BOSTON, MA -- (MARKET WIRE) -- 10/10/07 -- SMART CARD ALLIANCE ANNUAL CONFERENCE --
Government identity management programs took center stage as the Alliance
kicked off day one of its conference, taking place at the Boston Marriott
Long Wharf through Thursday. Critical security initiatives have now entered
the issuing phase and over the next year will put millions of smart
card-based IDs in the hands of all maritime workers at the nation's
seaports and all federal employees, program managers told conference
attendees Tuesday. And the Registered Traveler program is now speeding
frequent flyers through 12 airports nationwide, with more coming. These
and other highlights from conference speakers follow.
The Transportation Security Agency (TSA) and U.S. Coast Guard plan to issue
secure Transportation Worker Identification Credentials (TWIC) to 750,000
maritime workers and merchant mariners at U.S. seaports took a big step
forward this week.
"As of 9 am this morning our enrollment website was up, and real workers at
the Port of Wilmington can begin the process of applying for the TWIC
card," John Schwartz, assistant director of the TWIC Program Office
announced yesterday. With credential issuing at this first port fully
underway starting next Monday, TSA plans to move fast. "Our goal is to
have 50 major ports up and running by January," Schwartz said. TSA plans
to have all of the TWIC credentials issued within 15 months of this initial
rollout.
The smart card-based TWICs are tamper-resistant biometric credentials
containing the worker's fingerprint template to allow for a positive link
between the card itself and the individual. Embedded in the card is a dual
interface microprocessor chip, a small computer chip that can be read by
either inserting the card in a slot in a "contact" card reader or by
holding the card within 10 centimeters of a "contactless" card reader.
"The TWIC program, like the U.S. electronic passport program, is an
excellent example of using smart card technology in a way that provides
high security and protects personal privacy at the same time," said Randy
Vanderhoof, executive director of the Smart Card Alliance.
Due to the harsh maritime environment, program managers wanted to use
secure contactless technology for better reliability of cards and readers.
At the same time, they wanted a high level of personal security. The
solution was to encrypt the contactless transmission of the biometric
template from the TWIC card to the reader.
The program is being implemented in two parts, first getting ID cards
issued and then deploying readers at entry points to the ports. The next
step is to pilot test readers in labs, with full operational tests planned
for mid 2008.
GSA Shared Services and HSPD-12
As federal agencies come to grips with the reality of issuing PIV-II smart
cards to comply with the looming HSPD-12 deadline, the shared services
option developed by the General Services Administration has won a lot of
recent converts--67 federal agencies representing 860,000 federal employees
and contractors to be exact, according to Michael Butler, program manager
for the project. GSA branded the program USAccess.
After making a contract award in April, the GSA began issuing cards in
September. The program is on track to issue hundreds of thousands of cards
in the coming year and meet the program's deadlines, Butler said.
"In little over four months GSA stood up this program and is now issuing
cards," said Vanderhoof. "It's a real achievement and a testimony to GSA's
partners and their team."
Pooling demand under a shared services contract benefited government
agencies in terms of cost and investment, Butler reported. The GSA charges
a $49 initial cost for PIV-II credentials, with an ongoing $3 per month
infrastructure support cost.
"People are starting to get excited and ask what they can do with smart
cards," said Butler. For example, the USDA recently demonstrated to him
how newly issued PIV credentials can provide employees with a single,
secure login to five different applications their employees routinely
access. Until now, each application required a different user name and
password, a real burden for users. "To see that demo from an agency that
just got started is really a big deal," said Butler.
An estimated 1.8 million federal employees will get the new credentials,
excluding the Department of Defense whose employees already have the smart
card-based Common Access Card identity credential. Both programs deliver
more secure credentials for identification, access to facilities and
information system access.
Registered Traveler Takes Off
Want to get through airport security lines in 10 minutes or less? That's
exactly what the smart card-based Registered Traveler expedited security
lane access program delivers to America's frequent flyers.
"The actual time is two or three minutes right now in most airports,
because the program is still new and not that many people are in the
lines," said Bryan Ichikawa, solutions architect for Unisys, one of the
system integrators providing Registered Traveler systems.
With 12 airports already live including JFK, Newark, San Francisco and San
Jose, and other large airports expected soon including Dulles, Regan and
Denver, the program has real momentum across the United States.
Privacy Advocates and Alliance Agree: RFID in Driver's Licenses Bad Idea
State plans to add RFID technology to driver's licenses "create border
security and personal privacy concerns for citizens," said Neville
Pattinson, vice president government affairs and standards for Gemalto
North America and chair of the Alliance Identity Council. At issue is the
fact that the RFID technology currently recommended by DHS for border
crossing security "transmits an ID number 30 feet with no security
basically, and it can be cloned easily, as we demonstrated on Capitol Hill
recently. That's why we've been positioning secure contactless smart card
technology as a better alternative," said Pattinson.
The Center for Democracy and Technology (CDT), a public interest, public
policy not for profit organization focused on civil liberties and
technology policies, has developed guidelines for privacy and security.
Not surprisingly, the organization's views and those of the Smart Card
Alliance align very closely on the subjects of privacy and security for
technology choices in identity programs, and on the problems caused by
using RFID technology for government issued identity credentials.
Sophia Cope, staff attorney and Ron Plesser Fellow for CDT, presented the
organization's recommended guidelines for privacy and security sensitive
policies, then went on to explain how DHS proposals for REAL ID, WHTI PASS
card and enhanced driver's licenses violated them.
"Decentralization is more privacy friendly than centralization," said Cope,
pointing out that the DHS proposals rely on a centralized database.
"Centralized identity systems can lead to commercial and government abuse."
"Going back and slapping privacy and security on at the end will not be as
effective as designing it in from the beginning," said Cope. But, she
noted that is exactly what DHS is doing by proposing long range EPC Global
Gen 2 RFID tags for identity programs. "In the case of enhanced driver's
licenses, there has been no rule making at the federal level and no privacy
impact analysis as required by federal mandates," said Cope.
Another consideration is notice. "DHS and Washington State are not
adequately educating citizens about risks of long range RFID," said Cope.
As to REAL ID, one concern is that the proposed security features "get so
watered down it becomes a farce, because in the end it is not any more
secure than it is today," Cope said. "Technology choices must be made in
the context of policy goals, and if the technology choice does not achieve
the aim of the policy, it is a poor choice."
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association
working to stimulate the understanding, adoption, use and widespread
application of smart card technology.
Through specific projects such as education programs, market research,
advocacy, industry relations and open forums, the Alliance keeps its
members connected to industry leaders and innovative thought. The Alliance
is the single industry voice for smart cards, leading industry discussion
on the impact and value of smart cards in the United States and Latin
America. For more information, please visit
http://www.smartcardalliance.org.
Contact:
Deb Montner
Montner & Associates
203-226-9290 dmontner@montner.com
.gif)
