News about legal information relating to Information Technology from European directives, and pan-European legal requirements and regulations.
UK Government's SMART CARD Initiative
Targets set in the UK by the Modernising Government agenda require the use of Information Technology tools to deliver the changes towards better, more efficient, convenient, quality government services. In July 2003 the Office of the e-Envoy issued a draft Policy Framework proposing the use of SMART CARDS as such a technology enabler. The Policy Framework is aimed mainly at strategists in the Public Sector responsible for service delivery, but also aimed at raising the awareness of the informed citizen about the role SMART CARDS can play in the delivery of e-government services.
In 2002 one billion SMART CARDS were issued worldwide. This is expected to rise to 1.7 billion by the end of 2004. SMART CARDS already impact on all our lives in such forms as prepaid phone cards, debit/credit cards, shop loyalty cards, SIM cards etc. A widespread adoption of SMART CARDS would increase significantly the delivery of e-government initiatives over the next few years.
With the ability to hold a digital credential in a portable form, SMART CARDS provide one solution to the problem of authentication and security on the Internet. Similarly, they may be used to overcome the problem of authentication between government and citizen. The portability and security of SMART CARDS, plus their ability to manage and manipulate data, make them able to fulfil a number of different functions. These functions can include acting as access control to buildings or computers, credit cards, a more durable substitute for paper records, such as medical records, and, more importantly, can act as a device for executing a digital signature. Furthermore, a single card can host many services from one or more providers.
One of the strongest drivers for the uptake of SMART CARDS is the demand for secure on-line commerce and access to government services. Around 20% of the 500 or so government services available to the public require strong authentication. The use of SMART CARDS enable users to authenticate themselves, firstly through a "two-factor authentication", ie the possession of the card and the knowledge of the PIN number, or even a "three-factor authentication", where the card stores additional biometric information that can be used to test the physical identity of the cardholder, and, secondly, to provide a digital signature. The UK Government is developing policies aimed at encouraging the adoption of digital credentials and the market for trust service providers.
However, there are a number of obstacles that need to be overcome. Primarily, the lack of an industry-wide set of standards, which are well developed in terms of agreeing the physical size and shape of the cards, but at the security and application level are lacking, make it difficult to build interoperable and integrated systems and access channels. Also, the absence of a proven business case for a multi-purpose SMART CARD scheme, that meets social inclusion objectives such as access for people with disabilities and those without readily available installed infrastructure, at an affordable cost. Perhaps the most contentious of all is the need to safeguard citizens' rights in respect of the data held about them, ensuring that existing regulatory provisions in the areas of data protection, financial services, telecommunications etc are not compromised and that citizens are confident that additional personal data required to demonstrate they are who they say they are online, is held securely.
The full text of the draft Policy Framework can be found at:
by Heather Weaver, CCLRC
Heather Weaver regrets that she is unable to reply personally to emails or telephone calls seeking legal advice.