Pseudonymity and Smart Cards

Roger Clarke
Sun, 13 Oct 1996 22:17:10 +1000

I'd greatly appreciate feedback on the following paper.

Details about the conference, which is on this Friday, are available from
Chris Connolly <>.  The speaker-list is strong,
and at $295/$195, it's actually affordable!  ...  Thanks  ...  Roger

  Identification, Anonymity and Pseudonymity in Consumer Transactions:
           A Vital Systems Design and Public Policy Issue

                            Roger Clarke

                     Version of 13 October 1996

    	      Invited Presentation to the Conference on
	  'Smart Cards: The Issues', Sydney, 18 October 1996


Applications of smart cards tend to convert anonymous transactions into
identified ones. This represents a very significant increase in the data
trails that people leave behind them, and hence in the privacy-invasiveness
of systems. There is a strong likelihood of a public backlash against such
schemes, which may take such forms as their outright rejection by
consumers, widespread adoption of multiple identities, or rampant
obscuration and falsification of personal data.

Smart cards are very flexible instruments, and offer systems designers a
great deal of flexibility. That flexibility can and should be used to
ensure that the privacy-abusive potential of card-based schemes is not
realised. This short paper outlines techniques whereby anonymity and
pseudonymity can be achieved. It argues for maximum use of anonymity in
schemes, for very careful justification of direct identification, and for
maximum use of indirect identification.

Roger Clarke    
Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel:  +61  6  288 6916                       Fax:   +61  6  288 1472

Visiting Fellow, Faculty of          Email:
    Engineering and Information Technology
Information Sciences Building Room 211       Tel:   +61  6  249 3666
The Australian National University
Canberra   ACT   0200   AUSTRALIA            Fax:   +61  6  249 0010