smart cards - threat or panacea?
DESCRIPTION
Smart Cards - Threat or Panacea?. Round-Table Seminar Smart Cards & Society Chulalongkorn University -Bangkok 11th November 2004. Prof. Jim Norton Senior Policy Adviser UK Institute of Directors Former Director UK Cabinet Office PIU e-Commerce team www.profjimnorton.com. - PowerPoint PPT PresentationTRANSCRIPT
Smart Cards - Threat or Panacea?
Round-Table SeminarSmart Cards & Society
Chulalongkorn University -Bangkok11th November 2004
Prof. Jim NortonSenior Policy Adviser
UK Institute of DirectorsFormer Director UK Cabinet Office
PIU e-Commerce teamwww.profjimnorton.com
• Setting the scene - technological growth outstripping social absorption?
• Why might we be interested in ID and data sharing?
• What do we mean by “Identity” and “Smartcards”
• A look at the challenges in more detail.
• A risk analysis.
• The weak link - binding identities to individuals?
• Biometrics - reliable for which purposes?
• Some final thoughts.
Issues to be covered
The second half of the chessboard
Original idea: George Gilder at the Cato-Brookings Institution conference "Regulation in the Digital Age," held in Washington D.C. on April 17-18, 1997.
The cost-performance of electronics doubles every 18-24 months (Moore’s Law)
110
1001,000
10,000100,000
1,000,00010,000,000
100,000,0001,000,000,000
10,000,000,000100,000,000,000
1,000,000,000,000
1940 1950 1960 1970 1980 1990 2000 2010 2020 2030
Source: Analysys
33 Doublings
Moore’s Law in Action:Intel Microprocessors
Source: Intel & Silicon Image
0
5
10
15
20
25
30
35
40
45
197119731975197719791981198319851987198919911993199519971999
M Transistors
40048008
8080 8086 80286 80386DX 80486DX Pentium
Pentium II
Pentium III
Pentium 4
2T/18
Opto-electronics follow the same path (Moore’s Law operates in telecoms, too)
Source: Analysys
31 Doublings 1980 1985 1990 1995 2000 20050
5000
10 000
15 000
20 000
25 000
30 000
35 000
40 000
45 000
1975
Mbit/s
Gigabit Ethernet installed base growth
0
10
20
30
40
50
60
1998 1999 2000 2001 2002 2003E 2004E
GBE Ports (Installed)
Mill
ions
Source: IDC & Silicon Image
The cost-performance of magnetic storage doubles roughly every 18months…
110
1001,000
10,000100,000
1,000,00010,000,000
100,000,0001,000,000,000
10,000,000,000100,000,000,000
1,000,000,000,000
1940 1950 1960 1970 1980 1990 2000 2010 2020 2030
Source: Silicon Image
26 Doublings
Disk storage density is growing exponentially too…
0
50
100
150
200
250
1996 1997 1998 1999 2000 2001 20022003E2004E
Gb/sqin
Source: IDC & Silicon Image
Cooper’s law for wireless
1
100
10,000
1,000,000
100,000,000
10,000,000,000
1,000,000,000,000
100,000,000,000,000
1895 1905 1915 1925 1935 1945 1955 1965 1975 1985 1995 2005
Cooper’s Law, (after ArrayComm Chairman, Martin Cooper), states that the number of conversations (voice and data) conducted over a given area, in all of the useful radio spectrum, has doubled every two and a half years for the last 105 years, ever since Marconi discovered radio in 1895
42 Doublings
Source: ArrayComm
But we have seen this before in the context of the telegraph…
1850 1852Year
1846 1848
Miles of wire in the USA 23 000
12 000
200040
Source: Tom Standage, The Economist, “The Victorian Internet”
The first half of the chessboard has already delivered some surprises
Microsoft Corporation, 1978
We are drowning in data….
Where is the life we have lost in living?Where is the wisdom we have lost in knowledge?Where is the knowledge we have lost in information?
T S Eliot, Choruses from ‘The Rock’, 1934
And a codicil for the 21st century… Where is the information we have lost in data?
The World produces more than 2 Exabytes (2 Billion Gigabytes) of unique information per year, more than 250 Megabytes for every man, woman and child on earth…
Technology of course makes an excellent servant but a poor master…
As an engineer and director my strong concern is with the process by which increasingly rapid change in technological capability diffuses out into society and the economy…
Source: Jim Norton, COGS Network Meeting, University of Sheffield, 20/01/03
•Major scope to improve quality and lower cost in both public and private sectors…
•Potential to greatly simplify citizen - state interactions…
•Potential to tailor private and public sector services to individual consumers…
Riding the information “tiger”…
•But poor track record in building systems which align people, systems and processes.
•But to whose benefit and under what agreed privacy constraints?
•But major absence of the ‘trust’ required to permit the holding and use of personal data.
Networked information systems can be either (or both!) a benefit and a curse…
Source: Jim Norton, COGS Network Meeting, University of Sheffield, 20/01/03
Market-led approachA competitive and
innovative environmentInternationally agreed tax and
regulatory frameworks
Co-ordination and focus across Government Monitoring and evaluation
A framework for analysis..
AccessUnderstanding
Trust
The UK is the leading centre for e-commerce activity within a strong Single European Market, based on openness and innovation by suppliers and customers, light touch regulation, and Government-Industry partnership
Source: UK Cabinet Office PIU Report “[email protected]” Sept 1999
• Setting the scene - technological growth outstripping social absorption?
• Why might we be interested in ID and data sharing?
• What do we mean by “Identity” and “Smartcards”
• A look at the challenges in more detail.
• A risk analysis.
• The weak link - binding identities to individuals?
• Biometrics - reliable for which purposes?
• Some final thoughts.
Issues to be covered
Why might the “information sharing” agenda be important?
The private sector has demonstrated very real improvements in service quality (and reductions in cost) based upon information sharing and e-business tools
The e-business scope compass source: Mohanbir Sawhney - Kellogg Management School Northwestern University Chicago
The e-business scope compass
“When I took a look at Boeing’s interaction costs and discovered that e-enabling the business could save as much as 50%, I became an instant believer…” Phil Condit Chairman & CEO The Boeing Company - 2001
Developing enterprise integration is a long climb…
In many ways local government has demonstrated more rapid adoption than central government.For example, much UK central government work is stuck on the bottom two rungs of this ladder. The upper rungs need strong identity authentication
The ladder of e-business initiatives, source: Mohanbir Sawhney - Kellogg Management School Northwestern University Chicago
Govt. information sharing: a SWOT analysis
Avoid multiple data entry Some clear personal benefits - e.g.
in health care Simplified, personalised
interaction. Major service improvements (e.g.
Electronic conveyancing)
Over centralisation “sharing creep” e.g. through
poorly anonymised research. Poor understanding of how to
maintain overall integrity Potential for access demands from
law enforcement.
Strengths Weaknesses
Genuine debate explaining benefits and risks for citizens
Develop multi-level system to authorise transactions
Let citizens hold the info. And authorise sharing?
Develop de-centralised approach around common standards
Opportunities Extensive distrust of Government
motives… Increasingly attractive target for
hacking Single security breech could
contaminate multiple applications. Increasing pressure on data
protection legislation.
Threats
The need for informed open debatePolitical leadership is required, coming out of the bunker and promoting broad debate on areas such as:
• What “Vision” and “Values” underpin the Government’s “Mission” in data sharing?
• What are the tangible benefits to citizens from Government information sharing?
• What are the risks inherent in such sharing and what processes will be put in place to manage these?
• How will information sharing be regulated? What forms of redress will there be against inappropriate sharing?
UK Government ID card objectives
tackle illegal working and immigration abuse; disrupt the use of false and multiple identities by organised
criminals and those involved in terrorist activity; help protect people from identity fraud and theft; ensure free public services are only used by those entitled to
them; and enable easier and more convenient access to public services
The UK Government’s stated aims are to:
Source: UK Home Office Command Paper 6359 - Oct 2004
• Setting the scene - technological growth outstripping social absorption?
• Why might we be interested in ID and data sharing?
• What do we mean by “Identity” and “Smartcards”
• A look at the challenges in more detail.
• A risk analysis.
• The weak link - binding identities to individuals?
• Biometrics - reliable for which purposes?
• Some final thoughts.
Issues to be covered
Attributes of Personal Identity (PI)
Data contributing towards the validation of identity, e.g. does “John Smith” exist?
Data contributing towards the verification of identity, e.g. is this “John Smith”?
Data contributing towards the assessment of eligibility to attain the product or service.
Elements required to prove identity or eligibility:
Source: UK/EURIM Personal Identity Management Group “Strawman” March 04
Three dimensions of identity evidence: Breadth - the number of evidences? Depth - how far back in time does evidence reach? Quality:
– were robust measures of identity authentication enforced when the evidence was established?
– does the evidence emanate from a reliable source?
– are the personal identity attributes maintained e.g. address changes?
How do individuals identify themselves to service providers?
physical possession of the evidence e.g. presenting a utility bill;
visual attributes within the evidence that can be connected to the person e.g. a photograph; or
corroboration of attributes associated with the individual’s personal identity obtained from independent sources against those supplied by the person on this occasion….
This is achieved (with varying degrees of confidence) by:
Source: UK/EURIM Personal Identity Management Group “Strawman” March 04
– given verbally;– presented through electronic data capture.– associated with an identity token:
• physically presented electronically read
o locally authorised– PIN– Biometric
o centrally authorised– PIN– Biometric
visually read• electronically transferred
centrally authorised
Such corroboration can be:
Multiple levels of authentication are required
1
2
3
Possess Photo PIN PassW KeyW BioM
YY YY YY
YYYY
Y
Method of attachment
Aut
hent
icat
ion
Lev
el
Source: UK/EURIM Personal Identity Management Group “Strawman” March 04
Tokens can take many forms
Photo PIN PassW KeyW BioMCentral
YY YY
Y
Method of attachment
Virtual
BioMLocal
Y
Card
Smart Card
Digital Cert
Y
YY YY
YY
Source: UK/EURIM Personal Identity Management Group “Strawman” March 04
• Setting the scene - technological growth outstripping social absorption?
• Why might we be interested in ID and data sharing?
• What do we mean by “Identity” and “Smartcards”
• A look at the challenges in more detail.
• A risk analysis
• The weak link - binding identities to individuals?
• Biometrics - reliable for which purposes?
• Some final thoughts.
Issues to be covered
What challenges are we seeking to address?
For the citizen to be able to protect their own identity from high-jacking and abuse.
For the citizen to be able to protect the identity of deceased or vulnerable relatives.
To reduce the impact of identity fraud on society. For the citizen to have more than one identity e.g. married and
maiden names. For the citizen to have confidence in whom they are dealing with. For the citizen to have control over their personal data. For the citizen to have control over who has access to their data. For the citizen to have choice re: methods & channels to select to
obtain products and services.
From the citizen’s perspective:
Source: UK/EURIM Personal Identity Management Group March 2004
What challenges are we seeking to address?
To be able to employ trusted, secure, cost effective methods of providing products and services to their customers .
To attain the highest degree of confidence re: who they are dealing with in relation to the risk of the service or product offered to their customers.
To allow the citizen to be able to obtain a copy of their personal data used in a specific transaction via the Data Custodian where the data has been procured from source and then assembled and passed to the service provider by the Data Custodian.
To enable the citizen to report identity fraud against themselves via a single point. The service provider has a responsibility and vested interest in ensuring that to
carry an identity token provides the citizen with worthwhile benefits in terms of the services made available, the speed and effectiveness of the service, the reduction in personal data requested and the associated general convenience.
To recognise that the citizen has the right to utilise a number of identities associated with themselves.
From the service provider’s perspective:
Source: UK/EURIM Personal Identity Management Group March 04
Consent - “Circle of Trust”
Citizen
Provider of services to the citizen
SourceData
SourceData
DataBroker
Service Application
PI‘KiteMark’
IndependentBody
Notificationcondition of ‘KiteMark’
Specifies typeof data &
level of datato be accessed
Con
sent
Source: UK/EURIM Personal Identity Management Group “Strawman” March 04
• Setting the scene - technological growth outstripping social absorption?
• Why might we be interested in ID and data sharing?
• What do we mean by “Identity” and “Smartcards”
• A look at the challenges in more detail.
• A risk analysis.
• The weak link - binding identities to individuals?
• Biometrics - reliable for which purposes?
• Some final thoughts.
Issues to be covered
Identifying the risks in “Smartcard” ID systems
Risk is an essential element of any innovation. The key to success is how those risks are identified, managed and controlled…
Segmenting smartcard “risk” - PEST
Seeking instant “at a stroke” solutions to intractable problems?Lack of willingness to explain and debate genuine benefits versus liabilities?Inappropriate applications (e.g. counter terrorism)?Function creep…?
Creating new “single points of vulnerability” in National Critical Infrastructure?Placing excessive trust in a single mechanism?Costs of ensuring high integrity in unambiguously identifying individuals prior to issuing card?Deployment risks/costs?Costs of false positives and negatives?
Lack of trust of Government motives and plans?
Poor visibility of potential benefits compared to clear civil rights and privacy concerns?
Unconstrained data sharing?
Concern over cost/benefit balance?
Political
Social
Economic
TechnologicalDeveloping, and maintaining the integrity, of very large databases?
Quality of existing data?
Confusion between absolute identification and confirmatory authentication?
Widespread use of biometrics under “real world” conditions?
Still more risk segments…Operational Legal
Potential for subversion of junior staff in the card issuing process?Need for exceptionally high overall system availability 24x7?Vulnerability to Distributed Denial of Service (DDoS) attack? Fallback plans in the event of major failure?
In Europe - relationship to human rights legislation?Admissibility of evidence based solely on computer data.Ensuring forensic integrity of identity data in the legal process.Potential for “false positives”, poor general understanding of statistics?Data protection legislation?
Sometimes it takes awhile to work out just how deep in the mire we are…
• Setting the scene - technological growth outstripping social absorption?
• Why might we be interested in ID and data sharing?
• What do we mean by “Identity” and “Smartcards”
• A look at the challenges in more detail.
• A risk analysis.
• The weak link - binding identities to individuals?
• Biometrics - reliable for which purposes?
• Some final thoughts.
Issues to be covered
The weak link - binding identities to individuals?
What documentary “proofs” will be required to establish an individuals identity before it is bound to a card?
How thoroughly will these “proofs” be checked? How vulnerable will the system be to subversion of junior staff? How secure will the process be for maintaining the link between
the individual and the ID card on say name change at marriage, or in giving a power of Atourney during incapacity?
I’m convinced that the technology for a smartcard based ID system can be made to work, however I have real concerns about the ‘people’ and ‘process’ aspects. In particular:
• Setting the scene - technological growth outstripping social absorption?
• Why might we be interested in ID and data sharing?
• What do we mean by “Identity” and “Smartcards”
• A look at the challenges in more detail.
• A risk analysis.
• The weak link - binding identities to individuals?
• Biometrics - reliable for which purposes?
• Some final thoughts.
Issues to be covered
Biometrics - reliable for which purposes?
It is unsafe to use for example DNA fingerprinting simply to trawl a national database for matches without any other linkage of an individual to say a crime scene. It is however safe to use DNA finger printing to corroborate an existing link…
Retina scanning offers a high probability of successful identification in a population of millions with miniscule probability of “false positives”
Facial recognition is an immature technology with a false negative rate under”real world conditions of 20%+
Striking a balance between ‘false positives’ and ‘false negatives’?
History will show that certain assumptions involving biometrics will prove to be ill founded - If biometric-related initiatives were poorly conceived, States risked the alienation of responsible citizens - Dr Julian Ashbourn giving evidence to the European Parliament Committee on Civil Liberties Justice and Home Affairs 6th October 2004. More on: http://www.avanti.1to1.org/
• Setting the scene - technological growth outstripping social absorption?
• Why might we be interested in ID and data sharing?
• What do we mean by “Identity” and “Smartcards”
• A look at the challenges in more detail.
• A risk analysis.
• The weak link - binding identities to individuals?
• Biometrics - reliable for which purposes?
• Some final thoughts.
Issues to be covered
Some final thoughts A broad, informed, debate on ID cards and Government data sharing -
shaping its overall Vision, Mission and Values - is necessary. Such data sharing represents a very complex process involving both
people and technology plus regulation and legal controls at national and international level.
The past track record generally of Governments with such technology mediated business change projects gives cause for concern…
Blind faith in technological solutions is unlikely to lead to successful outcomes.
Authentication of eligibility rather than full personal identification may often be more appropriate.
Biometrics are an important, evolving, technology but must be used appropriately.
An incremental approach and peer to peer linkage might offer a more predictable environment than hierarchical mega-systems.
But always remember that major change can sometimes
have unexpected impacts….
Oh dear…!
Questions & Answers
Slides can be downloaded from:
www.profjimnorton.com/jnthaiv3.ppt