Alliance Activities : Publications : Privacy Report

Privacy and Secure Identification Systems White Paper

Publication Date: February 2003

Pages: 34

Executive Summary

Individuals are currently required to confirm their identity for many diverse purposes, such as verifying eligibility within a health care system, accessing a secure network or facility, or validating their authority to travel. In almost every discussion about implementing personal identification (ID) systems to improve identity verification processes, concerns about privacy and the protection of personal information quickly emerge as key issues. Government agencies and private businesses that are implementing ID systems to improve the security of physical or logical access must factor these issues into their system designs. While technologies are available that can provide a higher level of security and privacy than ever before, ID system complexity coupled with increasing public awareness of the risks of privacy intrusion require that organizations focus on privacy and personal information protection throughout the entire ID system design.

What is Meant by Privacy?

Increasing requirements for identity confirmation and for transactions of almost any kind to require personal identification have caused the definition of privacy to change. Modern privacy requires constraints on the collection, use and release of personal information, as well as the imposition of measures to protect such information.

Protecting privacy means protecting individuals’ rights to control how personal information is collected and promulgated. Protecting privacy also includes protecting against identity theft, or the use of an individual’s personal information for fraudulent purposes. A critical component of protecting privacy is information security–protecting the confidentiality, integrity, and availability of information that identifies or otherwise describes an individual. To be considered privacy-enabled, an identification system must be designed to satisfy these parameters.

Smart Cards Help to Protect Privacy in Identification Systems

Both privacy and security must be considered fundamental design goals for any personal ID system and must be factored into the specification of the ID system’s policies, processes, architectures, and technologies. The use of smart cards strengthens the ability of the system to protect individual privacy and secure personal information.

Unlike other identification technologies, smart cards can provide authenticated and authorized information access, implementing a personal firewall for the individual and releasing only the information required when the card is presented. Smart card technology provides strong privacy-enabling features for ID system designers, including the ability to:

Smart cards provide solutions that can enhance privacy protection and guard against identity theft in different ID system architectures.

ID System Designers Should Follow Privacy Protection Guidelines

A number of government organizations and industry groups have developed recommendations for fair information practices and guidelines to protect individual privacy. System designers need to consider business practices, security policies, and system architectures, as well as technologies. A privacy-enabled system must consider how information is protected and used throughout its entire life cycle. While smart cards, by themselves, are privacy-neutral, their on-card intelligence uniquely enables systems that use them to comply with many of the recommended privacy guidelines.

About This White Paper

This white paper was developed by the Smart Card Alliance to describe how smart card technology can help to protect privacy and ensure security in an ID system. This paper provides answers to commonly asked questions such as:

If you would like to join the task force, please contact info@smartcardalliance.org.