Single Government ID Card Closer to Reality

Single Government ID Moves Closer to Reality (WaPo, A25)

Federal officials are developing government-wide identification card standards for federal employees and contractors to prevent terrorists, criminals and other unauthorized people from getting into government buildings and computer systems. The effort, known as the Personal Identity Verification Project, stems from a homeland security-related presidential directive and is being managed by the National Institute of Standards and Technology (NIST), a Commerce Department agency with offices in Gaithersburg.

In his Aug. 27 directive, President Bush said that “wide variations in the quality and security of forms of identification used to gain access to secure federal and other facilities where there is potential for terrorist attacks need to be eliminated.” Bush called for the development of “secure and reliable forms of identification” for federal workers and contract employees. To that end, federal officials want to replace the existing piecemeal system of agency-level ID cards with “smart cards” that are hard to counterfeit, resistant to tampering and difficult to use by anyone other than the rightful card-holder if lost or stolen.

The new generation of ID cards must be able to digitally store biometric data such as facial photographs and fingerprint images, bear contact and contactless interfaces, and allow the encryption of data that can be used to electronically verify the user’s identity, according to NIST draft standards. Such cards will be required for all federal employees, including members of the military, as well as for employees of private organizations and state and local governments who regularly require access to federally controlled facilities and computer systems. That is a universe of more than 2 million people, said W. Curt Barker, the project manager at NIST. Barker said the new standards will include tougher background check requirements before many recipients can get their agency ID card. Access to particularly sensitive offices or systems still will require higher clearance, he said.

It’s hard to believe this wasn’t done years ago. Even aside from duplicate identity cards, the current system is bizarre. All government employees have a regular identification card of some sort. Those who require access to a secure building require an additional proximity badge, usually encoded with biometric data, to wear outside one’s clothing. Still another card is required to access certain computer and communications systems. Having a single card to handle all those functions simply makes sense.

The objections are rather weak:

Colleen M. Kelley, president of the National Treasury Employees Union, which represents more than 150,000 federal workers in 30 agencies, said the proposed standard would permit agencies to print employees’ pay grade and rank on the new cards, which many workers would consider an invasion of privacy.

“For example, an agency might seize upon this technology as a means to track employees as they move throughout a building,” Kelley said in written comments to NIST last week. “That is troubling, standing alone. It would be particularly objectionable if the agency tried to track visits to particular sites such as the union office, Employee Assistance Program offices and the inspector general’s office.”

Having ranks on the cards would be a good thing, ending a lot of confusion. This is especially true in Defense Department settings, where military personnel wear rank insignia but civilians do not. All civilians are therefore, by outward appearances, of the same rank. Given that there are long-established rank equivalencies, this is awkward indeed.

The ability to track employees could certainly be abused, but that’s true now for those who must wear proximity badges. Regulations could be put into place–if they aren’t already–to limit such conduct by supervisors.

FILED UNDER: Terrorism, US Politics
James Joyner
About James Joyner
James Joyner is a Security Studies professor at Marine Corps University's Command and Staff College and a nonresident senior fellow at the Scowcroft Center for Strategy and Security at the Atlantic Council. He's a former Army officer and Desert Storm vet. Views expressed here are his own. Follow James on Twitter @DrJJoyner.

Comments

  1. Your surpise (about not already being implemented) is correct. There already is a Common Access Card (CAC) that the military and Defense Contractors use, complete with biometric data.

    The smart-card contains all sorts of data, including clearance information (and even as mundane as chow discounts), and are the principle form of ID. The cards are required to send e-mail (from properly secured desktops), which will then act as ‘digitally signed’ communications.

    Leave it to the Unions to complain about them, altho at the Defense Agency position I held, even union employees had them.

  2. James Joyner says:

    Charlie,

    Actually, at least where I work, the CAC is used IN ADDITION TO the proximity badge and military ID/Geneva Convention card.