Privacy Issues with the Use of Smart Cards (2008)

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

9 boating, and hunting licenses; Medicare; and transit. Moreover, omnibus public/private cards might be issued that also allow banking and credit transactions or even frequent flyer mileage awards. One source identifies several potential problems with such omnibus cards: • Centralization of personal information collection—A single card used for different purposes runs the risk of creating a centralized warehouse of data about an indi- vidual’s activities. Today, various recordkeepers have information that reflects different aspects of an individ- ual’s life. The bank has banking records, doctors have medical records, and credit card companies have re- cords of credit transactions. The walls between these records protect individual privacy in two ways. First, they limit, to some extent, the damage to individual privacy that occurs through either misuse by an author- ized user or unauthorized access by an intruder. Sec- ond, they place checks on the surveillance and monitor- ing capacity of each system. If all of an individual’s transactions occurred through, or were recorded at, the same source, we would create a powerful center of data on all citizens that would be ripe for misuse and abuse. • Means for new social controls—The issuance, revocation, or withholding of such a card could be used to control social behavior, limit an individual’s activi- ties, or punish unrelated activities. Today, specific to- kens enable specific activities. While losing a driver’s license may limit a person’s ability to drive, it does not impact on his or her ability to purchase goods in the market, seek health care, or engage in other transac- tions. A single card does not provide the same flexibil- ity. • Greater collection and use of personal information— When a single card is used across all transactions, it could become a default personal identification card or a national ID card. As mentioned above, many of our daily activities require far less personal means of certi- fication. A single certifier will result in more data being collected than is needed for many interactions. In the most extreme case, it could lead to every online interac- tion being fully identifiable and traceable to an individ- ual. Utilizing a single card for all purposes could create an electronic trail of all personal interactions.39 II. THE EVOLUTION OF CONCERNS OVER PRIVACY AND SECURITY SINCE SEPTEMBER 11, 2001 (9/11) To date, more attention has been focused on airline passengers than surface transportation passengers, probably because commercial aviation has been tar- geted most prominently by terrorists.40 Yet as the bomb- 39 Ari Schwartz, Smart Cards at the Crossroads, http://www.cdt.org/digsig/idandsmartcards.shtml (Last visited Nov. 8, 2007). 40 See, e.g., Star, supra note 1, at 251; Paul Stephen Dempsey, Aviation Security: The Role of Law in the War Against Terrorism, 41 COLUM. J. OF TRANSNAT’L L. 649 (2003). ings of Madrid commuter trains and London Under- ground trains reveal, surface passengers are as vulner- able, if not more vulnerable. The bombings of commuter trains in Madrid in 2004 killed 191 people and wounded 2,000. The bombings of London’s Underground subway in 2005 killed 56. In Mumbai in 2006, explosions in commuter trains and stations during rush hours killed 174. In response, in the United States, state patrolmen, national guardsmen, additional police, and sniffer dogs have been placed at various transit stations and park- ing facilities and on transit vehicles.41 Though the United States has not yet experienced such an attack on its urban transit system, its vulnerability to attack is much higher than that of the air transportation system post-9/11. The British were able to bring suspected terrorists to justice through their widespread use of surveillance cameras in public areas throughout the United King- dom, including Underground transit facilities. Smart Cards offer yet another means of both preventing ter- rorist access to the system and monitoring passenger whereabouts following a terrorist attack so as to facili- tate law enforcement. Thus, Smart Cards offer a means both to serve as an additional layer of prevention and to facilitate conviction of those guilty of terrorist acts. Though the national interest in individual privacy was a dominant public policy prior to the terrorist events of September 11, 2001, security became a domi- nant concern after 9/11. There is a natural tension be- tween these values because enhanced security meas- ures are often more intrusive into individual rights, including personal privacy. Created shortly after 9/11, the Transportation Secu- rity Administration (TSA) has jurisdiction over all modes of transportation. TSA has begun a biometri- cally-coded Trusted Traveler Program to allow the col- lection of personal information and a biometric identi- fier in a card permitting more expeditious access through airport security bottlenecks. Over time, one may anticipate that the programs designed for the air- line industry likely will be transferred to other passen- ger modes. To expedite passenger flows, the Department of Homeland Security (DHS) announced a voluntary pro- gram whereby travelers could secure a Trusted Trav- eler card by consenting to a background check and bio- metric identification that would give them more expeditious travel through security bottlenecks at air- ports.42 The United States Visitor and Immigrant Status Indicator Technology Program (US-VISIT) was imple- mented by the DHS on January 12, 2004.43 It was de- 41 Gov. Rell Says Heightened Transit Security Measures to End as Threat Level Drops, U.S. States News, Aug. 12, 2005, available at http://www.ct.gov/governorrell/cwp/view.asp?A=1761&Q=30011 8 (Last visited Nov. 8, 2007). 42 Betzel, supra note 8, at 517, 534. 43 See 69 Fed. Reg. 53318 (Aug. 31, 2004). See Eric P. Haas, Back to the Future? The Use of Biometrics, Its Impact on Air-