Events since 9/11 have increased national interests in implementing more secure personal ID systems, to improve confidence in verifying the identities of individuals seeking access to physical or virtual locations. This could be an immigrant checkpoint control at an airport, or a government-hosted web site offering citizen services.
Widespread use of information systems and internet technology is revolutionizing the way governments and businesses communicate with and deliver services to citizens, providing exceptional cost, time and resource savings. However, this convergence towards an online adapted world has created new types of risks and challenges that traditional ID cards issued by governments and enterprises are unable to solve, due to their limited functionality capabilities.
In many countries around the world, debates are taking place arguing the possibility of issuing a new type of ID in the form of a smartcard, with or without some form of biometrics functionality, such as fingerprint recognition. The debate is particularly hot in the U.S. and in the U.K., as these two countries have currently not implemented any type of national ID, and have by tradition and culture always been somewhat reluctant to make use of such a program.
The most commonly used argument against deployment of national ID cards, is the fear of compromising privacy and thus freedom of individuals. Civil liberty unions and privacy lobbyists claim that a national ID program would create a unique way for governments to track citizens, resulting in profiling and discrimination. According to Gartner (March 2002), 41 percent of U.S. citizens are opposed to the creation of a national identification database to identify citizens and visitors to the United States. Only 26 percent of U.S. citizens agreed that such a database should be established.
Smartcards provide a solution that brings a positive and innovative response to this current privacy debate, offering a number of advantages compared to any other form of ID document. Above all, the technology constitutes a strong and convincing case for reducing the continuing privacy concerns, by enabling high control of private identification data.
With smartcard technology, there is no need for a centralized national ID database
Off-line verification is one of the strongest advantages that smartcards possess in comparison to other technologies. Through this feature, smartcard-based identity verification can be cost-effectively deployed at the various physical security checkpoints that require validation of identity -- for example, at different locations in an airport, a road control or other security facilities.
Security officers can verify an individual's identity by prompting an ID cardholder to enter his or her personal identification number (PIN) code, or by comparing a scanned biometric, such as a fingerprint, with a biometric stored on the card. The latter is referred to as 'match-on-card' technology and can be applied in a broad variety of identification scenarios, all performed in a wireless environment. This unique technology eliminates the need for online access to a central database by restricting the data shared to an individual entity, thus controlling citizen privacy.
Furthermore, with its capacity to store, read, write and update information in a very secure environment, a smartcard can easily be interconnected with multiple existing databases. This eliminates the need to link all these independent legacy systems, hence reducing the possibility of privacy infringement imposed by a unique government-controlled citizen database.
With a smart ID card, a citizen can remain full control of his or her personal information. Along with the strong information protection and security that is inherent to smartcard technology, a smart ID card is able to share only the information required for a specific situation or location.
Firstly, the card content is protected against unauthorized access by a unique PIN code, and/or by the owner's fingerprint, and always stays in full possession of its owner. Furthermore, the card's unique ability to verify the authority of the information requestor allows it to be the perfect guardian of a citizen's personal information. All of the cardholder's personal information does not need to be revealed every time in order to validate someone's identity. The information shared can vary depending on the specific 'role' of the individual at a given point in time.
In other words, only the data required for a defined identification purpose would be presented to the government authority in question. For example, to a police officer on road control, a smartcard will present information related to the motor vehicle authority (and this information may vary depending on where the license was issued). To a retail shop owner selling alcohol or tobacco, a smartcard will only present information related to the age of the ID cardholder, with no reference to the name and the address of the individual.
By allowing authorized and authenticated access only to the information required during a governmental identification operation, a smartcard-based ID card can protect the citizen's privacy, while at the same time ensuring that the individual is properly identified.
Dr Bruno Lassus is vice president of healthcare and identity solutions at Gemplus (www.gemplus.com).