[Letter by Stephen Pender, President of the Graduate Students' Union, University of Toronto]
University of Toronto
7 December 1998
Dear Karel Swift,
On 2 November 1998, at an Open Forum organized by the Identity Technology Working Group, I urged the University of Toronto administration (through you and Jack Dimond in his role as Privacy Commissioner) to answer several important questions regarding policy about and the implementation of the so-called "Smart" card. In my intervention at that forum, I stated explicitly that, as the president of the Graduate Students' Union, the University of Toronto administration should "publicly report the results of the "Smart" card trial, the contract with Cybermark and publish as widely as possible a policy governing the implementation and use of the "Smart" card across the university." While the information from the University Registrar disseminated at the forum did state that "the University is undertaking to put in place comprehensive guidelines and procedures to assess any new applications of smartcard technologies" (Procedures for new students to be issued a TCard, Office of the University Registrar, page 2; emphasis mine), students have not yet seen "guidelines" or "procedures" for the existing applications of the card. Unless I missed the public relations blitz, I am disappointed the administration has not chosen to clarify its position publicly on either "Smart" card policy or its implementation. Sharing information, working collectively with those for whom your work has lasting, quotidian importance does not seem to obtain with respect to the implementation of the "Smart" card. Whether or not one agrees with the need or technological efficacy of the card, one must admit that the process of student participation, consultation and implementation has been rather poor.
The Graduate Students' Union is deeply concerned about policy questions and implications raised by the card, the ongoing problem posed by the card's inability to register voting in student government elections and the privacy questions the card raises. In particular, our constituency has expressed its dismay about the cost to students for the cards (a mandatory fee of approximately seven dollars), the astonishing lack of information about the card available from those who issue it (library staff --- who of course are not to blame for this situation) and the absence of a mechanism for refunding money loaded onto the chip (we know of at least one situation wherein a card was recalled but the money loaded on the card was not refunded). We are also concerned about the process with which the card was issued, apparently voluntarily, to students last year. That said, I have several direct questions about
(1) the card itself,
(2) the decision to purchase and implement the card and the technology,
(3) financial concerns,
(4) privacy, security and elections and
(5) the university's leadership role with respect to this technology.
I trust you will answer these questions promptly, since the card continues to be issued --- and data continues to be collected which may contravene the university's own policy on privacy.
(1) The card itself:
- Why do we need the "Smart" card? Students have certainly not asked for this new technology and the pat answer --- that is solves administrative problems efficiently --- is rather too vague to be acceptable. If there has been increased efficiency in any administrative areas, could we see the results? Perhaps the administration's expectations have been frustrated by this technology, in which case the sole justification for the card rings hollow.
- What are the present and potential uses for the card and its various electronic "purses"?
- If the issuing of the card was voluntary, are there portions of the card --- photograph, signature, chip --- that remain optional? Precisely what information is required for this card (or any other card) to function as university identification?
(2) The decision to purchase and implement the card and the technology:
- How was the decision to proceed with the card and the technology made? Who were the members of the original decision-making committee? Who determied the membership of the committee? Were students involved in this process?
- Who is now responsible for the ongoing implementation? Were guidelines and procedures drafted?
- Who pays for the card (aside from the Provost's contributions through the APF)?
(3) Financial concerns:
- The technological and labour costs of this project must be significant. What have been the costs to date? What about future costs? Are students paying for technology that serves them poorly?
- What was the exact cost of the agreement with Cybermark?
- What are the revenues (sales and increases in photoreproduction costs, advertising, product tie-ins, the precise saving from the elimination of the old cards, the new card fee) associated with the card? Who receives the revenue from the cards?
- How was the purchase and implementation of this technology deemed a priority against other university projects (housing, academic programme expenditures, tuition reductions and so forth)?
(4) Privacy, security and elections:
- Although at the Open Forum Jack Dimond expressed some concern about the implementation and information collection associated with the card, his concerns represent merely a small portion of a host of potential privacy and security problems.
- What individual information is the university collecting and who has access to that information? What information is the unviersity collecting in aggregate? How is that divided (gender, level of study, college and so forth)? Who has access to the aggregated information? Are there plans to sell or distribute this information? If so, what are the plans to secure students' agreement for the dissemination of this information?
- To which other technology do "Smart" cards "speak" (ROSI, library records and so forth)? Are these databases currently connected or will they be in future? What portions of the card itself, or of the information it carries, are encrypted?
- Why are students' signatures and photographs digitalized and archived as part of the implementation process? Was the previous single (hard copy) photograph unacceptable? Who has access to this information? Does the collection of this information violate the university's privacy legislation (as I think it does)?
- If the technology fails (shut-downs, hacking and so forth), how is student information protected? If any one function of the card is shown to be faulty, what are the administration's plans? What sort of compensation will be made to a student whose privacy has been compromised?
- The GSU was first contacted about the "Smart" cards in relation to perceived difficulties with various services (Hart House, for example) and student and university government elections. Was the old system --- stickers applied to student cards --- deemed obsolete? Given that electronic voting is insecure, what are the proposed solutions for on site, in person student voting? Whatever the solution, the university must cover the costs of all student organizations for, say, applying new stickers during next term's elections.
- If chips are an inappropriate way to track voting, why were chips installed on the card?
(5) The university's leadership role with respect to this technology:
Identity cards are already in use in various constituencies and locales around the world --- from Florida State University, where students are now issued credit on their cards, sometimes as much as one hundred thousand dollars, to South Korea and Thailand, where governments have issued identity cards to track the movements of large groups of people. Ontario is very interested in this technology as well: the Tories are investigating tying biometrics to health cards and social assistance cards and tracking entire populations --- low-income Ontarians in particualr --- through the use of identity cards. Why would the University of Toronto wish to implement a similar regime? Why are these cards deemed appropriate for institutional use when various civil liberties unions consider them a very dangerous threat to personal privacy? How is the university's use of these cards separated from these larger issues? Were these wider questions considered during the purchase and implementation of "Smart" cards? Finally, in light of the recent decisions by several Canadian banks to abandon their "Smart" card projects, do we as a university wish to set the precedent in Ontario? Will "Smart" cards tarnish the lustre of the University of Toronto?
The above questions do not, of course, represent all of our concerns with respect to this technology; rather, these are the questions that must be addressed before continuing the implementation and use of the card. I trust you will respond to these questions as soon as possible in at least two ways: first, obviously the GSU would like specific, detailed answers made publicly; second, I urge you and other members of the implementation committee to make all past and future documents and decisions public as well.
Finally, since students are or will be the majority of "Smart" card users, we should participate in every future policy and implementation decision in a meaningful manner (that is, for example, inviting accountable members of student governments to sit as equal members on the implementation committee).