NATIONAL IDENTITY CARDS

by BERNARD A HODSON

There is a growing market for the creation of national identity cards. Several countries now have a simple card or are considering same, some for health data, others for licenses, yet others for passports. To avoid a profusion of different cards in your wallet a national identity card should store a variety of personal data, but the technology to do so is still immature. The first company to develop a secure, multi purpose card will establish a de facto standard. Current vendors are not very promising in this regard, concentrating too much on the creation of real estate heavy operating systems and languages such as Java, with its limited capability and lack of speed.

In spite of hostility in some quarters, and privacy issues, their development is inevitable, given current security concerns and terrorist activity. They will not get rid of terrorism but should cramp their activities to some extent. Are such cards feasible and, if so, what data should be stored and what security be employed?

Data on health insurance information is one obvious area (general medical information on such cards is the subject of a future article). Vehicle licenses and required insurance information is another, as is residence location. Social insurance numbers is a natural, along with birth and marriage certificates and legal name changes. Passport information with digital photo (also used for driving license) is another proposed use. Other likely developments include its use as an electronic purse for use in stores, vending machines and parking meters. Non government data (e.g. for banks, merchants, credit cards) should be separate cards, which will still continue the profusion of cards we carry today...

Creators of such cards must address several social issues. Who gets such a card? Will they be issued to minors from birth to the age of majority? How do the homeless get such a card? Can people decline a card based on religious issues, if so what alternate is there for them? What backup is available for those who lose their cards or have them stolen?

Current security measures include fingerprint and iris scans, facial recognition and personal identification numbers (PIN). In addition there are encryption algorithms requiring a personal key (PK). Magnetic stripe cards are out for secure activity.

It is unlikely that iris scans will be useable. Different coloured contact lenses and other intrusions or eye diseases can affect the scan. Facial recognition has its problems in that people's faces change over time, others grow moustaches, beards or change hair colour. Some terrorists would wear masks. Facial recognition software is not mature enough to handle all the problems that could occur if every member of a population has to have them, including the new born. This leaves finger print verification as the likely winner in this situation but will require a huge deployment of scanners and software. Software must also ensure that photocopies of fingerprints will not trigger a positive response. PK activated encryption systems need further study by the industry but could have similar problems to the handling of PINs, particularly with an unsophisticated public.

A major problem is how changes to the information on the card are made, not just for simple things like an electronic purse but for legal name changes, periodic updates of photo images, PK changes due to security breaches, change in marital status, family relationships, mailing and home address moves, sex change, medical alert information changes and on and on. Most governments advocating national identity cards have, in most cases, not fully addressed these issues.

Finally, notwithstanding the propaganda of software vendors, including those industries which have been using smart cards for a while, there is very little, if any, software technology in the world capable of satisfactorily handling a multi application national identity card. The software for such developments requires a strategy not involving operating systems and resource consuming languages. It also involves an ethnic language independent approach.

Very few companies are prepared to abandon their adhesion to obsolete software paradigms and branch out in new and needed directions. Information Technology is not yet ready to handle multi application national identity cards. Some are trying but will suffer humiliation and perhaps severe financial non performance penalties in their failure, hopefully the rest of industry learning from their mistakes.