Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Smart card to be rolled out "in the next few months"

By enterfornone in Technology
Tue Dec 26, 2000 at 10:03:52 AM EST
Tags: Technology (all tags)
Technology

Imagine a single card that you can use to purchace and download an airline ticket, pay for lunch at a resturant, open doors at your office, check out books at the library and start your car. According to this CNN article credit card companies will begin to roll out such a card in the next few months.


While the technology has been around for some time, bricks and mortar retailers have been reluctant to upgrade to the technology that would enable them to take advantage of such cards. However card companies are hoping that online shoppers who are looking for a more secure means of making financial transactions will boost demand for smart credit cards.

With the use of a smart card reader, online shoppers can securely transfer their details to an online retailer. Future applications include the ability to store "digital cash", personal information such as insurance details, web site passwords and train and bus tickets.

Unlike credit card numbers, which can easily be stolen, making a purchace with a smart card requires the user to insert the card into a reader and enter a PIN number. If the card itself is stolen it can easily be cancelled and replaced with a new card.

Of course with all the benifits this technology brings there is a downside. There are huge privacy issues that come from having a single card that can store all of your personal information. In Australia during the mid eighties a scheme to introduce a national identification card was defeated after much debate. In the 15 years since technology has advanced dramatically as has the publics awareness of privacy issues. The public will need a lot of convicing before accepting a card with the potential to hold that much personal information.

Widespread use of smart cards has the potential to bring us closer to a cashless economy. Without cash, trade in illegal drugs will be almost impossible and purchases such as pornography will be easily tracked to the purchaser.

Perhaps you trust your credit card company not to blackmail or embarrass you, but with the sort of information that can be potentially stored on these cards, how can you be sure which commercial and goverment organisations will have access to this information?

Even if you aren't worried about your privacy, imagine the inconvenience that would be caused if your smart card was lost or damaged. Losing a credit card is bad enough, imagine losting your credit card, your car keys, your office security card and your train ticket all at once. Sure you could keep a spare around, but this will increase the chance of one copy falling into the wrong hands. "Don't put all your eggs in one basket" rings very true in this case.

Smart cards have the potential to be a huge benifit to society, but the implications will need to be well thought out before they gain widespread acceptance by a technophobic public.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
Smart cards..
o a great idea, I can't wait to get one. 20%
o I'd have to think about it. 34%
o no way I'm getting one. 44%

Votes: 43
Results | Other Polls

Related Links
o this CNN article
o national identification card
o Also by enterfornone


Display: Sort:
Smart card to be rolled out "in the next few months" | 38 comments (34 topical, 4 editorial, 0 hidden)
Smart Cards, Bane or Beauty (2.50 / 4) (#1)
by maddhatt on Mon Dec 25, 2000 at 10:35:45 PM EST

Whether you love them or hate them for the privacy implications I at least have to admit that the theory of being able to ensure a large amount of security is very very tasty. Really any technology can be used to watch our privacy, genetics would be highest on my list to fear, but what benefit can these offer to us should be our question, and how can we ensure that they are used correctly.

Anyway enough with the philosophy if you want to get ahold of your very own smart card to program check out this place mmm looks like some very good hacking together of some fun stuff to me.

Smart Cards

lame (3.60 / 5) (#2)
by Arkady on Mon Dec 25, 2000 at 10:41:24 PM EST

First, of course, Visa has had that damn "Blue" card out for well over a year; it's exactly the same as this, you know? So this kind of attempt is nothing new.

Second, and repeat after me on this: "That it's on a card does not make it more secure". Nail a note with that on to your forehead. As many people pointed out in the CPRM discussion, my PC is not a system the vendor can trust. The card doesn't help security from their perspective. And since I still have to remember a PIN, it doesn't really help from mine either, since I doubt it'd be that hard for someone who could beat my PIN out of me to get hold of the card as well.

Come on folks, there are no "silver bullet" applications like this except in the wildest and wettest marketeer's dreams.

Not to mention, of course, that a system like this run by a CC company will most definitely be centralized to allow them to identify and track everything you do with it.

So, to sum up: no benefits, all detriments. Lousy idea.

-robin

Turning and turning in the widening gyre
The falcon cannot hear the falconer;
Things fall apart; the centre cannot hold;
Mere Anarchy is loosed upon the world.


Wrong company (3.50 / 2) (#18)
by psicE on Tue Dec 26, 2000 at 12:09:56 PM EST

AmEx, not visa, made the "Blue" card. Visa actually just came out with their own smart card (although it's not called "Blue"), and I'd expect MasterCard to follow.

[ Parent ]
Of course; damn! (2.00 / 1) (#22)
by Arkady on Tue Dec 26, 2000 at 02:26:02 PM EST

You're right, of course; it's AmEx that names all their cards after colors. I should have caught that.

I can only plead that as I, myself, have no credit cards it's an honest mistake. ;-)

Thanks,
-robin

Turning and turning in the widening gyre
The falcon cannot hear the falconer;
Things fall apart; the centre cannot hold;
Mere Anarchy is loosed upon the world.


[ Parent ]
Don't worry about it (none / 0) (#26)
by psicE on Tue Dec 26, 2000 at 09:53:59 PM EST

I don't have any credit cards either, and I won't for about 5 years. :)

[ Parent ]
+1, but I don't want that card. (4.11 / 9) (#3)
by Signal 11 on Mon Dec 25, 2000 at 10:56:24 PM EST

It's bad enough that credit bureaus, banks, and most financial institutions sell your personal information and buying habits, but having a central repository for this information would allow an unprecidented level of access (and control) over the average consumer.

I have a genuine sense of fear that this technology is inevitable, and that in our current social climate in this country (and maybe the world at large), the changes it would bring would not benefit the quality of life of the citizens of this (or any other) country.

I'm a geek, on the forefront of the technology front. I ought to be embracing of new technologies, but increasingly I'm viewing them with skepticism - I've seen modern technology used against the general public in a pervasive and unwholesome fashion. By virtue of knowing the technology, I have thus far been able to protect my privacy and rights, but this is a war that is becoming increasingly costly to me, and I can't hold back the tide forever.

If we don't act soon, even the best amongst us will start to lose ground.. we must act to protect ourselves from corporate interests soon, or the cost of change will go up dramatically.. and may no longer be attainable for many years.


--
Society needs therapy. It's having
trouble accepting itself.

Welcome to the new world! (3.83 / 6) (#5)
by titus-g on Mon Dec 25, 2000 at 11:12:55 PM EST

The old one was cancelled due to technical problems.

People Like Equifax already do the data collating thing.

*I'm a geek, on the forefront of the technology front. I ought to be embracing of new technologies, but increasingly I'm viewing them with skepticism*

Very telling, the more I learn the more luddite I become, nowadays everyone is owned by someone, I went self employed, but even more so I am owned.

Fighting the power isn't going to work though, run away and hide, build fortresses where they can't get you.

But hey you know this :)

--"Essentially madness is like charity, it begins at home" --
[ Parent ]

Well.. maybe. (3.00 / 2) (#19)
by lonesmurf on Tue Dec 26, 2000 at 12:18:37 PM EST

I'm not so sure that I agree with you that smartcards are bad.

The greatest power that I have as a living, breathing and (most importantly) thinking consumer is that I can choose to ignore the constant stream of babble-nonsense that I am bombarded with daily in the the form of advertising and fitted 'enhancements' to the way I shop and live. I do not have fear of my information being sold because I know that there is not that much that can be done with it. So what if I can be tracked as to where I went and what I bought: I don't care, it does me no harm and does anyone else little good.

Are you afraid that when a targetted ad on TV will show that all of a sudden you will have lost your ability to turn the thing off? Is it really that hard to use caller ID and screen your calls against telemarketers? The mob may be stupid, but the mob is made of individuals, and those are not. Any technology that infringes on people's rights enough will not survive long: just look at how well the DivX format sold. People saw it for the scam it was and didn't buy into it.

I'm a geek, on the forefront of the technology front. I ought to be embracing of new technologies, but increasingly I'm viewing them with skepticism - I've seen modern technology used against the general public in a pervasive and unwholesome fashion.By virtue of knowing the technology, I have thus far been able to protect my privacy and rights, but this is a war that is becoming increasingly costly to me, and I can't hold back the tide forever.

I particularly liked this paragraph. First you set yourself up as some sort of hermit, then a crusader against the evils of corporate technologies. The sole man in an unwinnable fight. The fact of the matter is that you are the failure, not the technologies that you say infringe upon your right to freedom and happiness. It is your duty to inform the populace about the evils being done to them, tell your wife, tell your kids, tell your parents, tell your LUG members, tell your congressman, don't just sit on some geek site and whine about it.

I just noticed who I was responding to: nice troll, man. You almost got me.


Rami

I am not a jolly man. Remove the mirth from my email to send.


[ Parent ]
Single-Purpose devices. (5.00 / 1) (#34)
by amishbill on Thu Dec 28, 2000 at 04:23:46 PM EST

I do not like multi-function devices.

I do not use my computer as an answering machine. I do not scan with my printer and suspect the entire "Spork" concept was thought up by someone going for a "lowest bidder" contract.

While a Smart Card might make certain things a little simpler, I don't see the benefit. If the data is to be secure from loss, then it has to be stored outside the card where others can potentially get to it. If the data is to be secure from unauthorized disclosure, it has to reside on the card, which can be damaged or lost. For now, I'll take the time to pay attention to the information people want to collect about me.

Someone might come up with the Killer App for one of these cards, but until then, I'll wait. In fact, I look forward to submitting one of these to the "microwave or other high voltage test" when & if one of my current companies replaces a card with a chipped version without a valid reason for doing so.

Am I a luddite? Not likely, but I am sympathetic to the idea. Old does not necessarily mean Obsolete, and New is not synonymous with Better.

[ Parent ]

Oh to have this be true... (4.00 / 7) (#4)
by Miniluv on Mon Dec 25, 2000 at 10:59:45 PM EST

Smart cards have the potential to be a huge benifit to society, but the implications will need to be well thought out before they gain widespread acceptance by a technophobic public.
Oh how I wish society really were technophobic, god how I wish that were true. We, in the US at least, are a society of people with a truly unusual perspective on technology. One the one hand, very few seem to want to genuinely learn about it, but everyone wants to benefit from it. This leads to a situation like we have now where people blindly look to others to provide what they could quite well provide for themselves. They look to special interest groups to protect what they ought to be protecting themselves.

This is the perfect example of the sort of situation that makes me yearn to have a full-time security job in the IT world. Citizens are, as yet, unwilling to look after themselves and need people with consciences out there looking after them until we can bring them up to speed. The government has, thus far, proven themselves not up to the entirety of the task, and it would be foolish to trust those who wish to reap a profit from the masses to not put them at risk in the process.

I don't know that smart cards are anymore of a solution to the problem than SSL, x.509, or anything else we've implemented yet. So far every solution has been implemented pretty much independant of everything else, or instead undertaken with all this high-minded talk of "leveraging" existing infrastructures, creating "synergies" in heretofor unrelated technologies, and other purely profiteering techniques. Perhaps it's time everyone stopped looking for a panacea and instead starting building a system?

What corporations mean when they talk about leveraging existing infractures is that they have these kick-ass databases spread through-out industries about people, and they want to combine them, massage them, and mail-merge them into greater profits. Synergies? Simply another word for, "We bought this shit, can't make a profit off it, so instead we'll charge you to keep interoperating." The worst part is, I can't really fault the companies. They're doing what's in their own best interests, just like good companies should. Remember Samuel Gompers and his remark to the effect that the truest way a captain of industry could fail was failing to show a profit? That's exactly what these companies are striving to avoid, and they're doing it by following the path of least resistance, least cost, and least effort possible. The reason it's such a great path is that the people they're making a profit from are in fact conniving at their own destruction.

Security is a trade-off between privacy, anonymousy, gaurantability, and other such words and convenience. Isn't it amazingly scary how you have all kinds of concepts on one side, and just one simple one on the other? Everything boils down to how convenient something is, because convenience affects every aspect of business. It affects profitability, risk management, it defines these things. The most profitable course will always seem to be the most convenient, and thus will, and should, be followed. The problem is that the customers don't recognize how poor a choice convenience often is. Better yet, these same companies have become clever enough to shield them from the consequences of their own folly in order to reap in even further profits.

Credit card companies don't need to invest in security, because the hassles of it would reduce consumer spending. They're willing to pick up the entire tab on fraud in exchange for you spending more money, and carrying a higher balance. They've done the math, they know what the right call is. They'll finance anyone because they're going to get enough money out of it in the end to take the time and effort.

Why are the companies the only ones with every angle figured? Because it's convenient for them to know ahead of time what the right choices are, it's more profitable. Why don't citizens have their own options figured out? Because they've been given convenient courses of action by people they're foolish enough to trust. Not just do business with, but actually trust. They put no consideration into why these companies are worthy of their trust, but instead just blindly do the trusting. This is beyond foolish, this is the kind of thinking that not only deserves but in fact begets everything that people are supposedly crying foul about. Privacy invasions, violations of consumer trust, rampant monopolistic business practices, these are all direct results of a lackadaisacal market place.

Those of us who do have a clue about security need to be out, not fear mongering for that must be reserved for people who will understand the hidden truth in the hyperbolic lies, but speaking to the people whom we protect about why they need to take a more active role. We must cajole these people into seeing the benefits that role will give them, the lower prices, etc that they can look forward to with just a little effort. Once we get the ball rolling we can gradually introduce the truth, but again we must be careful. Most of all, we have to use the tactics that work, and those tactics are clear as day, we must merely observe the sucessful PR machines. When looking at the economic situation in the US, remember history in that Hitler was elected, Castro came to power on a popular revolution, even Mao was well loved. So it is with Microsoft, GE Capital, and all the others people have such a hatred for, but whom the buying public love the products from, or services of. They aren't our friends, nor our enemy, but instead our competition and must be viewed that way. We aren't out to destroy them, but to save our fellow citizens.

"Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'

I'll believe it when I see it. (3.60 / 5) (#6)
by Dacta on Mon Dec 25, 2000 at 11:18:41 PM EST

Here in Adelaide (Australia) Telstra did a rather large trial of smart cards at Adelaide University. You could use them to borrow books, buy snacks and make phone calls. A guy at a place I worked had one, and we were wondering what was so smart about them, so we rang up the support line:

Me: Hi, I've got a smart card here, and I'm wondering what it is for.
Her: Oh, they are on trial at Adelaide Uni. You can use it to make phone calls and buy snacks.
Oh, okay. That's cool - why is it any different to a normal phone card, then?
Well, you can buy snacks. And it has a computer chip on it.
So can I recharge it or something?
No, you'll need to buy a new one.
Well, that's not very smart, then is it?
Well, in the future, you might be able to recharge it.

By this time the office was in hysterics (we get amused easily), so I thanked her and hung up.

Still, the point remains. I have a credit card which I can use to buy things with. I have cheap, (non-smart) disposable phone cards to make phone calls (and there is no reason these can't be used for other things). Credit card merchants are moving towards having single-use credit cards for security reasons. Why should I use a smart card? It seems to me that they have been a "Just about ready" technology for the last five years, but no one has found a real use for them.



I liked my smart card (3.66 / 3) (#9)
by vastor on Tue Dec 26, 2000 at 01:16:22 AM EST

We had a similar trial here at Newcastle Uni a few years back (except it wasn't run by Telstra). The smart cards were fully rechargeable and handy since most of them were marked as issued to students and thus you also got the student discount on student food etc - so it saved you fishing around for coins and showing your student card at the same time.

Only thing I didn't like about it was that you had to hit okay on every transation. So you'd hand the card over, they'd put it in and put the price of the purchase in, then they'd hand the card back and have you hit okay on the device - which is a step extra than with cash.

Anyway, I rather liked the scheme and at the end of it they bought back the smart cards for whatever value you had on them plus $5 (or was it $2? I can't remember now).

I seem to recall that the university student cards also have some minor smart card capabilities, but they've not been used yet as far as I know.

Oh, and I think they're single use credit card numbers rather than single use credit cards.

Things like paypal suit me well enough as far as making transactions securely over the internet goes (not that I've ever signed up for it, but I've got a debit visa card and it tends not to have a huge amount of money sitting on it so I'm comfortable enough using it for the few internet purchases I make).

Smart cards were supposed to replace coins rather than credit cards, it suited me to just carry a card around when I was at uni and no coins at all (except for when the weather looked bad and I took some to catch a bus home, but I think if the scheme had satisfied whatever its goals were that it'd have been implemented on the buses as well).



[ Parent ]
Paypal (2.50 / 2) (#14)
by Dacta on Tue Dec 26, 2000 at 05:44:43 AM EST

The problem with Paypal is that it is only for the US. e-gold is the best substitute I've found, but not as many places accept it.

Actually, i've just checked, and now Paypal is international. There goes that objection...



[ Parent ]
Another example (none / 0) (#21)
by Ryan Koppenhaver on Tue Dec 26, 2000 at 12:48:51 PM EST

At the U of Toledo, we have a do-everything card too, and it's standard issue for everyone on campus. In addition to serving as a photo ID, it has 2 magnetic strips on it.

One is rechargable, tied to the card itself (i.e., lose the card, lose the cash), and can be used for making copies in the library.

The other, more useful one, ties into a central database to access various things. (I'd be inclined to guess that the magnetic strip simply holds the student's SSN, which is used as a universal ID number) With this, you can access "flex points" from your meal plan to buy food, access financial aid money to buy textbooks and other academic materials, or access a rechargable debit account to buy anything you want. It works at all locations on campus, and a number of off campus establishments too. Plus, the cards work as swipe keys to a number of electronic locks all over campus, so you can get into the computer labs after hours, etc.

[ Parent ]

'Smart' cards (none / 0) (#24)
by nstenz on Tue Dec 26, 2000 at 05:27:32 PM EST

We had the same sort of thing at MSOE. Our student ID cards had a photo and a magnetic strip. The cards opened whatever locks we had access to on campus, and we could put money on them for buying books, snacks, lunch... whatever. I'm doubting they were very 'smart' though- they probably just linked into one of the mainframes with our SSN and looked in a database to see if we had enough money or if we had access to a certain door. Still, it's a nice idea... But it was a tad annoying when the strip got de-magnetized and you had to hassle security to let you in the dorms...

[ Parent ]
I wonder... (2.00 / 5) (#7)
by joeyo on Tue Dec 26, 2000 at 12:15:56 AM EST

Do the cards really store your info on them? I would imagine that inserting the card just lets it act a sort of identification number that (with the PIN) gives you access to a database out there in VISA-land.

Of course, it's really much the same thing of storing the data on the card, but I have to wonder with what is actually going on...

And I really have to wonder if it will be any safer than the current system, specifically for online transactions. So what if you have to scan your card! Will the online merchant store your card's "fingerprint" and pin number in their database when you enter it (leaving it vulnerable to hackers)? Or will all transactions go through YOUR-CREDITCARD.com directly?

--
"Give me enough variables to work with, and I can probably do away with the notion of human free will." -- demi

Old tech, new release (2.60 / 5) (#8)
by sugarman on Tue Dec 26, 2000 at 12:33:26 AM EST

This technology is *not* new. It has existed in various forms since the 1970's. The main stumbling block to its widespread roll-out has been the major participants waiting for some of the initial patents on the technology to expire.

However, I can no longer remember the source of the above information. If anyone else can confirm or deny that I'd appreciate it.

--sugarman--

SIS-card: we have it already in Belgium! (3.50 / 6) (#11)
by Dries on Tue Dec 26, 2000 at 01:57:18 AM EST

The USA is a little behind on this one, as every habitant of Belgium (Europe) posses such a smart card for about 2 years now.

It is called a SIS-card or Social Information System Card and contains a lot of your personal information.

We will have to have it with us as we go to work, so that the government - social inspection service - can control if everybody on the job pays his social taxes. We need it to go to the doctor or the hospital or if we want to buy medicine. Tax control can ask this card to see if you have been sick in the last year and that you had an income of social security. If you are going to look after a job, the employer can ask for that card and find out about your health.

A central controlling system that controlls all systems, the health services, the retirement funds, the unemployment and childcare. Even financial banks are related with the system.

Other countries in Europe are setting up (or did recently setup) similar systems.

-- Dries
-- Dries

Holy shit. (none / 0) (#35)
by ksandstr on Thu Dec 28, 2000 at 10:18:04 PM EST

Damn! I sure hope Belgium has sufficient legislation to keep that information from being misused.

By the way, I haven't heard anything about Finland implementing a system like that. But since much of the stuff the Finnish guvmint does rarely reaches my ears, I'll assume that they are planning it under the radar :-)



Fin.
[ Parent ]
One step forward, ten steps back? (4.50 / 6) (#13)
by kmon on Tue Dec 26, 2000 at 03:26:09 AM EST

For me, the vast majority of transactions I make are done in cash. For the holidays, I think I only walked out of one single store without handing some green over to the clerk at the counter.

In the article, you mention that eliminating cash would bring a halt to the drug trade, and allow pornographic purchases to be traced to the buyer. I see a different possibility. If a person doesn't want to be traced and they don't have any other options, they'll make thier purchases with a barter or other backed system that guarantees a concrete good or service. Ad-hoc, regional currencies will start popping up. This could fracture our national monetary system. Although the dollar would still probably be used in international currency transactions, it wouldn't be used by the people. I don't think this is necessarily a bad thing.

If you don't think regional barter-based currencies can take hold, hop to this link. It discusses Ithaca HOURs, a local currency that is based on the guarantee of a specific amount of work done in exchange for a good or service. This link talks about the concept of backed currencies.

These concepts show that we don't necessarily need to live with an (in my opinion) error-prone monetary system that guarantees goods and services in exchange for bits.
ad hoc, ad hominem, ad infinitum!
My campus has this technology (4.00 / 3) (#15)
by ignatiusst on Tue Dec 26, 2000 at 09:01:18 AM EST

My school has implemented this "smart card" idea. Or, at least, they have tried to.

With our student ID card it is possible (in theory) to buy lunch, shop the bookstore and on-campus convenience stores, use the vending machines, open electronic locks (where you are authorized), and charge computer print-outs.

Only, it has taken about five years to implement all of this. Five years for a university campus that has designated vendors and a fairly ordered supply system. What would that translate to in the open market? 70-80 years?

I am being somewhat facetious, of course, but it would take a rather long time to implement this in the open market. And that is assuming that, first, Pepsi/Coke (that is just one dichotomy -- there are others) can agree on a common vendor or at least a common technology.

I have reservations concerning privacy issues, of course, but then .. What the hell? ... Does it really matter if FritoLay knows I really dig the KitKat/Dr. Pepper combo at lunch and the Baby Ruth/Pepsi combo for a late-night snack?

When a true genius appears in the world, you may know him by this sign, that the dunces are all in confederacy against him. -- Jonathan Swift

Yes, it does matter (4.33 / 3) (#17)
by kovacsp on Tue Dec 26, 2000 at 11:27:35 AM EST

Because the more that companies know about your buying habits, the more than can use price discrimination to increase their profits -- at the consumers expense.

Perhaps Pepsi will find out that I really like drinking Mountain Dew and starts charging me an extra quarter per can for the privilige of drinking it. Would I switch? It depends. There would be a certain price that that would have me seek a cheaper alternative, but I bet I'd be willing to pay a small premium to drink my favorite pick-me-up.

[ Parent ]

The Smart Card I'd like to see (4.83 / 6) (#16)
by Anonymous 242 on Tue Dec 26, 2000 at 09:16:15 AM EST

[man walks up to checkout and swipes card]

smart card: *beep* Hey moron, if buy this 52" television the check you wrote for your mortgage payment is going to bounce.

Smart cards are old (3.00 / 1) (#20)
by SIGFPE on Tue Dec 26, 2000 at 12:21:03 PM EST

In around 1986 I worked for IBM and I did a stint on a booth at a banking trade show showing off of new card readers among other things. About a dozen times that day I had to put up with French visitors saying "What's new about this technology when I've got this?" and they'd pull out a smart card from their wallets. It was a very embarassing after a while. Why is it that smart cards achieved acceptance in France so long ago but AmEx can run an advertising campaign making out that a chip on a card is something from the 21st century? Does anyone know what these French smart cards could do? Was there any kind of encryption or did they simply hold the same information as on a magnetic stripe?
SIGFPE
Encryption, yes. (3.00 / 1) (#29)
by Spinoza on Wed Dec 27, 2000 at 01:31:55 AM EST

Bruce Schneier's Cryptogram newsletter had a story on this, which gave as the best link, the Irish Times story on the encryption on the French cards being defeated.

[ Parent ]

Why you discover smart cards only now (none / 0) (#31)
by efge on Wed Dec 27, 2000 at 12:55:00 PM EST

The answer is very easy: smart cards have been invented and patented in France (by Roland Moreno), where they have been in use for a very long time.

Other companies, notably american ones, did not want to pay the royalties to use them, and have dragged their feets all this time. Only now when the basic patents are expiring they are ready to use them.


[ Parent ]
Conditions for a card (5.00 / 2) (#23)
by jesterzog on Tue Dec 26, 2000 at 03:53:41 PM EST

Without being an expert on security of information, I wouldn't mind a smart card as long as:

  • Information is stored on the card - not on someone else's remote database.
  • I can decide what information is on it, and when.
  • I can decide who gets what information from it (and why) when I use it.
  • The information is stored in a way such that I'm the only person who can ever extract it from the card. (Not by legislation, by independently developed security measures.)
  • There is some type of system in place that requires services have a valid use for all the information they need from it. There needs to be some way to make sure that retailers and organisations won't get into a habit of overcollecting the information from a public who doesn't know or care until it's too late.

Can anyone see potential problems with these conditions?


jesterzog Fight the light


no trusted clients (4.00 / 2) (#28)
by janra on Tue Dec 26, 2000 at 11:36:10 PM EST

Information is stored on the card - not on someone else's remote database.

If the information is stored on the card, it can be changed. Don't trust the client. Where was it that I saw people making fun of some online retailer who had the prices (or was it price calculations?) done in client-side javascript?


--
Discuss the art and craft of writing
That's the problem with world domination... Nobody is willing to wait for it anymore, work slowly towards it, drink more and enjoy the ride more.
[ Parent ]
I forgot to add - primary key (3.00 / 1) (#33)
by jesterzog on Wed Dec 27, 2000 at 04:15:11 PM EST

I forgot to add that cards definitely shouldn't have a primary key. At least not one that can be digitally extracted from it.

If that were possible, it would encourage organisations to collate databases and build profiles of people.


jesterzog Fight the light


[ Parent ]
You too can be a 21st Century Digital Boy (3.00 / 1) (#25)
by Mr. Excitement on Tue Dec 26, 2000 at 07:17:11 PM EST

Excerpted from the song "21st Century Digital Boy", by Bad Religion:

"...and I don't want it/
The things your're offering me:
Symbolized barcode quick ID..."

Apparently this issue has come up before, a decade ago or more. How did people manage to hold on to their privacy then? Or did they?

1 141900 Mr. Excitement-Bar-Hum-Mal-Cha died in The Gnomish Mines on level 10 [max 12]. Killed by a bolt of lightning - [129]

It would be better than cash if... (4.00 / 1) (#27)
by cr0sh on Tue Dec 26, 2000 at 11:13:55 PM EST

If you could "load" it with cash, then be able to transfer cash between cards, uning a private docking/transfer device. Somehow, I don't think this kind of digital cash/wallet scheme will even go over, mainly because then purhcases could be conducted as easily as cash transactions, for any amount of money, without tracability or taxation - and that makes the powers-that-be extremely scared (because it removes a lot of their power - power to control, that is). These things will be nothing more than glorified credit cards, with a little extra "plausible" security tacked on.

Done, probably (none / 0) (#36)
by ksandstr on Thu Dec 28, 2000 at 10:23:29 PM EST

A system much like this one has been in use in Finland for a length of time, but I don't think it uses completely private readers. Anyway, you can 'load' money onto your ATM card's chip and use it in pay phones - using it as a replacement for cold, hard cash isn't a viable solution yet as many stores, for instance, don't have readers.

Also, as it's attached to your ATM card there's bound to be personal information on the chip, not just the virtual pennies.



Fin.
[ Parent ]
Already implemented... (4.00 / 1) (#30)
by WWWWolf on Wed Dec 27, 2000 at 05:11:33 AM EST

...I live in Oulu, Finland, and we recently got our own "city card" (the page is in Finnish, sorry). The card works as a library card, can be used to get tickets in some city-offered services, and can also be combined to bank and card-phone services. More included services are being planned...

I haven't got my card yet - mostly because I already get all the services I need with relative ease by using only two "not that smart" cards, one for library and another for cash...

Basically, the issues you describe above could be generalized with the more common problem: How to prove your identity. In general, you should use one password (or PIN) in one service, but personally, I have found I have zillions of passwords and I never remember them all - and the password mailers kind of defeat the security anyway... How could we find a relatively good compromise between security and convinience?

-- Weyfour WWWWolf, a lupine technomancer from the cold north...


Digital cash and privacy (none / 0) (#37)
by andrewmuck on Sun Dec 31, 2000 at 04:41:32 AM EST

A while ago I posted a story in my search for AnonymousEmoney.

I got kind called a money launderer and asked lots of questions as to why such a thing is needed, possibly some of the answers to that have leaked out here but I am sure the uses are many and seen by those who really do need it.

Since then I have actually started doing something about it, while no smart card is on the table (yet ;) you can join the effort at golden agents (non-profit individuals for monetary exchange)

cya, Andrew...

Smart card to be rolled out "in the next few months" | 38 comments (34 topical, 4 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!