It wasÂ announced a few minutes ago that British Columbia hopes to roll out new Care cards (health cards). The government press release states the new card hasÂ anti-forgery features, identity proofing, a security chip and will require a recent photograph, updated every 5 years, to be eligible for publicly paid health care services.
Time to put my critical thinking hat on;
- anti-forgery and identity proofing sound good, but I see no evidence this actually exists other than in the press release.
- it was announced by my friend Andrea at CanSecWest in Vancouver back in March thatÂ chip and pin technology is not only broken, magnetic stripe skimmers are at least surface visible. So what exactly are these new security features that are worth deploying province wide at this time?
A few questions I have of the government proposing this new change:
- What is the current fraud cost, vs the cost to deploy this new system as well as what are the operational costs moving forward?
- What security research has been done on the new proposed technology that is not already broken? I’m not aware of any information security research organization standing behind this proposed technology.
- Are you concerned this new process may only increase the risk of less short-term health services toÂ marginalizedÂ people who don’t, or can’t renew, increasing our long-term health care costs as a result?
If the technology is proven secure and cost effective, we will stand behind it, but from here it sounds like snake oil.
UPDATE: In only a few hours, the estimated costs have increased from $10M to $125-150M! As there is no liability for that number to be accurate, see quotes pre and post Olympics for example, it’s not hard to forsee this project leap to the $1B mark, especially when you consider operational costs to maintain this system.