The Foundation for Information Policy Research is an independent non-profit organisation that studies the interaction between information technology and society, with special reference to the Internet, from a broad public policy perspective; we do not represent the interests of any trade group. Our goal is to identify technical developments with significant social impact, commission research into public policy alternatives, and promote public understanding and dialogue between technologists and policy-makers in the UK and Europe.
We welcome the government’s initiative in producing draft guidance on the use of smartcards in the public sector. The CCTA document may be a useful move towards weaning the public sector away from its often uncritical acceptance of the claims made by the smartcard industry. The recognition that smartcard security is not infallible, and the attention paid to management issues in section 2.2, are a most welcome first step towards sanity, and deserve greater emphasis.
However, the document continues to make an assumption which is not merely highly suspect but which the industry itself started to abandon some time ago, namely that the main benefit to be expected from smartcards will be a reduction in the number of identity and authorisation tokens which people carry, as a result of integrating multiple functions on a single card.
Following great enthusiasm for multifunction smartcards in the early 1990’s, persons with experience of the industry now reckon that the only type of system in which multiple applications on one card have a serious future is where smart-cards are used in consumer devices such as mobile phones and pay-TV set-top boxes, where there is only slot space for one card and the system operator’s card must be there for the system to work at all. On such platforms, a bank (for example) wishing to offer its services in a way that leverages off the authentication functions in the card, has little choice but to rent card space from the operator.
However, multifunction cards have some critical vulnerabilities. Anyone who wants to provide services via the card is forced to delegate control of access to their information to the card designer or issuer. In addition, multifunction cards deprive the user of a fundamental control against abuse: the ability to decide which card she puts into which reader. These vulnerabilities lead to many complex issues of security, control and liability which we explore below.
Another source of confusion is to describe a card as multi-function when it is not; it may have the single function of saying what your name is, and perhaps your address, this name being used for many purposes which are not recorded in any way on the card itself. A good example is the California non-driving driver’s license which is used solely to encourage people to believe a claimed name. Such cards can be useful although their introduction in the UK would be politically fraught: a number of attempts to introduce ID cards in English speaking countries have foundered on extreme public hostility.
Indeed, we suspect that much of the impetus behind the present document is the wish in some quarters in Whitehall to introduce an ID card – but have some third party (such as the banking industry) bear the cost and the political opprobrium. For reasons set out below, this is unlikely to be a good idea.
Government departments should not repeat the usual mistake that civil servants make with computer systems, of trying to kill two birds with one stone. This is a well-trodden road to systems that do not work well or at all, and end up costing a multiple of the original budget. It is far better to set departmental operational needs directly in the light of public opinion and other political and budgetary constraints, and contract for the construction of systems that meet them using tried and tested technology.
FIPR therefore strongly recommends that CCTA advice should:
- issue a strong warning of all the pitfalls with multifunction card technology mentioned in this response;
- be technologically neutral, and in particular it should not encourage the use of smartcards when other technology will do at least as good a job;
- avoid giving system builders the impression that the usual rules of prudent practice in business and administration can be overridden, by invoking potential synergistic benefits from hypothetical future multiple applications to bolster an otherwise flimsy business case.
Download
PDF Ebook Framework for Smart Card Use in Government
