\documentstyle[ncs,12pt,supertab]{article} \setlength{\oddsidemargin}{0in} \setlength{\evensidemargin}{0in} \setlength{\textwidth}{6.5in} \setlength{\topmargin}{-0.5in} \setlength{\textheight}{9in} \newcommand{\lf}{\vspace{\baselineskip}} \begin{document} \section{Social Issues} Several social issues surround our design. They are: \begin{enumerate} \item privacy and the use of encryption; \item logging; \item speed of delivery of new card; \item responsibility; \item what has extra passwords; and \item color. \end{enumerate} \subsection{Privacy} %Problems: % not letting anyone else know what i do, where i go, when i go, what %i buy, etc % i'm innocent AND it's none of your damn business % at-range interrogation % location monitoring The main privacy issue is not unnecessarily revealing information that isn't anyone else's business. In an insecure environment, anyone can find out when and where a person goes, what they buy, etc. From this, a usage pattern can be constructed, which can be exploited. There are two ways this information can be constructed: logging requests and packet sniffing. The former is discussed in the next section. Packet sniffing can be countered by encrypting all packets with a sufficiently strong encryption engine. However, a major problem with using a strong encryption engine is the amount of time encryption takes -- for instance, a good assumption is that door open requests should not exceed five seconds to process. Technically, SmartCard technology has the capability of installing a battery, thereby rendering the SmartCards always active. Since these cards would be ``always on'', it is possible to use low-frequency radio signals to transact with one of these cards at range. While there are many legitimate uses of this technique ({\em e.g.}, a detector at a door identifies the person immediately in front of it), the system can be greatly abused if the information is divulged to the wrong people. Note also that this technology allows for constant location monitoring, which could be used in a 1984-esque manner. \subsection{Logging} %Problems: % if ya got the info, ya can't say ya don't have it. % students may not want info released to parents; workers may not %want info released to superiors All transactions with this system can be logged -- from who made requests for services to what service was rendered (door opened, a certain entree purchased), all with timestamps. The advantages of logging is that a precise account can be reconstructed for future use (itemized bills, etc.) The disadvantages of logging are twofold. First, the agency that holds the log cannot deny the existence of the logs to the authorities: sometimes it is advantageous to M.I.T. that information is not made public via court order. Secondly, students may not wish to have certain categories of information available to their parents; likewise, employees may have similar concerns with regard to their supervisors. % provide examples? \subsection{Delivery Speed} %Problem: % the card is a central lossage point -- if you lose it, you need a %replacement damn fast. The proposed SmartCard would be a single point of failure: if lost, the user would suddenly be without keys, food money, or library privileges. While the last is probably not a major problem, the first two obviously are, and thus, a major concern is how fast SmartCards can be generated and delivered. The cards differ only in the user's password and extra PIN number, so no time would be lost contacting possibly-down servers for information. However, the information might not be trivial to encode in the cards; at this time, the process of programming the cards is unknown. \subsection{Responsibility} %Problems: % if someone steals my card and % breaks into a dorm and burns it down, am i responsible? % uses my meal card, am i responsible? % there are parallels to low-tech, but no one ever said laws were %reasonable % if a card reader eats my card (gulp munch munch), who pays for the %replacement? these things ain't cheap With physical keys, credit cards, and library cards, there are policies already in place dealing with responsibility, liability, and accountability. However, the logical assumption that these would transfer smoothly to the SmartCard equivalent is not determined. This is a question for lawyers, and is outside our expertise. Another question of accountability is if a card reader catastrophically fails and effectively destroys a SmartCard. Although an unlikely occurrence, the question of who pays for the replacement card still exists, especially if the cost of SmartCards is a non-trivial amount. \subsection{Extra Passwords} %Issue: What should have extra passwords? % Labs? Personal dorm rooms? Anything dealing with money? % How easily changed? Who controls it? The technology exists to have mini-keyboards on the SmartCard itself, thereby providing a technically secure manner to prompt the user for an additional password. This would help provide that only people who are authorized by the card's owner can access certain services. From this are raised the following questions: \begin{itemize} \item which services would have this extra level of security? \item who would have authority to change the password? \item how difficult would it be to change the password? \end{itemize} Ideally, the extra level of security should be implementable at the reader, and easily changed. Convenience, however, is an issue -- perhaps the a personal identification number (PIN) should be demanded by the reader rather than the SmartCard itself. Note that this modification would require the user to trust the card reader. \subsection{Color} %blood on concrete: .. %chartreuse on mauve: . % %vanity cards? ala credit cards, the background could be custom-made, %although this would probably be quite expensive. however, %fraternities/ilgs/student groups could get cards that have their particular %logo in the background. an odd way to advertise, but since a fraternity %could conceivably order 100 of these things, which would last on the order %of 5 years, it might be possible, although highly doubtful. An informal poll revealed that a ``blood on concrete'' (maroon on grey) motif was twice as popular as a ``chartreuse on mauve'' concept. \end{document}