Smart cards have the potential to be a huge benifit to society, but the implications will need to be well thought out before they gain widespread acceptance by a technophobic public.
Oh how I wish society really were technophobic, god how I wish that were true. We, in the US at least, are a society of people with a truly unusual perspective on technology. One the one hand, very few seem to want to genuinely learn about it, but everyone wants to benefit from it. This leads to a situation like we have now where people blindly look to others to provide what they could quite well provide for themselves. They look to special interest groups to protect what they ought to be protecting themselves.
This is the perfect example of the sort of situation that makes me yearn to have a full-time security job in the IT world. Citizens are, as yet, unwilling to look after themselves and need people with consciences out there looking after them until we can bring them up to speed. The government has, thus far, proven themselves not up to the entirety of the task, and it would be foolish to trust those who wish to reap a profit from the masses to not put them at risk in the process.
I don't know that smart cards are anymore of a solution to the problem than SSL, x.509, or anything else we've implemented yet. So far every solution has been implemented pretty much independant of everything else, or instead undertaken with all this high-minded talk of "leveraging" existing infrastructures, creating "synergies" in heretofor unrelated technologies, and other purely profiteering techniques. Perhaps it's time everyone stopped looking for a panacea and instead starting building a system?
What corporations mean when they talk about leveraging existing infractures is that they have these kick-ass databases spread through-out industries about people, and they want to combine them, massage them, and mail-merge them into greater profits. Synergies? Simply another word for, "We bought this shit, can't make a profit off it, so instead we'll charge you to keep interoperating." The worst part is, I can't really fault the companies. They're doing what's in their own best interests, just like good companies should. Remember Samuel Gompers and his remark to the effect that the truest way a captain of industry could fail was failing to show a profit? That's exactly what these companies are striving to avoid, and they're doing it by following the path of least resistance, least cost, and least effort possible. The reason it's such a great path is that the people they're making a profit from are in fact conniving at their own destruction.
Security is a trade-off between privacy, anonymousy, gaurantability, and other such words and convenience. Isn't it amazingly scary how you have all kinds of concepts on one side, and just one simple one on the other? Everything boils down to how convenient something is, because convenience affects every aspect of business. It affects profitability, risk management, it defines these things. The most profitable course will always seem to be the most convenient, and thus will, and should, be followed. The problem is that the customers don't recognize how poor a choice convenience often is. Better yet, these same companies have become clever enough to shield them from the consequences of their own folly in order to reap in even further profits.
Credit card companies don't need to invest in security, because the hassles of it would reduce consumer spending. They're willing to pick up the entire tab on fraud in exchange for you spending more money, and carrying a higher balance. They've done the math, they know what the right call is. They'll finance anyone because they're going to get enough money out of it in the end to take the time and effort.
Why are the companies the only ones with every angle figured? Because it's convenient for them to know ahead of time what the right choices are, it's more profitable. Why don't citizens have their own options figured out? Because they've been given convenient courses of action by people they're foolish enough to trust. Not just do business with, but actually trust. They put no consideration into why these companies are worthy of their trust, but instead just blindly do the trusting. This is beyond foolish, this is the kind of thinking that not only deserves but in fact begets everything that people are supposedly crying foul about. Privacy invasions, violations of consumer trust, rampant monopolistic business practices, these are all direct results of a lackadaisacal market place.
Those of us who do have a clue about security need to be out, not fear mongering for that must be reserved for people who will understand the hidden truth in the hyperbolic lies, but speaking to the people whom we protect about why they need to take a more active role. We must cajole these people into seeing the benefits that role will give them, the lower prices, etc that they can look forward to with just a little effort. Once we get the ball rolling we can gradually introduce the truth, but again we must be careful. Most of all, we have to use the tactics that work, and those tactics are clear as day, we must merely observe the sucessful PR machines. When looking at the economic situation in the US, remember history in that Hitler was elected, Castro came to power on a popular revolution, even Mao was well loved. So it is with Microsoft, GE Capital, and all the others people have such a hatred for, but whom the buying public love the products from, or services of. They aren't our friends, nor our enemy, but instead our competition and must be viewed that way. We aren't out to destroy them, but to save our fellow citizens.
"Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'