Alliance: Really smart cards guard privacy

Individual privacy should rank as high as building security in smart-card authentication policies and procedures, the Smart Card Alliance says. 'Both privacy and security must be considered fundamental design goals for any personal ID system' based on smart cards, the alliance said in a white paper released last week at its winter meeting in Salt Lake City.

The level of privacy protection depends on when and how smart-card data is accessed, distributed and destroyed. When authenticating a person's identity, a smart-card system should automatically prevent copying, spoofing and unauthorized sharing of the information, and it should access only as much data as is necessary for the immediate task, the alliance said.

It suggested that each smart card should incorporate a safety measure such as a personal firewall, public-key cryptography or biometrics'especially when one card serves several functions. The additional safeguards would not only boost protection but also boost user confidence, it said.

The alliance made these privacy recommendations:

  • Smart card-related databases of personal information should be encrypted and should transmit only encrypted information.

  • Transactions between smart card and reader should be offline only, and any information captured by a reader or other intermediate system should be deleted as soon as a transaction is complete.

  • Organizations should set up checklists to show who is authorized to see or change information in each data field.

  • Cardholders should be required to authorize, via password, personal identification number or biometric permission, the extraction of any data from their smart cards.

  • Applications should be structured so that transaction records can't be used as surveillance tools.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected