UAE investigates putting ID info on NFC-capable phones

There’s nothing inherently evil about near-field communication tech, just as there’s nothing inherently malicious about GPS, Wi-Fi or Bluetooth. However, with great technology comes great power. And the United Arab Emirates appears intent on demonstrating that power in a potential new scheme to embed national ID cards in NFC-capable mobile phones.

According to The Register, the UAE is working with telecom company Etisalat to investigate the feasibility of storing ID card info on mobile phones and using NFC readers to access that information as needed. It is already mandatory in the UAE for citizens to carry an ID card, and those ID cards already store personal information electronically in addition to having data printed on the card face. However, the idea of including ID information on a mobile phone has new and troubling implications.

Mobile phones have evolved into mini computers, which means they have wide-ranging capabilities. Imagine combining personal ID information with the ability to track someone via GPS? Or associating ID information with the communications sent and received from a phone?

Because mobile phones are such ubiquitous devices, they carry a lot of behavioral information. This is what makes a mobile-phone-based ID system scarier than a single-use card-based system. If NFC readers are put in place to identify UAE citizens at checkpoints or individual stops, what’s to stop them from also hacking into other information available on a person’s phone? Presumably that wouldn’t be legal, but the ability to hack and track a user – perhaps as part of an anti-terrorist operation? – would make such privacy invasion a serious temptation.

The use of NFC readers for check-in applications is nothing new. In the U.S., for example, a company called ScholarChip has set up a School Safety and Operations program which allows administrators to check students in electronically at school events. However, tying NFC check-ins to a national ID system is pushing the technology into frontier territory. And the possibilities for abuse make the whole situation worth watching.

Currently, the UAE uses an ISO7816 chip in its national ID cards to store encrypted data including a person’s name, birthday, gender, photo, fingerprints and 15-digit ID number, which is associated with the country’s Population Register. The UAE introduced the electronic ID card in 2004, and it is mandatory for all citizens and legal residents age 15 and above.

Via: The Register

Image credit: UAE Identity Authority 2011 Annual Report

This post was originally published on Smartplanet.com