acm - an acm publication


The road to encryption
smart card ID: But can it remember my passwords?

Ubiquity, Volume 2000 Issue November, November 1- November 30, 2000 | BY Andrew Rafalski 


Full citation in the ACM Digital Library

Smart card ID: But can it remember my passwords?

The Defense Department recently unveiled a new hi-tech security ID card. It will become the standard ID for military personnel, civilian Pentagon staff and some contractors. The badge features a magnetic strip and two bar codes, and will store a "certificate" that will allow the cardholder to effect a digital signature. A DoD official gushes "We're very excited about the seemingly limitless possibilities of smart card technology." To which we say "Uh ha."

Do we really need a smart ID card? Are we headed to eventual encryption of everything about us?

The techie in me says it sure would be cool! Most of us walk around with "tons" of cards and IDs, filling our wallets, pockets or purses. I once did a tongue-in-cheek Toastmaster's speech about what men carry in their wallets. Besides the usual old notes and addresses there was the obligatory set of three or four credit cards, driver's license, emergency road assistance card, health insurance ID, social security card (don't know why I was carrying this around). And of course you never know when you'll need your library card, VA card and museum membership pass. If you work you likely have an employer ID, maybe a transit fare card, several business cards. No wonder I was getting a strange one-sided back ache.

Wouldn't it be wonderful if all these cards, passes and badges could be combined into a single solitary smart data ID -- one magic magnetic card that would take the place of it all. What a fantastic business opportunity for some entrepreneur! Talk Visa, Mastercard, Discover Card, the states, the libraries, and corporations into subscribing into one database then offer the service to individuals. I think I would be willing to pay a few dollars for the convenience; one plastic card that would combine all the data in my menagerie of individual cards, ID's and passes. Yet the pragmatist in me says "Wait a minute!"

Haven't we already given up most of our privacy? Do we want to give up the final shreds of it as well?

Some believe that the Defense Department's smart card is a first step to a national ID card -- encryption of all! David Banisar, senior fellow at the Electronic Privacy Information Center, has a more sober outlook. "Ultimately, the danger is that people could be routinely tracked."

I would add we are quite efficiently tracked already, thank you. Each one of us has a long trail of personal information filed away with credit agencies, government offices, banks, utility companies, department stores, insurance companies, not to mention Website cookies and log-in IDs. A de facto national ID is already here, we just don't realize it.

Some of the tracking verges on the nefarious. Twenty years ago I had a bank account where my last name was misspelled by one letter -- a "y" instead of an "i". I held the account only briefly. To this day, one of the leading credit agencies has that gem of intelligence about me -- "formerly known as." They are listing my "other" name as if I had been deliberately masking my identity. The same credit agency also has erroneous information about my previous accounts. Would they only be as efficient about keeping information straight? Heaven help you if you have to get a credit agency record corrected. The peculiar thing is where did these credit agencies come from? Who appointed them to gather all this information about me? But that's another story.

Technology has enabled us to code the minutiae of our lives. Every email we write could technically last forever and be easily transmitted anywhere. We used to sneer at Big Brother watching in the communist countries. With our technology, I'm afraid, we are infinitely more efficient at Big Brotherism than any despotic regime ever was. Unfortunately, it's all couched in benign terms of efficiency, cost-effectiveness, and assurances of consumer benefits.

As an engineer I admit the technology and possibilities are fantastic. But the technology is getting way ahead of our social and legal capacity to fully understand and assimilate the changes. We are like the under-age kid who teaches himself to drive. Yes, he can drive, but does he know traffic laws and the responsibilities of driving? Do we know where we are going when our private lives can be burned into a tiny chip and easily propagated into cyberspace?

Andrew Rafalski is an information systems professional specializing in systems implementation, application and testing, currently working for a software company in Chicago. He writes on technology, investing and career issues. He was editor of The Physician's Personal Advisory, co-wrote a book on retirement planning, and has written for such publications as National Business Employment Weekly and The San Francisco Examiner.


Leave this field empty