About the Centre
The who, what, how and why of CCSR
Conferences
Conferences, and related items
What's New
New Resources and Conferences
Search
Search Resources and Conference listings
Resources
Papers and topics dealt with by CCSR
E-Journal
The ETHICOMP E-Journal
Ethicol
The IMIS's column on Computer Ethics
Contents Page
Site map of CCSR
Journal of Information, Communication and Ethics in Society
Last update 21 February 2006
IMIS Logo

Smart Card Technology

Prof. Simon Rogerson

Copyright © 1998 Simon Rogerson

Originally published as ETHIcol in the IMIS Journal Volume 8 No 1 (February 1998)

Document Also Available in PDF (54 kbytes), PS (48 kbytes), Printer-friendly HTML (8 kbytes) Rich Text Format (10 kbytes) DocBook source (8 kbytes)

The smart card is one of the digital icons of the Information Age. Smart card technology is being applied in various ways to facilitate trade, gain access to services and products, verify identity, and establish and influence relationships. In the UK there have been many applications, for example, the electronic purse - Mondex, the Shell loyalty card and the Social Security Benefits Card. Similar examples can be found in different parts of the world. In Spain a smart card has been introduced for benefit payments and access to government databases. A smart patient data card is being tested in a region of the Czech Republic to replace the paper-based system that had limited capacity, was inaccurate, labour intensive to maintain and open to widespread abuse. Two million smart cards have been issued to the poor in Mexico for distributing food and cash benefits.

A recent study found that 27% of smart card applications were within banking, 18% within health and welfare and 15% within transport. Other applications included; telecommunications, identification, phonecards, retail loyalty schemes, metering, radio security, physical access and gambling. The use of multifunctional smart cards was commonplace.

Smart cards have three broad functions; authentication, storing value and storing personalised information. Authentication is concerned with ensuring only authorised individuals gain access to systems and buildings. A smart card can be used as an electronic purse to store units of value in different currency denominations as well as credit and other units of value such as bonus points or air miles. Values can be replenished on a smart card. The smart card can also be used as a portable storage device independent of some fixed location and with the capability of holding a large amount of data of different forms and for different purposes but usually of a personal nature.

Clearly there are beneficial outcomes from the application of smart cards. Realising these benefits both for individuals and organisations may well profoundly change the relationship between clients or consumers and suppliers or government bodies. A smart card that is your passport, driving licence, credit and debit card, access to your place of work and your car ignition key will undoubtedly alter relationships due to potential uneasiness about what data is held, accessed and modified. Such cards are already being piloted. For example, in South Korea a national citizen card is being introduced which is used as a driving licence, identity card, pension card and medical insurance card.

Some of the potential benefits of smart cards are:

  • Using smart cards is safer than carrying cash for an individual

  • Smart cards can improve access to services for the disabled and elderly

  • It is a secure means of authenticating the identity of reader device

  • It is a portable and secure store of information available to all

  • Access can be made available in geographical locations where on-line communication is not possible

  • The opportunity of fraud is reduced using smart cards

  • Social disadvantaged groups can gain access to facilities and resources without feeling stigmatised

  • Objective selection criteria can be upheld and the risk of bias or favouritism reduced

Consider just one example. Smart card technology has the capability of addressing access, independence and equality of opportunity issues for the disabled through facilitating adaptive interfaces. Individual requirements could be stored on the smart card so that the interface at the point of use would automatically adapt to the preferred customer verification method (for example hand geometry), input (for example voice activation and speech recognition), operation (for example reduced functionality) and output (for example large colour specific characters). Contactless smart cards could be used to remove the necessity of card insertion into readers, to unlock and open doors, to activate location signals, to increase road crossing times and to adjust access heights of facilities.

There are potential pitfalls for individuals and society in general regarding smart card applications and these include:

  • Smart cards lead to a loss of anonymity

  • Pseudonimity can be mistaken for anonymity as card schemes indirectly hold cardholder identity

  • Smart card schemes could lead to a reduction in the provision of non-smart card facilities and so affect freedom of choice

  • Smart cards can reduce access to services and resources for the technology illiterate or technology wary

  • There are difficulties in viewing personal data by card holders

  • Smart cards can result in significant invasions of privacy

  • Profiling and tracking of individuals can occur

  • Increases in smart card use could lead to a de facto national and subsequently global identity card that has not been subjected to citizen consultation

  • Smart card functionality can be increased without proper consideration of the overall impact

It has been suggested that a number of principles should be adhered to when considering if and how a smart card scheme should be implemented. Of these the key principles are:

  • Smart cards must properly respect the legal and ethical rules pertaining to the rights of the card holder

  • Individuals should have the right to refuse a cards

  • The card holder's prior consent is required for all uses of the card and disclosure of information it contains

  • Cards should not be used as tools for overt or covert surveillance

Having decided to implement a smart card scheme certain design features seem appropriate and are summarised as:

  • identified transaction trails should only be used where no acceptable alternative exists

  • identity should be safeguarded using pseudonimity

  • ensure integrity across applications on multi-purpose cards

  • the design of smart card schemes must be transparent to the individual

  • biometric and encryption key data should be held on the card

  • two way device authentication must be used

Smart cards offer great potential benefits to society. Given its pervasive nature careful policy, design and implementation strategies must be in place. With these one can envisage a time when the lack of ownership of a multi-functional smart card will result in a dramatic loss of opportunity and of help in times of need for the "non-citizen". The aim must be to achieve sensitive usage and ensure ordinary people are involved in the technological decision making process which precedes application of smart card technology.

Please send your views on ethical and social responsibility issues and cases of ethical dilemmas to:


Professor Simon Rogerson
Director
Centre for Computing and Social Responsibility
Faculty of Computing Sciences and Engineering
De Montfort University
The Gateway
Leicester
LE1 9BH
Tel:(+44) 116 257 7475
Fax:(+44) 116 207 8159
Email:<srog@dmu.ac.uk>
Home Page:http://www.ccsr.cse.dmu.ac.uk