacy protection issues and indicated his confidence in the country’s independent data protection agency. He also made it clear that one of the prime motivating factors in enhancing identity documents was illegal immigration, an issue that appears to garner significant attention throughout the European Union. As well, we discussed the fact that not only is government control and use of data an issue, but that the collection and sale of data by private companies is another important concern.

Given the extensive data collection by the Spanish government and the potential for misuse that the Committee was repeatedly warned about by witnesses in Canada, we were anxious to see the Spanish Data Protection Branch. Housed in a fortified building on the outskirts of Madrid that resembles a maximum-security prison, the government’s databases certainly appeared secure from external physical attack. However, the Committee was disappointed by the evasiveness of data protection officials when questions were asked regarding the potential for data misuse by government departments or the state security apparatus. We were told that laws exist to protect personal data, but when probed further, officials were unresponsive.

THE COMMITTEE’S ONGOING STUDY

This interim report is intended to provide a synopsis of what we have heard thus far. With this information in hand, the Committee intends to hear from further witnesses who have expressed a desire to appear before us and we will work towards issuing a final report based on our deliberations. We also note that the Minister of Citizenship and Immigration has organized a forum in Ottawa in early October 2003, entitled “Biometrics: Implications and Applications for Citizenship and Immigration.” This conference should generate further information for our consideration and engender greater public participation in this study.

At this point, however, we have tentatively identified the following questions that will have to be answered before the Committee can provide a definitive response on this matter.

Threshold Questions:

1.	What would be the purposes of a national identity card?

•	To prevent identity theft?

•	For voting purposes?

•	To combat terrorism?

•	To facilitate international travel?

•	To replace many documents with a single card?

•	To access government services?

•	To combat illegal immigration?

•

Other?

2.	Do we need a new identity document to achieve these objectives?

•	Can existing identity documents be improved to meet these objectives instead of creating a new system?

•	Could resources be better directed elsewhere (e.g. law enforcement) to address these objectives?

If it is determined that a new national identity document may be needed, the following questions should be addressed.

Consequential Questions:

3.	Who would need a card?

•	Should a national identity card be voluntary or mandatory, or mandatory only for some?

•	If voluntary, is it a concern that widespread use may make acquisition of a card a de facto necessity?

•	Should there be a requirement to present the card at any particular time for any particular purpose? (e.g., to enter the country, when stopped by the police, to access certain government services, to access private services, etc.)

4.	What would be the likely financial costs?

•	What would be the start-up and ongoing administrative costs?

•	Who would pay? If one objective is to prevent commercial fraud, should the corporate community be responsible for part of the cost?

•	If the card’s security is compromised by forgers/counterfeiters, will the entire system have to be abandoned? Or can the card be designed to be failsafe?

5.	What are the issues relating to personal data that the card may contain?

•	What data should the card contain?

•	Who should have access to this data?

•	Is function creep a concern?

•	How could errors in the data be corrected?

•	Would there have to be extensive data on every cardholder for the card to achieve its objectives?

•	Should the card function by providing access to an online database or should it function offline by simply confirming that the person presenting the card has the same fingerprint, iris, or facial structure as appears on the card?

•	What privacy protection measures would have to be in place and how would they be monitored and enforced?

•	Are the benefits that might be achieved by having a national identity card proportional to the potential loss of privacy?

6.	What issues are there with respect to the security of the card?

•	Since foundation documents are not entirely secure, how can we ensure that those who enrol in any new identity system are who they claim to be?

•	If the card becomes the most trusted piece of identification for all official purposes, is there a greater risk that it will be counterfeited or that internal fraud will occur?

•	What would be the impact on an individual whose card is lost or whose identity is fraudulently used by another to obtain a card?

•	Given the technological sophistication of many criminal organizations, is it reasonable to believe that a card can be secure enough to achieve its objective?

7.	Other questions to address:

•	Which level(s) of government should be responsible?

•	Will a national ID card eliminate discrimination and racial profiling? Or, as some have suggested, will a national ID card foster new forms of discrimination as minorities become subject to endless status and identity checks by police, banks and merchants?

•	What would be the impact of “false rejects” and how would that concern be addressed?

CONCLUSION

The Committee wishes to emphasize that we have not, as a whole, made any final determinations. This report is intended to summarize what we have heard thus far and we reiterate that we are continuing our study. It is clear that this is a very significant policy issue that could have wide implications for privacy, security and fiscal accountability. Indeed, it has been suggested that it could affect fundamental values underlying Canadian society. A broad public review is therefore essential. The general public must be made more aware of all aspects of the issue, and we must hear what ordinary citizens have to say about the timeliness of a national identity card. We hope that this document will stimulate further thought and we encourage Canadians to continue to forward their views to the Committee.