Lockstep

Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

Is smartcard security and privacy a zero sum game?

This is a pre-print of Stephen's recent column in Online Banking Review, which tries to dispel the fear that smartcards are intrinsically privacy invasive.

Extract

With national identity cards back on the political agenda, sweeping claims are being put about that smartcards offer some sort of silver bullet to weed out terrorists and fraudsters. On the other side of the so-called 'debate' are counter-claims that a national identity card would lead to secret surveillance of ordinary people, and that smartcards in general threaten privacy.

But one wonders if we're truly having a proper debate as yet. On both sides we see a great deal of fear, uncertainty and doubt, nay-saying and hype. As an advocate for smartcards, I long for a more sophisticated public analysis of their pros and cons, especially so that no matter what happens with the national id card, we don't see all smartcard schemes unfairly labelled as privacy invasive.

Privacy enhancing technologies not only make smartcards safe; they will also see smartcards being re-used for applications like electronic secret ballots (for shareholder meetings as well as government elections), census collection, electronic health records, and anonymous retail commerce. Given these possibilities and their broad based social importance, it's time we saw governments and financial institutions work together on the rollout of smartcards as critical infrastructure.

- New smartcard based Privacy Enhancing Technologies (PETs) can preserve both security and privacy
- Privacy advocates need to better understand the technical nuances while technologists need to stick to their knitting
- The business case for smartcards could be enhanced if financial institutions and governments worked together on the critical infrastructure.