Following up from the last response I received, I’ve asked for some more clarifications. Here they are:
CC: TTEIR@ministerial.qld.gov.au, firstname.lastname@example.org
Date: 23 February 2009 09:20
Subject: Re: Details of measures to protect privacy, security and confidentiality of data contained in smart card drivers licences
Thank you for your reply. Please see below for comments, clarifications required and additional questions.
> Please be aware, at this point in time, the Department is not able to
> provide detailed answers to all your queries although it is anticipated
> this information will be available publicly in the future once procurement
> is completed and all the technical aspects of the project are finalised.
> Specifically with regard to the detailed technical specification you are
> seeking for the Public Key Infrastructure (PKI) to be used, the Department
> is still undertaking procurement for this and the relevant Certificate
> Policies are yet to be finalised.
Once this information is available, will there be a public review period? Will methodologies used in the evaluation process, with regards to the above issues be made available for scrutiny?
If it is found that the procured technologies are not satisfactory, what actions can be taken by the public?
While IS42 Principle 4 may have been applied, this does not specify (nor should it) actual methods or technologies to be used. In applying IS42 Principle 4, adequate review of used technologies should be
undertaken to ensure that the chosen solution satisfies the principle.
> The use of PKI on the smartchip enables functions such as:
> · authentication of the card to make it easier to identify
> fraudulent licences
> · control of access to information stored on the smartchip and
> · authentication of the cardholder to Queensland Transport systems.
How will the failure of a smartchip be handled? It is unreasonable to assume 100% reliability, and anecdotal evidence (use of smartchips in credit cards) suggests that failure rates can be quite high, due to
the harsh “wallet” environment that cards are subject to. Add to this a 5 year lifespan means that failure of a smartchip is a significant factor.
Will the failure of a smartchip mean a licence will be deemed invalid, or worse, a forgery? If the smartchip is relied upon to prove the authenticity of the card, then a failed chip will either be taken to indicate a fraudulent licence, or be common enough that it is not relied up. Either way, this does not add to the security, and could potentially lead to large inconvenience due to false assetions that licences are not valid.
> Queensland Police and Transport Inspectors will be able to insert the
> licence into a smartcard reader that will interact with the smartchip in
> the licence to confirm it is genuine. The reader will also enable them to
> view licensing information and the cardholder’s address stored on the
> smartchip. Queensland Police will also have access to emergency contact
> details in emergency situations if the licence holder chooses to include
> this information on their smartchip.
Again, what are the policies and procedures that apply if the smartchip is not functional? If this capability is used to verify the authenticity of a licence, then a failure of the smartchip may lead to the assumption that the licence is fraudulent. Alternatively, a fraudulent licence could be made with a non-functioning smartchip,
greatly reducing the “anti-fraud” advantages that the smartchip is supposed to grant.
> It is planned that licence holders will also have the option to insert the
> smartcard into a smartcard reader to allow third parties, such as
> businesses, to verify the authenticity of their licence. One of the most
> important security features of the smartcard driver licence will be the
> PIN, which will enable cardholders to control who they want to share their
> information with. If they are authorised by the cardholder, it is planned
> third parties, such as businesses, will only be able to ?read? specific
> stored information on the smartchip, namely the same information which is
> shown on the face of the smartcard plus address details. PKI will also be
> used in this instance to ensure data is transmitted securely between the
> smartcard and the third party application. There will also be an offence
> introduced to protect the cardholder?s secure information. A fine of up to
> $2000 will apply if information that is electronically stored on the
> smartcards has been unlawfully accessed
What policies are in place to ensure that businesses who do have access to licence information (through the use of smartcard reader/pin) are obliged to apply appropriate measures to ensure the privacy and security of data? Are they subject to IS42? If so, how is compliance managed?
Are there separate fines applicable to individuals and businesses who mis-use or unlawfully access information on the smartchip?
> Although it is technically feasible to store other information or
> Government authorisations on the smartchip, the Department has no current
> plans for the expansion of the smartcard to take on new applications. If
> this did occur in the future any additional or future functionality for
> the smartcard would have to undergo a rigorous individual assessment
> process consisting of a:
> · business case analysis;
> · individual privacy impact assessment;
> · analysis of impact on the consumer; and
> · review of current legislation and, if appropriate, legislative
A public consultation should be included in this assessment process.