Things You Can Do to Address Smart Card Privacy Issues
written by: allychevalier•edited by: M.S. Smith•updated: 6/1/2011
Technology changes fast, and if you don't keep up, you could find yourself in a lot of trouble. The rise of smart cards is an excellent example of this, packing personal data into devices with numerous privacy concerns. What can do you do? This article explains.
slide 1 of 6
What Are Smart Cards?
Before you can really understand the privacy issues surrounding smart cards, you need to have an idea of what a smart card is. Essentially, a smart card is any card that has an integrated circuit within it, hence their more formal name, ICC or Integrated Circuit Cards.
From here, we can divide smart cards into two broad categories. The first category is memory cards, which contain non-volatile memory only. These are used to store data. The second category is microprocessor cards. These cards contain volatile memory as well as—you guessed it—a microprocessor.
Another two distinctions that can be drawn: between contact smart cards, and contactless smart cards. Contact smart cards require physical contact with the card reader, whereas contactless ones don't. So, a contact smart card actually requires that you remove it from its housing and bare it to the general public, which is a security no-no, whereas contactless cards do not require this. However, this also means that anyone who knew what signal to broadcast could identify you, and potentially locate critical private data about your person, whereas a degree of consent exists with contact smart cards.
So, these are pretty obviously powerful pieces of technology, and one that is evolving quickly. The single best thing that you can do to address privacy concerns on smart cards is simply to know what's going on with regards to smart card policy, technology and applications. Awareness is powerful!
There are three main applications of smart cards: financial services, ID services, and public transportation, each with unique security issues associated with them.
Financially oriented smart cards have been rolling gradually into the system for several years now. They are largely held to be more secure than non-smart cards—think credit cards with a lot more anti-forgery support built in.
Government ID services have been looking at smart cards for some time now as a way to keep better track of citizens to fight everything from terrorism to illegal immigration. With all the data placed together, as opposed to sprawled out amongst agencies at the local, state and federal level, it could be much more difficult to hide in the shadows. This has a very deep potential for abuse, though, particularly if the information got into the hands of a malicious third party.
Public transportation is not the most conspicuous use for smart cards, but it's a growing market. The most notable use is the Oyster Cards used in London public transportation system. These cards could theoretically be used to track an individual's movement throughout the city by either the operator of the public transit or the government, which presents a privacy concern. For example, this has already been an issue in the UK, where M15 wanted to use this information to track terrorists, even the the card has already been cracked.
Health information is another concern. While smart cards with health information is not all that common yet, it's another use that's growing, and that's certainly sensitive information that could potentially be abused by third parties.
Now, mostly there are different smart cards for different applications. However, many people are frightened at the prospect of having a single card for all of them—a combined national ID card, credit card, biometric, driver's license, anything you can think of, in a single square of plastic and circuitry. The wonderful usefulness of such a universal card is only matched by the frightening potential for abuse. Instead of having to individually track down each item to take advantage of someone, you instead of a single piece of technology that contains someone's entire life.
Right now, smart cards have no real standards, varying from company to company, and government policy progress on unifying forms of identification has been markedly slow worldwide. The only real success story has been Malaysia's MyKad program launched in 2001, and even that has been greatly underused.
So, there's no immediate threat, if you find this concept to be uncomfortable, but the possibility is there.
This is a constantly evolving field of both policy and technology, so keeping an eye on the news for changes in trends is, again, the best thing you can do to address any privacy concerns you might have.
slide 4 of 6
Fake It: The Problem With Forgeries
One of the biggest fears with these cards is that it will be possible for forge them.
A solution has been proposed: introduce biometric data into these cards. By intimately connecting the cards to your unique biological signatures, such as fingerprints and DNA, forgeries would be nigh impossible to make, and easy to detect. However, many privacy groups have difficulty with the concept of giving up one's very biological data to third parties.
Other, less controversial changes have been proposed to increase the security of the cards, from holograms to encrypted signals and more. While the proficiency of forgers is sure to increase along with the complexity of the security measures, it's important to remember that an arms race when it comes to security is inevitable, be it with automated smart cards or with old-fashioned hoodwinking the bureaucracy. Furthermore, the changes that smart cards have introduced in the interest of increased security have made these cards much safer to use, replacing old-fashioned magnetic strips.
Your best way to avoid a forgery of your own card is to simply protect your card well. Don't use it when you don't have to, and keep it in a very secure place around your person. Consider investing in a money belt or other accessory that is difficult to pickpocket. When using the card in public, cover sensitive parts of the card with one hand during transactions.
slide 5 of 6
slide 6 of 6
Want To Get Involved?
If this really bothers you and simply staying abreast on the news doesn't seem satisfying enough, there are many privacy organizations that work with technology like smart cards that you can get involved with.