Privacy: Protecting personal details
19 January, 2012
category: Contactless, Digital ID, Government, Smart Cards
With more and more transaction and interaction becoming electronic, privacy concerns are on the increase. This is especially true in the context of government-to-citizen and government-to-employee transactions.
The emergence of contactless technology as the preferred interface for smart card transactions is increasing the risk of data leakage. The result is that more personal data than ever before is being shared to create a web of information about who we are and what we do.
Some people believe that the information they are required to provide during a government transaction is excessive and irrelevant, especially as recent devices in the marketplace now make it easier than ever to capture sensitive details transmitted over-the-air and over-the-Internet. With so much personal information already available, questions are being asked as to how this information is stored, exchanged and used by the authorities.
To address these concerns the government ID industry is working to establish universal privacy guidelines. This sophisticated framework will aim to encourage best practice and security, without impacting global interoperability and connectivity to deliver the efficiencies required by government departments today.
The role of GlobalPlatform
GlobalPlatform is a not-for-profit organization which standardizes the management of applications on secure chip technology. In 2006 it established a Government Task Force to determine its role in addressing the long-term needs of governments engaged in large scale electronic-ID (e-ID) deployments for both government-to-employee and government-to-citizen applications.
The Government Task Force compromises a range of e-ID stakeholder communities from across the globe and provides a forum to bring these parties together to collectively discuss the business and technical requirements of the sector.
The value of the group is further strengthened by its outreach with other industry bodies to align work programs and specifications. This ultimately facilitates the deployment of workable technical guidelines that can be adopted by governments globally to create a worldwide e-ID framework.
The privacy framework
In 2011 GlobalPlatform’s members undertook work to better understand privacy trends. This included the identification of government needs for privacy, agreeing technical terminology and analyzing active applications and standards.
The outcome was the creation of an initial privacy framework. It was supported by a road map and technical migration path, which promoted the advancement of an interoperable, convenient and effective e-ID ecosystem, while maintaining confidentiality of end-user data. Core to this work is GlobalPlatform’s acknowledgment that only essential details should be exchanged to validate an individual during a transaction.
The work has been well received by the e-ID sector. In 2012 focus will be placed on enhancing this initial infrastructure to release the second version of the framework which will support next generation e-ID deployments. It will provide governments with:
- A privacy framework that is compliant to the ISO/IEC 7816, which is a stipulated standard that governments must adhere to.
- A set of common services that can be delivered on a chip card and managed securely and, where appropriate, interoperable with other secure systems.
- A structure to assist in developing a Request for Proposal from technology vendors.
- An infrastructure for chip issuance and personalization, which encourages solutions to be vendor neutral.
Beyond e-ID
As e-services continue to grow in popularity, and we continue to share our personal details, privacy is set to become a significant issue that will not only affect the government sector, but also the wider application landscape. To address this, GlobalPlatform’s Privacy Framework has been designed to be adopted by other markets in the future.
The Government Task Force is therefore committed to maintaining the standard and further enhancing it to address new privacy challenges. As part of this, GlobalPlatform recognizes that market stability and acceptance will only be attained through the adoption of specifications and a commitment from the industry to develop products that abide to these standards.
In response to this, GlobalPlatform aims to establish a compliance program that will enable governments – and other sectors long-term – to receive independent validation that a product will align with the GlobalPlatform Privacy Framework.
About the AVISIAN Publishing Expert Panel
At the close of each year, AVISIAN Publishing’s editorial team selects a group of key leaders from various sectors of the ID technology market to serve as Expert Panelists. Each individual is asked to share their unique insight into what lies ahead. During the month of January, these panelist’s predictions are published daily at the appropriate title within the AVISIAN suite of ID technology publications: SecureIDNews, ContactlessNews, CR80News, NFCNews, DigitalIDNews, ThirdFactor, RFIDNews, EnterpriseIDNews, FinancialIDNews, GovernmentIDNews, HealthIDNews, FIPS201.com, IDNoticias es.