Feb. 12, 2003 – Companies around the world may soon be dealing with an identity crisis. As more and more services are delivered remotely over local, wide-area and wireless networks, creating, managing and securing identities could become a major issue.
At the Smart Card Alliance’s Mid-Winter Conference opening today in Salt Lake City, Utah, speakers will from leading technology companies, government agencies and industry research firms will address technology and policy considerations for protecting identities.
“The way we create, protect and use identity credentials to deliver services electronically is becoming more important,” says Randy Vanderhoof, executive director of the Smart Card Alliance, an association of smart card makers and users. “Delivering services electronically is convenient for consumers, but it also create the opportunity for identity theft and mismanagement.
The conference will focus on how individuals acquire different identities at different times for the different roles and how those identities are managed, used and protected. For example, most individuals have identities as public citizens (used at border crossings, at airports and for accessing health services), as corporate citizens (when accessing buildings, networks or private databases), and as private citizens (in retail stores, on the Internet, with wireless devices).
The conference speakers and panels will examine how companies and government agencies can use smart card technologies and well-defined policies to protect those identities and minimize the risks to an individual’s privacy.
Vanderhoof says that the broad acceptance of RFID-enabled smart cards — that is, those that don’t require contact with a reader — is helping to propel adoption. “RFID provides secure services without sacrificing speed and efficiency,” he says. “One of the things that is critical to the adoption of new identity credentials is that the individuals that you use them are not going to find them a burden to operate in a more secure manner.”
Speakers at the conference are likely to stress that identity management and privacy are systems issue and not technical issues. “Using a smart cart doesn’t guarantee identity security or privacy,” says Vanderhoof. “The policies and procedures and the systems behind the smart card are what provides efficient identity management as well as individual identity protection.”
The potential loss or damage from failing to secure identity information can be substantial. Last year, Experian, a credit-reporting agency, was victimized when a software engineer reportedly got access to passwords, entered the database and sold information obtained to a crime syndicate. Information on tens of thousands of customers was compromised.