Mr. Liam Herrick:

I am Liam Herrick and I am the executive director of the Irish Council for Civil Liberties, ICCL. I will make the opening submission on behalf of the ICCL. My colleague, Dr. O'Rouke, and I will answer any questions that members of the committee may have subsequently.

We thank the chairman and members of the committee for inviting us to make a presentation on what we believe is a very important matter of public interest. The Irish Council for Civil Liberties is concerned about the public services card system as it has been extended and we wish to put before members our concerns. We sent a written submission to the committee secretariat.

We are approaching this issue primarily from the perspective of the right to privacy as is provided under the Irish Constitution, under the European Convention on Human Rights and under international law. This right under international human rights laws is not absolute. States may interfere with personal privacy in certain circumstances in the public interest, but certain standards have to be met. First, any such interference by the State should be based in law, which should be clear and accessible. Any interference should be necessary to achieve a legitimate aim, and it should be proportionate to the aim that is being pursued. Both with regard to the legal basis for the public services card and whether it is necessary or proportionate, there are reasons to believe that it does not meet those tests. We have identified a number of risks from the security perspective that are presented by the type and form the scheme has taken.

In our submission we provide some background information as to what is the public services card, PSC, system. The Department of Employment Affairs and Social Protection provided an information guide in October last year which contains some very useful information about the details of the scheme, but I will not rehearse them. It would, of course, have been much more desirable if this information had been put in the public domain before the introduction of the scheme or before the Government presented its eGovernment strategy. It is notable that this information was only made public around the same time the Data Protection Commissioner announced an investigation into the legal basis of the scheme.

The scheme, we believe, is now compulsory in all key characteristics because it is deemed to be essential or necessary to access fundamental State services. During the course of 2018, as it is extended as the only acceptable form of authentication of identity for a driver's licence and a passport in addition to existing provisions for social protection payments, we will see something that is mandatory and compulsory in all essential characteristics as is ordinarily understood by the people. That presents a particularly intense interference with privacy rights.

It is clear that the public services card has been declared now as the only acceptable form of verification for the following services: child benefit, social welfare payments, school transport, treatment benefits, driver licence applications, age verification, school grant appeals, health and revenue portals, student grants from later this year, and we understand farm grants through the agfood.ierange of services. We believe that by extending the range of public services for which this is the only acceptable form of identity, this is a fundamental change in the nature and quality of the scheme. It is materially different from the scheme as introduced in 2005. We believe that represents a significant public policy change and in line with the provisions of the Irish Constitution, significant changes in public policy should be provided for in primary legislation and should be debated by the Houses of the Oireachtas. That has not happened in this case. That goes to the heart of what we mean by saying there is no legal basis for this scheme.

The Government's information guide cites a number of legal provisions, particularly relating to the Social Welfare Consolidation Act 2005. We have a number of qualified lawyers working in our organisation and we have struggled to identify a clear picture of where the social welfare Acts currently stand. There is no available consolidated Act, which is probably a matter of greater public concern than just in relation to this specific issue, given the central importance of the social welfare code to a significant proportion of our population.

It is very difficult to get a clear and transparent picture of what the social welfare code currently provides in this regard. I will give some examples. There are three key provisions in the Social Welfare Act which the Government relies on in stating that it is a legal basis for the public services card. Sections 241 and 242 of the Social Welfare Consolidation Act 2005 has been amended 31 times in the intervening period as far as we can assess. Section 247 of the Act has been amended 35 times and section 263 has been amended eight times. It is almost impossible for a member of the public to be able to see clearly what the law states on this issue. This is why, in October 2017, the Data Protection Commissioner announced a formal investigation into the lawfulness of the public services card and highlighted issues that are not yet resolved, including biometric data processing and governance and data issues associated with the interplay between the public services card, the public service identity set,mygov.ie, single customer views and infosys, which are all the different technical components of the system.

As we reach a key phase in the extension of the scheme, particularly with the extension to the driver licence system in March of this year, as scheduled by the Government, and the passport system in the fourth quarter of this year, also as provided under the eGovernment strategy, the fact that there is an investigation ongoing by the Data Protection Commissioner into the legal basis of the scheme surely gives rise for pause for review. Pending the conclusion of that investigation, the findings of the commissioner and what advice, if any, the commissioner, has to offer to the Government on this issue, we do not believe it should continue to be extended while these concerns are outstanding.

In regard to the balance of whether it is necessary or proportionate as regards a restriction on privacy rights, a balancing assessment should take place which must consider whether there are less intrusive means by which the State could achieve the stated public policy aims, whether sufficient safeguards are in place to prevent abuse or risk of security breach or whether the State's actions are justified in light of the intensity of the interference with privacy. We are not convinced that this scheme is necessary to achieve the stated aims, which are cost savings. The Comptroller and Auditor General in his assessment of the scheme found there was no business case undertaken or presented before the scheme was initiated and he raised certain concerns about the overall cost of the project. There are clearly open questions on savings at present.

With regard to security, the Government has repeatedly referred to the fact that this is a safe level two standard of identity authentication as opposed to the previous safe level one standard. Our understanding is that the distinction between safe level one and level two is an internal government assessment. It is not an independent, international standard of authentication, rather it is one that has been developed internally. It refers, it would seem, to the inclusion of biometric facial scans in this particular scheme. We are not convinced that this type of technology is a necessary form of security authentication for the range of services for which it is being currently used. We see no difficulty with the existing passport or driver licence system in terms of proving their identity.

In terms of risks and potential abuse, it is now a norm in other European countries that where national identification systems of this type are introduced, a bespoke and specific oversight system is put in place to monitor it. We obviously have a very sophisticated and well resourced Data Protection Commissioner office, which has competence in this area, but it would be the norm to have a specialist body in addition to that office and we think that is something that should be considered.

In terms of the types of risks we are seeing, we make reference in our submission, for example, to the case of India where an extensive biometric national identity card system, not entirely dissimilar from ours, was introduced. Some of its characteristics were certainly different and the political context, as members of the committee will appreciate, is quite different. However, despite a significant investment of resources in rolling out that system, security breaches by external agents, hackers and so on were found, the system was accessed and full administrative access is now being sold on the open market - we have been told and has been reported in the international press - at a cost of €7 per person.

We do not want to be alarmist about this but members will be aware that already within existing public sector databases in Ireland, there have been significant and worrying data breaches in recent years with regard to the PeoplePoint system and the EirGrid system. Members will also be aware that in terms of human involvement in violations of privacy, the Department of Employment Affairs and Social Protection has had difficulties in the past, which have, in some cases, led to criminal prosecutions. These risks are great but when we have an extensive system of this type, where we have sharing of data across a huge number of agencies, the nature of that risk is very much magnified. Also, from an international perspective, complex extensive systems of this type are more of a target for hackers because of the potential access to information once somebody gets into the system.

We also believe an important political point is being made here. As the scheme is currently extended, it disproportionately affects those members of our population who are dependent on social protection payments, pensions and so on. Perhaps that will change as it extends to drivers' licences and passports over the next year but at present, vulnerable sections of the population are particularly in line here if they raise questions about this system. We know of instances where ordinary members of the public, who are dependent on social protection payments or pensions, have asked the Government to clarify what the legal basis for the system is before they were happy to progress and we know of cases where people have been cut off from pension payments by simply asking questions.

We see our role here as simply asking questions and we believe the Government has not answered all of them yet. There should have been an open democratic discussion about a public policy initiative of this significance to ordinary citizens in terms of privacy rights before it was initiated. It is deeply regrettable that has not been how the Government has chosen to proceed on an initiative of this significance. There is currently an inquiry by the Data Protection Commissioner into the fundamental questions about the legal basis for the scheme. In such a context, we certainly urge the committee to call on the Government to at least suspend the extension of the scheme and await that review before it extends the scheme to drivers' licences, passports and the other services that are scheduled for 2018.