1 minute read

It was [announced a few minutes ago](https://www.timescolonist.com/residents+secure+CareCards+must+renew+every+five+years/4812099/story.html) that British Columbia hopes to roll out new Care cards (health cards). The government press release states the new card has anti-forgery features, identity proofing, a security chip and will require a recent photograph, updated every 5 years, to be eligible for publicly paid health care services. Time to put my critical thinking hat on; - anti-forgery and identity proofing sound good, but I see no evidence this actually exists other than in the press release. - it was announced by my friend Andrea at [CanSecWest](https://www.cansecwest.com) in Vancouver back in March that [chip and pin technology is not only broken](https://dev.inversepath.com/download/emv/emv_2011.pdf), magnetic stripe skimmers are at least surface visible. So what exactly are these new security features that are worth deploying province wide at this time? A few questions I have of the government proposing this new change: - What is the current fraud cost, vs the cost to deploy this new system as well as what are the operational costs moving forward? - What security research has been done on the new proposed technology that is not already broken? I’m not aware of any information security research organization standing behind this proposed technology. - Are you concerned this new process may only increase the risk of less short-term health services to marginalized people who don’t, or can’t renew, increasing our long-term health care costs as a result? If the technology is proven secure and cost effective, we will stand behind it, but from here it sounds like snake oil. **UPDATE:** In only a few hours, the estimated costs have increased from $10M to $125-150M! As there is no liability for that number to be accurate, see quotes pre and post Olympics for example, it’s not hard to forsee this project leap to the $1B mark, especially when you consider operational costs to maintain this system.