From: anonymous-remailer@shell.portal.com
Date: Tue, 14 May 1996 09:33:17 +0800
To: cypherpunks@toad.com
Subject: Report on Smart cards
Message-ID: <199605131336.GAA18614@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Financial Times, 13 May 1996

Smart cards poised to mark revolution in data protection

The poor image of the technology as "Big Brother's little
helper" may be altogether undeserved, says Alan Cane

The smart card -- a piece of plastic the size of a credit card
with a computer embedded in it -- offers numerous benefits,
but will force a re-evaluation of attitudes to privacy and
data protection, says Demos, the independent think-tank.

Its report, one of the first to analyse policy issues raised
by the rapid proliferation of smart cards in areas such as
finance, health and public administration, warns that the
benefits will only accrue when people are confident the
technology will not become "Big Brother s little helper", as
the authors put it.

Helpfully, Demos suggests policies to sidestep what it sees as
a "sterile confrontation" between civil libertarians and
authoritarian government and business interests in promoting
the benefits of smart cards.

"We have argued that people will trust in these technologies
when they can choose anonymity where they want it and have
greater control over the use of personal information held
about them," say the authors.

What distinguishes the smart card from other information
technologies and gives it its power is the capacity to
concentrate and manipulate a huge amount of information in a
tiny space.

A reading device is necessary to view the information, but
smart cards compute as well as store data. Software can be
incorporated to encode the data, rendering it unreadable to
anyone without the right key.

What can smart cards be used for? Their main use now is as
telephone cards for public pay-phones, but they have the
potential to identify individuals, to act as an electronic
wallet for cashless shopping, and to provide a secure and
portable information store. Medical histories could be stored
on a smart card, for example, ready for recall by a doctor.

Visionaries talk of virtually unlimited amounts of information
distributed through society in a variety of forms -- the
credit card model has been adopted for convenience rather than
because of limitations inherent in microcomputers. Badges,
pins and jewelry could all become "smart" accessories in the
future.

However, this sort of crystalgazing raises questions. For
example, what information should be stored on a smart device?
Who should be able to read it? The Demos researchers are
critical of suggestions by Michael Howard, Britain's home
secretary, that a smart card could be used as a national
identity card: a government-issued, multi-functional card,
with the populace having little or no choice about which
applications were available on the card -- and perhaps no say
about the privacy system employed.

Regulation of the privacy system -- encryption -- is
important. It is comparatively easy to devise encryption
methods which are almost impossible to break within a
reasonable period. That worries governments fearful of being
unable to unpick communications from terrorists and the like.
The US has attempted to forbid the export of the more powerful
US cryptography systems.

The Demos researchers argue that such tactics are
counter-productive. They favour a private "key escrow", a
system where cryptography users deposit the key to their
system with a trusted private registry, approved and regulated
by governments. "Government law enforcement agencies would
have to obtain a court order on the basis that they had strong
reason to believe that an individual or company that had
escrowed their keys ... was guilty of some crime".

The report proposes a radical reform of data protection
legislation through some 10 supplementary conditions. Data
users, for example, would have to get express consent from
individuals for the use to which they would want to put the
data. Rules on disclosure to third parties would be tightened,
so that data users would have to receive specific permission
from a data protection registrar in order to gain access to
specific information.

It argues that individuals should be able to choose the card
they want, and decide what information and applications will
be loaded. "Where [Michael Howard's] card is an essentially
authoritarian instrument, our proposal is for a more
market-based instrument in which the role of government is to
align the incentives within the market to ensure privacy,
trust and individual access and control," says the report.

- On the Cards, by Perri 6 and Ivan Briscoe. Demos, 9
Bridewell Place, London EC4V 6AP. UK9.95.

-----