 |
 |
 |
 |
June 2006 • Volume 11 Number 6 |
 |
|
Executive Director's Letter Dear members and friends of the Alliance: A phrase that is commonly used in the mainstream media to refer to the government’s actions in the Middle East is that “the United States is engaged in a fight for the hearts and minds of the citizens of Iraq,” so as to win them over to our government’s view of freedom. Likewise, I find the smart card industry engaged in a similar battle for the hearts and minds of the citizens of this country over their concerns for security and desire for privacy – and the appropriate application of technology to achieve both. Since anyone who reads a newspaper or watches television news magazines and the evening news knows that bad news stories outnumber good news stories by a wide margin, it can be expected that news stories about security and privacy-related topics will also focus on the bad rather than the good. An example of this occurred last Friday when the ABC News show “20/20” did a story about identity theft. The segment began by talking about credit card thieves using pocket card readers to skim credit card numbers from unsuspecting consumers’ cards and then selling them on the Internet. That is a well known problem, but did the reporter use the opportunity to present a solution to this type of identity theft? No, that would turn a bad story into a good story. Instead of pointing out how new contactless credit cards help prevent this type of fraud by generating a unique number each time they are read by a point-of-sale terminal and by allowing cardholders to keep control of their cards instead of handing them over to the clerk to be swiped, the story goes down a “more bad news” track. The reporter brings up RFID technology from ExxonMobil Speedpass as the “next step in high-tech” payment that “makes life easier for the crooks.” Avi Ruben from Johns Hopkins is then interviewed to explain how his lab cracked the encryption in Speedpass so that, in theory, a thief could read a tag inside someone’s pocket and copy the ID number. And, since Ruben refers to all RFID as one common technology, he falsely concludes that “this new technology” (implying RFID with the same weak encryption, static account number, and lack of anti-tampering features) will be spreading to everything from regular credit cards to passports, putting all of our personal information at risk.
 This month Smart Card Talk spoke with Bryan Ichikawa, Identification Solutions Architect, Unisys Corporation. Bryan provides subject matter expertise and program support for smart cards, identification technologies, and credentialing solutions for Federal and Global Public Sector initiatives at Unisys Corporation.Bryan was previously at Thomson Media, responsible for general management of the CardTech/SecurTech (CTST) and CardTech/SecurTech ID Conference and Exhibitions. Bryan has held positions as Executive Director of the Business Solutions Group for SPYRUS, Director of Marketing for Smart Cards at Certicom Corp, and has spent ten years at MCI Telecommunications in several executive and technology roles.He has worked extensively with the Smart Card Alliance over the past decade. He has held many active roles within the Alliance, including serving on the Board of Directors and being an instructor for the Educational Institute. He is a contributing author for "Smart Cards--Seizing Strategic Business Opportunities" and holds two patents for data security and user privacy in communications systems.
Western Hemisphere Travel Initiative PASS Card: Recommendations for Using Secure Contactless Technology vs. RFID This new Identity Council position paper provides support for the use of ISO/IEC 14443-based contactless technology for the Western Hemisphere Travel Initiative PASS card system. Contactless smart card technology can meet the program's operational requirement for high throughput while providing strong security, protecting individual privacy, and leveraging the ePassport infrastructure. Background In the past, fraudulent travel documents have been used to cross borders and violate immigration laws without detection. Today, for example, a U.S. citizen needs only a driver's license to reenter the United States after a visit to Canada. However, there are over 240 valid formats for a U.S. driver's license, and customs agents must rely on visual inspection and experience to assess potential security risks and identify counterfeit documents. As part of the Intelligence Reform and Terrorism Prevention Act of 2004, the Western Hemisphere Travel Initiative imposes new requirements for admission to the United States. Starting in January 2008, everyone, including U.S. citizens returning from Canada, Mexico, Panama, the Caribbean, and Bermuda, must present secure travel documents establishing their identity and nationality to enter the United States. The Department of State and the Department of Homeland Security (DHS) plan to produce a less expensive, secure biometric ID card, called the People Access Security Service (PASS) card, as an alternative for U.S. citizens subject to this requirement who do not wish to use a passport. While the two agencies agree on many aspects of implementing the PASS card program, they currently do not agree on the best technology.
|
|
|
Executive
Director's Letter
