Framework for Smart Card Use in Government

1 Executive Summary The Foundation for Information Policy Research is an independent non-profit organisation that studies the interaction between information technology and society, with special reference to the Internet, from a broad public policy perspective ; we do not represent the interests of any trade group. Our goal is to identify technical developments with significant social impact, commission research into public policy alternatives, and promote public understanding and dialogue between technologists and policy-makers in the UK and Europe. We welcome the government's initiative in producing draft guidance on the use of smartcards in the public sector. The CCTA document may be a useful move towards weaning the public sector away from its often uncritical acceptance of the claims made by the smartcard industry. The recognition that smartcard security is not infallible, and the attention paid to management issues in section 2.2, are a most welcome first step towards sanity, and deserve greater emphasis. However, the document continues to make an assumption which is not merely highly suspect but which the industry itself started to abandon some time ago, namely that the main benefit to be expected from smartcards will be a reduction in the number of identity and authorisation tokens which people carry, as a result of integrating multiple functions on a single card. Following great enthusiasm for multifunction smartcards in the early 1990's, persons with experience of the industry now reckon that the only type of system in which multiple applications on one card have a serious future is where smart-cards are used in consumer devices such as mobile phones and pay-TV set-top boxes, where there is only slot space for one card and the system operator's card must be there for the system to work at all. On such platforms, a bank (for example) wishing to offer its services in a way that leverages off the authentication functions in the card, has little choice but to rent card space from the operator. However, multifunction cards have some critical vulnerabilities. Anyone who wants to provide services via the card is forced to delegate control of access to their information to the card designer or issuer. In addition, multifunction cards deprive the user of a fundamental control against abuse: the ability to decide which card she puts into which reader. These vulnerabilities lead to many complex issues of security, control and liability which we explore below. Another source of confusion …