Smart Solutions to ID and Privacy

By Larry Seltzer  |  Posted 2006-10-30 Print this article Print

Opinion: Some ID enhancements are smarter than others, and the convenience isn't always the best option.

Are we on the verge of a revolution in authentication in this country? Many vendors and analysts feel that the impending implementation of the governments Homeland Security Presidential Directive-12 mandate could lead to one. Heres the actual presidential directive. The government goals in this effort are to create a uniform and secure form of identification for federal government personnel.
A smart card is a good choice for this, as its flexible enough to include both visible information, such as a photograph, and digital information, such as fingerprints, a digital copy of the photo, It can also carry specific information for some people and not for others.

Smart cards have been around for some time now. They have been widely used in Europe in a variety of applications; those SIM (Subscriber Identity Module) cards you put in a GSM phone are smart cards. In the United States, the most widespread use of the may be as encryption keys for DirecTV.

In Europe smart cards have been used in ways that would seem fantastic here; in Germany, smart cards are the official identification for the national health care system since 1993. Private companies are accepting the cards for online transactions and banking, a great convenience to be sure, but a development that would raise fears in the United States. Elsewhere around the world, they are used for drivers licenses.

California Gov. Arnold Schwarzenegger has vetoed a bill to regulate the use of RFID in state and local documents. Click here to read more.

Why have smart card applications not caught on in the United States, at least not to the degree that they have elsewhere? Its not all about privacy. There has been plenty of industry backing for them, not least from Microsoft (although as a business network authenticator, not for consumers).

The cost issue here in the United States seems to be predominant. Many believe that a "contactless" solution (for example, RFID-based) will make a better business case. This is odd, since RFID solutions have raised so many more privacy issues and seem, at least at first glance, to be so much more prone to privacy abuse.

Contact smart cards have a set of physical contacts and must be inserted into a reader (see the nearby image, and the gold contacts on the card itself).

Contact smart cards have a number of advantages that can also be spun as disadvantages, depending on your point of view. For instance, they dont have batteries; the power is supplied by the reader through the contacts. This also gives them form factor advantages over contactless cards.

Contactless smart cards use RFID to communicate with readers, but arent brain-dead transmitters of their storage like many RFID devices. They can be subjected to security protocols to combat casual scanning.

Another government application blazing the smart card trail is public transportation systems. The Washington (D.C.) Metropolitan Area Transit Authority SmarTrip card is a contactless smart card. The appeal is obvious; if you use the New York City subways, you know the aggravation it can sometimes be to get your MetroCard to swipe successfully, or to wait behind someone who is having a hard time with theirs. The SmarTrip just reads as you walk by.

Industry momentum notwithstanding, I dont see RFID solutions reaching many sensitive applications here in the United States because of privacy concerns. Of course, we will be seeing them in passports soon, and well see whose predictions prove true about that. RFID solutions do raise the potential for abusive reading by third parties and the use of that data for unsavory purposes. I can imagine a major insurance company using smart cards for ID, or a state using them for drivers licenses, but I cant imagine contactless ones being accepted.

I have to admit that what makes me most leery of smart cards in the United States is that their adoption is being driven by government use. Im not a really hard-core worrier on privacy issues, I just dont trust government, and it seems unlikely to me that they would have hit on the right solution where private market forces declined it.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. He can be reached at Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel