Greenleaf, Graham --- "Smart cards - a 'next big privacy issue'" [1996] PrivLawPRpr 1; (1996) 2(10) Privacy Law & Policy Reporter 181

Smart cards - a 'next big privacy issue'

Graham Greenleaf introduces this Special Issue.

There is no single 'next big privacy issue', but in any nomination of a handful of issues 'smart cards' are sure to appear, along with 'internet surveillance' and 'data matching and profiling'. Smart cards' is a term that covers a multitude of sins - or virtues - or both, depending on perspective.

One emphasis is on stored value cards, where the key element is the storage of renewable or disposable financial value, and resultant privacy issues of recording of transaction trails and their possible use. The storage of personal details, rather than monetary value, is another focus of smart card use, with the most common and controversial such use being the storage of a person's medical history, including history of pharmaceutical use. Other contentious uses include 'digital passports' recording a person's travel history, and various types of 'intelligent transport systems' including such elements as toll collection.

Another focus, overlapping all others, is the use of a card as a reliable personal identifier. One approach depends on the card holding a digitised biometric identifier (for example, fingerprint) which can be verified against the physical holder. Distinct from these biometric identifiers is the use of a smart card containing a 'digital signature' achieved through the use of public key encryption technology, which raises the privacy issues of public key authentication infrastructure (see 2 PLPR 162). Such cards may be intended to be used for specific purposes, such as access to physical locations, or to enable access to 'virtual locations' such as particular network/internet sites. Whether or not a multi-purpose identifier is proposed, the 'smart ID card' will always raise privacy suspicions about its eventual ambit. Cards which combine aspects of all these functions heighten these fears.

The one thing that all of these rather different emphases have in common is that they rely on a secure method of data storage that is decentralised in the sense that the card is carried by the person to whom the stored information relates. In contrast, network/internet surveillance issues arise from the prospect of aggregation and interconnection of personal information that networks make possible. However, the contrast is more apparent than real. A paradox of smart cards is that they are at their most powerful when they interact with complex networks, whether to provide a verifiable link between a physical card-holder so as to allow access to networked information, or to upload or download value or personal details between card and network.

Australian players

Smart card developments in Australia, and the reaction of regulators and privacy bodies, have already produced an extremely complex picture. This Special Issue aims to introduce the main Australian players in the coming debates over smart cards and privacy, and to outline their positions to date.

Chris Connolly outlines the handful of Australian trials of stored value cards (p183), and explains the NSW Privacy Committee's recommendations in its report, Big Brother's Little Helpers. He also outlines possible dangers in the lack of anonymous cards, and in the link between smart cards and public key infrastructure.

The 'smart health card' refuses to go away, despite official denials (see 2 PLPR 100). The Council of Australian Government (COAG) working group on health and community services is reported to have presented an interim report to all governments in December, arguing for 'an enhanced Medicare card that would record basic data each time a patient dealt with the health and welfare systems' (The Weekend Australian, 13 January 1996).

The Australian Privacy Commissioner has released a Discussion Paper, and Donna Bain describes the policy issues as seen from his office (p 186), including details of the Federal Government's disavowals of Medicare smart cards. At a seminar to launch the Discussion Paper on 14 December 1995, Commissioner O'Connor favoured the extension of general privacy laws to cover the private sector as an appropriate legislative response. This was also the approach taken by Card Technologies Australia, who preferred legislation based on the NZ Privacy Act 1993, rather than legislation aimed specifically at smart cards. The Australian Consumer's Association favoured a 'pyramid' regulatory framework, combining an industry code with punishment of 'recalcitrant offenders' 'with large and public financial penalties'.

The smart card industry released a draft Code of Conduct on 20 December 1995, and we extract its key privacy provisions (p 190). Roger Clarke sees it as a promising start (p 189), but suggests needed improvements and questions whether the industry can achieve consensus on such matters. He may still be too kind. A particular weakness of the draft Code is that it lacks any effective sanctions for breach, beyond the extremely unlikely one of expulsion from the Smart Cards Forum. Comparable schemes such as the Telecommunications Industry Ombudsman at least have provision for mandatory payment of damages up to a ceiling of $10,000 and provision for recommended damages beyond that. The Smart Card Forum will need to improve on its limp opening bid if it wishes to be taken seriously.

The legislators are already starting to react. In the ACT, site of the Mastercard trial, shadow Attorney-General Terry Connolly proposes to introduce a Bill prohibiting any unauthorised disclosures of 'cash card' usage particulars (p 193).

The Commission for the Future has commenced a major study of the social issues associated with smart card technologies (p 185). They had better make haste, as many of the key decisions on this aspect of Australia's future will be decided in the next year or two.

Graham Greenleaf, General Editor.