LEGISLATIVE COUNCIL BRIEF

Hong Kong Special Administrative Region

Identity Card

INTRODUCTION

        At the meeting of the Executive Council on 17 October 2000, the Council ADVISED and the Chief Executive ORDERED that subject to the provision of the necessary funds by the Finance Committee of the Legislative Council and the necessary legislative amendments, the following policy proposals should be implemented -

(a)     a new identity card (ID card) and a new supporting computer system should be introduced in early-2003;

(b)     the new ID card should take the form of a smart card and have the capacity to support multiple applications;

(c)     the incremental implementation of the multi-application smart ID card scheme, as set out in paragraphs 10 - 22 below, should be endorsed in principle and announced for public consultation; and

(d)     after the new ID card system is up and running, a region-wide ID card replacement exercise should be conducted for residents in Hong Kong by phases, in accordance with specified age groups, with a view to completing it within four years. 

BACKGROUND AND ARGUMENT

General Background

2.                The existing form of ID card was introduced in 1987 and the supporting computer system, i.e. the Registration of Persons (ROP) system, was installed in 1982.  With the passage of time, the design of both the ID card as well as the ROP system have become aged and outdated.  The use of counterfeit or unlawfully obtained ID cards has been detected from time to time.  This calls for a detailed study to assess the opportunities in using new technologies to enhance the security of the ID card and the backend computer system.

3.                In May 1999, Immigration Department (ImmD) commissioned a consultancy study to review its information systems strategy.  In the course of the review, the consulting company alerted ImmD that the ROP system would reach the end of its life expectancy by 2002 and must be replaced.

4.                On the recommendation of the consulting company, ImmD commissioned a separate feasibility study in November 1999 to examine and recommend options for the introduction of a new ID card and a new ROP system.  The study was completed in June 2000.  The consultants’ recommendations are summarized at Annex A.

A Smart ID Card for Immigration Functions

5.                We have carefully studied the Feasibility Study Report and concluded that a smart card with multi-application capacity should be adopted for the new ID card.  A smart ID card is preferable to a non-smart ID card because the former can employ more sophisticated cryptographic techniques to protect the data and ensure that it cannot be fraudulently altered.  In addition, a smart ID card will enable immigration officers to update the conditions of stay of temporary residents upon granting of extension of stay to them or their re-entry to Hong Kong.  In anti-illegal immigration operations, law enforcement officers in the field can use a special reader to confirm instantly if a person’s permission to stay is valid without holding him up for further checks.  A non-smart ID card cannot achieve these purposes.

6.                A smart card will enable storage of the template of the card holder’s thumbprints which will serve as a very effective deterrent against counterfeits.  Furthermore, it will provide the infrastructure for ImmD to introduce the automated passenger clearance system, by installing “auto-gates” or unmanned immigration clearance counters.  This is in keeping with ImmD’s long-term business strategy as more immigration channels can be opened for the travelling public without addition of manpower.  Whilst a separate feasibility study on the automated passenger clearance system has yet to be conducted, some countries in the region (e.g. Singapore and Malaysia) are already using the biometric (thumbprint) identification technology in the clearance of passengers.

Need for a Smart ID Card with Multi-application Capacity

7.                Whereas storage of biometric data alone will suffice for ImmD’s core businesses, there is a strong case to adopt a smart ID card with multi-application capacity (at a reasonable additional cost to the ID card renewal exercise) for other potential Government applications to ride on.  The ID card replacement exercise presents us with a unique opportunity to capitalize on the development of smart card technology for providing more efficient, better quality and value‑added services to the community.  The public will also have the convenience of using one card for various functions.

8.                Some countries in the world, e.g. Finland, Malaysia, etc. have started to issue multi‑application Government smart cards.  Hong Kong should not lag behind if we are to stay in the forefront of world information technology development.  The implementation of a multi‑application smart ID card scheme will be a significant step forward in enhancing our overall information infrastructure and achieving our objective under the “Digital 21” Information Technology Strategy to develop Hong Kong into a leading digital city in the globally connected world.  As we do not consider it justified at this stage to issue a separate Government smart card to serve the multi‑application purpose, a smart ID card with multi‑application capacity for all citizens can be regarded as a common information infrastructure which allows various types of value-added applications to ride on readily.

9.                A Steering Committee on Multi-application smart ID Card was established in July 2000 under the Chairmanship of the Secretary for Information Technology and Broadcasting.  In examining various potential applications, the Steering Committee considered what convenience and benefits they could bring to the public; whether existing services could be provided in a more cost-effective manner; whether new value-added services could be introduced; and also the level of community acceptance of these applications and their technical feasibility.  The Steering Committee was mindful that the implementation of multiple applications should not adversely affect the rollout, lifespan and security of the ID card.  It also noted the importance to maintain flexibility to cater for the fast development in smart card technology and future requirement.

10.              Having explored with individual bureaux and departments on the potential applications, the Steering Committee recommends that, subject to feasibility studies to be conducted, three categories of applications may initially be included or have capacity reserved in the smart ID card, i.e. –

          (a)     electronic authentication (covering initially driving licence, change of address, library card);

          (b)     digital certificate; and

          (c)      enhancement of financial infrastructure.

         (a) Electronic Authentication

11.              A smart ID card can provide electronic authentication functions which allow Government services requiring authentication to be provided in an electronic and more efficient and secure manner.  These functions essentially involve using the ID card number or the biometrics stored in the smart ID card as the means of authentication for accessing Government services.  This is a natural extension in the use of the smart ID card.  In most cases, there may not be a need to store any data on the smart ID card to support such functions.  The data concerned can be stored in the backend systems of the departments concerned as at present.

12.              Three specific applications have been identified which, subject to feasibility studies to be conducted, may be introduced as early applications under the smart ID card scheme.

(i) Driving licence

13.              First, the smart ID card can be used as driving licence since the use of driving licence is often accompanied with the need for identification.  About 1.35 million people are now holding valid driving licences.  Using the ID card as driving licence will provide greater convenience to drivers and will obviate the need to carry a separate driving licence.

14.              The Transport Department will conduct a feasibility study to examine the use of the smart ID card as driving licence and to resolve any ensuing practical issues which may arise.  Subject to the study and public views, we can come to a firm view as to whether the smart ID card should be used as driving licence and be introduced as an early application under the smart ID card scheme.  In order for this application to be effectively and efficiently implemented, it may have to be introduced on the basis that no separate driving licence will generally be issued.

(ii) Change of address

15.              Secondly, we can allow the public to change their address record kept at different departments conveniently and in a secure manner through information kiosks installed in popular public locations, using biometrics stored in the smart ID card for authentication purpose.  This will substantially increase the incentives for the public to report address changes and facilitate the operation of many departments, e.g. Inland Revenue Department, Registration and Electoral Office, Transport Department, etc.  This will be a voluntary service and the public can specify the departments which they wish to notify.  The Information Technology Services Department will conduct a feasibility study on the proposal and the provision of the corresponding kiosk facilities.  Subject to the study and public views, we can come to a firm view as to whether change of address should be introduced as an early application under the smart ID card scheme.

(iii) Library card

16.              Thirdly, the smart ID card could also be used as library card.  This will obviate the need to issue or carry a separate library card.  Currently, some 3.4 million plastic library cards have been issued, with an estimated additional issue of 300,000 cards per annum.

17.              However, a plastic card system may need to be maintained in parallel with the proposed smart card system for non‑ID card holders who are eligible for library facilities (e.g. children under 11 or visitors).  As a plastic card system may still be necessary, the application can be introduced on a voluntary basis and individuals can have the choice of either using the ID card for library purposes or applying for a separate plastic library card.

18.              The Leisure & Cultural Services Department will conduct a feasibility study to examine the use of the smart ID card as library card and to resolve any ensuing practical issues which may arise.  Subject to the study and public views, we can come to a firm view as to whether the smart ID card should be used as library card and be introduced as an early application under the smart ID card scheme.

(iv) Other customer-oriented services under the electronic authentication category

19.              The electronic authentication function of the smart ID card has the potential to support a large number of customer-oriented Government applications that require authentication.  More complicated applications like electronic voting, access to health record to facilitate medical decision in emergency situation, etc. can be explored and studied at a later stage. 

(b) Digital Certificate

20.              The smart ID card can be used as a vehicle to drive the wider adoption of e-commerce in the community if it provides the capacity to store digital certificates.  With the use of digital certificate (electronic identity card issued by certification authority), we can carry out electronic transactions in a secure manner and can address the common concerns of authentication, integrity, confidentiality and non-repudiation in e-commerce.  The storing of digital certificates in smart ID cards will make it convenient and provide incentive for the public to acquire and make wider use of the digital certificates.  This would facilitate the community to acquire online Government services and other commercial e-commerce services which require user authentication.  It would substantially help drive e-commerce development in Hong Kong.

21.              Accordingly, the Steering Committee proposes to reserve the capacity to install digital certificates in the smart ID card.

(c) Enhancement of financial infrastructure

22.              The adoption of a smart ID card with multi-application capacity also presents us with a unique opportunity to enhance our financial infrastructure.  By reserving capacity in the smart ID card, we can explore the use of the ID card for various financial applications which would promote efficiency in financial transactions and demonstrate that Hong Kong keeps at the leading edge of related technology and innovation.  One possible application is the use of the ID card for issuing e-money and for electronic payment by installing an e-purse in the card.  While there is no imminent case for Government to issue e-money at the present stage, the Steering Committee proposes to enhance our financial infrastructure by reserving appropriate capacity in the smart ID card so that we can cater for suitable financial applications if they are required on monetary policy grounds in future or are judged to serve the public interest by significantly increasing the efficiency and convenience of financial transactions.

23.              We will consult the public on the proposed multi-application smart ID card scheme.  We will also consult the relevant Legislative Council Panels before taking a firm view on whether and how individual applications are to be incorporated onto the new smart ID card.

ID Card Replacement Exercise

24.              The latest ROP records were collected more than ten years ago, starting from the 1987 replacement exercise.  Many of the records (e.g. the photograph, residential address, telephone number, etc.) are outdated.  It is timely to update the existing registration records through a replacement exercise.  However, before the launching of a new ID card, the Registration of Persons Ordinance will need to be amended as appropriate to provide for the mandatory replacement of ID cards in accordance with a specified call-up programme and the invalidation of the old form of ID cards.

25.              With the launching of the ID card replacement exercise, ImmD will be able to obtain the up-to-date information including addresses of all ID card holders.  The relevant information can be passed to the Registration and Electoral Office.  Subject to resolving related technical and legal issues, this would allow the implementation of automatic voter registration along with the ID card replacement exercise.

26.              We will adopt a two-phase approach in implementing the new ID card.  The first phase begins in early 2003 when the new ID card system will be put on live trial.  Members of the public who apply for registration (e.g. new arrivals, minors reaching the age of 11, juveniles reaching the age of 18, etc.) will be issued with the new form of ID card.  After the system has been fully tested on the ground, phase II will begin in around mid-2003 when all Hong Kong residents will be invited to come forward by phases to have their existing ID cards replaced. 

27.              Based on the Hong Kong Population Projections 1997-2006 published by the Census and Statistics Department and ImmD’s statistics on the number of ID cards issued, it is estimated that the number of ID cards to be replaced in 2003 will be around 6.8 million. 

28.              Having regard to the experiences gained in the last two ID card replacement exercises and the population distribution in various districts of Hong Kong, we propose that New Identity Card Issuing Offices (NICIOs) should be set up in convenient locations to deal exclusively with the region-wide ID card replacement exercise.  The existing network of Registration of Persons Offices will continue to carry out the normal day-to-day registration work.

Card design and layout

29.              ImmD has commissioned an experienced consulting company to design the layout and card face of the new ID cards.  The company has prepared six card design proposals (Annex B).  Other than the regional emblem and bauhinia, the designs have deliberately refrained from using any other specific logos or buildings as it is difficult to explain which one of them should stand out more as the symbol of Hong Kong.  A combination of the latest security features has been incorporated in each of the designs to provide maximum protection against alteration and forgery.  They include guilloche design and rainbow printing, microline and microtext, optically changing colours, softened photo background, ultra-violet colours and laser-engraving features (i.e. the “Multiple Laser Image”) which are known to be very effective against copying and counterfeiting. 

Data Privacy Issues

30.              As the use of a smart ID card with multi-application capacity may be seen by some people as affecting privacy, ImmD has been maintaining a dialogue with the Privacy Commissioner for Personal Data to see how such issues can be properly addressed.  We are aware that, with increasing automation and less face-to-face contact for service application and delivery, the concentration of data in a single card may cause concern on identity theft using lost or stolen ID cards.  Some have reservation on the use of a multi-application smart ID card because of the risk of “function creep” where data may be used for purposes beyond those for which the data were originally collected.  They therefore opine that if in the overall Government consideration the new ID card will serve multiple purposes, the card holders should have a discretionary choice on the applications on offer. 

31.              In view of the significance of these issues, ImmD has engaged a consulting company to conduct the initial Privacy Impact Assessment with a view to incorporating adequate privacy safeguards into the system.

FINANCIAL AND STAFFING IMPLICATIONS

32.              The Director of Immigration (D of Imm) estimates that if a multi-application ID card is used, introduction of the new ID card system and the subsequent launch of the four-year region-wide ID card replacement exercise will entail a total non-recurrent expenditure of $1.66 billion (including the provision for employing 564 temporary staff) and the creation of 364 time-limited posts at a total staff cost of $943 million.  ImmD will explore the scope for employing more temporary staff in place of in-house staff for the ID card replacement exercise.  In addition, the new ID card system will entail an annual recurrent expenditure of $96 million from 2003-04 onwards and 19 additional posts at an annual staff cost of $12 million for maintenance and on-going support.  Based on the above estimates, the total cost of the project over the seven-year period from 2001 to 2007 will amount to $3.06 billion.  This has not included the costs of development and implementation of other non-immigration value-added applications which will be dealt with separately.  D of Imm has secured the necessary resources for implementation of the project.  We will ensure that the resources sought are absolutely necessary and essential before the funding submission is made to the Finance Committee.

33.              The cost of the project will be partly offset by a saving of $330 million in the corresponding period, arising from savings in accommodation and maintenance of the microfilm records, reduction in consumables, and avoidance of additional investment in staff and equipment to keep the existing system running.  In addition, the new ID card is an enabler of the automated passenger clearance system which, if fully implemented, will bring about substantial savings in staff cost.

34.              It should be noted that there is an interface between the new ID card’s computer issuing system and other computer systems in ImmD.  The implementation of the new ID card project works on the premise that the infrastructure of ImmD’s computer systems will be upgraded, as recommended in the information systems strategy mentioned in paragraph 3.  Estimates of the cost for upgrading the infrastructure will only be available after completion of the feasibility study scheduled for early 2001.  Funds for this project will be pursued separately in the normal manner.

PUBLIC CONSULTATION

35.              The Legislative Council Panel on Security has been briefed of the subject in March and June this year. 

36.              At the first meeting, some Members commented that in view of the rapid advance of technology, the Government should be more forward-looking in introducing a state-of-the-art ID card and ensuring that the new supporting computer system could command a longer life expectancy.  However, a few other Members queried the need for introducing a new ID card which would have the capability to store a lot of personal data by using the smart card and biometrics identification technology.  They said that the right of individuals to preserve the privacy of their personal data might be infringed if personal data not required for ROP purpose were stored in the ID card, and the problem would be aggravated if the data were used by other government departments and law enforcement agencies for their own purposes.  They asked the Government to formulate a policy on the scope of use of the new ID card and to consult the Panel before deciding whether and how to proceed with the new ID card project.  We assured Members that we would take every necessary measure to ensure that the right of individuals to preserve the privacy of their personal data is protected in accordance with law.

37.              At the second meeting, Members were informed of the key findings of the feasibility study.  They were also briefed of the data protection measures in Annex C.  Members opined that we should rule out the use of a non-smart card, but views were divided between whether the card should be restricted to ImmD’s core businesses or open to multiple Government applications.  Those who favoured the latter advocated strongly from the angle of convenience and technological advancement.  Those who had reservations questioned whether the introduction of a multi-purpose ID card would lead to massive collection of personal data that would facilitate the surveillance of individual citizens.  On the other hand, some questioned whether the pursuit of multiple applications would delay the launching of a new ID card.  We clarified that if a decision is taken to pursue other applications outside the core businesses of ImmD, we would adopt a common platform approach and issue a smart ID card with multi-application capacity first.  Whether and how other applications would be incorporated onto a new ID card should be subject to separate feasibility studies and consultation with relevant Legislative Council Panel as appropriate.

PUBLICITY

38.              Apart from giving a briefing to the relevant Legislative Council Panels, we will brief the Chairmen of all the District Councils and the 18 District Councils to explain the features of the new ID card.  Separately, we would also provide briefings for the IT industry, the media and would continue to maintain close liaison with the Privacy Commissioner for Personal Data.

39.              The ImmD will also stage five rounds of exhibition in shopping malls frequently visited by Hong Kong residents where videos will be shown, posters will be displayed and information leaflets on the new ID card will be distributed.  We aim to complete this campaign by the end of November 2000.

40.              A press release will be issued and a spokesman will also be made available to answer enquiries.

IMPLEMENTATION TIME-TABLE

41.              The proposed time-table for implementing the new ID card project is summarised at Annex D.

SUBJECT OFFICER AND TELEPHONE NUMBER

42.          For enquiries, please contact Mr Alan K M Chu, Principal Assistant Secretary for Security, at 2810 2506.

Government Secretariat

Security Bureau

18 October 2000