Smart cards in Europe: Introduction

Ready or not...

 

Today we start a new series of posts entitled “Smart cards in Europe”.

Our intention is to describe the avalanche of cards are set to arrive in Europe in the next 5 years, signal the magnitude of the phenomenon that promises/threatens to transform literally the way we do electronic commerce and propose a realistic strategy to prevent this change corrupting the Internet that we all love.

What is a smart card?

It is a card, similar to a credit card, that includes a chip/microcomputer capable of executing different types of applications including “authentication” and “digital signature”.

This is a smart card issued by the Portugese government:

smarcard-eid.gif

This is a smart card issued by a Belgian bank:

smartcard-emv.jpg

This is a smart card issued by a German telecommunications firm:

smartcard-mobile.jpg

The main idea: many different organizations in many different companies issue many different smart cards.

There are two types of smart card, depending on the type of chip:

  • Smart card with memory chip: cheaper. Contain only non-volatile memory, perform a single function and don’t process data. Not capable of performing digital signature. Used predominantly in transport, PayTV, corporate security, pre-paid telephones, loyalty programs etc. This type of card is becoming obsolete. They represent 4% of the market (by value) and demand is increasing but only in single-digit figures.
  • Smart card with microprocessor chip: more expensive. They are a type of mini-computer that includes processor, memory and an operating system on the chip. Can be single- or multi-application, in which case, the microprocessor is capable of running different applications, including authentication and digital signature. Predominately used in government (“e-IDs”), banking (“EMV”) and telecommunications (“SIM”), health etc. applications. Microprocessor cards represent the future of smart cards. They are applicable to a wide range of sectors, a large part of which are in the early phases of development. They represent 96% of the market (by value) and demand keeps rising.

Why should I care?

Because a smart card with a microprocessor chip allows strong authentication (verification of identity) and digital signature. Both (authentication and signature) are extremely powerful tools which will soon become ubiquitous. The massive deployment of smart cards with authentication and digital signature have the potential to change the way we interact on the Internet, do electronic commerce and how we deal with anonymity and privacy online.

And there’s more. Europe, for technological and legislative reasons, is at the centre of the tsunami:

  1. Technology: Europe has (and will have) the highest concentration of smart cards capable of digital signature in the world. It’s not just that Europe has more than 50% of the smart cards in the world (300 million according to “Deutsche Bank Smart Cards report 2007″) but also that, as we’ll demonstrate in this series of posts, it is about to receive 1 billion smart cards with microprocessors issued by governments and banks.
  2. Legislation: European directive 1999/93/CE on digital signature names “qualified digital signature” as the most advanced form of digital signature and gives it the same effect as a hand-written signature. For a digital signature to have “qualified” status, it should be generated by a “Secure Signature Creation Device” like, for example (you’ve guessed it) the chip on a smart card. And yes, you read that correctly – “the same effect as a hand-written signature”. So, the discussions as to whether the technology is secure or not are irrelevant. The law, by default, assumes that it is. If one of the parties denounces the signature, they bear the responsibility of proof i.e. they must demonstrate that the technology and processes used in the qualified digital signature were not secure (I’ll save you the suspense…no one is going to do this). A technology blessed by the law. Checkmate. End of discussion. We’ve studied 30 countries (the EU-27 plus Croatia, Turkey and Liechtenstein) and they’ve all implemented the directive. In summary, Europe enjoys uniform “qualified digital signature” legislation that gives the same power to digital signatures as hand-written ones.

The massive deployment of smart cards with digital signature backed up by the law promises great benefits (more agile relationships with government, secure electronic commerce, lower bank commissions…) but also serious implications for your rights and liberties as a citizen and consumer. Surprisingly, whether it’s for lack of knowledge, incredulity or voluntary blindness, this matter is not receiving the attention it deserves from the internet community.

We all know what happens when you don’t make a decision: reality decides for you.

Why is no one talking about this?

There are three reasons:

  1. Whether we like it or not, the “conscience” of the internet, the A-list bloggers, the main thinkers and analysers of the net are in the USA. Whether we like it or not, europeans typically echo the movements, initiatives and debates that are generated in the USA and there they don’t know, understand or care what happens in Europe.
  2. The majority of Europeans think that this is nothing new. Smart cards have been in circulation for years and nothing bad has happened. They don’t understand that they are thinking of smart cards with memory chips and not the microprocessor type. They look the same from the outside but inside they’re not.
  3. Many people doubt that “digital signature” will be widely adopted. Digital signature and Public Key Infrastructure (PKI) have been around many years and nothing bad has happened. They don’t realise that it hasn’t worked until now for business not technological reasons. Before there was no business case: no company was willing to assume the cost of issuing digital signature cards to their employees, providers and clients. Now that the costs have fallen, European governments have decided to assume this responsibility and oblige the banks to do the same.

This time it’s serious. The ball is in our court.

Next post: “Smart cards in Europe: e-ID avalanche“.

By David Blanco
Saved in: e-Signatures, Identity, Internet | 1 comment » | 25 March 2008

One comment in “Smart cards in Europe: Introduction”

Gravatar de Smartcard readers

Smartcard readers
10 May 2012 at 5:04 pm    

Nice site i visit the site many time but this time are very nice article

More posts in Negonation Blog