The terms digital economy and information technology have become buzzwords in our society. Following the emergence of electronic commerce and intensive applications of Information Technology, large-scale personal data collection has been used by commercial organizations to derive new profits, and by the government to increase administration efficiency.

Government in general is often highly tempted by the convenience of "mass dataveillance" (mass surveillance by monitoring personal data transactions), and will very likely become a "Big Brother" if it fails to recognize the significance of personal data protection in an information society. A powerful lobby from related corporations usually influences this government's temptation for new IT systems that provide easy access to mass dataveillance. Hence for the last five years, human rights advocates in Taiwan have been pressing the government to recognize the importance of personal data protection. This paper provides an overview of Taiwan government's smartcard ID projects, and the experience of the Taiwan Association for Human Rights (TAHR) in campaigning against them.

The government of Taiwan has long been promoting the country's information and communication industry. In this context, it launched a national smart ID card initiative in 1997-1998 that originally planned the use of smartcard (IC card) technology to implement a healthcare ID card system that would be combined to the existing (and compulsory) National ID card system. The scheme was later expanded to target more types of personal data. It eventually collapsed in late 1998 due to strong protest from human rights advocates and various other actors from civil society.

But the idea of veering the government into electronic administration so as to boost operational efficiency with information technology was never abandoned. The government failed to learn from the lessons of 1998 and launched another project to implement the healthcare card using smartcard technology in 2000. The Democratic Progressive Party, the opposition party that took power in the same year, did not agree to reconsider the project and started to issue the cards in July 2002 in spite of objections from non-government organizations and warnings from academics. Today, the smartcard-based healthcare ID system poses a strong threat to the privacy of the nation's 23 million citizens.

The two schemes I mentioned are closely associated. They not only originated from the same idea of implementing IC cards that have the function of personal identifiers and are designed to become even more multi-functional, but also share the same project director from the private sector, who moved from the corporation handling the smart national ID card project to that taking care of the health IC card. More importantly, both projects expose the government's lack of concern for personal data protection during the policy-making process as well as the influence of massive business interests.

Furthermore, significant threats to human rights and privacy stemming from reckless government use of information technologies also occurred in the project to establish a national fingerprint database. Many government agencies are again not concerned over its impact on human rights.

Recently, Taiwan's national capital Taipei City also launched a project to collect fingerprint data from voluntary citizens, claiming that this would greatly facilitate the verification of personal identification. Yet the municipal government not only failed to warn the public of the potential threat the resulting database may pose to human rights, it also planned to expand the use of the data, including providing the service to financial institutions that are willing to pay.

In other words, the track record of Taiwan government's projects in the information society show that concern over administration efficiency and e-commerce advancements has outweighed personal data protection or rights to privacy.

Those involved in the movement for the promotion of personal data protection in Taiwan feel that this lack of concern can be attributed to certain social, economic and cultural factors that Taiwan actually shares with other countries in the region. This new "Taiwan Experience" may thus be worthy of consideration. A preliminary analysis and recommendations will be presented subsequent to the introduction of major government projects opposed by Taiwanese human rights activists.

Taiwan has long adopted a national ID system for resident administration purposes. National ID cards, therefore, have become almost indispensable for daily transactions in the public or private sectors. One could in fact not live without an ID card in Taiwan.

In 1995, a compulsory universal national health insurance plan was implemented, covering the medical insurance of almost every citizen. Each insured individual was issued a paper card that bears his name, date-of-birth and national ID number. An insured individual must also present the national ID card with the health insurance card when seeking medical assistance because the later does not bear the user's photo.

The paper health insurance certificate is designed with six cells in the back. A stamp from the medical provider must be affixed on a cell each time the insured person visits a doctor. The insured must return the card to the Bureau of National Health Insurance after every six visits so as to allow the insurance agency to monitor abuse of medical resources. The user is then automatically issued a new card with six cells (note that all employers provide this service so that most people don't have to go to the Bureau to renew their cards).

A year after the implementation of the scheme, a pilot smart card-based health insurance certificate project was carried out in Penghu, a remote group of islands of Taiwan. The chip of the certificate could register the patient's frequency of medical visits and uploads the information to the health insurance bureau if necessary. The card was considered by the government as more efficient in controlling abuses of medical resources. In addition, the insurer believed that the smart card, which carries the cardholders' photo, could prevent fraud or theft of insurance certificates. The function of the new card thus becomes more general.

Inspired by the pilot project, the Steering Committee for Information Development and Promotion, an ad hoc committee of the Cabinet, recommended the establishment of an "IC Card Planning and Promotion Task Force" in July 1997 under the Cabinet's Research, Development and Evaluation Commission. Its mandate was to explore the possibility of combining the functions of the national ID card and the health insurance certificate on a single smart card. Strangely, representatives of business interests were also included in the task force.

The task force promptly decided to set a smart card project in motion. It was decided that a private sector company rather than the government would invest in the project in exchange for exclusive rights of use of the system to develop its e-commerce. The business potential was estimated at US$600 million for the period of a decade. The smart card was to be made to register all personal data of the citizens, including insurance, criminal record, household certification, traffic violation records, fingerprints and so on.

The final request for proposals was announced in June, 1998. But very few among the public were aware of the project's potential for privacy violations. However, C. Y. Liu, an academic, began to monitor the scheme and published op-ed articles in the print media. When four proposals from private sector consortiums (formed in a very short time) were submitted to vie for the business opportunities, the public began take notice, and civil rights activists raised sustained criticism.

By November, the negotiation between the selected consortium (the Rebar Group) and the government collapsed, due to disputes over card-issuing fees and value-added business opportunities. The blows of civil rights groups and academics, in fact played a key role in strategically arousing the conflicts between government agencies. For example, activists suggested separating the insurance card from other added values, so as to avoid disputes and risks of violation of human rights.

Following the failure of the national IC card project, and in line with the idea of upgrading the accuracy of treatment claims from medical institutions while controlling doctor shopping by the insured with the smart card project of 1998, the Cabinet approved in 1999 another smart card-based health IC card project proposed by the Bureau of National Health Insurance, which was meant to replace the paper-based system. The Teco Electric and Machinary Co. Ltd. won the contract in November 2001, beating competitors including Acer Inc., Mitac International, and Systex Corp.

Teco has teamed up with international partners, which includes Hitachi of Japan, G&D of Germany, United Microelectronics Corp., a leading Taiwanese semiconductor supplier, and Information Technology Total Services Co., an information processing affiliate of the Teco Group. It was widely believed by commercial media and investors that the project involving insurance cards to the 23 million people of Taiwan would lead to great benefits, making the corporation much more competitive in the industry.

The smart card is designed to be a mobile data carrier held by the patient. Its personal information section carries the card number and date of issuance in addition to the cardholder's name, gender, date of birth, ID number and photo.

Its health insurance related information section further registers major diseases, the number of visits and admissions to medical institutions, the last menstruation period and pregnancy exams, along with the records of the cardholder's insurance premium and accumulated medical expenditures and so on. Moreover, the smart IC card's medical services section bears sensitive information, including the records of specific prescriptions for chronic diseases and general medical treatments. Its public health administration section includes the personal immunization records and the willingness for organ donation.

The project heightened civil rights groups and academics' concern that electronically-stored medical records with Internet access are particularly more vulnerable to abuse and to illicit disclosure of highly sensitive personal data than paper files. Although the patients' data is only accessible to authorized persons from medical institutions, large institutions will have to install hundreds of card readers, and therefore require a number of staff to operate them. The loose personnel regulation of medical institutions, however, heightens the mistrust in the management of medical records. Furthermore, the potential breach of privacy by breaking into the database, changing the data, or illegal trade of medical records, would impact not only the rights of the insured but national security, particularly in the context where the cross-Strait tension remains unresolved.

According to official online information of the Bureau of National Health Insurance and commercial news, the card could bring in other added value services, such as the use electronic purses.

Civil rights activists are in addition highly concerned about the possibility that the control over sensitive medical records may turn the government into a "Big Brother" and lead Taiwan to a surveillance society. Moreover, it is reasonable to speculate that the private sector company would also intervene in maintaining and operating the database because it takes professional skills to do so. The security of the personal data is therefore even more threatened.

In addition, it is widely speculated that other government agencies would be lobbied to link to or expand the database because their own databases already contains rich information on our nationals for administrative purposes. It is foreseeable that the 1998 electronic national IC card plan would eventually reappear in the disguise of the health IC card scheme. In summary, the resistance to the health IC card project is a matter not only of human rights, but also democracy.

There is every reason for the rights activists to highlight the issues of data security and inappropriate implementation of the project. Various security threat models in use throughout the private sector, as cited by some UK privacy advocates, indicate that at any one time, one per cent of any group of employees will be willing to sell or trade confidential information for personal interest. Similarly, in many European countries, up to one per cent of bank staffs are dismissed for the same reasons each year, oftentimes due to theft. In fact, numerous examples of constant abuse of personal data in the country by both government agencies and private sector corporations, in addition to the incomprehensive protection of personal data in the law, are evidences leading to reasonable doubt that the scheme is a threat to human rights.

Just digging into news archive, we found that there were at least six million personal data records exposed or leaked due to theft or negligence in 2002. For example, a policeman was caught selling citizens' communication records. Other news revealed more similar cases in which the police have been trading with private detectives more extensive personal data than simply the communication records. A director of a public medical institution even downloaded over 3,000 individual medical records, placing them on his personal website. There were also two local governments that respectively provided over 10,000 personal data records of primary school students and their parents without permission upon the request by county local representatives, and send out land tax forms to receivers without envelopes to secure the taxpayers' personal information. There were, in addition, five million personal data records of mobile phone users traded by the staff of prestigious communication service providers.

Academics and rights activists have long monitored the health IC card project and the government's moves in Taiwan. A NGO coalition for the battle against the health IC card was launched in July 2000. It began protests against the scheme outside the Bureau of National Health Insurance just before the President himself went there to receive the first health IC card in the country at a ceremony held by the bureau. Activists and scholars believe that all individuals should be allowed to assess the risks of personal data abuse and decide if they want or not such a health IC card. The health ministry and the bureau, however, have barely listened or responded to the opposition.

"The Personal Information Protection Alliance" then recruited 56 NGOs and continued consultations with information technology and other specialists to force the Cabinet to end the project and reconsider another initiative proposed by the Academia Sinica, which could better monitor the abuse of medical resources at a much lower cost and without the risks mentioned earlier.

As mentioned earlier, the Law mandates that all nationals of Taiwan should bear a national ID card. In 1997, the amended law governing resident administration prescribed that all citizens above age 14 would be fingerprinted for a national database to facilitate criminal investigation. This was followed by years of government wrangling over the issue, as well as opposition from rights activists who believe that the fingerprint database plan would infringe upon human rights. Nevertheless, the legislation soon became the major legal support for fingerprint advocates in the government. The then Minister of the Interior Chang Po-ya, for example, used the law to further promote the fingerprint database and submitted a proposal to the Cabinet. Although the Cabinet rejected the proposal and proposed to abolish the request of fingerprinting when applying for national ID cards due to human rights concern, the minister continuously lobbied in the legislature and through the media for the compulsory collection of each citizen's fingerprint data.

Two ministers of the interior after Chang also openly advocated for the digital database although the Cabinet's remained opposed to the project. The current Minister of Interior and the Minister of the Justice went further and even proposed the establishment of a fingerprint database to the public last year after just after a major air crash. They used the tragedy to support the idea that it is most advantageous in assisting personal identification in an accident. But again, they paid no heed to human rights perspectives in the matter.

By openly embracing the database despite the Cabinet's stance and disagreement from civil society, these officials exposed that as long as technology allows, they would not hesitate much to collect personal data from the citizens for administrative efficiency, and would barely consider other alternatives with less potential for violation of human rights. Civil rights activists continue to be the watchdog preventing the setup of a national fingerprint database using the same justifications as in the battle against smart card schemes, and have worked on the abolition of the requirement of fingerprinting introduced by the 1998 legislation.

The capital of Taiwan, Taipei City, began the operation of collecting fingerprints from voluntary residents in October 2002. The fingerprint database is to be used in combination with a face recognition system when necessary. The contractor of the project is the SYSTEX Corporation, a major solution provider in Taiwan.

The Taipei government claimed that the initiative is to facilitate precise personal identification because there are many cases involving the assumption of false identities. Rights activists believe that there is no need to set up such a fingerprint database, whether it is compulsory or not. First of all, the risks of wrongful disclosure or misappropriation of the fingerprint data should be considered. Secondly, the government should reconsider the necessity of playing the role of authority in the matter of identifying personal identification. If the national ID is so often abused, then perhaps the national ID itself should not be considered or used as the only and most authoritative personal identifier. Instead, the confirmation of one's identity could be done through other alternatives by other agencies, such as the court or financial institutions in some cases. Building up the database does not necessarily guarantee the prevention of misappropriation of personal identification, and storing large quantity of personal data in one digital database increase the misuse and violation to privacy.

The Taipei City Hall even claimed that it in the future, the collected data may become the proof of identity for one's driver's license and voter registration. There is also talk of providing information from the database to financial institutions that pay the government to verify their customers' identification. This leads to more possibilities personal data leaks and is absolutely against the concept of "minimum necessary," a principle established to reduce possible violations of privacy by the government. Apparently, the local government has not collected the personal data because its operation cannot continue without the collection. Instead, it planned to first gather the data before confirming its advantages and properly assessing the gains and loss before implementing the initiative.

Moreover, the Taipei City Hall and its agencies have strongly publicized and promoted the fingerprint collection with ads and little gifts. This is very inappropriate as most of the Taiwanese people are not aware of the risks for human rights violation in the project. The city's agencies, moreover, allow residents who agree to the use of their fingerprints for identification to enjoy higher efficiency in all forms of administrative assistance. This is considered by right activists as discriminatory to those who refuse to fingerprint due to privacy concern. The Personal Information Protection Alliance is also protesting against this initiative.

We feel that it is necessary to take into account the social, economic and cultural context into account when looking into why the Taiwan government has ceaselessly tried to implement projects that apply easily accessed IT in the information society.

Possible reasons for this may be:

1. Like many other Asian countries, Taiwan was under authoritarian rule for half a century. The policy-making process of the hegemonic Kuomintang was top-down rather than bottom-up. Just barely two years after the first ever alternation of political parties in power, policy makers are still not used to the monitoring of grassroots movement and feel that as long as the budget allows and the legislature approves a proposal, they would implement it regardless of what the people say and want. The government is also accustomed to the role of a ruler that prioritizes mostly administrative efficiency. This mentality of our policy makers has barely changed despite the transfer of power to the Democratic Progressive Party in 2000.

2. Taiwan shares other traditional values with other countries in the region, such as viewing the government as a "ruler" rather than "public servant". This leads to a high level of authority of the administration and weak supervision from the grassroots in contrast to the situation in the West.

3. Taiwan shares traditional values with many other Asian countries, which emphasizes harmony and benefit of the community rather than the rights of the individual. Therefore, the idea of protecting personal data and privacy is not yet firmly established in the society, nor is it a priority for policy makers or the general public. The protection of privacy via legal mechanisms is also far from comprehensive.

4. Like other Asian countries in the region that have been promoting smart national ID card projects, such as South Korea and Malaysia, Taiwan is more than eager to transform itself into a total information society, because technology is a symbol of progress and the promotion of e-commerce would stimulate the country's economy. In contrast to the speed of adopting technologies, the advancement of discussion on personal data protection seems slow, and therefore the defense against possible violations to privacy weak.

Based on the experiences of privacy protection and human rights movement in Taiwan, we recommend that:

1. Considering that many grassroots privacy protection advocacy groups in Asia may have faced the same situation above, we propose the establishment of a tighter regional networking of NGOs to share information (especially in the context where, for example, TECO is keen to sell the smart card project to Thailand and China) and to share experiences in the defense and promotion of human rights in the information society.

2. The government of Taiwan (or perhaps in other Asian countries as well) should put more emphasis on privacy protection and establish proper legal and intra-governmental auditor mechanisms. The latter would be helpful in balancing the request of government agencies who unreservedly welcome projects applying IT for administrative purposes and the powerful lobby of business entities.

3. The government should reconsider if it is appropriate to promote e-commerce methods for the implementation of major government projects. The database building project may not only breach human rights, it may also constitute improper intervention in the IT industry. This is because it gives the wining bidder a better position in competing for future government projects dealing with digital databases as the contractor will be more familiar with the process involved in similar projects. In fact, most of the time, the local industry will team up with international corporations to accomplish a project because certain techniques are not yet well developed domestically. There is a question, therefore, of whether the competitiveness of the local IT industry would dramatically increase in the international community after winning large government projects contracts.