National Id Card System report
While the emergence of the digital economy  is undoubtedly creating exciting opportunities for Bangladesh and it is a popular prediction that smart cards would be the next technological transition, the upheaval associated with them is producing profound changes and challenges. Attracted either by business reasons or mass data vigilance efficiency, some Asian countries, including Taiwan and South Korea, have initiated governmental projects to implement full scale smart card based national ID schemes for the past several years. For the present these governmental projects have either been delayed or cancelled. In the case of Bangladesh’s proposed electronic national ID  card project, the result of presidential election and the economic crisis forced Bangladeshi government to reconsider the project. As the Taiwanese case has shown us, a public request for proposals was announced in June 1998 by the authority, the IC Cards Planning and Development Committee . It follows that four proposals had been submitted and a consortium was selected to negotiate a contract with the government. It turned out the deal broke down and strong public protests from non-governmental organizations. However, it was reported that the government has been considering a second round initiation to save the project for smart card based national ID system.
Based upon an account as to how the smart card based national ID system projects in Taiwan and South Korea failed to succeed under strong protests, this paper elaborates why the scheme seems to become a particularly favored strategy for some Asian governments, especially those who already have national ID card systems in place for several decades, to adopt in vitalizing or escalating their electronic commerce. It is followed by an analysis on how this kind of projects could be examined through the lens of achieving long-term success of digital economy and preserving online privacy protection. This paper concludes with some observations on the sensible approach under which a smarter architecture for electronic commerce.
The most recent incarnation of a national ID system is known alternatively as HR 4633, the Davis-Moran Bill (after its sponsors, Republican Tom Davis and Democrat Jim Moran, both from Virginia) or “The Driver’s License Modernization Act of 2002.” While the proposed legislation has gained currency due to public concerns over terrorism, it is merely proffering old wares in a new wrapper. In proposing to create a de facto national ID system by standardizing state motor vehicle license cards and databases, Davis-Moran rehashes an approach that has been consistently proposed and rejected by Americans throughout the years. Ironically, were a national ID system in place, nothing about the events of 9-11 would have changed. None of the terrorists used fake identification to perpetrate their crimes.
Though it differs in some interesting particulars, HR 4633 is like all other proposals for a national ID system, in that it promises to salve the most pressing problem of the hour. This year, a national ID system will fight terrorism; in calmer times, it promised to make health care affordable, borders secure, illegal immigrants tractable, or deadbeat dads traceable. As always, however, the case for a national ID system is bolstered by airy claims and little by way of proof of the efficacy of such systems. Even in the realm of theory, it’s difficult to see how introducing a national ID, even one equipped, as HR 4633 proposes, with biometric identifiers and “smart” chip technology, would pose more than a nuisance to terrorists, particularly those who have yet to do anything to arouse suspicion. Nevertheless, whether a national ID system is built around a card with or without clever technology built in, it will inevitably lend itself to abuse.
Will a National ID system help fight crime?
Before adopting a policy that bears serious civil rights and privacy implications, it’s important to have some assurance that it addresses an actual need, and that once implemented it will work as intended. But identification systems rank low on the list of problems facing law enforcement. Though four of the September 11th hijackers legally obtained Virginia driver’s licenses under a now-closed state loophole, it is unclear how a national ID would have changed matters — only two of the nineteen hijackers were on the FBI’s terrorist “watch list,” and neither of these two were known to have used fake IDs. In fact, one of these watch-listed terrorists was also listed under his own name in the San Diego phone directory*. With hindsight, the obvious flaw was not the lack of a national ID card, but a lack of attentive police and intelligence work.
Proponents promise that a national ID system would be of assistance in tracking the movements of criminals, but to do so would require ubiquitous checking of national IDs, making the national ID card, in essence, an internal passport. To be effective as a tracking tool, a national ID system would have to subject all of us to ubiquitous checkpoints and/or to random ID checks, with police empowered to detain people based on their failure to produce identification. ID challenges would have to become commonplace, a police power that has historically been anathema to free societies. A system of ID challenge, inevitably, rests on the individual judgments of police to decide who “looks suspicious” enough to challenge for ID, opening a new avenue for racial profiling. Likewise, bureaucrats dispensing public benefits and services would also come to rely on the national ID for verification, adding to the burden on the poor and disenfranchised. These effects alone raise serious doubts about the harmlessness of a national ID system.
How would such a system work?
Any national ID system must be based on four key components:
? An identity  verification system
? A database
? A card
? A card verification system.
While the card is the most visible of these components, without the other components working together, the card is not especially useful. Before a card can be issued, there must be some means of assuring that the person receiving the card is who he or she claims to be. Because of this, any ID system is only as good as its ability to verify an identity in the first place. If a terrorist successfully misidentifies himself to the ID system initially, then he is a greater threat than if he had no ID at all, for now he is equipped with a domestic ID that “proves” his false identity. Since the major concern of the present proposal is foreign terrorism, and since foreign nationals’ chain of identity begins and ends with their passports, it is hard to see how a national ID system can bring much improvement over existing ID systems in this most crucial first step.
Issuance of the ID is accompanied by the entry of the person’s identifying information into a database. But an ID database, no matter how sophisticated, only gives basic information about the person identified: weight, height, hair and eye color, address, etc. It cannot address the focal problem in the hunt for terrorists: figuring out who the terrorists are before they commit a crime. Sorting out the vanishingly small minority of actual terrorists from the millions of ordinary “good guys” in an ID system will never be accomplished by an ID system, but rather through good police and intelligence work. If an ID database is to be used, as some advocates claim, for tracking suspected terrorists, those terrorists would still need to be identified first, and then tracked, as tracking the daily movements of over 270 million people would represent an inconceivably large undertaking.
Proponents of new national ID systems believe that adding technological features to the cards themselves will eliminate problems inherent to such systems, like fraud and forgery. History does not smile on this belief. If a card can be affordably mass-manufactured, it can also be forged. The addition of “high-tech” features–embedded “smart” chips, biometric interlocking, and linking of card data to databases–all promise to make cards less forgeable, and for a while will succeed. However, a cruel paradox of identity card systems is that the more secure a card is, the greater its value, and the greater the incentive and reward for breaking the card. Any card or device in the public’s hands long enough will be cracked. The more secure the card, the more expensive it will be to roll out, and the more costly will be its eventual failure.
Finally, deriving any value from building enhanced high-tech security measures into a national ID system will require massive card verification architecture. Putting a microchip on an ID card only improves it if there is a fair chance that a police officer, airport gate worker, or other person who should have cause to inspect the card has a machine capable of reading its advanced features. Unfortunately, federal ID mandates frequently run afoul of funding problems. Notwithstanding the expenditure of over a billion dollars on a program to update the “green card,” the Immigration and Naturalization Service’s new, tamper-resistant high-tech card has a fatal flaw: few at the INS have been issued the equipment needed to read the card’s high-tech features. † Building the card-verification infrastructure to make the cards work adds more to the overall cost of the system. Much of these costs would have to be picked up by police departments at the state and local level.
On a national scale, rolling out such ubiquitous technology represents a massive expense, and yet, if one or more of the card’s features is invalidated by forgery, the integrity of the entire system is eroded. Given the ever-accelerating pace of technological innovation, building hundreds of millions of “smart” cards in the expectation that they will stay ahead of forgers is a reckless course, one likely to lock us into a string of costly failures.
National Identification Card Systems in Bangladesh
There is no denying that the power of smart cards should never be understated in the digital age. While credit and debit cards have a magnetic strip which contains limited information about the cardholder, a smart card, a credit-card size plastic card with an embedded central processing unit (CPU) and random access memory (RAM), is equipped with all the memory and processing functions its name implies. As widely known, however, as long as it is inserted into a smart card reader, a smart card could be activated to exchange data with the reader, to download/upload data from/to a remote server via the card reader and network. Under this smart card architecture, it seems not difficult at all to track and record the use of a particular card. As a result, it is not inconceivable that electronic ID systems supported by smart card technologies would be haunted by controversies about possible violations of personal privacy.
As a matter of fact, the necessity and appropriateness of creating a national ID scheme has long been a controversial issue in countries around the world. In United States, the proliferation of the social security number (SSN) for purposes unrelated to the administration of the SSN system and the use of SSN to uncover or link databases on many aspects of a person’s life have disturbed many civil libertarians. In addition, whether it is appropriate to utilize SSN as the individual identifier for the health ID card system, as well as whether all Americans should receive a health identifier under the health care system, gave rise to privacy and security concerns. Similarly, proposals for a national ID system had been confronted by oppositions both in Austria and New Zealand. Even in Asia, the Supreme Court of Philippine struck down an administrative order which authorized the adoption of its national computerized identification reference system in the summer of 1998.
On the other hand, however, for a country that already runs a national ID card system, the increasing computerization in the information age proves to be an irresistible temptation. In Singapore, for example, not only the universal resident ID has a bar code, its government employee and military personnel even also use smart card based ID cards for years. The powers of fascination the “digitized nation” dream has prove to be equally irresistible for Taiwan and South Korea.
Several East Asian countries, such as Japan, South Korea, and Taiwan, have the long practices of maintaining a “resident administration system” by a particular government agency to keep track of their people’s movement and household information. In Taiwan, for example, the law requires timely report to the government agency about changes of the family’s addresses, members, and so on. Under the context, the resident administration system has the potential to serve as the foundation of a surveillance society. In Taiwan, again, the local resident administration office is where a citizen applies for his/her national ID card. Also mandated by the law, a person is supposed to carry with him/her the national ID for purposes of conducting various daily transactions both in the public and private sectors. For instance, the national ID is widely used as a person tries to apply for a job, to see a doctor with his/her health insurance plan, to get a credit card or passport, to cash a check, to cast his/her vote, etc. It seems beyond all imagination for a citizen to live a life without a national ID in Taiwan’s society. However, it is noticeable that while the resident administration system is usually closed related to the national ID system, some countries with a resident administration system still might not have a national ID scheme in place. For example, Japan has never implemented any national ID scheme even though it has a similar resident administration system.
As mentioned briefly earlier, the year of 1998 witnessed several ambitious efforts to implement full scale smart card based national ID schemes in at least three Asian countries: South Korea, Malaysia, and Taiwan. South Korean government has pushed for one of the world’s most extensive national ID card projects since mid-1990s. This project, Electronic National Identification Card Project, was given birth by the cooperation of the Ministry of Domestic Affairs and the Korean Computer Institute. Under this project, a smart card would be used to integrate various ID cards, including current universal ID card, resident registration card, driver’s license, national pension card, medical insurance certificate, and scanned fingerprints, among other things. After 50 billion won (Korean dollars) has been invested on building the preliminary infrastructures, the plan was stalled in early 1998 primarily due to South Korea’s national economic hardship. It is also worthwhile to mention that civil rights groups in South Korea have been strongly opposed to the project. Furthermore, the project became an issue in a TV debate during South Korea’s 1997 presidential election which leads to the first change of political power in its history.
The similar project set in motion in Malaysia originally aimed at assigning every resident of the city of Kuala Lumpur an IC card. However, it seemed the government in Malaysia has planed to make it a flagship application of its full-scale Multimedia Super Corridor project. In terms of its scope, the Malaysian project covered more than the South Korean one did. The national ID card, which might be accompanied by a secondary card, would support financial purposes such as those performed by an e-cash card, ATM card, or debit card. It was reported that the project had been delayed, probably also due to Malaysia’s recent ordeal of financial difficulties.
The Taiwanese project might be the most complicated one. As noted earlier, the Taiwanese plan was initiated in 1997 and a public request for proposals was announced in June 1998. As originally planned, the project, under a governmental contract, was to be led by a consortium joined by private sector enterprises. What the Taiwanese government proposed has been a smart card based citizen card plan aiming at the combination of current national ID, the health insurance card, driver’s license, digitized fingerprints, digital signature functions, among other personal data. Although it was undecided whether financial functions would be available under the original three-in-one ID plan at the outset, it seems more than obvious that the potential contractors planed to add electronic purses and debit card functions in the future. The Ministry of Finance in Taiwan even considered seriously the feasibility of revising domestic financial regulations to support these financial functions and attract financial and banking institutes to this project.
To seize the electronic business opportunities, four private sector consortiums were formed in a very short period of time to compete for the government contract. Consequently, four proposals were submitted and one of them was selected by a committee in August 1998 to negotiate a final contract with the government. News had it that some fundamental disagreements over the rate of card-issuing fees and value-added business opportunities between the government and the selected consortium led to the result of no final contract being signed. Nevertheless, it was also reported recently that the government is now considering to make some changes, mainly giving up the idea of contracting out the project to a private sector consortium in its very early stages, on the project of smart card based national ID system, so that the project could be put into implement smoothly as soon as possible. Although it has not been clear yet whether the revitalized project would survive public scrutiny eventually, this kind of smart card based national ID system indeed gives rise to some fundamental questions which are interesting enough for us to consider in the electronic commerce age.
here are some information of smart card based national ID:
Figure: Sample of National ID Card
Chip: A piece of silicon etched with an electronic circuit.
Coercivity: A measure of the strength of a magnetic field. Fields are expressed as low or high by the terms LoCo and HiCo.
Combi-card: Holding both contact and contactless technology on one card.
Contact: A point of electrical connection between a smart card and its external interface device.
Contact Card: Any card where information is transferred to a reader via a series of contact points located on the card.
Contactless Card: Smart card, which transfers data using radio frequency technology via a transmitter and receiver.
Degaussing: Magnetic stripe data erasure.
Digitizing: Conversion of non-textual data to digital form.
Electronic Purse: Smart card stored value program.
Embossing: Characters in relief on the front surface of a card.
Encoding: Recording electronic information on to a magnetic stripe.
Encryption: Transferring information based on a key to make it intelligible to unauthorized parties.
Hologram: A flat optical image that looks three-dimensional to the naked eye.
Holographic foil: the foil used to carry embossed holographic images.
Lamination: Using plates on a press to fuse the various layers of a plastic card together.
Hydraulic Initialization: Programming a smart card chip with data that is the same for a batch of cards.
ID Card: Card which identifies both the bearer and the issuer. All financial transaction cards are ID cards.
ISO: International Standards Organization, central body for formation and dissemination of industry standards for all national standards bodies.
Lithography or Offset Printing: Most common process for plastic card printing based on the concept that oil and water is not compatible. The ink represents the oil and the alkaline fountain solution represents the water. These are the two main components, which must interact during the printing process, allowing the ink to adhere to the image area of a printing plate while the fountain solution repels the ink from the non-image area.
Magnetic Stripe: The strip of magnetic recording material on an ID card.
Multi-application Card: Smart card that can handle a variety of applications.
Oersted: The unit of magnetic coercive force used to define difficult of erasure of magnetic material.
Off-line: A transaction via paper or reader not connected to a central system.
On-line: A transaction on a terminal permanently connected to a network that is on-line to the card account.
Optical Card: Card with information recorded on an optical memory stripe, similar to compact disks.
Personalization: Printing, encoding and programming a card with data specific to an individual cardholder.
Prepaid Card: A card paid for at point of sale permitting the holder to buy goods and services up to the prepaid value.
Proximity Card: A contactless card whose presence and data can be sensed by an interface device not in physical contact with the card.
PVC: Polyvinyl chloride, the most widely used plastic material for cards.
Radio Frequency Card (RFID): A proximity card in which the coupling between the card and the interface device is by radio.
Screen Printing: Method in which ink is forced through a design-bearing screen made of silk or other material onto the substrate being printed.
Signature Panel: The area of an ID card where the cardholder enters a signature.
SIM: Subscriber Identification Module: the smart card necessary for the operation of GSM phones.
Skimming: Copying the magnetic stripe encoding from one card to another.
Smart Card: (aka Chip Card, IC Card): A plastic credit card sized card that contains one or more semiconductor chips. In the capability category, there are three types:
Memory Card: smart card that stores and retrieves serial “streams” of data that are sent to or received from the semiconductor chip.
Protected Memory Card: smart card that requires a secret code or PIN number to be entered before the data can be sent to or received from the semiconductor chip.
Microprocessor Card: contains a microprocessor chip with a microcode that defines a command structure, a data file structure and a security structure in the card.
SET: Secure Electronic Transaction, a MasterCard/Visa backed standard to allow safe Internet trading via encryption certification of all parties involved in a transaction.
Stored Value Card (aka cash card, electronic purse, prepaid card): A financial card that is loaded with a certain amount of money with each purchase amount deducted from the card.
Substrate: Material upon which a plastic card is printed.
Weigand Wire: Magnetic media embedded in cards for access control applications.
BOO Strategy, Outsourcing and the Future of Electronic Commerce
One of the most prominent characteristics of the smart card based national ID project in Taiwan is its proposed BOO (Build-Operate-Own) strategy. The gist of the BOO strategy is each of the governmental agencies involved in the smart card based national ID project would not have any dedicated budget for it. In other words, the original plan of the project anticipated private sector investments to become the driving force in helping build its electronic government and promote the electronic commerce.
Moreover, although the original plan of the project to permit the private BOO contractor to collect fees from citizens does create huge revenue incentives, it is a popular prediction that anticipated additional follow-on business opportunities under the national smart card regime are far more attractive for businesses interested in electronic commerce than the fee-collection authorization. For instance, the certificate authorization function of the smart card project would offer opportunities to vendors of digital signature technologies. As the government in Taiwan is currently making every effort everything to promote the idea and architecture of “electronic government” and electronic commerce, the electronic signature authorized for the smart card would be applied not only to personal identifications but also to all the electronic transactions conducted both in the public and private sectors.
It is not difficult to understand that the adoption of the original BOO Strategy is expected to minimize potential costs associated with the implementation of the project. As it has been shown by the Request of the proposals issued by the authority in charge of this project, the government intended not only to outsource all components of the project, but also to save the costs of purchasing equipment and hiring support personnel via the BOO strategy. According to the authority, private sector resources and efficiencies would be most appropriate for the project. Also, what is more significant, according to the committee, is local IC card-related industry would be therefore encouraged to develop and produce related products and applications. However, it seems to the author that something is missing on the optimistically projected electronic commerce landscape constructed by the BOO strategy.
The BOO strategy described above is quite similar to outsourcing in many aspects. Outsourcing government services is not uncommon at all in today’s world. For various economic reasons, information technology related industries around the world have been competing to contract with government agencies on government databases and taking over the responsibilities for running traditional governmental services. For instance, Electronic Data Systems (EDS) in British, one of the world’s largest outsourcers, plays a leading role in the sourcing of government services in UK. Similarly, a legislative bill authorizing a project which is to combine all medical records, family trees and assorted genetic information into a single computerized database with the help of decode, an Icelandic biotechnology company, was put into serious consideration by Iceland’s parliament in early 1999.
Consider the implications of Taiwan’s BOO strategy and the Iceland project. It is apparent that both governments would not have to bear the costs of building the infrastructure of the systems and their maintenance. Particularly under the BOO regime, the building and maintenance of the systems would be undertaken by the commercial consortium in exchange for exclusive rights of operating the system and the provision of value-added services associated with the system. The nature and scope of the value-added services associated with the national ID system would be negotiated by the government and the consortium. In Taiwan, the commercial interests of the smart card based electronic commerce seem to be a further promise to business prosperity for potential contractors. At the same time, projects like the creation of a comprehensive electronic database by linking the information a biotechnology company, such as decode, has collected with a national database of medical records would prove to be very attractive not only for the private sector’s R&D, but also for government health care policy making.
It is true that the projects described above are not related at all and are different both in their natures and purposes to some extent. It is also true, however, that both projects involve commercial uses of huge bulk of personal information that were originally collected and controlled by public sector agencies and not accessible for commercial processing by the private sector. It is therefore not difficult at all to understand why private sector investors would grasp the rare opportunity to take advantage of the free use of the existing governmental databases and rush to contract with government agencies under various terms. For instance, the Taiwanese project is based on a national computerized resident administration system, a national ID scheme, and a national health insurance scheme. According to the current resident administration regulations in Taiwan, a Taiwanese should carry his/her ID card for check all the time. Moreover, the health insurance ID is a legally compulsory paper-based ID too. At this point, it seems more than clear that the vision brought us by the multi-purpose smart card based national ID system is a prosperous e-commerce society built upon an electronic government who governs its 22 million law abiding citizens. Although the Icelandic project involves a much more comprehensive database of genetic information and medical records of its small population, the potential benefits of this project does include a better cost management of its health care system, which is also one of the primary purposes the authority in charge of the Taiwanese project aimed to achieve with the help of the multi-purpose, smart card based national ID system.
Compared to the cost of collecting personal information all by themselves, it goes without saying that both BOO and outsourcing are much more efficient and effective for the private sector as the contracting commercial companies are allowed to access Fierce Debate the government’s comprehensive databases. As this information accessibility advantage gives rise to the possibility of more effective profiling which opens up almost endless lucrative opportunities for the private sector at the same time, the legitimate worry as to whether the utilization and maintenance of government databases, one of the most significant functions performed by modern governments, should be taken over by the private sector indeed arises both in Taiwan and Iceland.
What seems equally controversial is whether BOO initiative or outsourcing would be a sensible choice for governments positioned in the information age. First, smart card technologies involve a wide range of variables such as standards, fingerprint recognition, security controls, card readers, computer monitor information display content and format, and function convergence and integration methods. In Taiwan, only some of the required technologies are available locally, but most of the applications would have to require active foreign participation. Reconsider the insistence that the smart card based national ID scheme would elevate the technological level of local industries the authority maintains. It seems, however, theoretically and empirically uncertain what the BOO strategy would create for local information industries is incentive or disincentive.
Second, my sense is there should be some alternatives for a better health care cost-benefit control, and thus it seems quite doubtful whether the proposed multi-purpose smart card scheme would be the only cure for the failing cost management of Taiwan’s health care system. Even though the smart card scheme is the most effective auditing tool for health care cost control, a multi-purpose national ID scheme is not necessarily the indispensable solution.
Third, as it seems widely questioned whether either case would be able to clearly specify the exact BOO and outsourced scope, the current exclusive contracting design gives rise to some antitrust concerns. Legally speaking, not only the potential monopolization problems arising from the exclusive deal should be carefully addressed, it is also desirable to consider whether the BOO or outsourcing initiative might immediately create profound network effects, as well as the antitrust implications of the effects. In addition, it would not be an overstatement at all to say that the policymakers should fully consider the possible application of the essential facilities doctrines for the marketplace founded on the smart card based national ID scheme. In sum, it seems also fair to predict that the potential of electronic commerce or similar business opportunities would not be fully appreciated under the above legal uncertainties.
Fourth, since rarely put under public scrutiny, as it happened in Taiwan, the BOO and outsourcing processes might be the quietest privatization in history in which no accountability problems have ever been seriously considered. Aside from the unprecedented political accountability implications, these technology and efficiency oriented projects also bring about serious privacy and security worries for Asia’s half-grown constitutional democracies like Taiwan and South Korea .
Online Privacy under the Emergent Smart Card Based National ID Regime
As noted above, we are living in an age when almost all kinds of personal information could be recorded and stored in digitized forms. Consequently, the potential conflict between commercial/government interests and personal rights of privacy might not be unique at all. All over the world, information technology companies are engaged in researching on and looking for more efficient and effective ways for data mining and data processing every day. Although the debate on technology and privacy has been transformed since 1970s and we were brought to a new landscape that is more variegated and hopeful than before, it seems few efforts have ever been made to consider the issue of online privacy in a global sense—how digital technologies would affect the very nature of privacy and whether regional and cultural factors would come into play in the discourse on the technological transformation of privacy.
One of the primary dangers stemming from the smart card based national ID card system is the mass data observation made possible by the comprehensive database of integrated personal information of the whole population. From the perspective of privacy protection, it is unacceptable to have a national central databank supported political economy by the smart card based national ID card system.
It is true that smart card technology is one of the most secure devices in the digital age, however, it is also undeniable that techniques now unknown may be used to break into what we consider secure now. In addition, a smart card itself might be only one component of security in a system; the possibility of breaches in other system areas could not be excluded. Moreover, non-technological factors, such as social, economical, and cultural ones, which vary significantly from society to society might determine how secure a smart card system would be to a great degree.
Despite it has been claimed that advanced computer security technologies would be utilized in the proposed project in Taiwan to avoid the misuse and abuse of personal information, the project has received harsh public criticism for potential violation of privacy since mid-1998. Some civil libertarians and academic groups have relentlessly raised security and privacy concerns on the one-card-does-all “citizen card” scenario, which has been described by the government authority in charge of the smart card based national ID project as the most efficient way to create a wired country. Furthermore, just as the question of individual consent, that is, under what kind of legal and technical architecture would an information subject not only have a say over how his or her information is used, but also have the right to withdraw it completely if they wish, is a tricky one in the policy debate in Iceland, civil libertarians in Taiwan and South Korea have questioned whether the ultimate truth about the proposed smart card based national ID card schemes is they are bringing us a Big Brother era of electronic surveillance.
Given the complexity to predict the possible subsequent uses and processing on personal information both by the public and private sector, it seems citizens in Taiwan and South Korea would be forced to live under the smart card based national ID regime without being fully informed of the influences the schemes might have on them (and possibly their descendants). Furthermore, as there are only very loose and out-of-dated personal information privacy protection laws in Taiwan and South Korea, it is also widely questioned how the consenting rights of information subjects would be fully realized under the partnership of the government and the private sector investors. By the same token, as it has been unresolved whether smart card readers, an indispensable hardware in the age of smart card technology, would be universally present and easily accessible for the general citizens in countries like Taiwan and South Korea at this stage of technological development, whether a citizen would have any local control on his or her own personal information seems a legitimate worry.
As digital information allows perfect duplication, quick searching and efficient data transfer, introducing a national electronic ID might be quite equal to a privacy nightmare. Under the scheme, huge electronic databases which would include almost all kinds of personal information could easily be copied, stored, searched, transferred and even manipulated. Looked at in this way, digitized fingerprints stored in the IC card, as proposed in the Taiwanese project, for example, could become a real danger. For many people, furthermore, biometrics are highly intrusive and considered a typical violation of privacy which also became an issue in Taiwan’s IC card debate.
It sounds reasonable that smart card is a convenient and safe device to store digital signature and there would be no security threats if you lose it. However, the fact that many corporations and government agencies do not let their subjects have secrets and thus the smart card might not be yours alone has become a genuine source of suspicion for privacy advocates. On balance, it is hard to say whether the revised Taiwanese project would survive in terms of its being introduced without any regulations on the use of digital signature and related issues such as contractual liabilities and certificate authorities. In other words, the smart card itself turned out to be a two-edge sword as it was introduced in a wrong way and during a wrong time in Taiwan and South Korea. This strategic mistake made the technological guarantee of privacy provided by smart card completely overlooked.
The authority in charge of implementing Taiwan’s all-in-one smart card based ID card system explained that the multi-purpose national ID scheme is attractive because it has the advantage of sharing costs across government agencies and even commercial organizations. However, as noted by an ID card expert, multi-purpose national identification schemes represents the most substantial threat of information technologies to individual liberties. The fact that the government is completely ignorant of the public policy implications of the multi-purpose smart card based national ID scheme is fatal to the legitimacy of the project.
Consider just another possibility the smart card could do to a citizen in Taiwan under the future smart card based national ID regime. While with the help of smart cards people would be able to carry their money around in “electronic wallets”, it is also ironically true that the advantages of anonymity would not be brought to us by the convenient electronic wallets under the national ID regime. Theoretically, every detail of your daily lives would be easily recorded coordinately by the private and public sectors under the commercialized one-card-does-all national ID regime. Under this context, the mandatory nature of the smart card based national ID card implies that nobody would be able to choose to be anonymous, both in the real world and in the virtual world, any more. It would be unimaginable and unbearable for many people to have their lives governed by such a perfect technological architecture under which, more important, they have no escape at all.
This raises one of the great problems of national ID programs. Once implemented, programs take on lives of their own. If a system is implemented that provides a single nationwide unique numeric identifier, that system will become a prime focus for businesses, and shortly afterwards, a target of identity thieves. On its introduction, the Social Security number was intended merely to ensure workers paid into the system, and that when the need arose, they could be paid their benefits. Despite its humble origins, however, the simple, nine-digit SSN has grown to become a shadow national ID, a prerequisite for taxation and the provision of a host of government services, coopted by private database maintainers as the key to massive amounts of personal data.
Clearly, the backers of HR 4633 would like people to use the card system in commerce as well as in their dealings with the government. This would make it very difficult to maintain privacy in personal dealings, and could open up every non-cash transaction to scrutiny by the government and by private data gatherers.
A Solution in Search of a Problem.
The EFF views impending moves towards a National ID system with alarm. Public officials, in their zeal to appear to be doing something about terrorism post 9-11, are sending us on a perilous course into a future in which every movement and transaction is subject to monitoring and surveillance. We present here our position on the issue, and online resources designed to help the reader to gain a greater acquaintance with national ID schemes, the latest of which is on the congressional agenda as H.R. 4633 (also known as the Davis-Moran Bill or the Driver’s License Modernization Act of 2002). The EFF is a proud member of the National ID Coalition, a broad-based coalition of human rights advocacy organizations from both the left and the right, dedicated to stopping the national ID system.
Timescale and implementation
On October 11, 2006, the Government announced a timescale described as “highly ambitious” by computer experts. The Home Office said they will publish an ID management action plan in the months from November 2006, followed by agreements with departments on their uses for the system. There will be a report on potential private sector uses for the scheme before 2007 Budget.
On September 25, 2006, Home Office Minister Liam Byrne said that “There are opportunities which give me optimism to think that actually there is a way of exploiting systems already in place in a way which brings down the costs quite substantially” Emails leaked in June 2006 indicate that the plan is already in difficulty, with plans for the early introduction of a limited register and ID card with reduced biometrics known as the ‘early variant’ described as a “huge risk”.
The schedule for putting passport applicants’ and renewers’ details on the National Identity Register (NIR) has not been and may never be announced. It is not expected to happen until spring 2007 according to NO2ID. Applicants will be able to opt out of having a card issued until 2010 although they cannot opt out of having their details recorded on the NIR. Identity cards will be compulsory for anyone getting a new or renewed passport after January 1st 2010. Registration will become compulsory for non-UK passport holders resident in the UK by 2013. The Home Office currently estimates ID cards will be available from 2009.
Under the NIR UK Residents will be required to:
?Attend in person to be photographed, have their fingerprints taken and iris scanned.
?To promptly inform the police or Home Office if a card is lost or damaged.
?To promptly inform the National Identity Register of any change of address.
?To promptly inform the National Identity Register of significant changes to their personal life.
National Identity Register
For full details of the own information  that will be contained on the National Identity Register see Information to be contained on the National Identity Register.
Key to the ID Card scheme will be a centralized computer database, the National Identity Register (NIR). To identify someone it will not always be necessary to check their card, since identity could be determined by a taking a biometric scan and matching it against a database entry.
The Home Office has said ID cards will be issued and the National Identity Register will be in place by 2009.
Concerns and Costs
By the start of 2005 the official estimated cost of the scheme was £5.5 billion. After the general election the Home Office stated that it would cost £584 million a year to run the scheme. The costs for setting up the scheme were not released as the Home Office deemed this information to be commercially sensitive.
Independent studies including one by the London School of Economics have suggested that costs could be as much as £12 billion to £18 billion. The reliability of this study has been challenged by the Government which disputed some of the assumptions used in the calculations such as the need to retake biometric information every 5 years. The government argued that this assumption had not been supported by any research in the London School of Economics report, and that biometric experts quoted in the LSE reports have sought to distance themselves from its findings. The Government also claimed that the authors of these estimates are established opponents to the scheme and cannot be considered unbiased academic sources.
Tony McNulty, Home Office minister responsible for the scheme, responded by saying a “ceiling” on costs would be announced in October 2005 (BBC). There are now indications that the Government is looking at ways of subsidizing the scheme by charging other Government Departments, with the implication that this would result in increased charges for other Government services to individuals or businesses.
In October 2006, the Government declared it would cost £5.4bn to run the ID cards scheme for the next 10 years.
The Government has abandoned plans for a giant new computer system to run the national identity card scheme. Instead of a single multi billion pound system, information will be held on three existing separate databases.
David Blunkett himself stated that “ID Cards won’t stop terrorism”. His successor, Charles Clarke, said the same in the aftermath of the 7 July 2005 London bombings , but claimed that they might help identify the perpetrators. The existence of ID cards in Spain did not prevent the Madrid train bombings. The existence of a single definitive identity register may make it easier for people to assume a false identity.
The Government’s Race Equality Impact Assessment pdf indicates significant concern among ethnic groups over how the Police would use their powers under an Identity Cards Act, with 64% of black and 53% of Indian respondents expressing concern, particularly about the potential for abuse and discrimination. In their January 2005 report doc on the Bill, the Commission for Racial Equality stated that the fear of discrimination is neither misconceived nor exaggerated, and note that this is also an ongoing issue in Germany, the Netherlands and France.
The CRE are also concerned information warfare and security that disproportionate requirement by employers and the authorities for ethnic minorities to identify themselves may create a two tiered structure amongst racial groups, with foreign nationals and British ethnic minorities feeling compelled to register while British white persons do not.
According to the CRE, certain groups who move location frequently and who tend to live on low incomes (such as Gypsies, travelers, asylum-seekers and refugees) risk being criminalized under the legislation through failing to update their registration each time they move due to lack of funds to pay the fee that may be charged.
Different types of forms are used –
Figure: Main Form
Figure: Display Form
Figure: Insert Form
Figure: Delete Form
Figure: Update Form
Concerns raised by the Information Commissioner
In a press release on July 30, 2004 (.doc file), Richard Thomas the Information Commissioner stated that a NIR raise substantial data protection and personal privacy concerns. He sought clarification of why so much personal information needed to be kept as part of establishing an individual’s identity and indicated concern about the wide range of bodies who would view the records of services individuals have used. The Commissioner has also pointed out that those who renew or apply for a driving licence or passport will be automatically added to the National Identity Register, so losing the option of not registering.
On February 2, 2005, Parliament’s Joint Committee on Human Rights questioned the compatibility of the Bill with Article 8 of the European Convention on Human Rights (the right to respect for private life) and Article 14 (the right to non-discrimination), both of which are encapsulated with the UK’s own Human Rights Act.
Even without new primary legislation, the Identity Cards Act allows the potential scope of the scheme to be much greater than that usually publicized by the Government.
For example, Gordon Brown was reported to be “planning a massive expansion of the ID cards project that would widen surveillance of everyday life by allowing high-street businesses to share confidential information with police databases.” He apparently described how “police could be alerted as soon as a wanted person used a biometric-enabled cash card or even entered a building via an iris-scan door.”
The British ID cards went from 3 functions during World War II to 39 by the time it was abolished.
Concerns have also been raised following Tony Blair’s response to an ID card petition stating that the fingerprint register would be used to compare the fingerprints of the population at large against the records of 900,000 unsolved crimes.
Opposition mps claim that the use of the biometric data in this way directly breaches promises given during the commons debate that there would be adequate safeguards preventing the use of ID card data for “fishing expeditions”.
Database extent and access
The amount of data which can be recorded on the NIR is unlimited. Home Office forecasts envisage that “265 government departments and as many as 48,000 accredited private sector organizations” would have access to the database, and that 163 million identity verifications or more may take place each year .
The CRE have also recommended that more work is required to protect the interests of vulnerable individuals. For example, women escaping a violent partner or a forced marriage may be at risk if their previous names or addresses are disclosed.
Tony Blair said “ID cards are needed to stop the soaring costs of identity theft” in May 2005. However, security experts have claimed that placing trust in a single document may make identity theft easier, since only this document needs to be targeted .
Falsely obtaining such a ‘secure’ identity becomes very valuable because people are less likely to question its validity. This has happened in Australia, where identity theft has risen above British levels since the introduction of a widely used Tax File Number. Identity theft surrounding the Social Security Number is also a major problem in the USA. However, it can be argued that part of the problem in these countries arises from the lack of a national ID card as no positive identification exists which links one to one’s unique ID number such as the Social Security Number. It is the lack of such means of identification, not necessarily the existence of the unique number itself, which promotes ID theft since there are no easily available means to verify one’s SSN (such as a card with a person’s SSN and photograph).
However, others claim that such comparisons cannot be directly compared with the introduction of identity cards and point out that such critiques usually offer any national IC card  alternative solutions to identity theft as it continues to grow.
Opponents to the scheme state that in order to apply for the new identity cards, existing documents such as passports will be used to prove identity; however, such identification is proficiently forged, allowing identity thieves posing as someone else to apply for cards. While new applications could be made using false documentation, existing cards and database entries would also be targets. Supporters note that such claims ignore that actual process, which allows for electronic checks of applications rather than a solely paper based system.
The NIR database would make an attractive target for computer hackers. Opponents also claim that any system involving human operators is liable to social engineering attacks, infiltration or bribery or blackmail of staff. Supporters claim that there are potential ways of organizing working processes to stop such attacks.
Due to the supposed security of the British system, proving that your identity has been stolen could prove problematic. If a person’s biometric information is discovered and exploited by an identity thief the subject has little recourse, since such information by definition cannot be changed or reissued.
Card tampering and forging
In addition to problems affecting the database of electronic marketplace , there may be the tampering or superficial forging of the actual biometric identity cards. In a recent case in Germany, criminals forged an ID card that included biometric data.
A number of academics also point to problems of removing human interaction from security systems. Such problems can be seen with Chip and PIN credit card systems. While not a criticism of the technology itself, the work notes that operators cannot simply leave the security up to the technology and must remain vigilant in preventing suspicious behavior, and that’s why communicating with a smart card reader is a factor:
What’s the solution?
Smart cards are portable data cards that must communicate with another device to gain access to a display device or a network. Cards can be plugged into a reader, commonly referred to as a card terminal, or they can operate using radio frequencies (RF).
When the smart card and the card reader come into contact, each identifies itself to the other by sending and receiving information. If the messages exchanged do not match, no further processing takes place. So, unlike ordinary bank cards, smart cards can defend themselves against unauthorized users and uses in innovative security measures.
Communicating with a Smart Card Reader
The reader provides a path for your application to send and receive commands from the card. There are many types of readers available, such as serial, PCCard, and standard keyboard models. Unfortunately, the ISO group was unable to provide a standard for communicating with the readers so there is no one-size-fits-all approach to smart card communication.
Each manufacturer provides a different protocol for communication with the reader.
- First you have to communicate with the reader.
- Second, the reader communicates with the card, acting as the intermediary before sending the data to the card.
- Third, communication with a smart card is based on the APDU format. The card will process the data and return it to the reader, which will then return the data to its originating source.
The following classes are used for communicating with the reader:
- ISO command classes for communicating with 7816 protocol
- Classes for communicating with the reader
- Classes for converting data to a manufacturer-specific format
- An application for testing and using the cards for an intended and specific purpose
Readers come in many forms, factors and capabilities. The easiest way to describe a reader is by the method of its interface to a PC. Smart card readers are available that interface to RS232 serial ports, USB ports, PCMCIA slots, floppy disk slots, parallel ports, infrared IRDA ports and keyboards and keyboard wedge readers. Card readers are used to read data from – and write data to – the smart card. Readers can easily be integrated into a PC utilizing Windows 98/me, 2000, or XP platforms. However, some computer systems already come equipped with a built-in smart card reader. Some card readers come with advanced security features such as secure PIN entry, secure display and an integrated fingerprint scanners for the next-generation of multi-layer security and three-factor authentication.
Another difference in reader types is on-board intelligence and capabilities. An extensive price and performance difference exists between an industrial strength reader that supports a wide variety of card protocols and the less expensive win-card reader that only works with microprocessor cards and performs all processing of the data in the PC.
The options in terminal choices are just as varied. Most units have their own operating systems and development tools. They typically support other functions such as magnetic-stripe reading, modem functions and transaction printing.
To process a smart card the computer has to be equipped with a smart card reader possessing the following mandatory features:
- Smart Card Interface Standard – ISO 7816 is an international standard that describes the interface requirements for contact-type smart cards. These standards have multiple parts. For instance, part 1, 2 and 3 are applicable to card readers. Part 1 defines the physical characteristics of the card. Part 2 defines dimension and location of smart card chip contacts. Part 3 defines the electronic signals and transmission protocols of the card. Card readers may be referred to as conforming to ISO 7816 1/2/3, or in its simplified term, ISO 7816.
- Driver – This refers to the software used by the operating system (OS) of a PC for managing a smart card and applicable card reader. To read a smart ID card, the driver of the card reader must be PC/SC compliant which is supported by most card reader products currently available. It should be noted that different OS would require different drivers. In acquiring card readers, the compatibility between the driver and the OS has to be determined and ensured.
Elsewhere, doubts remain concerning the practicability of the scheme, relying on unproven technologies such as chip-based ID iris scanning, and even the very best system will be liable to a small error rate. In some cases