'Smart cards' get a second look

Monday, October 15, 2001

NEW YORK -- Smart cards, with their embedded computer chips, caught on more quickly among European and Asian credit card holders than Americans, who've seemed reluctant to stop swiping bank cards with low-tech magnetic stripes.

But in a terror-shaken country where security is now a priority, computer chip cards are gaining favor for a new purpose: as secure ID cards to be checked at borders and airports -- and to keep tabs on immigrants.

Some corporate leaders have even called for a national identification cards that uses the technology, now found mainly on credit cards such as American Express Blue.

Proponents say the chip cards, which can hold far more data more securely than a magnetic strip, represent the best available technology for a tamperproof ID.

Store a personal biometric on the card -- a digital scan of a thumbprint, iris or hand -- and check it against the real thing, and the identity of the cardholder is airtight, proponents say.

"It's like a PC in your pocket," says Donna Farmer, president of the New York-based Smart Card Alliance. "It's the best tool to protect privacy and fill security gaps."

Farmer's group says North Americans' smart card use jumped 37 percent in 2000, fueled by increases on corporate and college campuses, where chip cards are used for identification and building access as well as payments in cafeterias, parking lots and online.

Not hack-proof

Experts caution, though, that the technology's real-world performance is less reliable than advocates suggest.

"They're not hack-proof," said Kevin Poulsen, editorial director of SecurityFocus, a security technology firm.

Over the past few years, satellite broadcaster DirecTV has been locked in an escalating technology war with hackers who have defeated the company's smart card system and helped themselves to free TV programming, Poulsen said.

Still, the cards are already being used as identifiers by U.S. military personnel and frequent international travelers registered with the U.S. Immigration and Naturalization Service.

There is also discussion of using chip-embedded cards as airport "travel ID cards," allowing fliers to register with a biometric scan and avoid time-consuming manual checks.

Keyboard manufacturer Key Source International announced last week that it was providing at least three major U.S. airlines with keyboards with built-in smart card readers and a biometric fingerprint scanners. The keyboards would be used to confirm identities of frequent fliers and airline crew members.

A Senate bill also seeks to create smart card visas for foreign immigrants and visitors that makes it easier for authorities to detect and deport visa violators

The legislation, sponsored by Sens. Christopher Bond, R-Mo., Kent Conrad, D-N.D. and Olympia Snowe, R-Maine, calls for would-be visitors to submit to tough background screening and a biometric fingerprint scan.

The biometric would be stored in a "tamperproof" smart card visa, as well as a U.S. government database, allowing periodic checks against immigration, intelligence and law enforcement records, Bond said.

"We'll know who that person is when they come in the country and when their visa expires," Bond said.

Bond said Congress is looking to increase funding to the INS, which would oversee the system. A fee of about $100 would help pay for it, Bond said.

Daunting logistics

The logistics of building a nationwide -- or worldwide -- biometric-based smart identity card system are complex, pitting security stipulations against privacy concerns.

The sheer size of the network would be enormous, rivaling the global credit card payment system, Poulsen said.

A secure worldwide network would need to link registry databases at U.S. consulates to readers connected to police laptops, airline ticket offices, security checkpoints at public buildings and myriad other locations, Poulsen said. Each would require a smart card reader, costing from $100 to $500.

Privacy advocates balk at any system that would require sharing a database of personal identifiers among intelligence, police and immigration authorities.

In Canada, a system that would have issued biometric smart ID cards to the 12 million users of Ontario Health Insurance has been on hold for a year, with authorities unable to agree on its scope, said Ontario Privacy Commissioner Ann Cavoukian.

Some experts caution against putting too much trust in smart cards as the sole keepers of critical data -- cautioning that they are not fail-safe and could be exploited by impostors.

"Without the right cautions, a security device actually empowers you to commit fraud," said James Van Dyke, who studies payment practices for Jupiter Media Metrix. "The last thing you'd want to do is view a smart card as a panacea."

If, as Bond proposes, smart cards are also used to enforce common immigration law, they'll become an immediate hacking priority for counterfeiters, who already mass-produce fake ID cards and papers for undocumented migrants, Poulsen said.

Some experts doubt that smart cards offer much protection against foreign terrorists anyway. As foreigners, they are unlikely to have records or fingerprints stored in a database available to U.S. authorities.

"I don't see how it would solve security issues," Van Dyke said. "To me there more questions than answers."

Respond to this story

Posting a comment requires free registration: