AustLII Home | Databases | WorldLII | Search | Feedback

Privacy Law and Policy Reporter

Privacy Law and Policy Reporter (PLPR)
You are here:  AustLII >> Databases >> Privacy Law and Policy Reporter >> 1995 >> [1995] PrivLawPRpr 42

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

Connolly, Chris --- "Smart cards and personal privacy implications" [1995] PrivLawPRpr 42; (1995) 2(4) Privacy Law & Policy Reporter 61

Smart cards and personal privacy implications

Chris Connolly

Australia and NZ have become the focus for the development of smart card systems, as a number of promoters have decided to use the region as a testing ground and launch pad for their products. The willingness of Australian consumers to accept new technology is recognised worldwide. However, there has been little discussion of the full implications of smart card technology and its likely impact on personal privacy.

Smart cards are credit card-sized micro-processors, which can be programmed to perform as many as 50 different functions. Systems currently being trialed in Australia will use smart cards as 'stored-value' cards. They carry electronic money which can be used for small retail purchases, telephone calls, travel on public transport and a host of other small item transactions.

Competition in the smart card market is fierce, and a number of international companies and local consortiums have launched products in recent months.

Included in these are the two global giants of the credit card industry, Mastercard and Visa. Mastercard intend to run a pilot scheme in Canberra for eight months, beginning in October 1995. Mastercard have over 350 million credit cards and debit cards in circulation around the world and have been concerned for some time about the security of magnetic stripe cards. They hope to replace all their magnetic stripe cards with chip-based cards in the near future.

At the same time, Mastercard hope to introduce a new card payment option, by offering 'stored-value' smart cards. These cards will be personalised cards linked to bank accounts or Mastercard credit card accounts from which the stored value can be re-charged. The stored value can be used for much smaller value purchases than current credit card and EFTPOS cards. In Canberra, Mastercard hope to include small retailers, vending machines, parking stations and buses in the trial. Eventually Mastercard will offer multi-function smart cards, where credit, debit and stored-value functions are all included on the one card.

Visa are also involved in the development of smart cards and intend to use Australia and NZ as a base for expansion into the Asian market. In addition to the types of cards being offered by Mastercard, Visa hope to introduce 'anonymous' cards which are not linked to a bank or credit card account. There are two types of these stand-alone cards. The first will be issued with a small amount of value and will be disposable, just like a phone card. These disposable cards pose the least threat to personal privacy. The second type of card, however, will be re-chargeable from ATMs and EFTPOS outlets and is intended to last up to three years.

The promoters of these smart cards claim that they are anonymous cards and represent no threat to personal privacy, but there is growing evidence to indicate that the anonymity of consumers with re-chargeable cards can be compromised in a number of everyday situations. Every time a smart card is re-charged from an identifiable bank or credit account, a record can be created linking the smart card to the holder's identity.

This takes place because all smart cards, whether anonymous or personalised, carry a unique identification number embedded in the microchip. This number is recorded by the card reader (which might be an ATM, an EFTPOS outlet, a shop till, a ticket machine or a telephone) during each transaction, including during re-charging from a bank account. A simultaneous record will be created showing the withdrawal of funds from the identifiable account, and the credit of those funds to the smart card whenever a card is re-charged.

Of course, anonymity need only be compromised on one occasion, for all the card-holder's previous and subsequent transactions to be identified. Not all the records will be securely held, as retailers may keep their own records of smart card re-charges and transactions on computer systems, or even on their till scrolls. Some of these scrolls are kept for as long as seven years for tax and audit purposes.

Indeed, agencies such as the Australian Tax Office will be able to subpoena these records which link an individual to a particular smart card, and then study the transaction records for that card. Other agencies who will be able to use their statutory powers to gain access to these records include the Australian Department of Social Security and law enforcement agencies throughout the region. The records are likely to provide a detailed insight into the private lives of card holders.

Access to these records may not be limited to government agencies. Individuals involved in civil litigation will also be able to subpoena transaction records. These might reveal details of purchases, locations and movements which could not have been previously traced. Several smart card systems, for example, will include the use of cards on public transport and in taxis. This information is likely to prove useful in a number of cases, including family and employment litigation.

A number of other promoters also intend to offer these re-chargeable 'anonymous' cards. These include two rival Sydney consortiums who are behind the Onecard and Transcard systems.

Onecard is a stored-value card being promoted by the Quicklink consortium, who won a tender for the development of a smart card system from the NSW Government in 1993. Quicklink expect to begin a trial of the Onecard system in Newcastle later this year.

Transcard is already being trialed in the western suburbs of Sydney. Transcard is a consortium of private transport operators, taxi companies and smart card developers. Transcard differs from other smart card systems in that the card is a 'contactless' card, and can operate simply by being passed over a card reader. The card can be read from a distance of about six inches, and does not have to be removed from a wallet or purse.

Both operators have promoted their cards as 'anonymous' and as 'replacements for notes and coins'. However, in the light of the above comments concerning re-chargeable cards, these operators may have to re-think their promotion of smart cards as anonymous replacements for cash.

Smart card systems can also facilitate the collection of much larger amounts of information in computerised form than previous payment systems. This collection will begin with the recording of personal information such as name and address when applying for personalised cards, possibly including details on income, occupation, home ownership and previous credit. In fact, one smart card provider in Sydney is proposing to offer customers extra bonuses for providing further personal information to assist its collection of marketing statistics.

Next, there will be the collection of all the transaction details. Smart cards will be able to generate records of the date, time and location of all movements on public and private transport systems, along with details of purchases, telephone use, car-parking, attendance at the cinema or theatre, and any other activities paid for by smart cards. Most smart card providers are actively promoting the development of detailed customer profiles as a selling point to potential retail outlets.

For example, in the promotional material for one smart card company, a situation is described where a customer makes a purchase at a record store using a smart card. A computer which 'can read a chip's memory to identify a card-holder's specific interests and buying preferences' will prompt the sales assistant to tell the customer about new products or services that might be of special interest. The customer may have previously bought a number of country and western records on their smart card, so the sales assistant will be prompted to inform them of the latest country and western releases by their favourite artists.

Consumers will also be offered participation in smart card-based 'loyalty schemes', some of which may include a number of merchants exchanging transaction details. Loyalty schemes result in a situation where consumers are encouraged to 'sell' their privacy in order to obtain the privileges and bonuses being offered. Participation in smart card-based loyalty schemes will place great pressure on consumers to forego the use of anonymous payment systems like cash and disposable cards and will be an added incentive to use personalised smart cards.

Collection of information on this scale, or in this detail, has not been possible until now, and smart cards represent the beginning of the truly cashless society. Many people will choose to continue to use cash because of the anonymity it offers. For this reason, smart card providers are offering the so called 'anonymous' cards discussed above, which can be purchased from newsagents or vending machines, and which are not intended to record any personal details.

Unfortunately, while some of these anonymous cards will initially be disposable, the cost of producing disposable smart cards is likely to mean that re-chargeable smart cards become the preferred choice for card issuers. It appears disposable cards are intended only as a short-term product to introduce consumers to the new technology.

As the use of smart cards becomes more popular and the systems become entrenched, it is also possible that the option of using cash to make certain purchases and to travel on certain transport routes will be progressively withdrawn. In these circumstances it must be asked whether the choice to use cash and preserve anonymity will still exist. It is interesting to note that in the Privacy Charter recently produced by the Australian Privacy Charter Council, principle 10 states that 'people should have the option of not identifying themselves when entering transactions'. A breach of this principle might be justified when entering a large transaction, but how can a breach be justified when a person wishes to buy a drink or catch a bus?

Little has been done to protect consumer interests as card payment technology has developed in Australia. For example, despite generating nearly 40,000 consumer complaints each year, the EFTPOS system operates outside any current legislation. Card payment legislation is being developed overseas, particularly in the US, but in Australia only a voluntary and unenforceable code of conduct is in place. This code will not apply to smart cards in its present form because it only applies to transactions which require PIN number authorisation. Most stored-value transactions in smart card systems can be carried out without a PIN number.

The Trade Practices Commission (TPC) is currently reviewing the EFTPOS code of conduct, and in a preliminary report, has recommended the establishment of a working party to consider an extension of the code to new technologies, including smart cards. Alternatively, the TPC recommends that the working party should consider a completely separate mechanism for covering new technologies.

One such mechanism might be the establishment of a new card payment industry watchdog, which could investigate both privacy complaints and general consumer complaints. Alternatively, an industry-specific privacy standard could be developed, to be administered by an already established watchdog such as the Banking Ombudsman.

A similar system has been developed in the lead up to the deregulation of the telecommunications industry, with the establishment of a specific telecommunications privacy body to be overseen by the Australian Telecommunications Authority (AUSTEL). However, the success of this system has yet to be assessed as the Telecommunications Privacy Committee established by AUSTEL has been in operation for less than a year.

Specific industry regulation, however, is an inadequate substitute for general privacy and data protection laws, like those in NZ, where there is some hope that the Privacy Act will offer protection to smart card users, perhaps through the adoption of a customised privacy code for the card payment industry. In Australia, however, there is no general privacy legislation covering the private sector.

In NSW, the Privacy and Data Protection Bill introduced by the previous government lapsed when Parliament was prorogued before the March election, and the Bill now faces an uncertain future. The Bill provided for the adoption of data protection codes in the private sector and those codes would have been capable of covering the types of information likely to be collected by smart cards. However, adoption of the codes under the Bill as it was drafted remained voluntary.

At the Federal level, the Privacy Act provides no general jurisdiction to protect personal privacy in the private sector. The Act would have to be completely re-framed, and perhaps even placed on a different constitutional footing, before the Federal Privacy Commissioner could investigate privacy complaints arising from commercial smart card systems.

If no legislation or regulations are to be developed, consumers may have to look to the common law for protection. It can be argued that a general duty of confidentiality exists for dealings between customers and financial institutions. This is reflected in Australia in the licensing requirements for banks, credit unions and some other financial institutions. However, it is not necessary for smart card operators to obtain a licence, and it appears many operators intend to operate outside the banking environment in order to avoid financial institution duties imposed by the Federal government. Indeed, the Reserve Bank has indicated that it will be taking a 'hands-off' approach to smart card systems.

Whether or not a common law duty of confidentiality can be implied to extend to smart card systems may be a matter to be tested in the courts. It seems an awkward method of protecting personal privacy, and is unlikely to instil a great sense of confidence in consumers. Reliance may therefore have to be placed on the contractual obligations of smart card promoters and card holders. However, the early indications are that the terms and conditions of smart card use will not favour privacy protection. Indeed, one promoter's draft terms and conditions state that the card and all information in respect of the use of the card will remain the property of the card issuer, not the customer.

The adoption of smart card technology is a significant technological and social development. Smart cards represent the 'missing link' in the shift from an economic system based on cash transactions to a fully electronic system, because they are an effective substitute for the small transactions which still make cash essential. It seems surprising then, that such a substantial change is coming upon us without public discussion of its impact and without any enforceable protection of consumer's rights and interests.

Smart cards provide a good example of a potentially privacy intrusive technology developing quickly in a legislative and regulatory vacuum. The NSW Privacy Committee intends to release a detailed paper on smart cards and privacy issues this year, and hopes that discussion of these issues will lead to effective measures to protect personal privacy throughout the region.

Chris Connolly, NSW Privacy Committee.

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback