1 / 43

Smart Cards - Threat or Panacea?

Smart Cards - Threat or Panacea?. Round-Table Seminar Smart Cards & Society Chulalongkorn University -Bangkok 11th November 2004. Prof. Jim Norton Senior Policy Adviser UK Institute of Directors Former Director UK Cabinet Office PIU e-Commerce team www.profjimnorton.com.

kaili
Download Presentation

Smart Cards - Threat or Panacea?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Smart Cards - Threat or Panacea? Round-Table SeminarSmart Cards & Society Chulalongkorn University -Bangkok 11th November 2004 Prof. Jim Norton Senior Policy Adviser UK Institute of Directors Former Director UK Cabinet Office PIU e-Commerce team www.profjimnorton.com

  2. Issues to be covered • Setting the scene - technological growth outstripping social absorption? • Why might we be interested in ID and data sharing? • What do we mean by “Identity” and “Smartcards” • A look at the challenges in more detail. • A risk analysis. • The weak link - binding identities to individuals? • Biometrics - reliable for which purposes? • Some final thoughts.

  3. The second half of the chessboard Original idea: George Gilder at the Cato-Brookings Institution conference "Regulation in the Digital Age," held in Washington D.C. on April 17-18, 1997.

  4. 1,000,000,000,000 100,000,000,000 10,000,000,000 1,000,000,000 100,000,000 10,000,000 1,000,000 100,000 10,000 1,000 100 10 1 1940 1950 1960 1970 1980 1990 2000 2010 2020 2030 The cost-performance of electronics doubles every 18-24 months (Moore’s Law) 33 Doublings Source: Analysys

  5. Pentium 4 Pentium III Pentium II 8008 Pentium 80486DX 80286 8080 4004 8086 80386DX Moore’s Law in Action:Intel Microprocessors 2T/18 Source: Intel & Silicon Image

  6. Yemi Lawal: pp346003 op fibre & 45 000 40 000 35 000 30 000 Mbit/s 25 000 20 000 15 000 10 000 5000 0 1975 1980 1985 1990 1995 2000 2005 Opto-electronics follow the same path (Moore’s Law operates in telecoms, too) 31 Doublings Source: Analysys

  7. Gigabit Ethernet installed base growth Millions Source: IDC & Silicon Image

  8. 1,000,000,000,000 100,000,000,000 10,000,000,000 1,000,000,000 100,000,000 10,000,000 1,000,000 100,000 10,000 1,000 100 10 1 1940 1950 1960 1970 1980 1990 2000 2010 2020 2030 The cost-performance of magnetic storage doubles roughly every 18months… 26 Doublings Source: Silicon Image

  9. Disk storage density is growing exponentially too… Source: IDC & Silicon Image

  10. Cooper’s law for wireless 42 Doublings Cooper’s Law, (after ArrayComm Chairman, Martin Cooper), states that the number of conversations (voice and data) conducted over a given area, in all of the useful radio spectrum, has doubled every two and a half years for the last 105 years, ever since Marconi discovered radio in 1895 Source: ArrayComm

  11. 23 000 Miles of wire in the USA 12 000 2000 40 1850 1852 1846 1848 Year But we have seen this before in the context of the telegraph… Source: Tom Standage, The Economist, “The Victorian Internet”

  12. Microsoft Corporation, 1978 The first half of the chessboard has already delivered some surprises

  13. We are drowning in data…. Where is the life we have lost in living? Where is the wisdom we have lost in knowledge? Where is the knowledge we have lost in information? T S Eliot, Choruses from ‘The Rock’, 1934 And a codicil for the 21st century… Where is the information we have lost in data? The World produces more than 2 Exabytes (2 Billion Gigabytes) of unique information per year, more than 250 Megabytes for every man, woman and child on earth…

  14. Technology of course makes an excellent servant but a poor master… As an engineer and director my strong concern is with the process by which increasingly rapid change in technological capability diffuses out into society and the economy… Source: Jim Norton, COGS Network Meeting, University of Sheffield, 20/01/03

  15. Riding the information “tiger”… Networked information systems can be either (or both!) a benefit and a curse… • Major scope to improve quality and lower cost in both public and private sectors… • Potential to greatly simplify citizen - state interactions… • Potential to tailor private and public sector services to individual consumers… • But poor track record in building systems which align people, systems and processes. • But to whose benefit and under what agreed privacy constraints? • But major absence of the ‘trust’ required to permit the holding and use of personal data. Source: Jim Norton, COGS Network Meeting, University of Sheffield, 20/01/03

  16. Market-led approach Internationally agreed tax and regulatory frameworks A competitive and innovative environment Co-ordination and focus across Government Monitoring and evaluation A framework for analysis.. The UK is the leading centre for e-commerce activity within a strong Single European Market, based on openness and innovation by suppliers and customers, light touch regulation, and Government-Industry partnership Access Trust Understanding Source: UK Cabinet Office PIU Report “e-commerce@its.best.uk” Sept 1999

  17. Issues to be covered • Setting the scene - technological growth outstripping social absorption? • Why might we be interested in ID and data sharing? • What do we mean by “Identity” and “Smartcards” • A look at the challenges in more detail. • A risk analysis. • The weak link - binding identities to individuals? • Biometrics - reliable for which purposes? • Some final thoughts.

  18. Why might the “information sharing” agenda be important? The e-business scope compass “When I took a look at Boeing’s interaction costs and discovered that e-enabling the business could save as much as 50%, I became an instant believer…” Phil Condit Chairman & CEO The Boeing Company - 2001 The private sector has demonstrated very real improvements in service quality (and reductions in cost) based upon information sharing and e-business tools The e-business scope compass source: Mohanbir Sawhney - Kellogg Management School Northwestern University Chicago

  19. Developing enterprise integration is a long climb… In many ways local government has demonstrated more rapid adoption than central government. For example, much UK central government work is stuck on the bottom two rungs of this ladder. The upper rungs need strong identity authentication The ladder of e-business initiatives, source: Mohanbir Sawhney - Kellogg Management School Northwestern University Chicago

  20. Avoid multiple data entry Some clear personal benefits - e.g. in health care Simplified, personalised interaction. Major service improvements (e.g. Electronic conveyancing) Over centralisation “sharing creep” e.g. through poorly anonymised research. Poor understanding of how to maintain overall integrity Potential for access demands from law enforcement. Opportunities Threats • Genuine debate explaining benefits and risks for citizens • Develop multi-level system to authorise transactions • Let citizens hold the info. And authorise sharing? • Develop de-centralised approach around common standards • Extensive distrust of Government motives… • Increasingly attractive target for hacking • Single security breech could contaminate multiple applications. • Increasing pressure on data protection legislation. Govt. information sharing: a SWOT analysis Strengths Weaknesses

  21. The need for informed open debate Political leadership is required, coming out of the bunker and promoting broad debate on areas such as: • What “Vision” and “Values” underpin the Government’s “Mission” in data sharing? • What are the tangible benefits to citizens from Government information sharing? • What are the risks inherent in such sharing and what processes will be put in place to manage these? • How will information sharing be regulated? What forms of redress will there be against inappropriate sharing?

  22. UK Government ID card objectives The UK Government’s stated aims are to: • tackle illegal working and immigration abuse; • disrupt the use of false and multiple identities by organised criminals and those involved in terrorist activity; • help protect people from identity fraud and theft; • ensure free public services are only used by those entitled to them; and • enable easier and more convenient access to public services Source: UK Home Office Command Paper 6359 - Oct 2004

  23. Issues to be covered • Setting the scene - technological growth outstripping social absorption? • Why might we be interested in ID and data sharing? • What do we mean by “Identity” and “Smartcards” • A look at the challenges in more detail. • A risk analysis. • The weak link - binding identities to individuals? • Biometrics - reliable for which purposes? • Some final thoughts.

  24. Attributes of Personal Identity (PI) Elements required to prove identity or eligibility: • Data contributing towards the validation of identity, e.g. does “John Smith” exist? • Data contributing towards the verification of identity, e.g. is this “John Smith”? • Data contributing towards the assessment of eligibility to attain the product or service. Three dimensions of identity evidence: • Breadth - the number of evidences? • Depth - how far back in time does evidence reach? • Quality: • were robust measures of identity authentication enforced when the evidence was established? • does the evidence emanate from a reliable source? • are the personal identity attributes maintained e.g. address changes? Source: UK/EURIM Personal Identity Management Group “Strawman” March 04

  25. How do individuals identify themselves to service providers? This is achieved (with varying degrees of confidence) by: Such corroboration can be: • given verbally; • presented through electronic data capture. • associated with an identity token: • physically presented • electronically read • locally authorised • PIN • Biometric • centrally authorised • PIN • Biometric • visually read • electronically transferred • centrally authorised • physical possession of the evidence e.g. presenting a utility bill; • visual attributes within the evidence that can be connected to the person e.g. a photograph; or • corroboration of attributes associated with the individual’s personal identity obtained from independent sources against those supplied by the person on this occasion…. Source: UK/EURIM Personal Identity Management Group “Strawman” March 04

  26. Multiple levels of authentication are required Method of attachment KeyW BioM Photo PIN PassW Possess Y Y Y Y Y Y 1 Authentication Level Y Y Y Y 2 Y 3 Source: UK/EURIM Personal Identity Management Group “Strawman” March 04

  27. Method of attachment BioM Central BioM Local KeyW Photo PIN PassW Y Virtual Y Y Y Y Card Y Y Y Y Y Smart Card Y Y Y Digital Cert Tokens can take many forms Source: UK/EURIM Personal Identity Management Group “Strawman” March 04

  28. Issues to be covered • Setting the scene - technological growth outstripping social absorption? • Why might we be interested in ID and data sharing? • What do we mean by “Identity” and “Smartcards” • A look at the challenges in more detail. • A risk analysis • The weak link - binding identities to individuals? • Biometrics - reliable for which purposes? • Some final thoughts.

  29. What challenges are we seeking to address? From the citizen’s perspective: • For the citizen to be able to protect their own identity from high-jacking and abuse. • For the citizen to be able to protect the identity of deceased or vulnerable relatives. • To reduce the impact of identity fraud on society. • For the citizen to have more than one identity e.g. married and maiden names. • For the citizen to have confidence in whom they are dealing with. • For the citizen to have control over their personal data. • For the citizen to have control over who has access to their data. • For the citizen to have choice re: methods & channels to select to obtain products and services. Source: UK/EURIM Personal Identity Management Group March 2004

  30. What challenges are we seeking to address? From the service provider’s perspective: • To be able to employ trusted, secure, cost effective methods of providing products and services to their customers . • To attain the highest degree of confidence re: who they are dealing with in relation to the risk of the service or product offered to their customers. • To allow the citizen to be able to obtain a copy of their personal data used in a specific transaction via the Data Custodian where the data has been procured from source and then assembled and passed to the service provider by the Data Custodian. • To enable the citizen to report identity fraud against themselves via a single point. • The service provider has a responsibility and vested interest in ensuring that to carry an identity token provides the citizen with worthwhile benefits in terms of the services made available, the speed and effectiveness of the service, the reduction in personal data requested and the associated general convenience. • To recognise that the citizen has the right to utilise a number of identities associated with themselves. Source: UK/EURIM Personal Identity Management Group March 04

  31. Consent - “Circle of Trust” Notification condition of ‘KiteMark’ Citizen Independent Body Service Application PI ‘KiteMark’ Consent Provider of services to the citizen Specifies type of data & level of data to be accessed Data Broker Source Data Source Data Source: UK/EURIM Personal Identity Management Group “Strawman” March 04

  32. Issues to be covered • Setting the scene - technological growth outstripping social absorption? • Why might we be interested in ID and data sharing? • What do we mean by “Identity” and “Smartcards” • A look at the challenges in more detail. • A risk analysis. • The weak link - binding identities to individuals? • Biometrics - reliable for which purposes? • Some final thoughts.

  33. Identifying the risks in “Smartcard” ID systems Risk is an essential element of any innovation. The key to success is how those risks are identified, managed and controlled…

  34. Seeking instant “at a stroke” solutions to intractable problems? Lack of willingness to explain and debate genuine benefits versus liabilities? Inappropriate applications (e.g. counter terrorism)? Function creep…? Creating new “single points of vulnerability” in National Critical Infrastructure? Placing excessive trust in a single mechanism? Costs of ensuring high integrity in unambiguously identifying individuals prior to issuing card? Deployment risks/costs? Costs of false positives and negatives? Segmenting smartcard “risk” - PEST Economic Political Social Technological Developing, and maintaining the integrity, of very large databases? Quality of existing data? Confusion between absolute identification and confirmatory authentication? Widespread use of biometrics under “real world” conditions? Lack of trust of Government motives and plans? Poor visibility of potential benefits compared to clear civil rights and privacy concerns? Unconstrained data sharing? Concern over cost/benefit balance?

  35. Still more risk segments… Operational Legal Potential for subversion of junior staff in the card issuing process? Need for exceptionally high overall system availability 24x7? Vulnerability to Distributed Denial of Service (DDoS) attack? Fallback plans in the event of major failure? In Europe - relationship to human rights legislation? Admissibility of evidence based solely on computer data. Ensuring forensic integrity of identity data in the legal process. Potential for “false positives”, poor general understanding of statistics? Data protection legislation? Sometimes it takes awhile to work out just how deep in the mire we are…

  36. Issues to be covered • Setting the scene - technological growth outstripping social absorption? • Why might we be interested in ID and data sharing? • What do we mean by “Identity” and “Smartcards” • A look at the challenges in more detail. • A risk analysis. • The weak link - binding identities to individuals? • Biometrics - reliable for which purposes? • Some final thoughts.

  37. The weak link - binding identities to individuals? I’m convinced that the technology for a smartcard based ID system can be made to work, however I have real concerns about the ‘people’ and ‘process’ aspects. In particular: • What documentary “proofs” will be required to establish an individuals identity before it is bound to a card? • How thoroughly will these “proofs” be checked? • How vulnerable will the system be to subversion of junior staff? • How secure will the process be for maintaining the link between the individual and the ID card on say name change at marriage, or in giving a power of Atourney during incapacity?

  38. Issues to be covered • Setting the scene - technological growth outstripping social absorption? • Why might we be interested in ID and data sharing? • What do we mean by “Identity” and “Smartcards” • A look at the challenges in more detail. • A risk analysis. • The weak link - binding identities to individuals? • Biometrics - reliable for which purposes? • Some final thoughts.

  39. Biometrics - reliable for which purposes? Striking a balance between ‘false positives’ and ‘false negatives’? • It is unsafe to use for example DNA fingerprinting simply to trawl a national database for matches without any other linkage of an individual to say a crime scene. It is however safe to use DNA finger printing to corroborate an existing link… • Retina scanning offers a high probability of successful identification in a population of millions with miniscule probability of “false positives” • Facial recognition is an immature technology with a false negative rate under”real world conditions of 20%+ History will show that certain assumptions involving biometrics will prove to be ill founded - If biometric-related initiatives were poorly conceived, States risked the alienation of responsible citizens - Dr Julian Ashbourn giving evidence to the European Parliament Committee on Civil Liberties Justice and Home Affairs 6th October 2004. More on: http://www.avanti.1to1.org/

  40. Issues to be covered • Setting the scene - technological growth outstripping social absorption? • Why might we be interested in ID and data sharing? • What do we mean by “Identity” and “Smartcards” • A look at the challenges in more detail. • A risk analysis. • The weak link - binding identities to individuals? • Biometrics - reliable for which purposes? • Some final thoughts.

  41. Some final thoughts • A broad, informed, debate on ID cards and Government data sharing - shaping its overall Vision, Mission and Values - is necessary. • Such data sharing represents a very complex process involving both people and technology plus regulation and legal controls at national and international level. • The past track record generally of Governments with such technology mediated business change projects gives cause for concern… • Blind faith in technological solutions is unlikely to lead to successful outcomes. • Authentication of eligibility rather than full personal identification may often be more appropriate. • Biometrics are an important, evolving, technology but must be used appropriately. • An incremental approach and peer to peer linkage might offer a more predictable environment than hierarchical mega-systems.

  42. Oh dear…! But always remember that major change can sometimes have unexpected impacts….

  43. Questions & Answers Slides can be downloaded from: www.profjimnorton.com/jnthaiv3.ppt

More Related