• United States



by Sandy Kendall

Are Smart Cards a Fast Track to Function Creep

Oct 06, 20032 mins
CSO and CISOData and Information Security

To access a building site in Hong Kong, construction workers must have their ID cards read and their palms scanned. In France, citizens use chip-embedded plastic smart cards to pay for and access and record everything from buying a baguette to accessing the office network to using their health care system. In Australia, the state of Queensland plans to issue smart-card driving licenses to its 2.5 million motorists. Manitoba and other provinces in Canada are looking to do the same.

This summer, Transport for London began using Oyster, a contactless smart-card registered to a particular user for easy and rapid payment on the London Underground. That, and passenger traffic analysis. And it is likely, according to John Monk, design authority for the Oyster Project, that the information would be used for court evidence. Thats one reason its being archived for eight years.

The United States lags other countries in smart-card use, but it is catching up. The General Accounting Office recently reported that there are 62 smart-card systems in place across government agencies. Mary Dixon, director of the Department of Defense Access Card Office, said earlier this year that the Department had issued 2.4 million smart cards and expects to have issued 4 million by the end of the year. That, plus a government decision in August to issue electronic passports (with embedded chips bearing biometric and personal data) after 2004, will place the United States among the biggest users of smart-cards.

In fact, many Americans already use smart cards every day. On U.S. toll roads, automated payment smart-card gadgets ease travel on places like the Massachusetts Turnpike and New Yorks George Washington Bridge. But like our Oyster-using counterparts in London, in our relief at cruising through the E-Zpass or FasTrak lanes and leaving the old cash-users in the dust, are we giving up something wed rather keep to ourselves? Should we worry about the non-paper trails we leave? Not because we are criminals, but because the kind of function creep that Londons Oyster system illustrates so well is just plain creepy?

Are you sold on smart cards? Will your business incorporate smart-cards for internal access control or external customer convenience? Will you be able to safeguard against function creep? Do you feel comfortable using a smart-card yourself?