Smart Cards - Threat or Panacea?

Smart Cards - Threat or Panacea?

Round-Table SeminarSmart Cards & Society

Chulalongkorn University -Bangkok11th November 2004

Prof. Jim NortonSenior Policy Adviser

UK Institute of DirectorsFormer Director UK Cabinet Office

PIU e-Commerce teamwww.profjimnorton.com

• Setting the scene - technological growth outstripping social absorption?

• Why might we be interested in ID and data sharing?

• What do we mean by “Identity” and “Smartcards”

• A look at the challenges in more detail.

• A risk analysis.

• The weak link - binding identities to individuals?

• Biometrics - reliable for which purposes?

• Some final thoughts.

Issues to be covered

The second half of the chessboard

Original idea: George Gilder at the Cato-Brookings Institution conference "Regulation in the Digital Age," held in Washington D.C. on April 17-18, 1997.

The cost-performance of electronics doubles every 18-24 months (Moore’s Law)

110

1001,000

10,000100,000

1,000,00010,000,000

100,000,0001,000,000,000

10,000,000,000100,000,000,000

1,000,000,000,000

1940 1950 1960 1970 1980 1990 2000 2010 2020 2030

Source: Analysys

33 Doublings

Moore’s Law in Action:Intel Microprocessors

Source: Intel & Silicon Image

0

5

10

15

20

25

30

35

40

45

197119731975197719791981198319851987198919911993199519971999

M Transistors

40048008

8080 8086 80286 80386DX 80486DX Pentium

Pentium II

Pentium III

Pentium 4

2T/18

Opto-electronics follow the same path (Moore’s Law operates in telecoms, too)

Source: Analysys

31 Doublings 1980 1985 1990 1995 2000 20050

5000

10 000

15 000

20 000

25 000

30 000

35 000

40 000

45 000

1975

Mbit/s

Gigabit Ethernet installed base growth

0

10

20

30

40

50

60

1998 1999 2000 2001 2002 2003E 2004E

GBE Ports (Installed)

Mill

ions

Source: IDC & Silicon Image

The cost-performance of magnetic storage doubles roughly every 18months…

110

1001,000

10,000100,000

1,000,00010,000,000

100,000,0001,000,000,000

10,000,000,000100,000,000,000

1,000,000,000,000

1940 1950 1960 1970 1980 1990 2000 2010 2020 2030

Source: Silicon Image

26 Doublings

Disk storage density is growing exponentially too…

0

50

100

150

200

250

1996 1997 1998 1999 2000 2001 20022003E2004E

Gb/sqin

Source: IDC & Silicon Image

Cooper’s law for wireless

1

100

10,000

1,000,000

100,000,000

10,000,000,000

1,000,000,000,000

100,000,000,000,000

1895 1905 1915 1925 1935 1945 1955 1965 1975 1985 1995 2005

Cooper’s Law, (after ArrayComm Chairman, Martin Cooper), states that the number of conversations (voice and data) conducted over a given area, in all of the useful radio spectrum, has doubled every two and a half years for the last 105 years, ever since Marconi discovered radio in 1895

42 Doublings

Source: ArrayComm

But we have seen this before in the context of the telegraph…

1850 1852Year

1846 1848

Miles of wire in the USA 23 000

12 000

200040

Source: Tom Standage, The Economist, “The Victorian Internet”

The first half of the chessboard has already delivered some surprises

Microsoft Corporation, 1978

We are drowning in data….

Where is the life we have lost in living?Where is the wisdom we have lost in knowledge?Where is the knowledge we have lost in information?

T S Eliot, Choruses from ‘The Rock’, 1934

And a codicil for the 21st century… Where is the information we have lost in data?

The World produces more than 2 Exabytes (2 Billion Gigabytes) of unique information per year, more than 250 Megabytes for every man, woman and child on earth…

Technology of course makes an excellent servant but a poor master…

As an engineer and director my strong concern is with the process by which increasingly rapid change in technological capability diffuses out into society and the economy…

Source: Jim Norton, COGS Network Meeting, University of Sheffield, 20/01/03

•Major scope to improve quality and lower cost in both public and private sectors…

•Potential to greatly simplify citizen - state interactions…

•Potential to tailor private and public sector services to individual consumers…

Riding the information “tiger”…

•But poor track record in building systems which align people, systems and processes.

•But to whose benefit and under what agreed privacy constraints?

•But major absence of the ‘trust’ required to permit the holding and use of personal data.

Networked information systems can be either (or both!) a benefit and a curse…

Source: Jim Norton, COGS Network Meeting, University of Sheffield, 20/01/03

Market-led approachA competitive and

innovative environmentInternationally agreed tax and

regulatory frameworks

Co-ordination and focus across Government Monitoring and evaluation

A framework for analysis..

AccessUnderstanding

Trust

The UK is the leading centre for e-commerce activity within a strong Single European Market, based on openness and innovation by suppliers and customers, light touch regulation, and Government-Industry partnership

Source: UK Cabinet Office PIU Report “[email protected]” Sept 1999










Why might the “information sharing” agenda be important?

The private sector has demonstrated very real improvements in service quality (and reductions in cost) based upon information sharing and e-business tools

The e-business scope compass source: Mohanbir Sawhney - Kellogg Management School Northwestern University Chicago

The e-business scope compass

“When I took a look at Boeing’s interaction costs and discovered that e-enabling the business could save as much as 50%, I became an instant believer…” Phil Condit Chairman & CEO The Boeing Company - 2001

Developing enterprise integration is a long climb…

In many ways local government has demonstrated more rapid adoption than central government.For example, much UK central government work is stuck on the bottom two rungs of this ladder. The upper rungs need strong identity authentication

The ladder of e-business initiatives, source: Mohanbir Sawhney - Kellogg Management School Northwestern University Chicago

Govt. information sharing: a SWOT analysis

Avoid multiple data entry Some clear personal benefits - e.g.

in health care Simplified, personalised

interaction. Major service improvements (e.g.

Electronic conveyancing)

Over centralisation “sharing creep” e.g. through

poorly anonymised research. Poor understanding of how to

maintain overall integrity Potential for access demands from

law enforcement.

Strengths Weaknesses

Genuine debate explaining benefits and risks for citizens

Develop multi-level system to authorise transactions

Let citizens hold the info. And authorise sharing?

Develop de-centralised approach around common standards

Opportunities Extensive distrust of Government

motives… Increasingly attractive target for

hacking Single security breech could

contaminate multiple applications. Increasing pressure on data

protection legislation.

Threats

The need for informed open debatePolitical leadership is required, coming out of the bunker and promoting broad debate on areas such as:

• What “Vision” and “Values” underpin the Government’s “Mission” in data sharing?

• What are the tangible benefits to citizens from Government information sharing?

• What are the risks inherent in such sharing and what processes will be put in place to manage these?

• How will information sharing be regulated? What forms of redress will there be against inappropriate sharing?

UK Government ID card objectives

tackle illegal working and immigration abuse; disrupt the use of false and multiple identities by organised

criminals and those involved in terrorist activity; help protect people from identity fraud and theft; ensure free public services are only used by those entitled to

them; and enable easier and more convenient access to public services

The UK Government’s stated aims are to:

Source: UK Home Office Command Paper 6359 - Oct 2004










Attributes of Personal Identity (PI)

Data contributing towards the validation of identity, e.g. does “John Smith” exist?

Data contributing towards the verification of identity, e.g. is this “John Smith”?

Data contributing towards the assessment of eligibility to attain the product or service.

Elements required to prove identity or eligibility:

Source: UK/EURIM Personal Identity Management Group “Strawman” March 04

Three dimensions of identity evidence: Breadth - the number of evidences? Depth - how far back in time does evidence reach? Quality:

– were robust measures of identity authentication enforced when the evidence was established?

– does the evidence emanate from a reliable source?

– are the personal identity attributes maintained e.g. address changes?

How do individuals identify themselves to service providers?

physical possession of the evidence e.g. presenting a utility bill;

visual attributes within the evidence that can be connected to the person e.g. a photograph; or

corroboration of attributes associated with the individual’s personal identity obtained from independent sources against those supplied by the person on this occasion….

This is achieved (with varying degrees of confidence) by:


– given verbally;– presented through electronic data capture.– associated with an identity token:

• physically presented electronically read

o locally authorised– PIN– Biometric

o centrally authorised– PIN– Biometric

visually read• electronically transferred

centrally authorised

Such corroboration can be:

Multiple levels of authentication are required

1

2

3

Possess Photo PIN PassW KeyW BioM

YY YY YY

YYYY

Y

Method of attachment

Aut

hent

icat

ion

Lev

el


Tokens can take many forms

Photo PIN PassW KeyW BioMCentral

YY YY

Y

Method of attachment

Virtual

BioMLocal

Y

Card

Smart Card

Digital Cert

Y

YY YY

YY






• A risk analysis





What challenges are we seeking to address?

For the citizen to be able to protect their own identity from high-jacking and abuse.

For the citizen to be able to protect the identity of deceased or vulnerable relatives.

To reduce the impact of identity fraud on society. For the citizen to have more than one identity e.g. married and

maiden names. For the citizen to have confidence in whom they are dealing with. For the citizen to have control over their personal data. For the citizen to have control over who has access to their data. For the citizen to have choice re: methods & channels to select to

obtain products and services.

From the citizen’s perspective:

Source: UK/EURIM Personal Identity Management Group March 2004

What challenges are we seeking to address?

To be able to employ trusted, secure, cost effective methods of providing products and services to their customers .

To attain the highest degree of confidence re: who they are dealing with in relation to the risk of the service or product offered to their customers.

To allow the citizen to be able to obtain a copy of their personal data used in a specific transaction via the Data Custodian where the data has been procured from source and then assembled and passed to the service provider by the Data Custodian.

To enable the citizen to report identity fraud against themselves via a single point. The service provider has a responsibility and vested interest in ensuring that to

carry an identity token provides the citizen with worthwhile benefits in terms of the services made available, the speed and effectiveness of the service, the reduction in personal data requested and the associated general convenience.

To recognise that the citizen has the right to utilise a number of identities associated with themselves.

From the service provider’s perspective:

Source: UK/EURIM Personal Identity Management Group March 04

Consent - “Circle of Trust”

Citizen

Provider of services to the citizen

SourceData

SourceData

DataBroker

Service Application

PI‘KiteMark’

IndependentBody

Notificationcondition of ‘KiteMark’

Specifies typeof data &

level of datato be accessed

Con

sent











Identifying the risks in “Smartcard” ID systems

Risk is an essential element of any innovation. The key to success is how those risks are identified, managed and controlled…

Segmenting smartcard “risk” - PEST

Seeking instant “at a stroke” solutions to intractable problems?Lack of willingness to explain and debate genuine benefits versus liabilities?Inappropriate applications (e.g. counter terrorism)?Function creep…?

Creating new “single points of vulnerability” in National Critical Infrastructure?Placing excessive trust in a single mechanism?Costs of ensuring high integrity in unambiguously identifying individuals prior to issuing card?Deployment risks/costs?Costs of false positives and negatives?

Lack of trust of Government motives and plans?

Poor visibility of potential benefits compared to clear civil rights and privacy concerns?

Unconstrained data sharing?

Concern over cost/benefit balance?

Political

Social

Economic

TechnologicalDeveloping, and maintaining the integrity, of very large databases?

Quality of existing data?

Confusion between absolute identification and confirmatory authentication?

Widespread use of biometrics under “real world” conditions?

Still more risk segments…Operational Legal

Potential for subversion of junior staff in the card issuing process?Need for exceptionally high overall system availability 24x7?Vulnerability to Distributed Denial of Service (DDoS) attack? Fallback plans in the event of major failure?

In Europe - relationship to human rights legislation?Admissibility of evidence based solely on computer data.Ensuring forensic integrity of identity data in the legal process.Potential for “false positives”, poor general understanding of statistics?Data protection legislation?

Sometimes it takes awhile to work out just how deep in the mire we are…










The weak link - binding identities to individuals?

What documentary “proofs” will be required to establish an individuals identity before it is bound to a card?

How thoroughly will these “proofs” be checked? How vulnerable will the system be to subversion of junior staff? How secure will the process be for maintaining the link between

the individual and the ID card on say name change at marriage, or in giving a power of Atourney during incapacity?

I’m convinced that the technology for a smartcard based ID system can be made to work, however I have real concerns about the ‘people’ and ‘process’ aspects. In particular:










Biometrics - reliable for which purposes?

It is unsafe to use for example DNA fingerprinting simply to trawl a national database for matches without any other linkage of an individual to say a crime scene. It is however safe to use DNA finger printing to corroborate an existing link…

Retina scanning offers a high probability of successful identification in a population of millions with miniscule probability of “false positives”

Facial recognition is an immature technology with a false negative rate under”real world conditions of 20%+

Striking a balance between ‘false positives’ and ‘false negatives’?

History will show that certain assumptions involving biometrics will prove to be ill founded - If biometric-related initiatives were poorly conceived, States risked the alienation of responsible citizens - Dr Julian Ashbourn giving evidence to the European Parliament Committee on Civil Liberties Justice and Home Affairs 6th October 2004. More on: http://www.avanti.1to1.org/










Some final thoughts A broad, informed, debate on ID cards and Government data sharing -

shaping its overall Vision, Mission and Values - is necessary. Such data sharing represents a very complex process involving both

people and technology plus regulation and legal controls at national and international level.

The past track record generally of Governments with such technology mediated business change projects gives cause for concern…

Blind faith in technological solutions is unlikely to lead to successful outcomes.

Authentication of eligibility rather than full personal identification may often be more appropriate.

Biometrics are an important, evolving, technology but must be used appropriately.

An incremental approach and peer to peer linkage might offer a more predictable environment than hierarchical mega-systems.

But always remember that major change can sometimes

have unexpected impacts….

Oh dear…!

Questions & Answers

Slides can be downloaded from:

www.profjimnorton.com/jnthaiv3.ppt

Date post:	23-Feb-2016
Category:	Documents
Upload:	kaili
View:	33 times
Download:	0 times

Smart Cards - Threat or Panacea?

Documents