Title: SUMMARY

Summary

The history of the need to identify persons provides an interesting view of the trends in various social and nation-state developments in Europe. Means of identification have always been necessary to run large organisations, such as churches, but also the early forms of nation states. The need to validate the authenticity of persons arose from the primary need for states to protect themselves against criminals or to regulate the movement of colonists. Churches wanted for tax reasons to know the number and names of persons who were baptised and married and later also of those who were confirmed and buried. An additional advantage for the church was that the sacraments due to be registered were considered necessary for a person to be later resurrected from the dead. Later it became important for states to identify individuals for tax reasons but also to recruit soldiers and to calculate the amount of money needed for the poor. A further important reason was the need to identify persons travelling from one country to another. This is why a passport was introduced long ago. A passport facilitated the free movement of persons. In fact it was a document to enable people to pass through an area.  

These various developments in and purposes for identification are reflected in the present patchwork of ways in which citizen verification takes place. After all, citizens today use a large variety of ID documents such as passports, national ID-cards, e-health cards, social insurance cards, credit cards, driving licenses, customer loyalty cards, etc. From a global point of view it seems increasingly reasonable to want to harmonise these verification registers and the means the citizen uses for this purpose. The technical means to facilitate this such as smart chips and RFID are becoming ever more available. Correspondingly the illegal use of this manner of identification leads to an increasing opportunity for fraud. Central storage is often thought to be a solution.  

Considering the needs of eGovernment as a starting point, the legal contribution to this deliverable discusses the roles so-called entities can have in a particular sector. Entities can  be attributed a global, sector-specific or context specific identifier. In e-government an attempt is made to optimise service delivery by channelling internal and external relationships through technology. Interoperability and the usage of common ID numbers for all relevant entities then make the usage of ID numbers tantamount for e-government. Bearing  this in mind the question is whether they are supported by a sound legal framework, whether the usage of global identifiers is enough to guarantee the rights of the individual as defined in the European Data Protection Directive or should technical unlinkability also be a requirement of  e-government architecture. The contribution makes clear that ID numbers are personal data and therefore the processing of these numbers should be carried out subject to the Data Directive. This means that attention should be given to the legitimacy of the processing, the data quality and aspects of confidentiality and security. It may be said to be unfortunate that the Directive leaves the standards for safeguards that Member states put in place, up to the Member states. With the present state of knowledge it might have been expected that due to the value the Directive puts on the sound protection of the ID number, that technical unlinkability would have been prescribed. After all, the Directive does point out that appropriate technical and organisational security measures must be taken. These should take account of the state of the art, the cost of their implementation and the risks represented by processing and the nature of the data. Unfortunately the present legal framework therefore soon becomes inadequate in preventing the technical linkability of potentially privacy harmful data about citizens on the basis of ID numbers. Once the necessary infrastructure is in place,  including global ID numbers, data exchange will take place anyway either legitimately or illegitimately, based on an ad hoc argument or on political choices. Therefore, there is a strong argument for context or sector specific identifiers.

ID numbers arouse strong emotions which cannot be solely comprehended from a legalistic suspicion of being potentially harmful to the individual’s privacy. Therefore a sociological analysis of the function of ID numbers is introduced. In this deliverable the sociological approach is looked at from two angles: social systems theory and a theory on the role of bureaucracy in national states.  

The social systems theory views society from a general perspective, allowing the analysis of the function of ID numbers in private and public organisations. By thoroughly analysing the function of names, identifiers and addresses it can be ascertained that ID numbers fulfill all three functions of a name, an identifier or an address. First, they can be used as names for a data set or a number of data sets in a database. Secondly, they can be used as identifiers if they link a person uniquely in an administrative context. Thirdly, they can also be used as addresses. In the communicational organisational context, social systems theory learns that addresses are always administered (generated, assigned and deleted or deactivated) by organisations. Organisations also are also careful to resolve potential address collisions by keeping addresses unique in the particular scope of the operation. The state ensures addressability for governmental, private-sector or interactional (citizen to citizen) operations. Addressability today covers persons, families, organisations and objects in the context of communication techniques. Addressability is not possible without organisations. These organisations need the unique identifiability to run their operations smoothly and efficiently. This in turn may lead to information asymmetry because, as shown in the legal analysis, it reduces the autonomy of individuals by the usage of linkability measures. In other words, a shift of power may occur in favour of the organisation. In the context of states in many cases it is difficult to decide whether citizens overall benefit from this development or not, the reason being that citizens typically take on two roles with respect to the state. On the one hand they are members and thus benefit from a strong state that is able to protect them and, on the other hand they are clients of the state who suffer from reduced autonomy.  

The second sociological angle is based on the Weberian theory of bureaucracy. Against the background of the rationalisation processes going on in all areas of society, the function of ID numbers is described as having the purpose of providing the members of a state with a feeling of unity and cohesion within the perspective of increased globalisation. Political rationalisation resulted in the formalisation of the state. One of the unique properties of a state is a trained corps of civil servants specially trained in and restricted to regulations. This corps of civil servants has as its main task, the identification of the members of the state to enable the state to carry out its primary tasks. According to Weber these bureaucracies are the ultimate example of the rationalisation process because they aim at efficiency, predictability, quantifiability, control by substituting human judgement by non-human technology and irrationality by rationality. To carry out its tasks the bureaucratic government accordingly issued identity cards and codes. These identification means provided access to a whole series of files and data sets. ID numbers therefore became the symbols of this bureaucratic culture. Seemingly meaningless numbers acquire meaning in this bureaucratic context because the developing nation-states desired to attach meaning to this symbol. Sociologically speaking it is argued, this was an unfortunate choice because, as Weber already pointed out, this was the irrationality of rationality. The intention of creating a notion of unity and solidarity was not attained because citizens felt that the ID number identification led to depersonalisation. It could be argued that the mismanaged effort to create unity in states by the introduction of the ID-number actually led to a sense of loss of privacy without contributing to the sense of unity. 

Taking the risks and opportunities of ID-numbers in the modern technological age, we investigate the contrast between requirements techniques such as profiling pose vis-à-vis the protection of the individual’s privacy privileges. Profiling provides a new kind of knowledge used for decision-making based on Knowledge Discovery in Databases (KDD). KDD requires per definition as much information as possible about the individual, whereas traditional privacy rights focus on data minimisation. There is no easy solution for this conflict. Research is being done concerning this problem in another workpackage (D.7.9). By introducing the concepts of contextual integrity and reciprocal transparency in combination with multiple identifiers, it looks like that both the needs of KDD techniques as well as the concept of privacy can be achieved. This does need a fine-tuned combination of transparency and opacity tools to be built into the new technogical infrastructure of an Ambient Intelligence society.

One approach is to ask citizens to be more transparent by introducing sector-wide and unique ID numbers, while at the same time attempts are made to make the state and its actions more transparent. Examples are, in the Netherlands, the introduction of the National Trust Function to log the use of the national ID number and, the introduction of Freedom of Information Acts in Germany, allowing citizens to access their own data files maintained by the state. Unfortunately, these attempts fall short in certain cases. In addition to limitations for citizens to access secret data, which is very understandable because these could be covered by trust based models, the use of profiling creates additional limitations for transparency. Certain types of profiles are not linked to the data they were derived from, they are no longer personal data and, may be used to the disadvantage of the citizen in a non-transparent way. Due to the complexity of the underlying profiling processes, regulatory attempts to increase transparency fall short and, Transparency Enhancing Technologies (TETs) to fill this gap are limited in effectiveness or do not even exist yet. Another problematic aspect of transparency is that from a social perspective people think, communicate and act in communicational terms. Data freely used in one context cannot necessarily be used in another. Keeping data in its appropriate context is also called the concept of contextual integrity. Informational self-determination can be understood as an important attempt to put contextual integrity in legal norms, though certainly from a social perspective an inappropriate one in certain cases. These aspects are further elaborated in the FIDIS deliverable D7.9.  

Yet another approach is the introduction of additional functions and tools that make the individual less recognisable or opaque. In this context different methods have been developed and implemented to restrict and control linkability facilitated by ID numbers.  This is elaborated on in the second part containing the country reports.

In light of the above-mentioned factors four different basic concepts on how to deal with ID numbers have been developed in national political strategies and existing infrastructures. They are: 

1. Introduction of sector-wide ID numbers with a large area of use inside and outside the public sector mainly based on mutual transparency (example: The Netherlands) 

2. Introduction of sector-wide ID numbers with regulations on how they may be used (examples: Switzerland, Czech Republic and Slovakia) 

3. Introduction of sector specific ID numbers and organisational enforcement of borders of sectors (examples: Hungary, France, Germany) 

4. Introduction of sector specific ID numbers and organisational as well as technical enforcement of borders of sectors (example: Austria) 

References

GUTWIRTH DE HERT 2005 

S. Gutwirth, P. de Hert. Privacy and Data Protection in a Democratic Constitutional State. Profiling: Implications for Democracy and Rule of Law. FIDIS Deliverable 7.4, M. Hildebrandt and S. Gutwirth. Brussels